BPP Assurance Course Notes

Assurance
Certificate Level
Course Notes
For exams in 2019
ISBN: 9781509777211
1 Key to Icons
ISBN 9781509777211
A note about copyright
Published by Dear Customer

BPP Learning Media Ltd What does the little © mean and why does it matter?
BPP House, Aldine Place
142-144 Uxbridge Road Your market-leading BPP books, course materials and e-
London W12 8AA learning materials do not write and update themselves.
People write them on their own behalf or as employees of
www.bpp.com/learningmedia an organisation that invests in this activity. Copyright law
protects their livelihoods. It does so by creating rights over
Printed in the United Kingdom
the use of the content.
Breach of copyright is a form of theft – as well as being a
Your learning materials, published by BPP criminal offence in some jurisdictions, it is potentially a
Learning Media Ltd, are printed on paper serious breach of professional ethics.
obtained from traceable sustainable
sources. With current technology, things might seem a bit hazy but,
basically, without the express permission of BPP Learning
Media:
All rights reserved. No part of this publication
may be reproduced, stored in a retrieval  Photocopying our materials is a breach of copyright.
system or transmitted in any form or by any
means, electronic, mechanical, photocopying,  Scanning, ripcasting or conversion of our digital
recording or otherwise, without the prior materials into different file formats, uploading them
written permission of BPP Learning Media. to facebook or emailing them to your friends is a
breach of copyright.
The contents of this course material are
intended as a guide and not professional You can, of course, sell your books, in the form in which
advice. Although every effort has been made you have bought them – once you have finished with
to ensure that the contents of this course them. (Is this fair to your fellow students? We update for a
material are correct at the time of going to reason.) Please note the e-products are sold on a single
press, BPP Learning Media makes no warranty user licence basis: we do not supply 'unlock' codes to
that the information in this course material is people who have bought them second hand.
accurate or complete and accept no liability for
And what about outside the UK? BPP Learning Media
any loss or damage suffered by any person
strives to make our materials available at prices students
acting or refraining from acting as a result of
can afford by local printing arrangements, pricing policies
the material in this course material.
and partnerships which are clearly listed on our website. A
tiny minority ignore this and indulge in criminal activity by
ICAEW takes no responsibility for the content
illegally photocopying our material or supporting
of any supplemental training materials supplied
organisations that do. If they act illegally and unethically in
by the Partner in Learning.
one area, can you really trust them?
The ICAEW Partner in Learning logo, ACA and
ICAEW CFAB are all registered trademarks of
ICAEW and are used under licence by BPP PQ.
©
BPP Learning Media Ltd
2019
Improving material and removing errors
There is a constant need to update and enhance our study materials in line with both regulatory changes and new
insights into the exams.
Our course notes go through a rigorous production and checking exercise as they are updated annually. We are very
keen to remove as many numerical errors and narrative typos as we can but given the volume of detailed information
being changed in a short space of time we know that a few errors will sometimes get through our net. We apologise in
advance for any inconvenience that an error might cause. We continue to look for new ways to improve these study
materials, you can contact our ICAEW Courseware Head of Programmes at [email protected] with any
suggestions for improvements.
2 Contents
CONTENTS
Course Study Study

Notes Manual Manual
Page Chapter Page
Introduction 5
1. The concept of assurance 7 1 1
Types of assurance 9 1 1
Benefits and limitations of assurance 16 1 6
The audit overview 20 1 11
2. Obtaining and planning assurance 25 2, 3 21

engagements
Obtaining an engagement 27 2 21
Planning 33 3 39
3. The nature of and process for effective 57 5, 9 95

internal controls
Process and components of internal control 59 5 95
Internal audit 73 9 165
4. Internal control systems 81 6, 7, 8 117
Revenue system 83 6 117

Purchase system 91 7 135
Payroll system 98 8 151
5. The process of gathering sufficient 109 4, 11 71

appropriate evidence
Documenting 111 10 177

Sufficient appropriate evidence 117 4 71
Evidence collection techniques 123 11 191
Concluding on evidence 131 11 191
6. Substantive testing 143 13 231
Assets 146 13 231

Liabilities 159 13 231
Statement of profit or loss 164 13 231
7. Completion and reporting 173 4, 10, 177

12
Written representations 175 12 219

Auditor’s reports 179 4 71
Contents 3
8. Ethical and professional behaviour 187 14 – 16 261
Codes of professional ethics 189 14 261

Ethical standards 193 15 275
Confidentiality 199 16 305
4 Contents
MODULE AIM
To ensure that students understand the assurance process and fundamental principles of
ethics, and are able to contribute to the assessment of internal controls and gathering of
evidence on an assurance engagement.
On completion of this module, students will be able to:
 explain the concept of assurance, why assurance is required and the reasons for
assurance engagements being carried out by appropriately qualified professionals;
 explain the nature of internal controls and why they are important, document an
organisation’s internal controls and identify weaknesses in internal control systems;
 select sufficient and appropriate methods of obtaining assurance evidence and
recognise when conclusions can be drawn from evidence obtained or where issues
need to be referred to a senior colleague; and
 understand the importance of ethical behaviour to a professional and identify
issues relating to integrity, objectivity, professional competence and due care,
confidentiality, professional behaviour and independence.
SPECIFICATION GRID
This grid shows the relative weightings of subjects within this module and should guide
the relative study time spent on each. Over time the marks available in the assessment
will equate to the weightings below, while slight variations may occur in individual
assessments to enable suitably rigorous questions to be set.
Weighting (%)
1 The concept, process and need for assurance 20
2 Internal controls 25
3 Gathering evidence on an assurance engagement 35
4 Professional ethics 20
Introduction 5
LINKS WITH OTHER PAPERS
The aim of the Certificate level Assurance module is to ensure that students understand
and can explain the concept of assurance. Explain the assurance process and the
methods of obtaining evidence to support conclusions. Understand the fundamental
principles of ethical behaviour and are able to contribute to the assessment of internal
controls and gathering of evidence on an assurance engagement.
The knowledge base that is put in place here will be taken further in the Professional
level Audit and Assurance module where the aim will be to develop the students’
understanding of the critical aspects of managing an assurance engagement (including
audit engagements): acceptance, planning, managing, concluding and reporting.
Students will be expected to have an understanding of the audit of not-for-profit entities
as well as non-specialised profit oriented entities.
EXAM
 1½ hours
 50 questions with equal marks, together adding up to 100 marks
 The questions are of the following types:
 Multiple choice – select 1 from 4 options A, B, C or D
 Multiple response – select 2 or more responses from 4 or more options
 Multi-part multiple choice – select 1 from 2, 3 or 4 options, for two or more
question parts
 55% pass mark
6 Links with other papers

1
THE CONCEPT OF
ASSURANCE
Learning outcomes
Students will be able to explain the concept of assurance, why assurance is required and
the reasons for assurance engagements being carried out by appropriately qualified
professionals.
In the assessment, students may be required to:
• Define the concept of assurance
• Define the assurance process, including obtaining the engagement
• Define the concept of reasonable assurance
• State why users desire assurance reports and provide examples of the benefits
gained from them such as to assure the quality of an entity's published corporate
responsibility or sustainability report
• Compare the functions and responsibilities of the different parties involved in an
assurance engagement
• Compare the purposes and characteristics of, and level of assurance obtained
from, different assurance engagements
• Identify the issues which can lead to gaps between the outcomes delivered by the
assurance engagement and the expectations of users of the assurance reports, and
suggest how these can be overcome
TOPIC OVERVIEW
The concept of assurance
Benefits and limitations of

Types of assurance The audit overview
assurance
Why is assurance
What is assurance
important
Why can assurance never

Levels of assurance
be absolute
Example of assurance
The expectations gap
engagements
8 Topic 1: The concept of assurance

TYPES OF ASSURANCE
WHAT IS ASSURANCE?
Definition (parties, subject matter, criteria)
'An assurance engagement is one in which a practitioner expresses a conclusion

designed to enhance the degree of confidence of the intended users other than the
responsible party about the outcome of the evaluation or measurement of a subject
matter against criteria.'
International Framework for Assurance Engagements, 2005, para.7
There are five key elements of an assurance engagement (CREST):

 Criteria
The assurance engagement must have a 'bar' or threshold that should be met.
Consider what the tests may be to ensure that the subject matter is reliable.
Financial statements may be compared to accounting standards, processes may be
compared to establish industry best practices (accredited management standards
such as ISO 9000) or behaviours to ethical standards, corporate governance or
environmental standards.
 Report
Provided in the form of a written report and will contain key information and any
issues or assurances given as a result of the engagement.
 Evidence
Any assurance engagement must document its evidence which substantiates the
opinion given. Audit evidence will be examined later in this course book.
 Subject matter
This may change according to the overall purpose of the engagement, but the
subject matter is likely to be one of the following categories:
– Data, such as reviewing budgets, financial statements or reports
– Behaviour, such as reviewing corporate governance
– Systems or processes, such as internal controls, financial or computer
systems in place.
 Three party relationship
This represents the practitioner (for example, the auditor), the intended users (for
example, shareholders) and the responsible parties (for example, the directors,
who are responsible for preparing the financial statements).
Topic 1: The concept of assurance 9

Scenario
The directors of Bolt plc have asked Rutherford LLP to audit the financial
statements of the year ended 31 March 20X8.
Requirement
From the scenario identify the following:
a) The practitioner
b) The subject matter
c) The responsible party
Solution
a) The practitioner is the auditor in this scenario, which is Rutherford LLP.
b) The subject matter is the financial statements for the year ended 31 March
20X8.
c) The responsible party are the directors of Bolt Plc who are tasked with, and
under the Companies Act 2006, responsible for the preparation of the
financial statements of the company.
Typical objective test questions will test your understanding of the relationship
between the parties involved in an audit, and also the subject matter and the
intended users (such as shareholders). Ensure that you can identify the role of
each element of an assurance engagement from an exam scenario.

ELEMENTS OF ASSURANCE
You are an accountant who has been approached by Jenny, who wants to invest in
Bloggin Limited. She has asked you for assurance on whether the most recent financial
statements of Bloggin Limited are a reliable basis for her to make her investment
decision.
Requirement
Using the CREST mnemonic as a guide, identify the key elements of an assurance
engagement in this scenario, should you decide to accept the engagement.
SOLUTION
LEVELS OF ASSURANCE
The International Framework for Assurance Engagements identifies two types of
assurance engagement, a reasonable assurance engagement and a limited
assurance engagement.
The key differences between the two types of assurance engagement are:
 The evidence obtained
 The type of opinion given

Reasonable assurance: A high level of assurance, that is less than absolute assurance.
The engagement risk has been reduced to an acceptably low level, which then allows a
conclusion to be expressed positively.
Limited assurance: A meaningful level of assurance, that is more than inconsequential
but is less than reasonable assurance, that engagement risk has been reduced to an
acceptable level, which then allows a conclusion to be expressed negatively.
The following table summarises the key areas:
Summary of types of engagement
Type of Evidence Example of wording Conclusion

engagement sought given
Reasonable Sufficient appropriate In our opinion, the Positive

assurance evidence is obtained by: financial statements expression
eg statutory  Obtaining an present fairly, in all
audit understanding of the material respects, (or
entity give a true and fair view
 Assessing risk of) the financial position
of the Company, and of
 Responding to risk
its financial performance
 Performing further
and its cash flows for
procedures (sampling) to
the year.
draw a conclusion
Limited The evidence gathered is 'Based on our work Negative
assurance limited, involving techniques described in this report, expression
eg review of such as enquiry and nothing has come to our
half-year analytical procedures attention that causes us
results to believe that internal
control is not effective,
in all material respects,
based on XYZ criteria.'
LEVELS OF ASSURANCE
For each of the following assurance engagements, select what level of assurance you
would expect to be given.
Assessment of effectiveness of internal controls
A Reasonable
B Limited
Statutory audit
C Absolute
D Reasonable
Review of cash flow forecast
E Reasonable
F Limited

EXAMPLES OF ASSURANCE ENGAGEMENTS
The key example of an assurance engagement in the UK is a statutory audit. We shall
look briefly at the nature of this engagement in the next section.
Other examples of assurance engagements include:
 Pension scheme audits
 Charity audits (Companies Act, Charities Act)
 Solicitors audits (in line with the Solicitors' Accounts Rules)
 Environmental audits
 Insurance company audits
 Local authority audits
 Other types of audit, for example magazine or newspaper circulation reports, due
diligence on an acquisition target, fraud investigations.
Audit
An audit is historically the most important type of assurance service in the UK.
Objective:
The objective of an audit is to enable the auditor to express an opinion on whether the
financial statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework. This is often referred to as the financial
statements reflecting a 'true and fair view' of the business. Although there is no legal
definition of 'true' and 'fair', these terms are generally accepted as meaning the
following:
True: Information is factual and conforms to reality, not false. In addition the
information conforms to required standards and law. The accounts have been correctly
extracted from the books and records.
Fair: Information is free from discrimination and bias in compliance with expected
standards and rules. The accounts should reflect the commercial substance of the
company's underlying transactions.
Legal and professional requirements for auditors

There are both legal and professional requirements for auditors in the UK.
The Companies Act 2006 requires that auditors:
 Hold an 'appropriate qualification', and
 Are members of a Recognised Supervisory Body (RSB), such as the ICAEW, and
eligible under their rules to sign auditor’s reports
RSBs will also ensure that their members are regularly monitored to ensure professional
and ethical standards are followed. In the UK, the Financial Reporting Council (FRC)
issues and monitors standards of practice and guidance which are based upon
International Standards on Auditing (ISAs).
The Companies Act 2006 also sets out factors which make a person ineligible for being a
company auditor, for example if they are:
 An officer or employee of the company
 A partner or employee of such a person
 Any partner in a partnership in which such a person is a partner
 Ineligible by the above for appointment as auditor of any directly connected companies

ASSURANCE ENGAGEMENTS
In respect of assurance engagements, select whether the following statements are true
or false.
Wilson LLP an accountancy firm, have been asked to prepare the financial statements of
ABC Ltd for the year ended 31 December.
A True – this is an example of an assurance engagement
B False – this is not an example of an assurance engagement
Wilson LLP have also been asked to review the accounting policies used by Smith &
Jones PLC in the preparation of their financial statements and report as to whether they
are in accordance with accounting standards.
C True – this is an example of an assurance engagement
D False – this is not an example of an assurance engagement

SUMMARY
Types of assurance
Examples of assurance
What is assurance Levels of assurance
engagements
Practitioner expresses an Reasonable assurance: Statutory audit

conclusion on a subject matter Positive statement
against criteria Non-audit
Limited assurance: Examples:
Criteria Charity audits
Report Negative statement Internal controls review
Evidence
Subject matter
Three party relationship

BENEFITS AND LIMITATIONS OF
ASSURANCE
WHY IS ASSURANCE IMPORTANT?
Users
In the key assurance service of audit, the users are the shareholders of a company, to
whom the financial statements are addressed. In other cases, the users might be the
board of directors of a company or a subsection of them.
Benefits of assurance
Key benefit:
Independent and external professional verification.
Additional benefits:
 May give confidence to other users (enhancing the credibility of the information)
 Deterrent against fraud and error and reducing management bias
 Draws attention to deficiencies or modifications in the prepared information
 Leads to effective markets as investors have more faith and trust in financial
accounts and the underlying companies
BENEFITS OF ASSURANCE
Which of the following is not a benefit of an assurance report on a set of financial
statements?
A Attests to the correctness of the financial statements
B Enhances the credibility of the information being reported upon
C Reduces the risk that management may overstate the assets of the
company to show a better result
D Draws the attention of the user to deficiencies in the information
being reported upon

Limitations of assurance
 Sampling – not all transactions/items in the accounting records are tested
 The fact that the accounting systems on which assurance providers may place a
degree of reliance also have inherent limitations
 The fact that most audit evidence is persuasive rather than conclusive.
 Human factor – collusion of parties in fraudulent behaviour, errors, override of
controls
 Some items in the subject matter may be estimates and are therefore uncertain. It
is impossible to conclude absolutely that judgemental estimates are correct.
LIMITATIONS OF ASSURANCE
Which of the following is a limitation of the provision of assurance?
A An assurance engagement may deter fraud and error
B Assurance work is carried out by people who don't work for the entity and are
therefore unfamiliar with their systems
C Information may contain estimates and judgements
D Unqualified staff may be used on assurance engagements
THE EXPECTATIONS GAP
The expectations gap could be defined as the difference between the expectations of
the users and the service being provided by the auditors. Common misconceptions are
that auditors are responsible for preparing the financial statements and identifying all
instances of fraud and error within the financial statements.
This concept is explained in the following worked example:
EXPECTATIONS GAP
Consider the following examples of the expectation gap below
 'The financial statements are audited so this will guarantee that the company will
continue to trade for the foreseeable future'
 'Auditors will detect all fraud during an audit of the financial statements'
 'If the financial statements have been audited then the figures will be completely
accurate and the audit will provide absolute assurance to this fact'

Requirement
a) Explain the nature of the misunderstanding in each case.
b) Define ways in which the expectations gap be resolved.
Nature of the misunderstandings
Resolutions to the expectations gap
There are a variety of ways which the expectation gap can be reduced, such as by
setting out the terms of the engagement in an engagement letter (see Topic 2).

SUMMARY
Benefits and limitations of assurance
Why is assurance
The expectation gap
important?
The difference between the

role of the auditor and the
users' understanding/
expectations of their role
Benefit Limitations
Provides users with confidence Nature of subject matter, for

as to the reliability of example use of estimates and
information judgements/forward-looking
data
Not 100% testing of all items

THE AUDIT OVERVIEW
Plan the audit
Understand the entity (including documenting and confirming

the accounting systems and internal control)
Assess risk of material misstatement
Select audit procedures to respond to risk of material misstatement
Risk assessment Risk assessment does

includes expectation not include expectation
that controls operate that controls operate
effectively effectively
Tests of controls (to confirm expectation)
Unsatisfactory Report
to management
Satisfactory
Restricted Full
substantive tests substantive tests
Overall review of
financial statements
Report to
management
Auditor's
report

SUMMARY
The audit overview
The process involved in an

audit from planning through
to the final audit report

ACTIVITY ANSWERS
ELEMENTS OF ASSURANCE
Criteria
It is most likely in this instance that the criteria would be accounting standards, so that
Jenny was assured that the financial statements were properly prepared and comparable
with other companies' financial statements.
Report
The nature of the report would be agreed between you and Jenny, however, it would be
a written report containing your opinion on the financial statements.
Evidence
You would have to agree the extent of procedures in relation to this assignment with
Jenny so that she knew the level of evidence you were intending to seek. This would
depend on several factors, including the degree of secrecy in the proposed transaction
and whether the directors of Bloggin Limited allowed you to inspect the books and
documents.
Subject matter
The most recent financial statements of Bloggin Limited are the subject matter.
Three party relationship:
 Jenny (the intended user)
 You (the practitioner)
 The directors of Bloggin Limited as they produce the financial statements (the
responsible party)
LEVELS OF ASSURANCE
Assessment of effectiveness of internal controls
B Limited: Not enough evidence can be gathered to give the higher level of
assurance.
Statutory audit
D Reasonable: Statutory audits give a high (reasonable) level of assurance, but this
assurance can never be absolute.
Review of cash flow forecast
F Limited: Most of the information is based on future estimates, therefore not
reliable enough to give reasonable assurance.

B False – this is not an assurance engagement
The preparation of accounts is a specific task, and Wilson LLB are not giving an
opinion on them. Therefore this is not assurance engagement.
C True – this is an assurance engagement
The review of the accounting policies has all the elements of assurance as Wilson
LLB are being asked to review the policies and give their opinion on whether or not
they are in accordance with accounting standards.
BENEFITS OF ASSURANCE
A Attests to the correctness of the financial statements


B Enhances the credibility of the information being reported upon
C Reduces the risk that management may overstate the assets of the
company to show a better result
D Draws the attention of the user to deficiencies in the information being
reported upon
An assurance engagement can never give absolute assurance that the accounts are
correct. The others are benefits.
LIMITATIONS OF ASSURANCE
C Information may contain estimates and judgements.
EXPECTATIONS GAP
Nature of the misunderstandings
 'The financial statements are audited so this will guarantee that the company will
continue to trade for the foreseeable future'
– Misunderstanding the nature of audited financial statements
 'Auditors will detect all fraud during an audit of the financial statements'
– Misunderstanding the type and extent of the work undertaken by auditors
 'If the financial statements have been audited then the figures will be completely
accurate and the audit will provide absolute assurance to this fact'
– Misunderstanding the level of assurance provided by auditors

Resolutions to the expectations gap
The assurance engagement letter will define the expectations and limitations on both
sides (the assurance team and the party responsible for the information). This helps to
reduce misunderstandings as to the extent or the role that the assurance team have in
the engagement.
The auditor’s report in the financial statements sets out the scope and limitations of any
opinion given by the assurance team. The report is set out in a standard format to allow
users to compare reports of different companies with relative ease.

2
OBTAINING AND PLANNING
Learning outcomes
professionals.
• Define the assurance process, including:
 obtaining the engagement
 engagement acceptance
 the scope of the engagement
 planning the engagement
 performing the engagement
 continuous risk assessment
• Recognise the need to plan and perform assurance engagements with an attitude
of professional scepticism and the exercise of professional judgement
TOPIC OVERVIEW
Obtaining and planning

assurance engagements
Obtaining an
Planning
engagement
Obtaining and accepting Understanding the entity

an engagement and analytical procedures
After acceptance Materiality and audit risk
Agreeing terms of an
Audit strategy and plan
engagement
26 Topic 2: Obtaining and planning assurance engagements

OBTAINING AN ENGAGEMENT
OBTAINING AN ENGAGEMENT
How assurance firms obtain clients is an important practical question, but it is largely
outside the scope of this syllabus. In brief, you should be aware that:
 Accountants are permitted to advertise for clients within certain professional
guidelines, the details of which are outside of the scope of this syllabus
 Accountants are often invited to tender for particular engagements
ACCEPTING AN ENGAGEMENT
This section covers the procedures that the auditors must undertake to ensure that
their appointment is valid and that they are clear to act. This is covered in ISA (UK)
210 Agreeing the Terms of Audit Engagements.
Auditors are normally appointed on an annual basis and by shareholders' ordinary
resolution. In some circumstances, such as for a new organisation or breaching the audit
threshold for the first time, the directors may appoint auditors.
Appointment considerations
In gaining the information to determine whether they can accept the appointment, the
auditors would undertake a number of procedures.
The nominee auditors must carry out the following procedures (MANICS):
Acceptance procedures Examples
Management integrity If the directors are unknown to the assurance

team, it is advisable to make further
enquiries, such as obtaining references from a
third party, such as a bank.
Adequate resources Does the assurance firm have sufficient
resources (time, staff, industry or specialised
knowledge, technical expertise)? If the client
requires specialist assurance knowledge, such
as an insurance client, does the firm have
sufficient expertise to undertake the work?
Nature of engagement (level of risk – Perform risk assessment procedures. Include
see additional table) an assessment of the industry-specific audit
risks which may affect the client and ensure
the audit firm has sufficient knowledge of
relevant regulations, such as insurance or
banking specific rules.
Identification Perform procedures under Money Laundering
Regulations to ensure compliance with
professional and legal safeguards. Ensure that
the assurance team is not barred due to
professional ethics (such as a conflict of
interest with an existing client).
Topic 2: Obtaining and planning assurance engagements 27

Acceptance procedures Examples
Communicate with previous auditor Understand the reasons or circumstances for

the change of auditor. This is also a matter of
professional courtesy.
Stability Consider the stability of the client (do they
change their auditors regularly? Is the client
financially secure? Is the client credit worthy?)
Further appointment procedures

The above MANICS procedures would involve the auditor undertaking a number of steps.
 Is this the client's first audit? If it is not, then the outgoing auditors will need to be
contacted.
 The prospective auditors can ONLY contact the outgoing auditors if the client gives
them permission to contact the current auditors. If this is refused by the potential
client, then the auditor should decline the engagement.
 If permission is granted, then the auditor must write to the outgoing auditors
asking them to disclose all relevant information to them (ie is there any
professional reason as to why they should not accept the engagement).
 Once the prospective auditor has received a response, then a full assessment can
be made regarding whether to accept the appointment.
Due diligence
As part of the initial due diligence process, the assurance team should undertake a
review to consider whether the potential client is low or high risk.
Consider some of the factors to look out for which may indicate low and high risk clients:
Low risk High risk
Long term prospects Current or forecast financial issues or

problems within the industry
Well financed Potential finance and/or cash flow issues
Strong internal controls Significant control weaknesses
Conservative accounting policies Regularly changing accounting policies or

ignoring them completely
Knowledgeable, competent management Absentee key members of the management
team or a high turnover of key members of
staff

ACCEPTANCE CONSIDERATIONS
Identify whether the following statements are true or false. Jacob, Marley & Dickens is an
audit firm who are considering a new client, Christmas Chains Limited. Which of the
following factors must the audit firm consider when taking on this new client?
True False
Whether the firm is ethically barred from acting
Whether the firm has sufficient expertise to carry out the engagement
Whether the firm can make sufficient profit from the engagement
Whether the client gives permission to contact the outgoing auditors
Money laundering regulations

To comply with the Money Laundering Regulations, assurance firms must undertake
'client due diligence'.
This is mandatory if an ongoing relationship is envisaged or a one-off transaction (or
series of transactions) worth more than €15,000 will take place.
Individuals
 Documents giving the full name and address of the client, plus identification with a
photograph
Companies
 Obtain information from the Registrar of Companies, to include details of the
address and director and shareholder information
Client identification documents must be kept for a minimum of five years and until five
years have elapsed since the relationship with the client in question has ceased. It is also
necessary to keep a full audit trail of all transactions with the client.
MONEY LAUNDERING IDENTIFICATION

Stilgoe and Brown, a firm of Chartered Accountants, has accepted several appointments
of new clients. Select the most appropriate forms of identification in each case.
Client Certificate of Passport Utility bill Annual

incorporation return
Clive Warren, a sole
trader
Bright Eyes plc
Morgan Jessop Ltd

AFTER ACCEPTANCE
 Ensure proper removal/resignation of the outgoing auditor in accordance with
legislation – the new auditors should confirm this is satisfactory by reviewing
official documentation which provides evidence of their resignation, such as
minutes from a general meeting and a valid notice of resignation.
 Ensure that the new auditors' appointment is valid by agreeing their appointment
to the resolution which is passed at the general meeting to appoint new auditors.
 Submit a letter of engagement
 The new auditors should obtain all books and records belonging to the client
currently held by the previous auditor
A letter of engagement sets out the objectives, scope and responsibilities of the audit.
It outlines the reporting framework and the form of any reports or opinions which may
be given.
Other assurance engagements

Similar considerations will be required for any assurance engagements. The legal
considerations relating to audit will not be relevant to other assurance engagements, but
the ethical, risk and practical considerations will be just as valid.
AGREEING TERMS OF AN ENGAGEMENT

The purpose of an engagement letter is to:
 Define responsibilities
 Provide written confirmation
Audit engagement letters

The auditors should send an engagement letter to all new clients soon after their appointment
as auditors and, in any event, before the commencement of the first audit assignment.
Key contents of the engagement letter are (ADDS TO FIRMS Fees):
 Auditors' responsibilities*
 Directors' responsibilities* (including preparation of the financial statements)
 Directors' representations
 Scope/Objectives* of the assurance engagement
 Terms agreed
 Other services
 Fraud, (clarifying that the directors are responsible for detecting fraud and errors)
 Irregularities
 Report to management*, including the nature and content of these reports
 Management of the audit (timings etc)
 Specialists, (may be required, such as to value large or unusual assets)
 Fees
* These items are required by ISA (UK) 210.

PURPOSE OF THE ENGAGEMENT LETTER
Which two of the following are not included in the purpose of issuing a letter of
engagement?
A Narrowing the expectations gap
B Providing management with a fee quote for the work to be performed
C Documenting and confirming acceptance of the appointment
D Informing the directors of the procedures to be carried out
E Indicating the likely type of report to be issued

SUMMARY
Obtaining an engagement
Obtaining and accepting Agreeing terms of an

After acceptance
an engagement engagement
Management integrity Removal/resignation of The engagement letter is a

outgoing auditor contract between the
Adequate resources company and the audit firm
Appointment as new auditor
Nature of engagement (risk) Defines responsibilities
Identification Key contents (ADDS TO

FIRMS Fees)
Communicate with previous
auditor
Stability

PLANNING
To recap, the overall objectives of the auditor (as set out in ISA (UK) 200) are:
– To obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement
– To report on the financial statements, and communicate as required in accordance
with the auditor's findings (ISA (UK) 200, para.11)
The planning process is an important stage in the assurance process as this is where
risks and expectations are considered. This is outlined in general terms by ISA (UK) 300
Planning an Audit of Financial Statements. ISA (UK) 300 whereby 'The objective of the
auditor is to plan the audit so that it will be performed in an effective manner' (ISA (UK)
300, para.4).
UNDERSTANDING THE ENTITY

ISA (UK) 315 Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment states that 'the objective of the auditor is
to identify and assess the risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels, through understanding the
entity and its environment, including the entity's internal control, thereby providing a
basis for designing and implementing responses to the assessed risks of material
misstatement'.
It is the duty of the auditor to have an understanding of the entity, through a variety of
enquiries including analysis using Key Performance Indicators (KPIs) and an
understanding of operations of the organisation.
Matters to consider when obtaining an understanding of the entity

Industry, regulatory and other external  Market and competition
factors, including the applicable financial  Product technology
reporting framework  Accounting principles
 Tax/legislation
 Interest rates/inflation
Nature of the entity  Revenue sources

 Products or services
 Locations
 Key customers/suppliers
 Financing
 Investment
Objectives and strategies and related  New products/services

business risks  Expansion
 Use of IT
Measurement and review of the entity's  Trends

financial performance  Ratios, KPIs
 Budgets and forecasts

Selection and application of accounting  Changes in accounting policies
policies  New legislation
Internal control  Will be covered in detail in later

topics
KNOWLEDGE OF THE BUSINESS

Charles & Samira LLP are a large, multinational audit firm who has been approached by
Nuggets Ltd to perform their audit. Nuggets Ltd are a growing company who trade in
precious metals and have recently purchased a gold mine in Kazakhstan. This is the first
year that the company will have required an audit.
Which of the following methods of obtaining information would help to identify key risks
relating to the audit of Nuggets Ltd?
Discussion with previous audit firm
Employing the services of a specialist who can value precious metals
Review of industry standards relating to mining companies and consulting

other audit partners within the firm who have experience of mining
companies
Review of financial statements from the Register of Companies
KNOWLEDGE OF THE BUSINESS TECHNIQUES

In order to obtain an understanding of the entity, auditors must use a combination of
which four of the following procedures?
Inspection
Observation
Enquiry
Analytical procedures
Computation

Professional scepticism
Although the role of the auditor is not to actively prevent and detect fraud (that is the
responsibility of the company's management), the auditor is responsible for obtaining
reasonable assurance that the financial statements are free from material misstatement
or error. It is required that an auditor maintains professional scepticism. In practice, this
may include:
 Maintaining a questioning mind, seeking to verify the validity of answers or
evidence received
 Neither assuming that management are dishonest nor accepting answers without
question or seeking further assurance
 Being alert to any responses or evidence which are contrary to those already given
Professional scepticism is an attitude that includes a questioning mind, being alert to

conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence
Professional judgement
ISA (UK) 200 requires the auditor to exercise professional judgement in planning and
performing an audit of financial statements, including, but not restricted to the following:
 Materiality and audit risk
 Extent and timing of audit procedures
 Sufficient and appropriate audit evidence obtained
 Evaluating management judgements
 Drawing conclusions on the evidence obtained
Professional judgement is the application of relevant training, knowledge and

experience in making informed decisions about courses of action that are appropriate in
the circumstances of the audit engagement.
PROFESSIONAL JUDGEMENT
Which THREE of the following factors may influence the judgement of the assurance
team as to what may constitute sufficient, appropriate audit evidence during an
engagement?
Cost of obtaining the evidence
Materiality
Experience of prior audits
Reliability of the evidence

AUDIT RISK
Audit risk: The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated.
(FRC Ethical Standard, Glossary of terms)
Under ISA (UK) 200 Overall Objectives of the Independent Auditor and the Conduct of an
Audit in Accordance with International Standards on Auditing (UK), the auditor should
plan and perform the audit to reduce audit risk to an acceptably low level.
It is made up of three components as is illustrated by the below diagram:
AR = IR × CR × DR
Audit risk Inherent risk Control risk Detection risk
Sampling risk Non-sampling risk
Risk of material misstatement in the financial statements
Inherent risk
Inherent risk: The susceptibility of an assertion about a class of transaction, account

balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, before consideration of any related controls.
The risk of such misstatement is greater for some assertions and related classes of
transactions, account balances and disclosures than for others. For example:
 Complex calculations are more likely to be misstated than simple calculations.

 Accounts consisting of amounts derived from accounting estimates pose greater
risks than accounts consisting of relatively routine, factual data.
 The business, or the industry, may be under pressure to produce results in a tough
economic climate, for example, where the business is seeking new funding or
directors' bonuses are reliant on company results.
External circumstances giving rise to business risks may also influence inherent risk.
When planning the engagement it is imperative that the auditor uses their professional
judgement to consider the impact of inherent risk on the audit.
Control risk
Control risk: The risk of a misstatement that could occur in an assertion about a class
of transactions, account balance or disclosure, and that could be material, either
individually or when aggregated with other misstatements, and not being prevented, or
detected and corrected, on a timely basis by the entity's internal control.
We shall look at controls in more detail in Topic 4 Internal Control Systems. In this topic
you will learn about the types of controls you might expect to see in a company, and
therefore be able to identify weaknesses or deficiencies, which indicate control risk.

Detection risk
Detection risk: The risk that the procedures performed by the auditor to reduce audit
risk to an acceptably low level will not detect a misstatement that exists and that this
error could be material, either individually or when combined with other factors.
The auditor manages overall audit risk by manipulating detection risk, the only element
of audit risk the auditor has control over. This because the more work the auditors carry
out, the lower detection risk becomes, although it can never be entirely eliminated due to
the inherent limitations of an audit.
SPEEDY BIKES
You have recently been appointed as the auditor of Speedy Bikes Ltd, a company that
was set up during the year and sells performance motorcycles. The company is keen to
have their audit finalised as soon as possible as they are looking to obtain funding from
their bank in the form of a business development loan. Their accounts are needed as
part of the loan application process.
The company had a bespoke software package written by the director's brother, Alex,
who is a keen amateur software writer. The package deals with all of the company's daily
accounting needs.
Most new motorcycles displayed in the showroom are on consignment from the main
manufacturers. The title transfers when the bike is sold on to a customer or used as a
demonstrator; up until that point Speedy Bikes can return it to the manufacturer at no
penalty.
The company also sells secondhand bikes; these are purchased from the public or taken
in as part exchange. The director of Speedy Bikes, Marc, has told you that they have the
largest collection of secondhand bikes in the South East held throughout their branches
and in some off-site warehouses, some of which have not been produced by the main
manufacturers for years and are now very rare.
Requirements
a) Identify the inherent risk factors from the above scenario.
b) Identify the control risks.
c) Identify the detection risks.
SOLUTION

AUDIT RISK
Audit risk can be split into three components: inherent risk, control risk and detection
risk.
Requirement
For each of the following examples, indicate the type of risk illustrated:
a) The organisation has few employees in the accounts department.
b) The organisation is highly connected with the building trade.
c) The assurance firm may do insufficient work to detect material errors.
d) The financial statements contain a number of estimates.
SOLUTION

Identifying and assessing the risks
Identify risks throughout the process of obtaining an understanding of the entity and its environment
Assess the identified risks and link them to what can go wrong at the assertion level
Consider whether the risks are of a magnitude that could result in a material misstatement
Consider the likelihood of the risks causing a material misstatement
IDENTIFYING RISKS
You are involved with the audit of Tantpro Ltd, a small company. You have been carrying
out procedures to gain an understanding of the entity. The following matters have come
to your attention.
The company offers standard credit terms to its customers of 60 days from the date of
invoice. Statements are sent to customers on a monthly basis. However, Tantpro Ltd
does not employ a credit controller, and other than sending statements on a monthly
basis, it does not otherwise communicate with its customers on a systematic basis. On
occasion, the receivables ledger clerk may telephone a customer if the company has not
received a payment for some time. Some customers pay regularly in accordance with the
credit terms offered to them, but others pay on a very haphazard basis and do not
provide a remittance advice. Receivables ledger receipts are entered onto the receivables
ledger but are not matched to invoices remitted. The company does not produce an aged
list of balances.
Requirement
Which of the following risks is most likely to arise out of the above scenario?
Inventory may be overstated.
Inventory may be understated.
Purchases may be overstated.
Purchases may be understated.
Trade receivables may be overstated.
Trade receivables may be understated.

Significant risks
Some risks may be significant risks, which require special audit consideration. ISA
(UK) 315 sets out the following factors which indicate that a risk might be a significant
risk:
 Risk of fraud
 Related to recent significant economic, accounting or other development
 The complexity of the transaction
 It is a significant transaction with a related party
 The degree of subjectivity in the financial information
 It is an unusual transaction
When the auditor identifies a significant risk, if they haven't done so already, they must
evaluate the design and implementation of the entity's internal controls in that area.
SIGNIFICANT RISKS
Which two of the following are more likely to give rise to significant risk?
Change of accounting policy due to recent legislative changes and new

accounting standards
Purchase of large plant and equipment throughout the year
Client moves to a new supplier for one of its key components
Management have introduced a new method of calculating warranty

provisions for the best selling computer unit.
MATERIALITY
ISA (UK) 320 Materiality in Planning and Performing an Audit states that 'materiality and
audit risk are considered by the auditor when:
 Identifying and assessing the risks of material misstatement;
 Determining the nature, timing and extent of audit procedures; and
 Evaluating the effect of uncorrected misstatements, if any, on the financial
statements and in forming the opinion in the auditor's report.'
(ISA (UK) 320, para.A1)
Materiality: a matter may be deemed to be material (by its size or nature) if its
omission or misstatement could influence the economic decisions of users taken on the
basis of the financial statements.
Materiality guidelines
The auditor must use their professional judgement when assessing and setting the level
of materiality for an engagement.
To set the materiality level they need to decide the level of error which would distort the
view given by the accounts. Because many users of accounts are primarily interested in
the profitability of the company, the level is often expressed as a proportion of profit;
however, the auditors will often calculate a range of values, such as those shown below,
and then take a weighted average of all the figures.

Value %
Profit before tax 5–10
Revenue ½–1
Total assets 1–2
Review of materiality
The level of materiality must be reviewed constantly as the audit progresses, and
changes may be required because:
 Draft accounts are altered (due to material error and so on) and therefore
overall materiality changes
 External factors may cause changes in risk estimates
Such changes may be caused by errors or misstatements found during testing.
MATERIALITY
For each of the following statements select whether they are true or false in respect of
the concept of materiality.
Materiality depends only on the monetary amount of an item.
A True
B False
Materiality is set at the planning stage and that figure is used throughout the audit.
C True
D False
The materiality level based on revenue set by auditing standards is between ½% and 1%.
E True
F False
ANALYTICAL PROCEDURES
Analytical procedures means evaluation of financial information through the study of

plausible relationships among both financial and non-financial data.
Analytical procedures include the following types of comparisons:

 Prior periods
 Budgets and forecasts
 Industry information
 Predictive estimates
 Relationships between elements of financial information, ie ratio analysis
 Relationships between financial and non-financial information, ie payroll costs to
the number of employees
 Investigation of unusual/significant changes

Analytical procedures in planning the audit – key ratios
The following table highlights key analytical ratios which you are expected to learn and
understand their use.
Heading/ratio Formula
Performance Profit before interest and tax
Return on capital employed Equity + net debt
Return on shareholders' funds Net profit for the period

Share capital+ reserves
Gross profit margin Gross profit × 100

Revenue
Cost of sales percentage Cost of sales × 100

Revenue
Operating cost percentage Operating costs / overheads × 100
Revenue
Net margin/operating margin Profit before interest and tax × 100

Revenue
Short-term liquidity Current assets : Current liabilities

Current ratio
Quick ratio Receivables + current investments + cash :
Current liabilities
Long-term solvency Net debt
Gearing ratio Equity
Interest cover Profit before interest payable

Interest payable
Efficiency Revenue
Net asset turnover Capital employed
Inventory turnover Cost of sales

Inventories
Inventory days Inventory × 365
Cost of sales
Trade receivables collection period Trade receivables × 365

Revenue
Trade payables payment period Trade payables × 365
Credit purchases

ANALYTICAL PROCEDURES, RATIO CALCULATION
Lime Ltd is a long-established manufacturing company with a year end of 30 September.
The senior in charge of the audit has been provided with extracts from the draft accounts
for the year ended 30 September 20X7 prior to the final audit planning meeting with the
financial accountant of Lime Ltd.
Extracts from the draft statement of financial position as at 30 September
20X7
Draft Actual
20X7 20X6
£'000 £'000
Property, plant and equipment 32,560 31,850
Receivables: trade 3,600 2,150
other 250 200
Inventory: raw materials 1,200 870
work in progress 350 450
finished goods 1,860 1,610
Payables: trade 2,060 1,470
other 500 450
Extracts from the draft statement of profit or loss for the year ended 30
September 20X7
Draft Actual
20X7 20X6
£'000 £'000
Revenue 43,150 40,750
Cost of sales (29,180) (29,040)
13,970 11,710
Depreciation and loss on sale of PPE (3,450) (2,010)
Other expenses (2,340) (2,280)
Profit before taxation 8,180 7,420

Requirements
a) Calculate each of the following ratios for 20X6 and 20X7:
i) Gross profit margin
ii) Net profit margin
iii) Inventory days
iv) Trade receivables days
v) Trade payables days
b) Explain any risks of misstatement that might be significant when using these
rations in planning the audit of Lime Ltd? Use your answers to part (a) to explain
any areas of concern that you may have as an auditor.
SOLUTION

ANALYTICAL PROCEDURES, INTERPRETATION
Here is some budget financial information for Fleming plc, contrasted with the
management results for the 12 months under review:
Budget Actual
£ £
Sales 1,350,000 1,339,588
Cost of sales 850,000 994,663
Gross profit 500,000 344,925
Salaries 245,000 243,873
Repairs and renewals 7,500 24,983
Depreciation 7,500 7,551
Motor expenses 25,750 14,678
Other costs 44,000 43,968
Requirement
Which three of the following areas would you be most likely to investigate further as a
result of carrying out analytical procedures on the above? Briefly explain your answer.
Sales
Cost of sales
Sales and cost of sales
Depreciation
Repairs and renewals
Motor expenses

AUDIT STRATEGY AND PLAN
Audit strategy: The formulation of the general strategy for the audit, which sets
the scope, timing and direction of the audit and guides the development of the
audit plan.
Audit plan: An audit plan is more detailed than the strategy and sets out the
nature, timing and extent of audit procedures.
The audit strategy
 Broad scope of the audit
 Summary of results of planning
 Useful for all team members
 Signed off by the partner
The audit plan
 More detailed than audit strategy
 Nature, timing and extent of audit procedures
 For each material class of transactions, account balance or disclosure
 Planning these procedures takes place over the course of the audit
The key objectives of planning an audit are:

 Ensure appropriate attention is devoted to important areas of the audit
 Identify potential problems and resolve them on a timely basis
 Ensure that the work is properly organised and managed
 Assign work to engagement team members properly, according to ability,
experience or technical knowledge
 Facilitate direction and supervision of engagement team members, ensuring timely
review and clear reporting
Key contents of an overall audit strategy
Understanding the entity's  General economic conditions

environment  Current trends and developments in the industry
 Understanding principal business strategies and the
financial performance (for example, obtaining
management accounts for the year to date)
 Extent of the experience and competence of
management

Key contents of an overall audit strategy
Understanding the  Any reporting developments which may affect the

accounting and internal client, such as revenue recognition changes
control systems  Any new accounting or auditing legislative changes
 Referring to prior year files, considering any
emphasis from earlier audits and types of tests used
in the past
Risk and materiality  Setting of materiality for audit planning purposes
(use management accounts and/or prior year
results)
 Possibility of material misstatements, using past
experience where applicable
 Identification of complex accounting areas, such as
long term contracts or inventory valuation
Nature, timing and extent of  If there is inventory, consider attending inventory
procedures physical count (if possible)
 If there are large plant and machinery or
properties, consider whether physical verification is
required
 What information technology is available, can
testing be completed on the system or more
substantive work required?
Supervision and review  Staffing availability and level of experience
 Consider attending year-end procedures if areas of
high risk and/or value
 The number of locations, do they all require a visit?
Other matters  The risk that there are new or special issues that
require additional attention this audit year
 Any changes to the scope or statutory
responsibilities?
 Additional pressures or financial liens which may
increase risk of misstatement
AUDIT STRATEGY, AUDIT PLAN

Which two of the following would normally be included in the overall audit strategy?
Information about the client's industry
Identification of specific audit risks
Confirmation of management's responsibility for the financial statements
Details of testing procedures for non-current assets

SUMMARY
Planning
Understanding the entity Analytical procedures Materiality Audit risk Audit strategy and plan
Matters to consider Professional Identify and assess the risks of Materiality definition Audit risk definition: Strategy (scope, timing and
scepticism and judgement material misstatement direction of the audit)
Material by nature vs by Audit risk = IR × CR × DR
Analytical procedures to gain an amount Plan (nature, timing and
understanding of the entity extent of audit procedures)
Guidelines:
Ratio analysis Profit before tax Objectives of audit planning
Revenue
Variance analysis Total assets
Investigation of unusual items

ACTIVITY ANSWERS
ACCEPTANCE CONSIDERATIONS
True False
Whether the firm is ethically barred from acting 

Whether the firm has sufficient expertise to carry out the engagement 
Whether the firm can make sufficient profit from the engagement 
Whether the client gives permission to contact the outgoing auditors 
The auditors must consider if they are ethically qualified to act, whether they have
sufficient resources and whether the client gives permission to contact the previous
auditors (if this is declined, the auditors must decline to accept).
As the audit firm is also a commercial enterprise, it must also consider whether taking on
the engagement is commercially viable.
MONEY LAUNDERING IDENTIFICATION
Client Certificate of Passport Utility bill Annual

incorporation return
Clive Warren, a sole trader  
Bright Eyes plc  
Morgan Jessop Ltd  
PURPOSE OF THE ENGAGEMENT LETTER

B Providing management with a fee quote for the work to be performed
Although an indication of the fee basis may be included, the engagement letter would
not include an actual quote.
D Informing the directors of the procedures to be carried out
The directors would never be told about the procedures to be carried out as this would
allow them to hide issues from the auditors.

KNOWLEDGE OF THE BUSINESS
Discussion with previous audit firm
Employing the services of a specialist who can value precious metals
Review of industry standards relating to mining companies and consulting 

other audit partners within the firm who have experience of mining
companies
Review of financial statements from the Register of Companies 
There is no previous audit firm as this is the first year of the audit of Nuggets Ltd.
Employing the specialist who can value precious metals would not necessarily identify
issues and risks at the planning stage. However, if Charles & Samira LLP were to perform
the audit of Nuggets Ltd, it is likely they would engage specialists to assist them in
valuing the inventory.
Reviewing industry issues, consulting with those within the firm who have had
experience of this technically challenging industry and reviewing the financial statements
available from the Register of Companies would be useful in enabling the audit firm to
gain an initial understanding of the key issues for the audit of Nuggets Ltd.
KNOWLEDGE OF THE BUSINESS TECHNIQUES
Inspection 
Observation 
Enquiry 
Analytical procedures 
Computation
Although the auditor may use computation, particularly when carrying out analytical
procedures, it is not a required tool, whereas a combination of the procedures outlined
above is required by the ISA.
PROFESSIONAL JUDGEMENT
Cost of obtaining the evidence
Materiality 
Experience of prior audits 
Reliability of the evidence 

Materiality and experience of prior audits are relevant factors which may influence the
auditors’ judgement as to what may constitute sufficient, appropriate audit evidence.
The reliability of the evidence is also a factor. The cost of obtaining the evidence should
affect not influence their judgement as to what may constitute sufficient, appropriate
audit evidence.
SPEEDY BIKES
Inherent risks
The company was set Inexperience is likely to lead to a higher number of errors in
up during the year the accounts.
New companies often struggle to survive due to liquidity
issues; this may mean that the company may not be a going
concern.
Reliant on audited The director may be tempted to overstate the profit and
accounts to secure assets of the company in order to present a better result to
funding the bank.
Bespoke software Alex does not seem to be a professional software developer

package and we have no idea if he has any accounting experience; it
is likely that this system will not be suitable for preparing the
accounting information needed.
New motorcycles on The issue of substance makes this a more difficult accounting
consignment area and therefore one open to mistakes. The motorcycles
should not be in Speedy Bikes accounts as inventory;
however it is likely that Marc may try to include them in order
to increase the company’s assets.
Secondhand The huge stock of motorcycles will be difficult to value
motorcycles accurately; also proving existence due to them being in a
number of locations will be difficult.
It is likely that a number of the older motorcycles may have
very little value if they have been held by Speedy Bikes for a
long period but still remain unsold.
Any valuable motorcycles may require a specialist valuation.
Control risks
Small company The company appears to be small with not many staff; it is
therefore likely that there would not be enough people to
carry out control tests to prevent and detect errors.
Software The new software system is likely to be unsophisticated and

may lack sufficient inbuilt controls or security. Bespoke software
can have issues requiring specialist support if issues arise.
High level of The company has a huge quantity of secondhand

inventory motorcycles; there may be a lack of control over inventory
storage, allowing inventory to go missing or deteriorate while
being stored.

Detection risk
Lack of knowledge The company is a new client; therefore we have no previous

knowledge of them making identification of errors and
problems more difficult.
Time pressured audit Marc has requested that the audit is completed as soon as
possible. This may put pressure on us to reduce the amount
of work we do due to time constraints.
Specialist knowledge Choosing a relevant and representative sample of

of the industry and motorcycles to audit when testing inventory will be difficult
location of inventory due to the various locations and valuations.
AUDIT RISK
a) Control – the fact that there are few employees in the accounts department means
that segregation of duties will be limited (see topic 3 Internal Control Systems for
more details in this area).
b) Inherent – this is a naturally risky industry.
c) Detection – this is in essence the definition of detection risk.
d) Inherent – there is a risk that estimates may be inappropriate.
IDENTIFYING RISKS
Trade receivables may be overstated.
The key risk arising from the above information is that trade receivables may not be
carried at the appropriate value in the financial statements, as some may be
irrecoverable. Where receipts are not matched against invoices in the ledger, the balance
on the ledger may include old invoices that the customer has no intention of paying.
It is difficult to assess at this stage whether this is likely to be material. The trade
receivables balance is likely to be a material balance in the financial statements, but the
number of irrecoverable balances may not be material. Analytical procedures, for
example, to see if the level of accounts receivable has risen year on year, in a manner
that is not explained by price rises or levels of production, might help to assess this.
A key factor that affects the likelihood of the material misstatement arising is the poor
controls over the receivables ledger. The fact that invoices are not matched against
receipts increases the chance of old invoices not having been paid and not noticed by
Tantpro Ltd. It appears reasonably likely that the trade receivables balance is overstated
in this instance.

SIGNIFICANT RISKS
Change of accounting policy due to recent legislative changes and new 
accounting standards
Purchase of large plant and equipment throughout the year
Client moves to a new supplier for one of its key components
Management have introduced a new method of calculating warranty provisions 

for the best selling computer unit.
Any transactions which require an element of subjectivity or judgement, such as a new

method of calculating a provision are more likely to be potential risks in the audit. A
change of accounting policy due to new legislation may have been interpreted incorrectly
or calculated wrongly. The first time a new policy is used is potentially more risky for the
audit team.
Just because large items are purchased, does not mean an increase in significant risk,
although the audit testing would be required to review them. A change of supplier would
not automatically result in a more significant audit risk.
MATERIALITY
Materiality depends only on the monetary amount of an item.
B False
An item can be material by nature, as well as by monetary value.
Materiality is set at the planning stage and that figure is used throughout the audit.
D False
The planning materiality figure is likely to change as the audit progresses, errors are
found or the risk assessment changes.
The materiality level based on revenue set by auditing standards is between ½% and
1%.
F False
There are no figures specified by auditing standards.

ANALYTICAL PROCEDURES, RATIO CALCULATION
a)
20X7 20X6
Gross profit margin 13,970 11,710

= 32.4% = 28.7%
43,150 40,750
Net profit margin 8,180 7,420

= 18.2%
= 19.0%
43,150 40,750
Inventory days 3,410 2,930

 365 = 42.7 days  365 = 36.8 days
29,180 29,040
Trade receivable 3,600 2,150

 365 = 19.3 days
 365 = 30.5 days
days 43,150 40,750
Trade payable days 2,060 1,470

 365 = 25.8 days  365 = 18.5 days
29,180 * 29,040
* Have used cost of sales in place of purchases, which cannot be identified for
both years.
b) Risk of misstatement
The increase in gross profit margin could result from:
 Cut-off errors in revenue, including sales made after the year end
 Overstatement of value of closing inventory
 Inconsistency in cost classification between the two years
The net profit margin has remained fairly constant over the period and as a
result:
 This could strengthen the auditor's suspicion that costs have been
misclassified
The increase in inventory days could result from:
 A falling off in demand for the company's products, meaning items of
inventory may be obsolete or unsaleable so their value may be overstated
 Errors in year-end inventory counting
The increase in trade receivable days could indicate:
 That some long overdue amounts are included that may not be recoverable,
so an allowance may be required
 Cut-off errors at the year end, overstating sales and receivables
The increase in trade payable days could indicate:
 That the company has cash flow problems and is struggling to pay its
liabilities as they fall due. This could raise doubt over the entity's status as a
going concern
 Cut-off errors with posting of cash payments at the year end

ANALYTICAL PROCEDURES, INTERPRETATION
Sales and cost of sales
Repairs and renewals
Motor expenses
On the face of it, sales do not appear to have fallen much below what was anticipated
for the year, but the fact that the gross margin has changed so much (from 37% to
26%) indicates that there may be a problem somewhere in sales and cost of sales, hence
rather than focus on one or the other (you might have selected cost of sales only, due to
the fact that the major difference from budget is here) it would be best to look at the
whole issue together. Gross margin may look wrong because sales are understated in
error – and sales were actually much better for the year than anticipated.
Depreciation, as you might expect, appears to have been predicted accurately and is low
risk. Problems with depreciation if they existed would probably be uncovered by an
analysis of the statement of financial position.
Repairs and renewals and motor expenses vary substantially from budget, so are worth
further investigation.
AUDIT STRATEGY, AUDIT PLAN
Information about the client's industry 

Identification of specific audit risks 
Confirmation of management's responsibility for the financial statements
Details of testing procedures for non-current assets

3
THE NATURE OF AND
PROCESS FOR EFFECTIVE
INTERNAL CONTROLS
Learning outcomes
Students will be able to explain the nature of internal controls and why they are
important, document an organisation's internal controls and identify weaknesses in
internal control systems.
• State the reasons for organisations having effective systems of control
• Identify the fundamental principles of effective control systems
 Identify the main areas of a business that need effective control systems
• Identify the components of internal control in both manual and IT environments,
including:
– the overall control environment
– preventative and detective controls
– internal audit
• Define and classify different types of internal control, with particular emphasis
upon those which impact upon the quality of financial information
• Show how specified internal controls mitigate risk, including cyber risks, and state
their limitations
TOPIC OVERVIEW
The nature of and process for

effective internal control
Process and components

Internal audit
of internal control
What is internal control What is internal audit
Components of What does the internal

internal control audit function do
Information about
control
58 Topic 3: The nature of and process for effective internal controls

PROCESS AND COMPONENTS OF
INTERNAL CONTROL
WHAT IS INTERNAL CONTROL?
Internal control: 'The process designed, implemented and maintained by those

charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity's objectives with regard to reliability of
financial reporting, effectiveness and efficiency of operations and compliance with
applicable laws and regulations. The term "controls" refers to any aspects of one or
more of the components of internal control.'
ISA (UK) 315 Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment, para.4
Reasons for internal controls

 Minimising the company's business risks
 Ensuring the continuing effective functioning of the company
 Ensuring the company complies with relevant laws and regulations
Limitations of internal controls

Small companies have particular problems in implementing effective internal control
systems because:
a) There are fewer people in each department and therefore there may not be
enough staff members to review the work of others
b) Having fewer staff will mean that often a single person is in charge of an entire
process (for example the sales cycle, recording sales and receipts); this lack of
segregation of duty can lead to manipulation or undetected errors
c) Smaller companies may also have a reduced number of experienced staff and so
may not have all the right technical knowledge for any circumstance which can
occur.
LIMITATIONS OF INTERNAL CONTROL

As we have already seen in the case of small companies, internal controls have some
limitations; therefore risks to the business cannot be eliminated entirely.
Requirement
Using the prompts below, note down examples of when such limitations may occur.
Limitation Examples
Expense of the control
Human element
Topic 3: The nature of and process for effective internal controls 59

Limitation Examples
Collusion
Unusual transactions
COMPONENTS OF INTERNAL CONTROL

An important part of understanding internal controls is being able to identify what it is
that each specific control actually does. Each particular internal control may prevent an
error occurring (preventative control), or may identify that an error has occurred and
correct it (detective control).
The control environment
Control environment: The control environment includes the governance and

management functions of the organisation. These reflect the attitudes, awareness and
actions of management, establishing the culture and ethical behaviour of the company.
It is the foundation for other components of internal control.
Attitude to internal controls

The directors need to understand the importance of internal controls and be willing to
invest the time and money into implementing an effective system of internal controls.
Regular monitoring of the controls in place, and reviewing any anomalies in a timely
manner are essential for a strong control environment. Larger organisations may use
internal audit departments to assist in this process (this is covered later in this topic).
Smaller organisations will be more reliant on their management team to perform regular
reviews and ensure controls are adhered to correctly.
Auditors need to evaluate the control environment as part of the risk

assessment process
If the control environment is not strong it would imply that the system of controls, if
there are any, would not be effective. This means that the level of control risk is high
and the auditors would need to change their approach to the audit and perform a
significant level of procedures in order to reduce detection risk.
Audit committee
The audit committee is an important aspect of the control environment of a company.
Audit committee: A subcommittee of the board of directors which has a particular

interest in the finance and accounting activities of the company. It reviews the
effectiveness of the board's risk management procedures.

The audit committee comprises non-executive directors. Under the rules of the UK
Corporate Governance Code it is a requirement for UK listed companies to form an audit
committee. The key issue for the audit committee is the financial statements, so the
audit committee itself can be seen as a control in relation to the information system
and the way in which the company produces its financial statements. Note that the
committee also has responsibilities with regard to supervising the identification of
risks and monitoring controls (these are all discussed later in this topic).
Key responsibilities of the audit committee
To monitor To review internal

financial controls and risk
statements management systems
To monitor and
review
To implement policy effectiveness of
on supply of non- internal audit
audit services by department
external auditor
Audit Where there is no

To review and Committee internal audit
monitor function, to
independence and consider annually
objectivity of whether there is
external auditor need for one
To monitor
To approve arrangements
remuneration and safeguarding the
engagement terms privacy of whistle
of external auditor blowers
To recommend
appointment,
reappointment and
removal of external
auditor

Risk
Business risk
Internal controls are implemented to minimise business risk. If the risk assessment
process is weak, then the resulting internal controls may not be effective.
Business risk: A risk resulting from significant conditions, events, circumstances,

actions or inactions that could adversely affect an entity's ability to achieve its
objectives and execute its strategies, or from the setting of inappropriate objectives and
strategies.
The management of an organisation will need to ensure that they have considered the
elements of business risk using a risk assessment. This is the process of control that is
the entity's process for identifying business risks. In particular, they will focus on those
risks relevant to financial reporting objectives and deciding on the controls to reduce any
issues.
The risk assessment process will involve the following elements:
Identify relevant Estimate the significance Assess the likelihood

business risks of the risks of occurrence
Decide upon actions (internal controls, insurances, changes in operations) to manage them
Impact on the audit

 If the risk assessment carried out by the company is weak it is likely that the
company will not have an effective internal controls system.
 Business risk may be linked to inherent risk, giving rise to errors in the financial
statements.
 Auditors often produce management reports for smaller entities, who do not have
an internal audit function, outlining any system or control weaknesses that they
believe management should be made aware of.
Control activities
Control activities: The policies and procedures that help ensure that management
directives are carried out.
The auditor will be concerned with understanding whether a control prevents an error
occurring or detects that an error has happened and corrects it. Control activities may
just be manual; however, where processes are computerised, there may also be specific
IT control activities in place.

TYPES OF CONTROL
In the table below, suggest examples of internal controls, including segregation of duties,
physical controls and controls relating to information processing, review of performance
and authorisation.
Type of control activity Examples

(SPIRA)
Segregation of duties
Physical controls
Information processing
Review of performance
Authorisation

CONTROL ACTIVITIES
The following are examples of internal controls which operate at Searson Ltd, a medium
sized retail business.
Requirement
For each example, select the type of control activity which it illustrates.
Segregation Performance Information Physical

of duties review processing
The sales ledger clerk
checks the manually
calculated batch total for a
batch of sales invoices
entered to the sales day
book to the computer-
generated batch total.
The sales director compares
monthly budgeted sales
figures to actual.
The purchase ledger clerk is
unable to make changes to
the standing data for
supplier bank details. Only
the financial controller is
able to do this.
Access to the accounting
package is restricted by a
password.
Information processing controls
Information systems
Information systems consist of infrastructure (physical and hardware components),
software, people, procedures and data. It may be a simple, manual system such as
using a spreadsheet or a fully integrated, and more automated, information system (such
as Sage, Oracle or Netsuite).
Information system relevant to financial reporting objectives: A component of

internal control that includes the financial reporting system, and consists of the
procedures and records established to initiate, record, process and report entity
transactions (as well as events and conditions) and to maintain accountability for the
related assets, liabilities and equity.

Impact on the audit
Auditors will be interested in:

 Recording and reporting procedures
 Records and supporting documents
 The process of financial statement preparation
 Capturing significant events
There are both manual and programmed procedures within a computerised environment.
These represent two types of controls, general controls and application controls. General
controls are there to ensure that the application controls can operate correctly.
General controls
General controls: Policies and procedures that relate to many applications and support
the effective functioning of application controls by helping to ensure the continued
proper operation of information systems.
Examples of general controls include:

 Development of computer applications – user approval, training of staff,
segregation of duties
 Prevention or detection of unauthorised changes to programs – computer changes
log, password protection, restricted access to standing data
 Testing and documentation of program changes – training of staff, training
manual, documentation and control flow diagrams, approval of computer or access
changes
 Controls to prevent wrong programs or files being used – operation and access
controls, job scheduling
 Controls to restrict access/prevent unauthorised access – passwords, user access
restrictions built into the system
 Controls to ensure the continuity of operations – back up procedures, disaster
recovery plans, maintenance agreements, insurance against fire or theft
Application controls
Application controls: Manual or automated procedures that typically operate at a

business process level. Application controls can be preventative or detective in nature
and are designed to ensure the integrity of the accounting records.
These are more specific in nature, but using the general controls as a basis. An example
would be taking the general control of the prevention of unauthorised access, and
creating the application control in sales where a credit note can only be raised by a
supervisor or a person not responsible for raising invoices (segregation of duties).

APPLICATION CONTROLS
Using the information already covered in this topic, give potential examples of application
control which may be found in the earlier example of Searson Ltd.
Requirement
For each example, select the type of control activity which it illustrates.
Types of application controls Example found within Searson Ltd
Controls over input: completeness
Controls over input: accuracy
Controls over input: authorisation
Controls over processing
Controls over master files and standing

data
Cyber security
The security of data and information held on computers and databases ('cyber security')
has become more important in recent years. Organisations may face many forms of
cyber risks including:
 Human threats – hacking of information, theft of information (from both internal
and external sources); in particular, political terrorism is a major risk
 Fraud – the theft of funds and information by dishonest use of the computer system
 Deliberate sabotage
 Viruses and other forms of malware – worms, trojan horses, spyware
 Denial of service (DoS) attacks – thus preventing the legitimate users of a service
from being able to use that service
The ICAEW published an updated Audit Insights: Cyber Security (2018) which made
recommendations to businesses, including:
 Communication – between businesses, using networks to share understanding and
ideas
 Organisational structures – entities need to allocate responsibility and
accountability for cyber security
 Accountability – ensure that the Board takes cyber risks seriously and are
committed to maintaining and improving security across the business
 Continuous improvement – cyber security is an ongoing process, therefore,
organisations need to ensure continuous development within the business and
across the industry

Management overview of controls
Management must assess whether the controls system in place is 'fit for purpose' and
suitable for the size of organisation by continually reviewing and monitoring the controls.
Preventative controls will be in place to prevent issues, such as passwords and access
limitations. Detective controls will ensure that these controls are not breached, such as
access log reports.
COMPUTER SYSTEM CONTROLS

In the table below are examples of controls which can be found in a control environment.
Requirement
Consider, in each case, whether the control is preventative or detective in nature.
Preventative Detective
Each member of the finance team has
their own logon details and password.
The financial controller reviews the
bank reconciliation on a monthly basis.
Only the HR Director can change
payroll base figures for each staff
member.
The purchasing team has read only
access to the sales data.

TYPES OF IT CONTROL
For each of the following controls, state whether they are general or application controls:
Examples of computer controls
One to one checking General Application
Segregation of duties General Application
Backup copies General Application
Passwords General Application
Training General Application
Hash totals General Application
Controls over account deletions General Application
Backup power source General Application
Controls over input, processing, data files and output may be carried out by IT
personnel, users of the system or a separate control group and may be programmed into
application software. The auditors may wish to test the following application controls.
Examples of application controls

Manual controls exercised by the user
If manual controls exercised by the user of the application system are capable of
providing reasonable assurance that the system's output is complete, accurate and
authorised, the auditors may decide to limit tests of control to these manual controls.
Controls over system output
If, in addition to manual controls exercised by the user, the controls to be tested use
information produced by the computer or are contained within computer programs, such
controls may be tested by examining the system's output using either manual procedures
or computer assisted audit techniques (CAATs).
Such output may be in the form of magnetic media, microfilm or printouts.
Alternatively, the auditor may test the control by performing it using CAATs.
Programmed control procedures
In the case of certain computer systems, the auditor may find that it is not possible or, in
some cases, not practical to test controls by examining only user controls or the system's
output. The auditor may consider performing tests of control by using CAATs, such as
test data, reprocessing transaction data or, in unusual situations, examining the coding
of the application program.

Monitoring of controls
Regular monitoring of the controls should be undertaken in a timely and systematic
manner.
MONITORING OF CONTROLS
Requirement
a) Consider who in an organisation would be required to monitor controls to ensure a
strong control environment.
b) Explain why such monitoring is useful in an organisation.
SOLUTION
INFORMATION ABOUT CONTROLS
Information about internal controls

The auditor will need to be able to understand and document an entity's internal
controls. This will be a requirement as part of the assurance process and can be
completed in a number of ways:
Enquiry of:
 Directors, financial staff, staff operating the systems.
 Internal control questionnaires (ICQs) may be used and provide simple, easy to
follow questions.
Inspection of:
 Board minutes, procedure manuals, previous year's audit files, narrative notes
taken following discussion with key members of the client staff.
Observation of:
 Staff carrying out controls, performing 'walk through' tests of processes.

Information Control Questionnaires (ICQ)
Although there are many different forms of ICQ, they all conform to the following basic
principles:
 They comprise a list of questions designed to determine whether desirable controls
are present.
 They are formulated so that there is one set of questions to cover each of the
major transaction cycles.
Since it is the primary purpose of an ICQ to evaluate the system rather than describe it,
one of the most effective ways of designing the questionnaire is to phrase the questions
so that all the answers can be given as 'yes' or 'no' and a 'no' answer indicates a
deficiency in the system. An example would be:
Are purchase invoices checked to goods received notes before being passed for
payment?
Yes/No/Comments
A 'No' answer to that question clearly indicates a deficiency in the company's payment
procedures.
An example of the sales (revenue) cycle may include:
Internal control evaluation questionnaire: control questions
The sales (revenue) cycle
Is there reasonable assurance that:
a) All sales properly authorised?
b) All credit sales are made to reliable payers?
c) All goods despatched are invoiced?
d) All invoices are properly prepared?
e) All invoices are recorded in the accounting records?

Recording of internal controls
RECORDING CONTROLS
Auditors will record the internal controls that they see.
Requirement
Consider the different methods that auditors can use to record the systems in place, and
note any advantages or disadvantages to their use.
Advantages Disadvantages
Narrative notes
Internal Control
Questionnaires (ICQs)
and checklists
Diagrams/flow charts
DOCUMENTING CONTROLS
Speedy Bikes has a simple accounting system with few controls that are not changed
regularly.
Requirement
What would be the best way of recording the controls in this system?
A Narrative notes
B Flow chart
C Questionnaire
D Decision tree

SUMMARY
Process and components

of internal control
Components of Information about

What is internal control
internal control controls
Processes designed, Control environment Understand the entity's

implemented and maintained to controls:
ensure a company achieves its The entity's risk assessment Enquiry
objectives process Inspection
Observation
Limitations of internal control The information system
relevant to financial reporting Record the controls:
objectives Narrative notes
Questionnaires/checklists
Control activities (SPIRA) Diagrams/flow charts
including computer controls
(general and application)
Monitoring of controls

INTERNAL AUDIT
WHAT IS INTERNAL AUDIT?
Internal audit: An appraisal activity established or provided as a service to the entity.

Its functions include, among other things, examining, evaluating and monitoring the
adequacy and effectiveness of internal control.
DISTINCTION BETWEEN INTERNAL AND EXTERNAL AUDIT

What are the key differences between internal and external audit?
Internal audit External audit
Purpose
Reports to
Scope
Status
Qualifications
WHAT DOES THE INTERNAL AUDIT FUNCTION DO?
Typical internal audit activities

Monitoring internal controls
 Designing and operating internal control systems are a key part of a company's risk
management.
 The design of control systems will be done by employees in various departments.
 Internal audit is unlikely to assist in the development of systems because its key
role will be in monitoring the overall process and in providing assurance that the
systems which the departments have designed meet objectives and operate
effectively.

 The work that internal auditors carry out on controls can be termed operational
audits.
Examining financial and operating information
 Reviewing the accounting system and carrying out tests of detail on transactions
and balances in the same way the external auditor does.
Value for money reviews
 Reviewing the economy, efficiency and effectiveness of operations, including
looking at the non-financial controls of the company.
Compliance reviews
 Review of compliance with laws, regulations and other external requirements.
Special investigations
 For instance, investigations into suspected fraud.
OBJECTIVE INTERNAL AUDIT

GP Racers plc is looking to invest heavily in Speedy Bikes Ltd. GP Racers is a large
company which has its own internal audit department that carries out audits and
investigations on the individual subsidiaries in the group.
Requirement
Which two of the following could the internal audit function carry out and still operate
effectively?
A Secondment to Speedy Bikes for three months to help develop and improve the
existing accounting software
B Tests of the controls at Speedy Bikes as part of a routine internal audit cycle
C Investigation into expenditure made by one of the directors where it is felt that the
large expenditure paid as sponsorship is really just to fund the director's son's
racing hobby
D Identifying the risks involved in a new venture to import cheap motorcycles from
China

SUMMARY
Internal audit
What does the internal

What is internal audit
audit function do
Appraisal activity – examines, Monitoring internal controls

evaluates and monitors the
adequacy and effectiveness of Examining financial and
internal control operating information
Internal vs external audit Value for money reviews
Compliance reviews
Special investigations

ACTIVITY ANSWERS
LIMITATIONS OF INTERNAL CONTROL
Limitation Examples
Expense of the control Cost may outweigh the benefit, eg physical security, extra
staff.
Human element Controls are often operated by people; people make

mistakes due to:
 Carelessness
 Inexperience or lack of technical knowledge
 Time pressure.
Collusion Staff may get together to override the controls in place.
Unusual transactions Unusual transactions may not pass through the normal
systems and therefore may bypass the internal controls as
well.
TYPES OF CONTROL
Type of control activity Examples

(SPIRA)
Segregation of duties Carrying out transactions and review of transactions
Ordering and authorising goods
Ordering and safe custody of assets
Physical controls Petty cash count
Employment of security staff
Swipe cards for door access
Information processing Recalculation of discounts
Receivables ledger reconciliation
Review of performance Comparison of actual against budget
Comparison of internal data against external data
Authorisation Authorisation of overtime
Authorisation of non-current asset purchases

CONTROL ACTIVITIES
Segregation Performance Information Physical

of duties review processing
The sales ledger clerk
checks the manually

calculated batch total for a
batch of sales invoices
entered to the sales day
book to the computer-
generated batch total.
The sales director compares
monthly budgeted sales

figures to actual.
The purchase ledger clerk is
unable to make changes to

the standing data for
supplier bank details. Only
the financial controller is
able to do this.
Access to the accounting
package is restricted by a

password.
APPLICATION CONTROLS
Types of application Examples found within Searson Ltd

controls
Controls over input: Document counts
completeness Control totals (batch totals, see below)
Monitoring reports of rejected data and reviewing their
resubmission
Controls over input: Batch checks (totalling the invoices value, then agreeing the
accuracy amount entered on the system agrees to the manually totalled
amount)
Range limits, so invoices can only be raised (or approved) to a
set limit for that staff member (up to £10,000 then afterwards
requiring supervisory approval)
Digit verification, so ensuring the right format of invoice is
entered (AB1234 for example).
Reasonableness checks (checking the calculation of VAT)

Types of application Examples found within Searson Ltd
controls
Controls over input: Manual signature before entry
authorisation Password access to areas of system
Authorisation levels based on values or types of change to be
made
Controls over processing Batch reconciliation
Screen warning if exiting while process incomplete or unsaved
data
Controls over master files One to one check
and standing data Exception reports
Authorisation limits and access restrictions in place
COMPUTER SYSTEM CONTROLS

Preventative Detective
Each member of the finance team has 
their own logon details and password.
The financial controller reviews the 
bank reconciliation on a monthly basis.
Only the HR Director can change 
payroll base figures for each staff
member.
The purchasing team has read-only 
access to the sales data.
TYPES OF IT CONTROL
Examples of computer controls
One to one checking General  Application

Segregation of duties
 General Application
Backup copies
Passwords
Training
Hash totals General  Application
Controls over account deletions General  Application
Backup power source

MONITORING OF CONTROLS
Who?
 Internal audit department (for larger organisations)
 Directors and/or senior management of the company
 Auditors (especially where it is a smaller organisation and the audit team have
been specifically tasked to review the controls in place)
Why?
 To ensure the controls are sufficient to enable the organisation to meet the
objectives of the business (profits, quality of product/service provided)
 To ensure the controls are being implemented effectively and systematically across
the organisation
 To review any exceptions or problems
 To identify weaknesses or amend controls where regulation or legal requirements
require changes to be made
RECORDING CONTROLS
Advantages Disadvantages
Narrative notes Easy to understand Not clear for more complex

Simple to prepare systems
Internal Control Easy to complete Can lead to overstatement

Questionnaires (ICQs) Guides and aids memory of controls
and checklists Not flexible for non-
standard systems
Can stop the preparer
thinking (prescriptive
questions)
Diagrams/flow charts Comprehensive record of Difficult to prepare
full system Time consuming
DOCUMENTING CONTROLS
A Narrative notes

DISTINCTION BETWEEN INTERNAL AND EXTERNAL AUDIT
Internal audit External audit
Purpose Acts as an aid to To give an opinion on

management to help whether the financial
improve the operations of statements show a true and
the business fair view
Reports to Directors Shareholders
Scope As defined by the directors Governed by the

(various) Companies Act and Auditing
standards
Status Voluntary Legal requirement

(but required by UK
Corporate Governance
Code)
Qualifications None Member of a Recognised
Supervisory Body (RSB)
Qualified under a
Recognised Qualifying Body
(RQB)
OBJECTIVE INTERNAL AUDIT

B Tests of the controls at Speedy Bikes as part of a routine internal audit cycle
C Investigation into expenditure made by one of the directors where it is felt that the
large expenditure paid as sponsorship is really just to fund the director's son's
racing hobby
The internal audit department should not be involved in the day to day running of the
business. Helping improve the accounting system and the identification of risks are
operational roles.

4
INTERNAL CONTROL
SYSTEMS
Learning outcomes
Students will be able to explain the nature of internal controls and why they are
important, document an organisation's internal controls and identify weaknesses in
internal control systems.
• In the assessment, students may be required to:
• Identify internal controls for an organisation in a given scenario;
• Identify internal control deficiencies in a given scenario’
• Show how specified internal controls mitigate risk, including cyber risks, and state
their limitations
• Define and classify different types of internal control, with particular emphasis
upon those which impact upon the quality of financial information
• Identify, for a specified organisation, the sources of information which will enable a
sufficient record to be made of accounting or other systems and internal controls
Gathering evidence on an assurance engagement
Students will be able to select sufficient and appropriate methods of obtaining assurance
evidence and recognise when conclusions can be drawn from evidence obtained or
where issues need to be referred to a senior colleague.
In this assessment, students may be required to:
• Identify the different methods of obtaining evidence from the use of tests of
control, substantive procedures, including analytical and data analytics
• select appropriate methods of obtaining evidence from tests of control and from
substantive procedures for a given business scenario
TOPIC OVERVIEW
Internal control systems
Revenue system Purchase system Payroll system
Calculating wages
Ordering, risks and Ordering, risks and
and salaries, risks
controls controls
and controls
Despatch and invoicing, Goods received and Recording of wages and

risks and controls invoiced, risks and salaries and deductions,
controls risks and controls
Recording and cash Payment of wages and

Payment, risks and
collection, risks and salaries, risks and
controls
controls controls
82 Topic 4: Internal control systems

REVENUE SYSTEM
Overview
Take
orders
Receive
payment
Document
order
Chase
payment
Send Send
invoice statement
Make
order
Account
for invoice Raise
invoice
Despatch
order
Raise
despatch note
ORDERING
It is vital that all customer orders are accurately recorded and in sufficient detail to
provide users with the information required to process valid transactions.
Risks and controls
Risk Control Test of control
Goods sold to customers Credit checks (from credit Review credit checks
with poor credit agency) for new customers performed for new
ratings/customers don't pay customers
Check customers' credit Review of customer
limit before accepting new balances compared to their
orders credit limits
Changes to customers' Review changes to
credit limits must be customer credit limits to
authorised by appropriate ensure supported by
management authorisation form/email
Regular review of from management
customers' credit limits by
senior staff
Topic 4: Internal control systems 83

Orders mis-recorded Preprinted, standard order Inspect preprinted order

forms forms
Confirm order with
customers
Orders go unfulfilled Match customers' orders to Review file of orders for

goods despatched notes unmatched order forms;
(GDNs); investigate investigate unmatched
unmatched orders orders over a certain age
Customers' order forms
preprinted, sequentially
numbered and periodically
reviewed for completeness
Customer queries
investigated promptly by
designated individual
Orders accepted at wrong Standard price list Review standard price list
price Discounts must be For customers receiving a
authorised by appropriate discount, trace back to
level of management email/form authorising the
(ie sales manager, financial discount
controller)
CONTROLS OVER THE ORDERING PROCESS

Which two of the following are examples of controls procedures which would be
implemented to ensure that the sales ordering system operates effectively?
The sales clerk can easily offer discounts on customer orders
The sales clerk runs a credit check on new customers
The sales clerk uses a software system which produces sales orders in sequential order
The sales clerk can amend credit limits on long standing customers

IRRECOVERABLE DEBTS
MC plc is a company that has had a number of enquiries from potential new customers in
recent months. The sales director is excited at this potential sales growth, but the
financial controller is concerned that the company could be exposed to the risk of
increased bad/irrecoverable debts.
Requirement
Which two of the following internal controls will mitigate the risk of irrecoverable debts
arising from new customers?
Obtaining a credit reference for new customers

Matching of customer orders with despatch notes
Quoting the correct prices to customers making orders
Authorisation of new customers by a senior staff member
Authorisation for changes in customer data
DESPATCH AND INVOICING

Invoices must be raised for all goods despatched. Invoices must be complete and
accurate (ie consistent with the items the customer has ordered). Not only can errors
lead to financial losses for the company, but it can also affect customer goodwill and
potentially affect the long term trade.
Risks and controls
Goods despatched but not Supervision of warehouse Observation

recorded All goods out inspected to
ensure GDN accompanies
them Review records of inventory
Regular inventory counts to counts, investigate
identify goods missing discrepancies between
Inventory records updated expected and actual
from GDNs quantities
Goods despatched but not GDNs preprinted,
invoiced sequentially numbered Review GDNs for
GDNs reviewed for completeness
completeness Check GDNs to invoices
GDNs matched to invoices
Periodic review for
unmatched GDNs

Wrong goods despatched Agree goods and GDN to Review of customer

customer order form correspondence
Goods inspected for Review GDNs for evidence
condition before despatched of checking back to sales
Customer signs GDN on orders
delivery (eg initials)
Goods invoiced with Changes to customers Check changes back to

incorrect prices/details standing data (ie address) supporting documentation
must be authorised
Change of address
supported in writing (ie by
letterhead)
Recalculate invoices (eg for
Invoice agreed back to GDN VAT charged) and agree
and price lists back to price list
Invoice prepared from
standard price list
Invoices raised for Invoices only raised after Observation and enquiry of
goods/services not supplied GDN raised staff
Review of customer
correspondence
Credit notes wrongly issued All credit notes issued by Agree credit notes to
to customers appropriate management supporting documentation
Sequence checks of
sequentially numbered,
preprinted credit notes
Goods returned not Standard goods returned Review records of inventory
recorded notes counts; investigate
Good inspected for discrepancies between
condition before being expected and actual
returned to stock quantities
COMPLETE INVOICING
Which three of the following controls will help to mitigate the risk of goods being
despatched but not invoiced?
Pre-numbering of GDNs and regular checks on sequence

Pre-numbering of invoices and regular checks on sequence
Matching of GDNs with orders and invoices
Regular review of GDNs not matched with invoices

RECORDING
Accuracy and completeness in the recording of transactions is important in ensuring that
the financial records reflect the financial activities of the business. One of the key
methods of ensuring accuracy is to reconcile different sets of records to ensure they
agree, for example, reconciling the sales ledger balances (detailing transactions with
individual credit customers and the amount owed at the period end) against the sales
ledger control account. It is vital that any differences are investigated and rectified.
Risks and controls

Invoice sent out but not Reconciliation of the sales Review of reconciliations
recorded ledger control account to Segregation of duties
sales ledger balances (recall between raising GDNs and
from Accounting paper) raising invoices
Sequence checks of invoices
posted to day books to
ensure no omissions
Wrong customer's Prepare and send out Review a sample of customer
account updated for sale customer statements statements
or cash received Retain customer remittance Trace a sample of
advices sales/receipts from the
invoice/remittance advice to
the day book and then on to
the individual customer
account
Sales recorded in wrong Review GDNs of sales around Reperform the client's review
period ('Cut-off') year end (for date) to ensure (as described left)
sales recorded in correct
period
Potential irrecoverable Review of ageing of Analytical review of ageing of

debts not identified (ie receivables; investigate receivables balances
no allowance recorded) reasons for old debts
Analytical review of
receivables days
Debts wrongly written All write-offs must be Review debts written off in
off authorised (by appropriate year to ensure supported by
management/financial authorising email/form
controller)
Totals from day books Review postings to the Review for day's missing
not posted to general general ledger to ensure one postings
ledger for each business day (if that Cast day books
is how often postings are
made)

RECEIPT RECORDING
The auditor at Icy Ltd, a wholesaler of frozen goods, has discovered that the receivables
ledger clerk has not matched receipts with invoices when processing receipts into the
ledger.
Requirement
Which two of the following are potential risks arising from this failure?
The clerk could be siphoning off individual receipts and defrauding the company
Old outstanding invoices could be left unpaid
Sales might be recorded in the wrong supplier's accounts
Sales may not be recorded properly in the sales account
CASH COLLECTION
Risks and controls
The risks relating to cash and the controls that have been implemented to mitigate these
risks must be tested as part of the audit. Most businesses will settle amounts owed to
suppliers by bank transfer or BACS payments. Retail organisations and small businesses
may still have significant amounts of cash on site.
Cash received not Responsible person has Enquiry/observation

recorded responsibility over receipt of
mail Check arithmetic accuracy of
Cash recorded on 'receipt' receipt forms
forms Trace from remittance advices
to receipt forms and then on
to bank statements
Two people open mail Observation of mail opening
together procedures
Cash received not banked Daily banking Review of paying-in slips for
(ie misappropriated) Compare paying-in slips to dates
daily records of cash Review sample
received
Bank reconciliations Review bank reconciliations
performed weekly/monthly for evidence of review by
appropriate management
Review the reconciliations
Surprise cash counts Review outcome (ie memos)

Cash stored in safe of counts
Mail stamped with date Observation
received (will help identify Review of mail
delays in banking)

SEGREGATION OF DUTY
An effective system of internal control requires segregation of basic functions.
Requirement
Which three of the following functions should ideally be segregated?
Authorisation of orders
Invoicing
Recording cash receipts on receivables ledger
Reconciliation of receivables ledger with receivables ledger control account
Credit control
DEFICIENCIES
The following describes the sales system in operation at Jinbob Co.
Requirement
For each process indicate whether it is a strength or a deficiency in the system.
Strength Deficiency
Written orders are received in the sales office.

Orders are processed into the sales system
with no further action being taken.
The order generates a production note which

is forwarded to the production department,
on the basis of which they fulfil the order.
Completed goods are despatched with a
delivery note, a copy of which is matched
with the production note and sent to the
invoicing department.
Unfulfilled production notes are placed in a
pending file, which is reviewed weekly and
completed as soon as possible.

SUMMARY
Revenue system
Despatch and invoicing, Recording and cash

Ordering, risks and controls risks and controls collection, risks and controls
Risk Risk Risk
Internal control Internal control Internal control
Test of control Test of control Test of control

PURCHASE SYSTEM
Overview
Raise
requisition
Supplier will Purchasing

extend credit in department
the future raise order
Send payment
Receive goods
Carry on
production
Raise goods
Record and received note (GRN)
account for invoice
Receive invoice
Accounts
department match
GRN to invoice
ORDERING
Organisations must monitor purchases carefully in order to maintain the required amount
of inventory for the business needs (manufacture, retail, wholesale etc) but equally, it
needs to ensure that the best price is achieved. Often buying items in bulk can result in
higher discounts than when a lower quantity is ordered, however, this may have an
adverse effect on the cash flow. There is also the risk that a member of staff purchases
items for their own private use using business funds.

Risks and controls
Unauthorised purchases Authorisation limits for Check a sample of

may be made for personal purchases purchases to
use Pre-numbered purchase forms authorisation limits
Authorisation of order forms Check a sample of order
Review of outstanding orders forms are supported by
requisitions
Order forms only prepared when
pre-numbered requisitions have Ensure order form
been received number sequence is
complete
Safeguarding of blank order
forms Check that blank order
forms are stored securely
Goods and services might Approved supplier list Review list of suppliers
not be obtained on the Monitoring of supplier terms and check a sample to
most advantageous terms orders made
PURCHASE FRAUD
The directors of Lyton Ltd have just uncovered a fraud being perpetrated by the store's
manager. He was in charge of ordering, had raised a number of false orders to non-
existent suppliers, raised GRNs in respect of non-existent deliveries and forwarded an
invoice to the accounts department, which was then paid.
Requirement
Which two of the following controls could have prevented this fraud?
Approved list of suppliers
Check of goods inward by person other than the person placing the order
Pre-numbered order forms
Blank order forms locked in a safe
GOODS RECEIVED AND INVOICED

Businesses must monitor the goods that are received and check that they are what has
been ordered by the organisation. All incoming orders must be checked and verified for
quantity, quality and that it agrees to the original order placed. In order to prevent
delays to the manufacturing process or in despatching goods on to customers, any open
purchase orders should be reviewed.

Risks and controls
Goods are misappropriated Recording arrival and Check outstanding POs are
for private use acceptance of goods being reviewed
Review outstanding Agree a sample of invoices
purchase orders (POs) to POs and GRNs
Goods accepted may not Comparison of GRN to POs Check a sample of GRNs to
have been ordered their matched POs
Goods accepted may be Examination of goods Observe process carried out

damaged or incorrect inwards for quantity and when goods are delivered
condition
Invoices may not be Match invoices to GRNs; Obtain explanations for any
recorded, resulting in non- review unmatched GRNs old items, ie unmatched
payment Prompt recording of POs, unmatched GRNs,
purchases and purchase unrecorded invoices
returns Check a sample of entries
Sequential numbering of back to supporting
purchase invoices recorded documentation
into purchase day book
The company may not take Monitoring of supplier Review list of suppliers and
advantage of the full period terms check a sample to orders
of credit extended made
The company may not Regular maintenance of the Check the completion of
record credit notes, payables ledger supplier statement
resulting in paying invoices Supplier statement reconciliations
not due reconciliations Confirm control account
Reconciliation of payables reconciliations have been
ledger to payables control carried out regularly
account Examine control account for
unusual entries

GOODS RECEIVED
Weezy plc is a company that has a large number of deliveries daily.
Requirement
Which of the following internal controls is most likely to prevent Weezy plc paying for
goods that have not been received?
Locked stores
Matching of purchase invoices with GRNs
Authorisation of invoice payment
Safeguarding of blank order documents
RECORDING INVOICES
Rhonda posts the invoices to the payables ledger.
Requirement
Which two of the following functions should Rhonda therefore not be involved with?
Posting invoices to the receivables ledger

Reconciliation of the payables ledger to the control account
Authorisation of payments
Bank reconciliations
PAYMENT
All payments need to be verified for accuracy, and to confirm that the business is paying
valid purchase invoices. Invoices should be checked back to the original orders (to verify
order prices and confirm that the payment relates to a genuine business order) and to
the goods received by the entity. Any shortfalls in items received must be reflected in the
invoice.

Risks and controls
False invoices are paid in Supporting documentation Check supporting

error required for all invoices documentation to verify
prior to payment that the documents have
been reviewed and passed
Approval limits for for payment
payments Compare paid cheques with
Cheque signing/BACS suppliers records
payment run limits Check that a sample of
No signing of blank cheques cheques are signed within
authorised limits
Password system for BACS
payment systems Check that BACS payments
are processed by approved
individuals
Confirm that no one, other
than authorised individuals,
Restrictions on cash can make BACS payments
advances Ensure that cash advances
are authorised by the
appropriate individual
Invoices are paid too late Prompt payment of invoices Check a sample of
System controls to remind payments back to invoices
of payment dates to confirm payment terms
Payment is not correctly Bank reconciliations For bank reconciliations,

recorded Payables control account control account
reconciliation reconciliations and supplier
Supplier statement statement reconciliations
reconciliations
Credits are not correctly Bank reconciliations Reperform reconciliation
recorded Payables control account
reconciliation
Supplier statement
reconciliations
Payments are not recorded Bank reconciliations Check that reconciliations
in the correct period Payables control account have been carried out at
reconciliation regular intervals in the year
Supplier statement
reconciliations
Payments are not recorded Payables ledger and control Review the reconciliation for
at all account reconciliation unusual entries
Supplier statement
reconciliations

PAYMENTS
Which two of the following control activities are most likely to reduce the risk of
payments being made twice for the same liability?
Stamping PAID on invoices that have been paid
Prompt despatch of cheques
Checking supplier statements before payments made
INVOICE PAYMENT
The auditor of Sunny plc has identified that there is no procedure to track purchase
invoice due dates.
Requirement
Which of the following is the most likely consequence which might arise as a result of
that weakness?
Prompt payment discounts may not be obtained
Goods not actually received may be paid for
Inferior goods may be purchased
Payments may be made to fictitious suppliers

SUMMARY
Purchase system
Goods received and

Ordering, risks and controls invoiced, risks and controls Payment, risks and controls
Risk Risk Risk

PAYROLL SYSTEM
Overview
(1) Work Timesheets

recorded
(2) Recognition Payroll records

of payroll liability
(3) Payment Payslips

made
CALCULATING WAGES AND SALARIES

Only valid employees should be paid for the work that they have performed. Directors
are responsible for ensuring that salaries are calculated accurately (including the
deductions that are made for payroll taxes). Not only can staff morale be affected by late
or inaccurate pay, but the business may be subject to penalties if tax deducted at source
(PAYE) is inaccurate.
Risks and controls

Employees paid for work Leavers notified to payroll Check that leavers form exists
they haven't done by supervisor via standard and was submitted in a timely
form fashion for leavers
Hours worked reviewed by Review evidence (ie
management signature) of review by
appropriate management
Timesheets or clocking Review/observation of
in/out used to record hours timesheets or clocking in/out
worked Review timesheets for
Timesheets signed by supervisor signature
supervisors

Gross pay incorrectly Changes to payroll standing Reperform sample of

calculated data (ie hourly rates) calculations
authorised
Regular checks of payroll to Check sample of wage
standing data (ie salary) calculations back to standing
data
Wages and salary summary Review evidence (ie

approved before payment signature) of authorisation by
Review of gross wages appropriate management
against budget
Net pay (ie deductions) Non-statutory deductions Review evidence (ie
wrongly calculated (ie pensions) authorised by signature) of authorisation by
employee and management appropriate management
Review evidence of
authorisation from employee
Changes to standing data Changes must be Review forms for evidence of
(joiners, leavers, pay authorised by appropriate authorisation by management
rates) inappropriately management via standard
made or not made forms
TIMESHEETS
The following system of time records exists at Shepherd Ltd. Staff members are required
to fill in a manual timesheet as they arrive, stating the time of arrival, and as they leave,
stating the time of departure. Staff members are then paid an hourly rate on the basis of
this record.
Requirement
Which two of the following outcomes could arise from this system?
Employees may be paid at an inappropriate rate
Employees may be paid for work they have not done
Employees are paid for the hours they have worked
Employee deductions may be inappropriate

RECORDING OF WAGES AND SALARIES AND DEDUCTIONS
Risks and controls
Gross and net pay are not Reconciliations between pay Review reconciliation for
accurately recorded on and deductions from one evidence of review by
payroll period to the next management
(differences caused by Trace a sample of months'
leavers, joiners, overtime) payroll to journal entries
Controls over calculations
as above
Wages paid are not Bank reconciliations Review bank reconciliations
correctly recorded in bank performed and reconciling for evidence of review by
and cash records items investigated management
Trace a sample of months'
payroll to journal entries
Wages and salaries not Reconciliation performed Check this reconciliation has
recorded accurately on the between nominal ledger been done, reviewed by
nominal ledger codes and payroll appropriate management
and any discrepancies
investigated
CONTROL OVER WAGES

Personnel and wages records at Simonston Brothers Ltd are maintained by Sam, the
wages clerk, on a personal computer. Sam calculates the hours worked by each
employee on a weekly basis, based on that employee's clock cards, and enters them on
the computer. The payroll program, using data from personnel records in respect of
wage rates and deductions, produces the weekly payroll and a payslip for each
employee.
Sam prepares a cheque requisition for the total net pay for the week, which is sent to the
company accountant together with a copy of the payroll. The accountant draws up the
cheque, made payable to cash, and has it countersigned by a director. The wages clerk
takes the cheque to the bank and uses the cash to prepare the wage packets.
Requirement
Which two of the following are weaknesses which exist in the wages system at
Simonston Brothers Ltd?
Sam records the salaries and organises the pay packets

There is no authorisation of the payroll
The wages cheque is countersigned by a director
The payroll and the time recording system are separate

PAYMENT OF WAGES AND SALARIES, RISKS AND CONTROLS
Risks and controls

Wrong amounts are paid to Agree gross earnings and Agree sample from tax
HM Revenue and Customs tax deducted to tax returns returns to bank statement
(HMRC) showing payment
People who are not Cash (rare) Observation of payment
employees are paid Segregate duties between process
those preparing pay packets Review records of
and distributing them employees signing for
Cash stored in safe wages
Employees must show ID to Review reasons for wages
claim pay packet being unclaimed and what
Employees must sign to was done next
confirm they have received
wages
Bank transfer
Bank transfer lists agreed to Agree a sample of bank
payroll (previously transfers to payroll records
authorised) Review for signatures to
Cheques and bank transfer show authorisation
lists authorised Review control account
Wages and salary control entries
accounts used – reviewed
each month to ensure
cleared (would highlight
where employee bank
details wrong and bank
returns payment)
LEAVERS
Which two of the following control activities will reduce the risk of employees who have
left being made up a pay packet which is collected by the leaver or an accomplice?
Check that each employee only collects one pay packet

Supervision of payout by member of staff who knows all the employees personally
Authorisation of payroll by someone outside of payroll with knowledge of leavers
Comparison of payroll with wage packets to ensure that they match

STRENGTHS AND DEFICIENCIES
Beside each example below, select which of the following are a strength or a deficiency
in the control system.
Strength Deficiency
Employees each have an electronic card to

swipe in order to enter and leave the
factory premises. This 'swipe' system
automatically updates time records in the
payroll system.
There is no personnel department.
Employees are engaged by department
heads with the verbal consent of a
director.
On leaving, employees are required to
return their swipe cards.
The payroll has a variance function which
reports items within the payroll falling
outside the expected conventions. This
must be resolved by an authorised
member of staff before the payroll can be
finalised. The ability to resolve this report
is controlled by a secret password.

SUMMARY
Payroll system
Recording of wages and

Calculating wages and Payment of wages and
salaries and deductions,
salaries, risks and controls salaries, risks and controls
risks and controls
Risk Risk Risk

ACTIVITY ANSWERS
CONTROLS
The sales clerk can easily offer discounts on customer orders

 The sales clerk runs a credit check on new customers
 The sales clerk uses a software system which produces sales orders in sequential order
The sales clerk can amend credit limits on long standing customers
Any adjustments to credit limits and discounts must be authorised by a senior member of
staff (such as a manager). The fact that the sales clerk can perform this task is not an
example of a control, but rather demonstrating that there is a weakness in the system of
internal controls. The software should be set up to prevent such actions and ensure that
management must authorise such changes to the price prior to fulfillment.
Software listing sales orders in sequential order will assist in ensuring that all sales orders
are dealt with and are fulfilled. The sales clerk can run a credit check as a control to
establish whether or not the customer is likely to be able to pay for items purchased on
credit. Also, the supervisor should review the contents of the report (or the system
'scores' the customer based on the credit report) to enable credit to be granted where
appropriate.
IRRECOVERABLE DEBTS
Obtaining a credit reference for new customers
Authorisation of new customers by a senior staff member
COMPLETE INVOICING
Pre-numbering of invoices helps to ensure that invoices raised are sent out and recorded,
but does not necessarily ensure that all goods despatched are invoiced.
The other controls all contribute to ensuring that all despatched goods are invoiced.
RECEIPT RECORDING
The clerk could be siphoning off individual receipts and defrauding the company. (This is
a fraud called 'teeming and lading', which can be successful if the outstanding balance on
the account does not look unusual and the actions of the receivables ledger clerk are not
checked.)
Old outstanding invoices could be left unpaid. This is because if the invoices are not
matched, so that it is not clear which invoices are outstanding, and yet the overall
balance outstanding looks reasonable, older invoices, which should be being chased up
by the company, may not be paid and ultimately may be forgotten about.

SEGREGATION OF DUTY
Authorisation of orders, invoicing and recording of receipts.
If one person was in charge of all these functions, that person would have control over
the whole process of making an order and fulfilling it, so that it could make fictitious
orders and not invoice for them or invoice for goods but transfer other people's
payments to make it look as though the fictitious sale had been paid for.
DEFICIENCIES
Deficiency (because the customer's credit status is not checked before the order is
processed)
Strength (because the invoices are generated from goods despatched information)
Strength (because production is kept up to date by weekly review of outstanding orders)
PURCHASE FRAUD
Approved list of suppliers
Check of goods inward by person other than the person placing the order
Given that the store's manager is entitled to make orders, pre-numbered order forms and
safekeeping of order forms would have made no difference in this case.
GOODS RECEIVED
Matching of purchase invoices with GRNs
RECORDING INVOICES
Reconciliation of the payables ledger to the control account
PAYMENTS
Stamping PAID on invoices that have been paid
Although checking supplier statements will help, the timing differences between the
statement date and payments made may mean that this method is not foolproof.

INVOICE PAYMENT
Prompt payment discounts may not be obtained
TIMESHEETS
Shepherd Ltd has a simple control over how much work is being done by its employees.
Therefore, employees may be paid for the hours they have not worked.
However, it is a very simple control, which relies on the integrity of the employees in
recording the correct times they arrived and left the premises. There does not appear to
be a supervisory control ensuring that employees are writing the correct times. Nor is
there any provision for times when the employees are not working, for example, lunch
hour or slack periods. Therefore, it is possible that despite the presence of this control,
employees may be paid for work they have not done.
CONTROL OVER WAGES

Sam records the salaries and organises the pay packets.
There is no authorisation of the payroll.
LEAVERS
Check that each employee only collects one pay packet
Authorisation of payroll by someone outside of payroll with knowledge of leavers
Comparison of the payroll with the pay packets will only be effective if the payroll has
been properly updated for the leaver. Supervision by a member of staff who knows all
the staff will be necessary if the employees are not required to show identification to pick
up wages, but will not necessarily stop a leaver picking up a wage packet if the
supervisor does not know the staff member has left.

STRENGTHS AND DEFICIENCIES
Strength Deficiency
Employees each have an electronic card to 

swipe in order to enter and leave the
factory premises. This 'swipe' system
automatically updates time records in the
payroll system.
There is no personnel department. 
Employees are engaged by department
heads with the verbal consent of a
director.
On leaving, employees are required to 
return their swipe cards.
The payroll has a variance function which 

reports items within the payroll falling
outside the expected conventions. This
must be resolved by an authorised
member of staff before the payroll can be
finalised. The ability to resolve this report
is controlled by a secret password.
1 Strength. The fact that employees cannot access the factory to work without
updating the time records automatically is a strength in the system.
2 Deficiency. It appears that the recruitment process is casual and there is not
necessarily any written documentation resulting from the appointment of an
employee. This could lead to errors in pay rates and payroll production that could
be eliminated if written notice of an employee's start was given to the payroll
department.
3 Strength. The fact that employees are required to return their cards when they
leave means that they are effectively excluded from the time recording system and
in practice cannot continue to be paid after they have left.
4 Strength. The fact that the payroll has parameters beyond which it seeks
authorisation means that mistakes should be corrected before the payroll is
finalised. In addition, there are application controls over correction of the payroll,
strengthening this control.

5
THE PROCESS OF
GATHERING SUFFICIENT
APPROPRIATE EVIDENCE
Learning outcomes
professionals.
• Define the assurance process including
– keeping records of the work performed
– obtaining evidence
– evaluation of results of assurance work
• Recognise the characteristics of fraud and distinguish between fraud and error
• Recognise when the quantity (including factors affecting sample design) and
quality of evidence gathered is of a sufficient and appropriate level, after taking
account of sampling risk, to draw conclusions on which to base a report
• Recognise the strengths and weaknesses of the different methods of obtaining
evidence
• Compare the reliability of different types of assurance evidence
TOPIC OVERVIEW
The process of gathering

sufficient appropriate evidence
Sufficient appropriate Evidence collection

Documenting Concluding on evidence
evidence techniques
Purpose and form of Sufficient appropriate Procedures to obtain Analysis and evaluation
documentation audit evidence evidence of errors
Filing and retention Financial statement Evidence collection

Actions to take
of working papers assertions techniques
Tests of control, tests of

Sampling
detail
110 Topic 5: The process of gathering sufficient appropriate evidence

DOCUMENTING
PURPOSE AND FORM OF DOCUMENTATION
Purpose of documentation
Audit documentation (working papers) is the record of procedures performed,

relevant evidence obtained and conclusions reached.
It is imperative that assurance providers record their work in order to:

 Assist the audit team to plan and perform the audit
 Assist relevant members of the team to direct and supervise work
 Enable the audit team to be accountable for its work (and prove adherence to ISAs)
 Retain a record of matters of continuing significance to future audits
 Enable an experienced auditor to carry out quality control reviews
 Enable an experienced auditor to conduct external inspections in accordance with
applicable legal, regulatory or other requirements
Form and content of documentation

Each audit engagement is different, and there are many factors which impact the form
and content of working papers. These include:
 The size and complexity of the entity
 The nature of the audit procedures performed
 The identified risks of material misstatements
 The significance of audit evidence obtained
 The nature and extent of problems or exceptions identified
 The need to document a conclusion or the basis for a conclusion not readily
determinable from the documentation of the work performed or audit evidence
obtained
 The audit methodology and tools used
Topic 5: The process of gathering sufficient appropriate evidence 111

All working papers should contain the following key contents:
1 The name of the client 8 The date of the review
2 The year-end date 9 The objective of the work done
3 The file reference of the working 10 The sources of information
paper 11 The work done
4 The name of the person preparing 12 A key to any audit ticks or symbols
the working paper
13 The results obtained
5 The date the working paper was
14 Analysis of errors or other
prepared
significant observations
6 The subject of the working paper
15 The conclusions drawn
7 The name of the person
reviewing the working paper
Example Ltd 1
3
4 7 AD
6 E
Payables
8
5 3.3.X4
Date: 16.2.X4
31 December 20X3 2
9 Objective To ensure payables ledger balances fairly stated.
10
11 Work done
Selected a sample of trade payables as at 31 December and reconciled the supplier's statement
to the year end payables ledger balance. Vouched any reconciling items to source documentation
10
3
13 Results See E /2
One credit note, relating to Woodcutter Ltd, has not been accounted for.
An adjustment is required.
DEBIT Trade payables £4,975

CREDIT Purchases £4,975 H1/2
One other error was found, which was immaterial, and which was the fault of the supplier.
14
In view of the error found, however, we should recommend that the client management checks
supplier statement reconciliations at least on the larger accounts. Management letter point.
15 Conclusion
After making the adjustment noted above, payables ledger balances are fairly stated
as at 31 December 20X3.

Automated working papers
Nowadays many audit documents can be prepared, completed and stored electronically,
and those which are prepared by hand can also be scanned and stored electronically.
Automated working papers have the following advantages:
 Working papers are neater and easier to review.
 Substantial time saving as adjustments can easily be made to all working papers.
 Reduced risk of error.
 Standard forms are held on computer therefore reducing the need to carry paper
copies.
 Audit working papers can be emailed/faxed for review.

CONTENT OF WORKING PAPERS
Which two of the following would be included on a working paper?
A The name of the person who prepared the schedule
B The budgeted amount of time available to complete work on that area
C A signature evidencing review of the working paper
D The proportion of the audit fee relevant to that area
WHY PREPARE WORKING PAPERS

The auditor will prepare documentation in relation to the fieldwork carried out on an
assurance engagement.
Requirement
Indicate whether the following are, or are not, valid reasons for preparing such
documentation:
a) To comply with the law VALID NOT VALID
b) To provide a record of matters of VALID NOT VALID

continuing significance to future
audits
c) To facilitate review by senior staff VALID NOT VALID
d) To prove adherence to ISAs in a VALID NOT VALID

litigious situation
FILING AND RETENTION OF WORKING PAPERS
Filing of working papers

Auditors will maintain two types of audit files in relation to their client: permanent audit
files and current audit files. The different working papers prepared by the auditor are
likely to be split between the permanent and current audit files:
Permanent file  Engagement letters
(information of  New client questionnaire
continuing importance)  Memorandum and articles of association
 Legal documents such as prospectuses, leases, sales
agreements
 Details of the history of the client's business
 Board minutes of continuing relevance
 Previous years' signed accounts and management
letters
 Accounting systems notes, previous years' control
questionnaires

Current file  Financial statements
(information of relevance  Accounts checklists
to current year's audit)  Management accounts details
 Reconciliations of management accounts and
 A summary of unadjusted errors
 Report to partner including details of significant
events and errors
 Review notes
 Audit planning memorandum (with strategy)
 Time budgets and summaries
 Letters of written representation from management
 Management letter
 Notes of board minutes
 Communications with third parties (experts, other
auditors)
 Lead schedule including details of the figures to be
included in the accounts
 Problems encountered and conclusions drawn
 Audit programmes
 Risk assessments
 Sampling plans
 Details of substantive tests and tests of control
Retention of working papers

The ICAEW requires all firms to have a document retention policy and Registered
Auditors to keep all audit working papers required by auditing standards for at least six
years from the end of the accounting period to which they relate.
Working papers will remain the property of the auditor at all times.
WHERE ARE THE FOLLOWING DOCUMENTS FILED?

Review the description of the working papers below and indicate whether they would be
found in the permanent audit file or the current audit file:
a) Results of a direct confirmation of Permanent Current

receivables
b) Prior year signed financial statements Permanent Current
c) List of points to carry forward for next Permanent Current

year's audit
d) Engagement letter Permanent Current

SUMMARY
Documenting
Purpose and form of Filing and retention of

documentation working papers
Record of: Retain for at least six years

Procedures performed
Evidence obtained Working papers remain the
Conclusions reached property of the auditor
Key contents of working papers
Permanent audit file
Current audit file

SUFFICIENT APPROPRIATE EVIDENCE
INTRODUCTION
The ultimate aim of the audit is for the auditors to give an opinion as to whether or not
the financial statements have been properly prepared and present fairly the activities of
the business over a period of time.
In order to do this, they need to gather audit evidence.
Audit evidence: Information used by the auditor in arriving at the conclusions on which
the auditor's opinion is based.
Audit evidence is obtained using a variety of different audit procedures.
SUFFICIENT APPROPRIATE AUDIT EVIDENCE

ISA (UK) 500 Audit Evidence states that an auditor must gather sufficient appropriate
evidence to support their opinion.
ISA (UK) 500 Audit Evidence
Sufficient Appropriate
(Quality)
Quantity – Sufficient to support Relevant Reliable

the audit opinion
The evidence gathered must ● External better than internal
Factors to consider are: cover the financial statement
assertions ● Internal more reliable when
● Risk assessment control effective
● Nature of accounting and ● Auditor generated better
internal control systems than client generated
● Materiality of the item ● Documentary better than
oral
● Experience gained during
previous audits ● Original documents more
reliable than copies/faxes
● Results of audit procedures
● Source and reliability of Quality of evidence will also affect the Quantity of evidence
information available

RELIABILITY
Which two of the following statements in respect of audit evidence are false?
A Written forms of evidence are more reliable than oral evidence.
B A photocopy of a client's bank statement is more reliable than the original
document.
C The strength of a client's internal controls has no impact on the reliability of audit
evidence.
D Evidence generated by the audit team is more reliable than evidence from the
client.
FINANCIAL STATEMENT ASSERTIONS
Financial statement assertions: Assertions are the representations by management

which are embodied in the financial statements. As set out in ISA (UK) 315 Identifying
and Assessing the Risks of Material Misstatement though Understanding the Entity and
its Environment.
For example, when management include an item of property, plant and equipment in the
financial statements they assert that the item exists and they have the right to the
asset and that the balance is complete and appropriately valued.
The auditor's evidence must be relevant to the particular financial statement assertion
the auditor is trying to test.
There are three categories: assertions about classes of transactions, assertions about
account balances and assertions about presentation and disclosure.
Assertions used by the

auditor
Assertions about classes Occurrence: transactions and events that have been
of transactions and recorded have occurred and pertain to the entity.
events, and related Completeness: all transactions and events that should
disclosures, for the period have been recorded have been recorded.
under audit Accuracy: amounts and other data relating to recorded
transactions and events have been recorded appropriately
Cut-off: transactions and events have been recorded in
the correct accounting period.
Classification: transactions and events have been
recorded in the proper accounts.
Presentation: transactions and events are clearly
described and understandable in the financial reporting
framework.

Assertions used by the
auditor
Assertions about account Existence: assets, liabilities and equity interests exist.
balances, and related Rights and obligations: the entity holds or controls the
disclosures, at the period rights to assets, and liabilities are the obligations of the
end entity.
Completeness: all assets, liabilities and equity interests

that should have been recorded have been recorded.
Accuracy, valuation and allocation: assets, liabilities
and equity interests are included in the financial
statements at appropriate amounts and any resulting
valuation or allocation adjustments are appropriately
recorded, and related disclosures have been appropriately
measured and described.
Classification: assets, liabilities and equity interests have
been recorded in the proper accounts.
Presentation: assets, liabilities and equity interests are
appropriately aggregated or disaggregated and clearly
described, and related disclosures are relevant and
understandable in the context of the requirements of the
applicable financial reporting frameworks.
INVENTORY ASSERTIONS
Which one of the following assertions would the auditor be least concerned about in
relation to the audit of inventory?
A Completeness
B Allocation and valuation
C Rights and obligations
D Existence
HOW GOOD ARE THESE AUDIT PROCEDURES?

For each of the following assertions, discuss the relative merits of the different sources of
evidence suggested.
Assertion Evidence Discussion
a) Valuation of inventory  Year-end line by line

listing from client's
inventory system
 Agreeing a sample of
items to purchase invoices
 Tracing items to their post
year-end sales value

Assertion Evidence Discussion
b) Existence of inventory  Enquiry of client

management
 Observation of year-end
inventory count
c) Completeness of  Enquiry of client
recording of purchases management
 Reperformance of
sequence check of posting
of purchase invoices
TESTS OF CONTROL, TESTS OF DETAIL

In order to reach a position in which they can express a professional opinion, the
auditors need to gather evidence from various sources. There are potentially two types
of test which they will carry out: tests of controls and substantive procedures (including
tests of detail).
Tests of controls: Audit procedures designed to evaluate the operating effectiveness

of the entity's internal controls in preventing, or detecting and correcting,
material misstatements at the assertion level.
Substantive procedures: Audit procedures designed to detect material
misstatements at the assertion level. There are two types of substantive procedures:
 Tests of detail (of classes of transactions, account balances and disclosures, for
example vouching amounts back to invoices, physical inspection of assets)
 Substantive analytical procedures (for example variance analysis and ratio
analysis)
The auditor will decide whether they wish to gather evidence using tests of controls
and/or substantive procedures. However some substantive procedures must always be
conducted because of the inherent limitations in any internal control system.
Note that the auditor would only ever attempt to gather evidence using tests of controls
if they felt the entity's internal controls were strong.
TESTS OF CONTROLS VS TESTS OF DETAIL

State whether the following audit procedures would be a test of control, a test of detail
or neither:
Agree a sample of purchases to purchase invoices.
A Test of control
B Test of detail
C Neither
Vouch the value at which inventory was sold post year end to sales invoices.
A Test of control
B Test of detail
C Neither

Observation of year-end inventory count to ensure inventory count instructions are being
followed.
A Test of control
B Test of detail
C Neither
Reperformance of a bank reconciliation to ensure that it has been accurately completed.
A Test of control
B Test of detail
C Neither
Calculation of the gross profit percentage for the current year and compare to prior year.
A Test of control
B Test of detail
C Neither

SUMMARY
Sufficient appropriate evidence
Sufficient appropriate Financial statement Tests of control, tests of

audit evidence assertions detail
Sufficient: Classes of transactions Tests of controls:

quantity Evaluate the effectiveness of
Account balances the internal controls to
Appropriate: prevent/detect material
reliable Disclosures misstatement at the
relevant assertion level
Tests of detail:
Procedures to detect
material misstatement
(eg physical inspection of
assets)

EVIDENCE COLLECTION TECHNIQUES
PROCEDURES TO OBTAIN EVIDENCE – AEIOU
There are five main procedures which can be used to generate audit procedures. These
can be remembered using the mnemonic AEIOU:
 Analytical procedures
 Enquiry
 Inspection
 Observation
 RecalcUlation
USING 'AEIOU'
Using the mneumonic AEIOU, the table below has given some examples, as well as
strengths and weaknesses in the various audit procedures.
Requirement
Complete the information by filling in the missing gaps
Procedures Example Strengths and weaknesses
Analytical Evaluating and comparing Evidence here is limited by the

procedures financial and/or non-financial strength or weakness of the
data for plausible underlying ____________ system.
___________ and
investigating _____________
fluctuations.
Eg analytically review the
monthly sales to identify any
unusual fluctuations.
Enquiry This involves _________ The strength or weakness of this
______________ from client procedure will depend on of
management or staff or ______ the enquiry is being made
external sources and – a member of client staff could
evaluating responses. __________________ matters to
Eg enquire of management as the assurance provider if they
to the reasons for the increase misunderstand the nature of the
in marketing spend in the question, or they are seeking to
year, and obtain corroborating conceal a misstatement or fraud.
evidence.
Inspection Inspection of documents The strength of this procedure
involves examining depends on what is being
____________ or ___________ to give evidence. For
_____________ for written instance, inspection of a purchase
evidence, but may also include invoice gives better quality
inspection (physical evidence than inspection of a sales
examination) of tangible assets invoice, because a purchase invoice
that are recorded in the is created by a third party.
accounting records.
Eg inspect a loan agreement to
obtain evidence of the interest
rate applicable on the loan.

Observation This involves _____________ This procedure is relatively weak as

a procedure being performed. it only confirms that the procedure
Eg observe the process of is being ____________
opening post. _____________ when the
assurance provider is watching.
Recalculation Checking ______________ Recalculation is evidence created

accuracy of client's records. by the assurance provider so is
Eg recalculate the bad debt ________ evidence.
allowance.
Note. That analytical procedures are purely substantive procedures. Enquiry and
inspection can be used as either a test of control or a substantive procedure. Although
observation is closely linked at times to inspection, observation can be a substantive
procedure, for example when considering some inventory tests, such as observing the
inventory count completed by the client.
EVIDENCE COLLECTION TECHNIQUES

As well as using the mnemonic AEIOU to generate audit procedures, evidence can also
be gained using computer assisted audit techniques and directional testing.
Computer assisted audit techniques

Computer assisted audit techniques (CAATs) describe procedures where the auditor uses
computer software to assist them in their audit work. There are three main types of
CAATs:
 Test data (used to carry out tests of controls)
Test data techniques are used in conducting audit procedures by entering data (eg
a sample of transactions) into an entity's computer system and comparing the
results obtained with predetermined results.
 Audit software (used to carry out substantive procedures)
Audit software works on the basis of interrogating the client's system and
extracting and analysing information. It can therefore carry out a whole range of
substantive procedures, across all sorts of different data.
 Data analytics
Using data to observe trends, patterns and inconsistencies, through various data
modelling and analysis tools.

When appropriate Examples
Test data Tests of computer An invoice which does not cast

information system controls. should be rejected when entered
into the system.
An invoice with an invalid supplier
code should be rejected.
Dates outside the current year
should be rejected.
Valid data should be posted to the
correct account.
Audit software Tests of details of Extract a sample according to

transactions and balances. specified criteria:
 Random
 Over a certain amount
 Below a certain amount
 On certain dates
Check calculations and casts
performed by the system.
Calculate ratios and investigate
Analytical review procedures. those outside a set criteria (eg
more than 5% variation on the
prior year).
Data analytics No specific software is Analyse transactions in a

required as this technique population of data and investigate
can use existing information. anomalies.
Use of charts and visual aids
Manipulate data to assess the
to review trends and outliers
impact of different assumptions.
in data.
Assist in segregation of duties
testing.
Analysing revenue trends split by
product or region.

Directional testing
If a balance in the accounts is misstated there are two possibilities. It could be:
 Overstated, or
 Understated
COMPLETENESS (Understatement) EXISTENCE (Overstatement)
Source Source
Financial statements Financial statements
SAMPLING
The overall aim of the audit is for the auditor to give an opinion as to whether the
financial statements are free from material misstatement (presented fairly).
The auditor does not test everything and so they need to decide the extent of testing
they will perform.
Audit sampling involves the application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance of
selection in order to provide the auditor with a reasonable basis on which to draw
conclusions about the entire population.
Population is the entire set of data from which a sample is selected and about which
an auditor wishes to draw conclusions.
The auditor must always carry out substantive (detailed) tests on material items. These
include examining material journal entries to supporting evidence. Also by agreeing the
financial statements to the underlying books and accounting records.

WHY SAMPLE?
Consider some of the reasons as to why the auditor only tests a sample of items.
SOLUTION
Error is an unintentional misstatement in financial statements, including the omission

of an amount or a disclosure.
Sampling risk is the risk that the auditor's conclusion, based on a sample, may be
different from the conclusion that would be reached if the entire population were
subjected to the same audit procedure.
Tolerable misstatement is the maximum misstatement in the population that the
auditor would be willing to accept.
FACTORS AFFECTING SAMPLE SIZE

When determining a sample size for tests of detail there are a number of factors that an
auditor should take into account.
Requirement
For each of the following factors, select whether it would cause the sample size to
increase or decrease.
a) Decrease in the assessed level of tolerable misstatement
A Increase
B Decrease
b) Increase in the assessed risk level
A Increase
B Decrease
c) Discovery of a greater level of misstatements than were anticipated
during testing
A Increase
B Decrease

Types of sampling
There are two types of sampling: statistical sampling and non-statistical sampling.
Non-statistical sampling does not use any mathematical basis for selecting a sample.
An example of non-statistical sampling is haphazard selection. Here the auditor selects
items to be included in the sample without following a structured technique but avoiding
any conscious bias or predictability (for example the auditor should not exclude items
which are difficult to locate from the sample purely because of the inconvenience).
Statistical sampling uses:
 Mathematical number tables to choose a sample which is free from bias
 Probability theory to evaluate the results of the testing
Examples of statistical sampling methods include the following:
 Random selection – this process uses random number tables (or a computerised
random number generator) to select the items in the sample.
 Systematic selection – here the number of units in the population is divided by
the sample size to give a sampling interval. For example, if the auditor has a
population with 1,000 items and requires a sample containing 200 items then the
sampling interval is 5 (1,000 ÷ 200). A random starting point within the first 5 is
then determined (say 2) and the auditor will test every 5th item after item number
2 (ie 2 then 7 and so on).
 Monetary unit sampling – here the population is randomly ordered and items
are selected for sampling by weighting the items in proportion to their value.
MONETARY UNIT SAMPLING

You are in the process of auditing the trade receivables balance and are deciding which
individual balances to test.
The total trade receivables balance is £500,000 and materiality has been set at £50,000.
Requirement
Complete the table below to show which trade receivable balances will be tested using
monetary unit sampling.
Customer Balance Cumulative total Selected

Y/N
A 30,000 30,000
B 35,000 65,000
C 45,000 110,000
D 52,000 162,000
E 13,000 175,000
F 50,000 225,000
G 23,000 248,000
H 500 248,500
I 42,000 290,500
J 47,000 337,500

Y/N
K 54,000 391,500
L 17,000 408,500
M 80,000 488,500
N 11,500 500,000
500,000

SUMMARY
Evidence collection techniques
Procedures to obtain Evidence collection

Sampling
evidence techniques
Analytical procedures AEIOU Test less than 100% of the

population
Enquiry CAATs
Form an opinion on the
Inspection Directional testing population as a whole
Observation Statistical vs non-statistical

sampling
RecalcUlation
Extrapolate errors
Tolerable misstatement

CONCLUDING ON EVIDENCE
CONCLUDING ON EVIDENCE
Once the auditor has carried out the relevant audit procedures on each sample item,
they should evaluate the sample results to determine whether the preliminary
assessment is confirmed or needs to be revised.
ANALYSIS AND EVALUATION OF ERRORS
Analysis of the results

 What is the nature and cause of the misstatement?
 Is there a possible effect on other areas of the audit?
 Is it an anomaly?
Tests of detail
For tests of detail, the auditor should project the monetary misstatements found in the
sample to the population and compare this to the tolerable misstatement.
Where a misstatement has been established as an anomaly, it should be excluded when
projecting sample misstatements to the population (but still needs to be considered, in
addition to the projection of the non-anomalous misstatements, when assessing
misstatements against tolerable misstatement).
EXTRAPOLATING THE RESULTS OF TESTS OF DETAIL

You are auditing trade receivables and have obtained the following results based on your
sample:
 Total value of the population £1,000,000
 Sample value £200,000
 Misstatement in sample £9,000
Requirements
a) Assuming the misstatements are not anomalous ones, calculate the expected
misstatement in the population.
b) Assuming that tolerable misstatement was set at £40,000, explain what action
should be taken.
SOLUTION

Tests of controls
For tests of controls, no explicit projection of misstatements is necessary since the
sample misstatement rate is also the projected rate of misstatement for the population
as a whole.
For example, if the auditor has performed tests of controls on a sample of 20 items and
has found 2 deviations, this represents a misstatement rate of 10% (2/20  100). The
auditor must then decide if this misstatement rate is acceptable.
ANALYSING THE RESULTS OF TESTS OF CONTROLS

You are auditing the internal controls relating to the authorisation of adjustments made
to a client's inventory system, in order to determine the accuracy and validity of the
adjustments.
You have obtained the following results based on your sample:
 Total number of adjustments made to inventory records during the year 1,500
 Number of adjustments tested in the sample 225
 Number of occasions when adjustments tested were not authorised 18
Requirements
a) Assuming the errors are not anomalous ones, calculate the error rate in the
population.
b) Assuming that tolerable error/misstatement was set at an error rate of 13%,
explain what action should be taken.
SOLUTION

ACTIONS TO TAKE
If the evaluation of sample results indicates that the assessment of the relevant
characteristic needs to be revised, the auditor may:
 Request management to investigate identified misstatements and the potential for
further misstatements and make any necessary adjustments
 Modify the nature, timing and extent of further audit procedures
 Consider the effect on the auditor's report
AUDIT CONCLUSIONS
Danielle has carried out a receivables circularisation on Donothing plc.
Requirement
Identify whether the following conclusions drawn by her are correct or not.
Assertion Correct Incorrect
An amount disagreed by Lazy Ltd because an

invoice had been paid two days before the
year end and cleared shortly after the year
end, did not constitute a misstatement for the
purposes of drawing a conclusion for the
whole population.
An amount disagreed by Sloth Ltd because a
credit note had been issued by Donothing plc
a month before the year end did not
constitute a misstatement for the purposes of
drawing a conclusion for the whole
population.
An amount disagreed by Busy Ltd because
they had paid the balance some time earlier,
which further enquiry revealed had been
posted to a different customer account, did
constitute a misstatement for the purposes of
drawing a conclusion for the whole
population.

Evaluation of misstatements
According to ISA (UK) 450 Evaluation of Misstatements Identified during the Audit the
auditor must evaluate the effect of all corrected and uncorrected misstatements on the
financial statements.
The auditor must communicate all misstatements to management. If management refuse
to correct some or all of the misstatements the auditor shall:
 Understand the reasons for not making the corrections
 Determine whether the uncorrected misstatements are material (individually or
aggregate)
 Communicate these misstatements to the responsible bodies (Board of Directors,
Audit Committee)
 Request a written representation from management regarding the uncorrected
misstatement if required.
When determining if uncorrected misstatements are material, the auditor must consider
the size and nature of the misstatements along with particular circumstances of their
occurrence. In certain circumstances the auditor may evaluate the misstatements as
material even if they are lower than materiality for the financial statements as a whole.
Such circumstances include:
 Compliance with regulations
 Compliance with debt covenants or similar funding arrangements
 Alters or changes the public perception of the true earnings of a company or
financial position
 Benefits the management in some way, such as an increase in year-end bonus
CONSIDERATION OF MATERIALITY
Which two of the following should be determined as material uncorrected
misstatements?
A An isolated misposting between two supplier accounts which is below materiality
B A misstatement which is below materiality and results in director's bonus targets
being met
C An immaterial misstatement of assets which results in a debt covenant being
breached
D The monthly bank reconciliation was not prepared in August as the cashier was on
holiday

SUMMARY
Concluding on evidence
Analysis and evaluation

Actions to take
of errors
Nature/cause of error Record all errors and

communicate to management
Tests of detail – project
monetary error and compare to Consider materiality of
tolerable misstatement immaterial misstatements
when taken in aggregate
Tests of control – calculate the
missatement rate and decide Consider impact on audit
whether acceptable opinion where material
misstatements remain
uncorrected

ACTIVITY ANSWERS
CONTENT OF WORKING PAPERS

A The name of the person who prepared the schedule
C A signature evidencing review of the working paper
WHY PREPARE WORKING PAPERS

a) Not valid. It is not a legal requirement to prepare working papers.
b) Valid
c) Valid
d) Valid
WHERE ARE THE FOLLOWING DOCUMENTS FILED?

a) Current
b) Permanent
c) Current
d) Permanent
RELIABILITY
B A photocopy of a client's bank statement is more reliable than the original
document.
C The strength of a client's internal controls has no impact on the reliability of audit
evidence.
INVENTORY ASSERTIONS
A Completeness

HOW GOOD ARE THESE AUDIT PROCEDURES?
a) Valuation of inventory:
The listing taken from the client's system is the least reliable of the three pieces of
evidence. It is documentary but is taken from within the client's records. On an
area where the accounting requirements allow for an element of judgement (ie the
basic rule that inventory should be valued at the lower of cost and net realisable
value), this evidence is unlikely to be sufficient on its own.
Agreeing a sample of items to purchase invoices would be more reliable evidence
of the cost of the items of inventory, as it uses documentary evidence from a third
party source. This would still not be sufficient on its own because it ignores any
consideration of net realisable value.
In order to conclude on this assertion it would be essential for the auditor to trace
items through to their sales values after the year end in order to check whether
any had to be sold for less than cost, which would indicate that an allowance
would be required to write down the inventory value.
b) Existence of inventory:
The suggested enquiry of management would be the least reliable evidence here,
as it is oral evidence from sources within the client.
At the year-end inventory count the auditor can see the inventory and this is
conclusive, auditor-generated evidence that it exists!
c) Completeness of recording of purchases:
Again, the suggested enquiry of management would be the least reliable evidence
here, as it is oral evidence from sources within the client.
Reperforming the sequence checking (which, depending on the nature of the
client's procedures might involve a manual check of invoices, or a computer-based
test of a sequence check performed by the client's computerised system) is
another example of auditor-generated evidence, which would be considered very
reliable. Unlike the other procedures discussed in this example, it is a test of the
controls within the client's system but still relevant to this assertion.
TESTS OF CONTROLS VS TESTS OF DETAIL

B Test of detail
B Test of detail
A Test of control
A Test of control
C Neither

USING 'AEIOU'
Analytical Evaluating and comparing Evidence here is limited by the

procedures financial and/or non-financial strength or weakness of the
data for plausible relationships underlying accounting system.
and investigating unexpected
fluctuations.
Eg analytically review the
monthly sales to identify any
unusual fluctuations.
Enquiry This involves seeking The strength or weakness of this
information from client procedure will depend on of
management or staff or external whom the enquiry is being
sources and evaluating made – a member of client staff
responses. could misrepresent matters to
Eg enquire of management as to the assurance provider if they
the reasons for the increase in misunderstand the nature of the
marketing spend in the year, question, or they are seeking to
and obtain corroborating conceal a misstatement or
evidence. fraud.
Inspection Inspection of documents The strength of this procedure
involves examining records or depends on what is being
documents for written inspected to give evidence. For
evidence, but may also include instance, inspection of a
inspection (physical purchase invoice gives better
examination) of tangible assets quality evidence than inspection
that are recorded in the of a sales invoice, because a
accounting records. purchase invoice is created by a
Eg inspect a loan agreement to third party.
obtain evidence of the interest
rate applicable on the loan.
Observation This involves watching a This procedure is relatively weak
procedure being performed. as it only confirms that the
Eg observe the process of procedure is being performed
opening post. correctly when the assurance
provider is watching.
Recalculation Checking arithmetical Recalculation is evidence
accuracy of client's records. created by the assurance
Eg recalculate the bad debt provider so is strong evidence.
allowance.

WHY SAMPLE?
 The auditor gives an opinion on the financial statements rather than a certificate of
accuracy and so does not need to test every item.
 To test everything would mean that the audit process would be very expensive and
this cost may well then outweigh the benefit of the audit.
FACTORS AFFECTING SAMPLE SIZE

a) Decrease in the assessed level of tolerable misstatement
A Increase
b) Increase in the assessed risk level
A Increase
c) Discovery of a greater level of misstatements than were anticipated during testing
A Increase
MONETARY UNIT SAMPLING

Y/N
A 30,000 30,000 N
B 35,000 65,000 Y
C 45,000 110,000 Y
D 52,000 162,000 Y
E 13,000 175,000 N
F 50,000 225,000 Y
G 23,000 248,000 N
H 500 248,500 N
I 42,000 290,500 Y
J 47,000 337,500 Y
K 54,000 391,500 Y
L 17,000 408,500 Y
M 80,000 488,500 Y
N 11,500 500,000 Y
500,000

EXTRAPOLATING THE RESULTS OF TESTS OF DETAIL
a) Error rate in sample × total value in population
£9,000
× £1,000,000 = £45,000
£200,000
b) The projected error is above the tolerable misstatement limit. This means that
further evidence is needed.
This could be done by:
 Extending the sample tested in the procedure and then reperforming the
extrapolation, or
 Designing and performing additional substantive procedures.
If the further evidence allows the auditor to conclude that the actual misstatement
in the population does not exceed tolerable misstatement, then the auditor will
conclude that no adjustment is necessary, although the misstatement of £9,000
will be noted on a schedule of unadjusted misstatements. If the further evidence
indicates that there is a misstatement that exceeds tolerable misstatement then
the auditor will ask the client to make an adjustment to the financial statements.
ANALYSING THE RESULTS OF TESTS OF CONTROLS

a) Error rate in sample:
18/225 = 8%
b) The projected error rate is below the tolerable error/misstatement limit of 13%.
This means that the internal control is believed to have operated effectively
throughout the period and the auditor can rely on it when assessing the accuracy
and validity of adjustments made to the inventory system.
No further testing is required; however, any monetary errors resulting from the 18
failures of the internal control should be noted on the schedule of uncorrected
misstatements.

AUDIT CONCLUSIONS
Assertion Correct Incorrect
An amount disagreed by Lazy Ltd 

because an invoice had been paid two this is just a timing
days before the year end and cleared difference
shortly after the year end, did not
constitute a misstatement for the
purposes of drawing a conclusion for
the whole population.
An amount disagreed by Sloth Ltd 
because a credit note had been issued this indicates that the
by Donothing plc a month before the credit note has not been
year end did not constitute a processed to the sales
misstatement for the purposes of ledger, which is an error
drawing a conclusion for the whole that could also be true of
population. other potential credits
due on the ledger.
An amount disagreed by Busy Ltd 
because they had paid the balance this error does not affect
some time earlier, which further the overall balance on
enquiry revealed had been posted to the ledger.
a different customer account, did
constitute a misstatement for the
purposes of drawing a conclusion for
the whole population.
CONSIDERATION OF MATERIALITY
B, C Although these two items are below the monetary amount set as materiality, the
particular circumstances surrounding their occurrence (ie their nature) make them
material misstatements. D relates to a test of controls.

6
SUBSTANTIVE
TESTING
Learning outcomes
• Identify the different methods of obtaining evidence from the use of tests of
control, substantive procedures, including analytical procedures and data analytics
• Identify the situations within which the different methods of obtaining evidence
should and should not be used
• Select appropriate methods of obtaining evidence from tests of control and from
substantive procedures for a given business scenario
• Recognise issues arising while gathering assurance evidence that should be
referred to a senior colleague
Topic 6: Substantive testing 143

TOPIC OVERVIEW
Substantive testing
Assets Liabilities Statement of profit or loss
Statement of profit or
Non-current assets Payables
loss
Current assets −
Non-current liabilities
inventory
Current assets − other

assets
144 Topic 6: Substantive testing

THE AUDIT OVERVIEW
Plan the audit
Understand the entity (including documenting and confirming

the accounting systems and internal control)
Assess risk of material misstatement
Select audit procedures to respond to risk of material misstatement
Risk assessment Risk assessment does

includes expectation not include expectation
that controls operate that controls operate
effectively effectively
Tests of controls (to confirm expectation)
Unsatisfactory Report
to management
Satisfactory
Restricted Full
substantive tests substantive tests
Overall review of
Report to
management
Auditor's
report

The concept of obtaining audit evidence through tests of controls and substantive tests
was introduced in Topic 5. In this topic the substantive tests performed on the main
items in the financial statements (statement of financial position and statement of profit
or loss) are identified and explained in more detail.
ASSETS
NON-CURRENT ASSETS
Non-current assets are among the material items on the statement of financial position.
There will be a number of key assertions:
 Ownership (rights and obligations)
 Existence
 Valuation (including original cost, replacement or revalued amount, depreciation)
 Completeness (omissions of non-current assets)
 Classification (correctly presented in the financial statements, eg checking that
items included in non-current assets should not be included in the statement of
profit or loss instead, such as repairs and maintenance)
 Presentation and disclosure
AUDITING TANGIBLE NON-CURRENT ASSETS

Land & Furniture Total
buildings & fixtures
Carrying amount
Carrying amount at 1/1/20X8 1,600,000 420,000 2,020,000
Additions 400,000 – 400,000
Revaluation surplus 1,000,000 – 1,000,000
Charge for year (60,000) (60,000) (120,000)
Disposals (400,000) – (400,000)
Carrying amount at 31/12/20X8 2,540,000 360,000 2,900,000
At 31 December 20X8
Cost or valuation 2,900,000 600,000 3,500,000
Accumulated depreciation (360,000) (240,000) (600,000)
Carrying amount 2,540,000 360,000 2,900,000
At 31 December 20X7
Cost or valuation 2,000,000 600,000 2,600,000
Accumulated depreciation (400,000) (180,000) (580,000)
Carrying amount 1,600,000 420,000 2,020,000

Unless otherwise specified, describe two audit procedures that could be used to gather
audit evidence on each of the following areas?
 Opening balances (one procedure only)
 Additions
 Depreciation
 Disposals

As evidenced by the activity above there are many sources of information which can
provide evidence on non-current assets. These include:
 Non-current asset register
 Purchase invoices
 Sales invoices
 Registration documents or other documents of title, ie property deeds
 Valuations carried out by employees or third party valuers
 Leases or hire purchase documentation in respect of assets
 Physical inspection of assets by the auditor
 Depreciation records or calculations
Intangible non-current assets

Examples of intangible assets include licences, development costs and purchased brands.
The major risks of misstatement of the intangible non-current asset balances in the
financial statements are due to:
 Expenses being capitalised as non-current assets inappropriately (existence)
 Assets carried at the wrong cost or valuation due to inflating the cost or valuation
(valuation)
 Assets carried at the wrong cost or valuation due to charging inappropriate
amortisation, wrongly amortising or not amortising (valuation)
 Assets carried at the wrong cost or valuation due to impairment reviews not being
carried out appropriately (valuation)
The following information is available to use when testing intangible assets:
 Accounting standards – what constitutes an intangible asset
 Purchase invoices
 Client calculations and schedules
 Specialist valuations
AUDITING INTANGIBLE NON-CURRENT ASSETS

An auditor has conducted the following audit procedures in order to gather audit
evidence on the valuation of development costs:
1 Vouching a sample of costs capitalised to purchase invoices
2 Enquiring from management as to whether the expected sales revenue from the
development will exceed the levels of costs incurred
3 Reviewing the results of market research in order to determine whether there will
be a market for the new developed product
4 Physical inspection of the laboratory where the development work is being carried
out

Requirement
Which of the following audit procedures were suitable procedures?
A Procedures 1 and 4 only
B Procedures 1, 2 and 3 only
C Procedures 1, 2 and 4
D All of the procedures
CURRENT ASSETS – INVENTORY

Inventory is usually a material balance in the financial statements and so it is important
that the auditor gathers sufficient appropriate evidence in respect of it.
The balance in the financial statements is calculated as 'Quantity  Valuation' and so
audit procedures must cover both aspects.
Inventory must also be properly disclosed in the financial statements.
Inventory count
Before
 Planning
– Review working papers for the previous year to identify risks and familiarise
yourself with the inventories
– Determine arrangements with management in advance
– Establish what arrangements have been made for inventories held by or for
third parties
– Review client's inventory count instructions
– Consider the need for an expert
 Determine procedures to cover a representative selection of inventories
During
 Ensure staff are following the inventory counting instructions

 Test counts from the inventories to the inventory sheets and from the inventory
sheets to the inventories
 Note damaged, old or obsolete inventories
 Review work in progress (WIP) for stage of completion
 Ensure inventories held by the client for third parties are excluded from count
 Record the number of the last goods received note (GRN) and the last goods
despatched note (GDN)
 Form an overall impression of inventory levels
 Photocopy inventory sheets
 Check sequence of inventory sheets
 Investigation of differences

After
 Check client's computation of the final inventory figure

 Trace own test count items through to final inventory sheets
 Check replies from third parties
 Inform management of any problems
 Follow up cut-off details
 Ensure necessary adjustments to book inventories have been made (where records
are maintained) and that inventory is valued in line with IAS 2 Inventories in the
financial statements.
INVENTORY COUNTING PROCEDURES

You have been provided with the following inventory count instructions by your client.
Requirement
Identify five matters that you believe will require action by management if the inventory
count is to be effective and explain how the matters could be rectified.
a) Mrs Ishbel Curbar, assistant chief accountant, has overall responsibility for the
inventory count but is to be assisted by Mr Jack Farditch, the warehouse manager,
to whom the inventory counting teams are to report, and who will be responsible
for the detailed organisation of the count.
b) Five inventory count teams are to carry out the actual count, each team to be
responsible for a predetermined section of the warehouse. Each team comprises two
persons, one from the accounting department and the other from the warehouse.
c) Each inventory count team is to meet Mr Farditch at 7:30am on 29 March 20X1
and will be provided with pre-numbered and preprinted inventory sheets for the
section of the warehouse for which they are responsible. These inventory sheets
have been prepared by the inventory control department and show the balance of
each inventory item on hand as shown on the inventory records held
independently of the warehouse.
d) During the count both members of the inventory count team are to count the
inventories independently of each other. In the event of differences arising
between inventories counted and the quantity shown on the inventory sheets, the
quantity counted is to be entered alongside the original quantity and must be
initialled by the senior member of the count team.
e) Each inventory count sheet is to be signed by the senior member of the count
team and the bin or rack cards held in the warehouse are to be adjusted, if
necessary, to actual quantities counted. All cards are to be initialled to show that
the count has been made.
f) Any goods that appear to be in poor condition are to be deducted from the
quantity appearing on the inventory sheets, such action again to be supported by
the initials of the senior member of the count team.
g) Any queries during the count are to be referred to Mr Farditch, to whom inventory
sheets are to be returned at the conclusion of the count. Mr Farditch is responsible
for ensuring that all inventory count sheets have been returned and for forwarding
them to Mrs Curbar for valuation.

Some businesses keep inventory records and if these are reliable a year-end count may
not be required. To determine the reliability of the records, it is necessary for the
business to count inventories on a regular basis. This is called continuous inventory
counting or perpetual inventory.
If perpetual inventory is used, assurance providers will verify that management:
a) Ensures that all inventory lines are counted at least once a year
b) Maintains adequate inventory records
c) Has satisfactory procedures for inventory counts and test counting
d) Investigates and corrects all material differences
Auditors should:
a) Review company's procedures
 Verify the independence of counters

 Investigate the frequency of counts
 Verify that all lines are counted at least once per year
 Investigate discrepancies and how they are resolved by staff and
management
 Enquire as to how management and staff update records and procedures
b) Attend at least one of the company's counts (to observe)
c) Review whole year's results
 Review the extent of inventory counting throughout the year

 Test the accuracy of records by sampling material or unusual items
 Obtain reasons for discrepancies
 Performance of test counts at the year end
Inventory valuation
Inventory must be valued at the lower of cost and net realisable value (NRV) in
accordance with IAS 2 Inventories.
Cost
The cost of an item of inventory is the cost to acquire or produce the item including all
directly attributable costs.
The auditor should:
a) Record the basis of valuation used
b) Test material costs
 Agree to supplier invoices
 Ensure first in, first out (FIFO) or appropriate basis is being used
 Verify/recalculate quantities used in WIP/finished goods

c) Test labour costs
 Vouch calculations to supporting documentation
 Review costing against actual labour and production
d) Test the application of overheads
 Ensure only production overheads are included
 Ensure overheads are based on normal levels of activity
Net realisable value (NRV)

As well as ensuring that the cost of inventory is fairly stated, the auditor should
determine whether there are any concerns that the NRV of inventory might be lower
than cost.
WHERE NET REALISABLE VALUE IS LOWER THAN COST

Describe some of the situations where the NRV of inventory is likely to be lower than
cost

Where this is an audit risk, the auditor should perform audit procedures to determine
whether the NRV is lower than cost.
Such tests include the following:
a) Compare the selling prices of goods sold after the year end per the sales invoices
against their purchase invoices.
b) Review order book for evidence of goods being sold post year end and to
determine the sales price achieved post year end.
c) Discuss any inventory lines which suffered write downs last year to determine
whether they are still held at the year end.
d) Calculate the gross profit margin at which goods are sold post year end and
analytically review this compared to the gross profit margin for the current year.
Consider whether a fall in margin may indicate that some inventory is being sold
for less than cost.

INVENTORY – TRUE OR FALSE
Consider each of the following statements and decide whether they are true or false:
a) Examining the prices at which inventory was sold post year end will provide audit
evidence on the completeness of inventory.
A True
B False
b) It is the auditor's responsibility to ensure the inventory count is conducted in
accordance with the inventory count instructions.
A True
B False
c) Inventory which is identified as damaged during the inventory count should be
included in the overall quantity on the inventory sheets.
A True
B False
CURRENT ASSETS – OTHER ASSETS
Receivables
The major risks of misstatement of the receivables balance in the financial statements
are due to:
 Irrecoverable debts
 Disputes with customers (leading to slow payment or non-payment)
The following sources of information can be used:
 Receivables ledger information
 Confirmations from customers
 Cash payments received after the year end
Confirmations from customers

A specific technique used to test for the existence and obligation/rights of receivables is a
direct confirmation (alternatively called 'circularisation'). This is conducted as follows:
a) Obtain a listing of trade receivables as at the confirmation date.
b) Agree the total to the nominal ledger.
c) Review for any obvious omissions/misstatements by comparing this year's list with
last year's.
d) Select accounts for confirmation, in particular paying attention to the following
types of balances:
 Old, unpaid amounts
 Credit balances
 Nil balances
 Material balances

And then select a sample from the remaining accounts.
The letter should be on the client's paper, signed by the client. It should request
that the reply be sent direct to the auditor, and reply-paid envelopes should
be sent.
The requests may be in the positive or negative form:
Positive requests – ask the customer to reply whether they agree or disagree with
the balance provided, or ask the customer to state the balance owed by them.
Negative request – only ask the customer to reply if they disagree with the balance
provided.
e) After a reasonable period, send a 'follow-up' request.
f) Follow up by telephone or fax if there is no reply.
g) No reply:
 Confirmation of individual outstanding invoices.
 Carry out alternative audit procedures such as:
– Agreeing the opening balance on account with last year's closing
balance
– Testing casts by checking the arithmetic
– Verifying outstanding items to backup documentation
– Reviewing cash received after year end
– Discussing the recoverability of the balance with credit
control/management
Assurance providers will have to carry out further work in relation to those customers who:
 Disagree with the balance stated (positive and negative confirmation)
 Did not respond (positive confirmation only)
ANALYSING THE RESULTS OF A RECEIVABLES

CONFIRMATION
You have obtained the following results from the receivables balances circularised during
your audit.
Requirement
Detail the subsequent audit procedures you would perform on each of these balances.
Balance per
Balance per sales circularisation Reason for
ledger response difference
£ £
Jacob 25,000 20,000 Cash in transit
Laura 55,000 45,000 Goods not received

at year end
Tom 68,000 57,000 Disputed invoice

SOLUTION

Alternative procedures to verify existence/rights and obligations

If it proves impossible to get confirmations from individual customers, alternative
procedures include the following:
Alternative procedures
Vouch cash received from customers after the year end
Obtain an aged receivables report and discuss the recoverability of

old/overdue amounts with credit control/management
Calculate receivables days ratio and compare to prior year – investigate any
significant differences
Verify valid orders, although these will not necessarily have led to an invoice
Examine the account to see if the balance outstanding represents specific invoices and
confirm their validity to despatch notes
Obtain explanations for invoices remaining unpaid after subsequent ones have
been paid
Irrecoverable debts
Tests for irrecoverable and doubtful debts include:
 Understanding why the debt has an allowance against it
 Reviewing correspondence with the customer
 Reviewing cash received after date
 Recalculating any general allowances
 Investigating overdue debts without allowances
 Comparing the allowance in previous years to actual bad debts

TESTING RECEIVABLES
Which of the following audit procedures will provide the best evidence concerning the
valuation of receivables?
A Analytical review of the gross profit margin compared to prior year
B Obtaining an aged receivables report
C Vouching the balance owed at the year end to invoices
D Review of monies received from customers post year end
Bank
Key ways in which the bank and cash balance may be misstated include:
 Rights/obligations – not all the bank accounts or balances have been disclosed.
 Valuation – reconciliation errors or transposed figures from the bank statement,
which can over or understate the cash balance at year end.
 Completeness/existence – cash items not being included in the year end balance
(especially a risk with petty cash or cash in transit balances).
 Presentation – cash accounts may be netted off against each other, so instead of
showing a bank overdraft (for example in relation to the main current account) and
a positive bank balance (for example on the deposit account), these balances are
shown as a net balance on the face of the statement of financial position.
The following sources of information can be used to verify the amount of cash balances
held on hand and at bank at the year end:
 Cash book
 Confirmations from the bank (the bank confirmation letter(s) will list the bank
accounts held by the client, and also detail the balance of each account at the
financial year end)
 Bank statements
 Bank reconciliations carried out by the client
Direct confirmation with bank

 Explicit written authority from the client
 Assurance providers request
 At least two weeks in advance of the year end date
 Review by the assurance providers

AUDITING A BANK RECONCILIATION
An example of a bank reconciliation has been provided below.
Requirement
Outline the substantive audit procedures you would perform on this reconciliation.
£ £
Balance per bank statement 46,446
Add outstanding lodgements:

26.12.X9 23,114
27.12.X9 1,200
28.12.X9 7,360
Less unpresented cheques: 31,674
Cheque number
13539 (24,933)
13540 (4,388)
(29,321)
Balance per cash book 48,799
SOLUTION

SUMMARY
Assets
Non-current assets Current assets – Current assets –

inventory other assets
Key assertions: Key assertions: Key assertions:

Existence Existence Existence
Rights and obligations Rights and obligations Rights and obligations
Valuation Valuation Valuation
Classification Presentation Presentation
Presentation
Inventory count procedures Receivables:
Tangible: Direct confirmation
Non-current asset register Valuation at the lower cost Receipts post year end
and net realisable value
Intangible: Bank:
Capitalisation criteria Direct confirmation
Bank reconciliation
Petty cash:
Physical count

LIABILITIES
PAYABLES
The major risks of misstatements in the financial statements relating to payables are:
 Understating liabilities (ie completeness)
 Incorrect cut-off
There are several sources of information which can be used to gather audit evidence but
the key sources include:
 Payables ledger records and supplier statements
 Confirmations from suppliers
 Payments made post year end to suppliers
The most important test when considering trade payables is comparison of suppliers'
statements with payables ledger balances; however, additional tests will provide further
evidence:
Objective Example tests
a) Existence  Circularise/supplier statements

 Cut-off tests – purchases/credit
b) Rights and obligations  Circularise trade payables (the procedure is
similar to that used for trade receivables)
 Reconcile balance at year end to a
supplier's statement and verify reconciling
items
(Both these tests also provide evidence of
completeness and valuation)
c) Completeness  Review payables, analytically comparing it
to previous year end or budgets
 Review GRNs around the year end to
ensure purchases correctly treated
 Review unpaid invoice files for liabilities not
provided
 Review after date payments for liabilities
not recorded
 Check the supplier statement reconciliations
to ensure that all outstanding invoices are
accrued
d) Allocation and valuation  Check that closing accruals are calculated in
accordance with accounting policies and are
consistent
 Check any provisions have been recognised
in accordance with IAS 37 Provisions,
Contingent Liabilities and Contingent Assets

e) Presentation  Ensure that payables are presented

correctly in the financial statements and in
line with supporting documentation
Usually supplier statements are used rather than circularising suppliers; however, in
some circumstances confirmations may be deemed necessary.
Positive replies will be required where:
 Suppliers' statements are unavailable or incomplete
 There are weaknesses in internal controls surrounding payables
 Deliberate understatement is suspected
 There are unusual transactions
PAYABLES – ASSERTIONS
Which of the following assertions is the external auditor least concerned with when
testing the payables balance?
A Completeness
B Allocation and valuation
C Rights and obligations
D Existence
AUDIT PROCEDURES RELATING TO PAYABLES

State which assertion each of the following audit procedures provides evidence on:
1 Calculate the payables days ratio and compare to the prior year – investigate
A Completeness
B Valuation
2 Testing post year end goods received notes to ensure that the invoices relating to
the goods received notes have been correctly excluded from current year's balance
presented in the financial statements
A Completeness
B Existence
3 Review payments made to suppliers post year end and compare the level of
payments made to the balance outstanding at the year end
A Completeness
B Existence
4 For a sample of purchase ledger balances, vouch the balance to the original
purchase invoice
A Completeness
B Existence

NON-CURRENT LIABILITIES
The main risks relating to non-current liabilities include:
 Incomplete, incorrect or insufficient disclosure
 Incorrect calculations of interest payable
There are several sources of information which can be used to gather audit evidence, but
the key sources include:
 Schedule of loans (refer to the prior year audit file information to note any changes
from prior year, in addition to requesting the details from the client)
 Statutory books, such as register of debentures, articles of association
 Loan agreements
 Bank letter and direct confirmations from other lenders
 Cash book
 Board minutes
 Client schedules and calculations
 Accounting policies in the financial statements
Some examples of substantive tests are:
a) Existence  Obtain confirmation from banks and other

lenders
b) Rights and obligations  Review confirmation letters from lenders
c) Completeness  Obtain breakdown of liabilities, compare

to prior year audit working papers and for
any items no longer included agree to:
– Repayment amount in the cash book
– Inclusion as a current liability if
reclassified
 Review board minutes for evidence of any
new borrowings which might not be
recorded
d) Accuracy  Perform proof in total of finance charges
 Agree capital and interest amounts to
confirmation letters
 Recalculate finance charges, agreeing
interest rates to loan agreements
e) Presentation/Classification  Check that liabilities are correctly
classified as current/non-current by
reference to the repayment dates in the
loan agreements

AUDITING THE LOAN LIABILITY AT THE YEAR END
Which two of the following audit procedures would provide the best evidence regarding
the loan liability outstanding at the year end?
A The original loan agreement
B The bank statement
C A confirmation from the loan provider
D The nominal ledger
Audit of accounting estimates

There are many items in the financial statements which are based on estimates. These
include:
 Depreciation
 NRV of inventory
 Irrecoverable debts and allowances
It is the directors' responsibility to provide each estimate; however, the auditor is
required to consider the assumptions on which each estimate is based and decide
whether (in their opinion) they are reasonable.
The table details some factors the auditor should consider:
Method Considerations
Estimate made by management  Past experience – are they usually accurate?

 Present – is it possible to recalculate the
estimate?
 Future – will the estimate be confirmed by
events during the post year end period?
Estimate made by an independent  Verify the independence and competence of
third party the third party by checking that they are
suitably qualified?
Estimate confirmed by events after  Verify whether events after the reporting
the reporting period period confirm the estimate made at the year
end?

SUMMARY
Liabilities
Payables Non-current liabilities
Key assertions: Loan agreements

Completeness Confirmations
Cut-off
Disclosure
Supplier statement
reconciliations Finance (interest) charge
Confirmation with suppliers

STATEMENT OF PROFIT OR LOSS
STATEMENT OF PROFIT OR LOSS
Many audit firms focus their audit work on testing the key balances within the statement
of financial position. Several of these balances will often have an effect on the statement
of profit or loss and it is important that sufficient appropriate audit evidence is also
gathered in relation to the amounts there.
Audit routines used often include analytical procedures (variance analysis, ratio analysis
and proof in total calculations) as well as vouching to supporting documentation and
invoices.
Revenue
 Perform analytical procedures:
– Obtain a breakdown of revenue per product or per month and compare to
the prior year – investigate any significant differences.
– Calculate the gross profit and compare to the prior year – investigate any
significant differences.
 Vouch a sample of items in revenue to sales invoices/details of contracts.
 Consider whether the level of revenue reported in the financial statements is
reasonable based on your understanding of the business during the year.
 Revenue is linked to receivables and so the auditor should consider the effect any
adjustments to receivables will have on revenue (especially relating to errors in
cut-off).
Purchases
 Perform analytical procedures (as per revenue above).
 Vouch a sample of purchases to purchase invoices.
 Consider the impact of any adjustments to inventory and payables on purchases
(especially relating to cut-off).
Payroll costs
– Compare the level of payroll costs year on year.
– Perform a proof in total calculation on payroll costs – calculate the estimated
payroll costs based on prior year costs adjusted for numbers of staff and pay
rates in the current year.
 Perform tests of detail, for example vouch the number of hours worked to
timesheets and wages rates to personnel records.
 Agree pay as you earn (PAYE) and national insurance contribution (NIC) payments
to bank statements.

Interest paid/received
– Compare the level of interest received/paid year on year.
– Perform a proof in total calculation – determine the average loan balance
outstanding during the year from loan confirmations/statements, vouch the
interest rate to the loan documentation and calculate the expected interest
paid/received – then compare the calculated amount to the actual amount in
the financial statements.
 Inspect bank statements for interest paid/received.
 Vouch interest amounts to third party confirmations.
Expenses
– Compare the level of expenses year on year.
 Vouch expenses to purchase invoices.
 Verify that expenses such as depreciation, inventory write down and irrecoverable
debts expense will be covered via audit procedures performed on the statement of
financial position balances.
AUDITING STATEMENT OF PROFIT OR LOSS AMOUNTS

Sebastian carried out the following audit procedures on certain items in the statement of
profit or loss.
Requirement
For each test carried out select whether that test proves the relevant assertion or not.
Performed a proof in total on depreciation expense
A Proves occurrence
B Proves accuracy
Vouched a sample of entries in the purchases account to goods received notes to
determine the date when the transaction occurred.
C Proves cut-off
D Does not prove cut-off
Traced a sample of purchase invoices to the purchases account
E Proves completeness
F Does not prove completeness

SUMMARY
Statement of profit or loss
Revenue Purchases Payroll Interest Expenses
Analytical procedures
Vouch to supporting
documentation

ACTIVITY ANSWERS
AUDITING TANGIBLE NON-CURRENT ASSETS

Opening balances
 Agree to the prior year's audit file and signed financial statements.
Additions
 Obtain a breakdown of the current year additions, re-cast the total and then agree
this total to the financial statements.
 For a sample of assets, vouch the amount capitalised to the purchase invoice.
Verify that the amount capitalised excludes recoverable sales tax but includes all
directly attributable costs such as legal costs and professional fees.
 Physically verify a sample of non-current asset additions to ensure they exist.
Depreciation
 Obtain details of the accounting policy from the notes to the financial statements.
 Confirm with last year's financial statements that there have been no changes to
these policies.
 Recalculate depreciation on a sample of assets. Compare the calculations to the
depreciation charge in the non-current assets register for each item in the sample.
 Alternatively, perform a proof in total of depreciation charge for each category of
asset by taking the average cost balance (opening cost + closing cost/2) and
multiplying by depreciation rate.
 Confirm that depreciation rates are reasonable by discussion with management
and review of the gains and losses on disposal of non-current assets.
Disposals
 Obtain a list of disposals, re-cast the total and then agree this total to the financial
statements.
 For material disposals:
– Agree the cost of the asset sold to the non-current asset register.
– Recalculate the depreciation up to the date of disposal, based on the
company's accounting policy.
– Trace the proceeds to the cash book and the bank statement.
– Recalculate the gain or loss on disposal and agree it to the nominal ledger.
– If the profit or loss is material, verify to the statement of profit or loss that it
is separately disclosed in accordance with IAS 1 Presentation of Financial
Statements.
Tutorial note. More audit procedures than specified have been included.

AUDITING INTANGIBLE NON-CURRENT ASSETS
B Procedures 1, 2 and 3 only
Note that physical inspection of the laboratory may give audit evidence on the existence
of the development work but will not provide any evidence on its valuation.
INVENTORY COUNTING PROCEDURES

Five matters which will require action by management if the inventory count is to be
effective, together with possible corrective actions, are as follows:
1 By allowing Mr Farditch to take responsibility for the detailed organisation of the
count, the present instructions permit the person with day-to-day responsibility for
the inventory area to supervise one of the most important control checks on that
area. This represents a weakness in the company's system of internal checks, since
the opportunity is afforded to Mr Farditch to cover up any inadequacies there may
be in the operational efficiency of controls in the area of inventories. Mrs Curbar
should take more direct responsibility for the detailed organisation of the count.
2 By giving to those members of staff responsible for the physical count of the
inventories an indication of the quantity which is expected to be in inventory, there
is a risk that this may prejudice their opinion in the event of there being a
discrepancy. More importantly, it will tend to reduce the benefits of carrying out an
independent check on the inventory records by having to reconcile them with the
quantities determined by a physical count. The preprinted inventory sheets should
not disclose the balance of each inventory item on hand as shown on the inventory
records held independently of the warehouse.
3 At the moment clear instructions do not appear to have been given of the action
required in the event of there being a discrepancy in the counts arrived at by the
two members of the counting team. Unless precise instructions are given, there
would be a tendency to accept the quantity determined by the senior member of
the count team, which is not necessarily going to be the correct one. The teams of
counters should be instructed that in the event of their independent counts of the
inventory quantities not agreeing a further count should take place. If they are still
unable to agree then a note of this fact should be made on the inventory count tag
so that a further check may be carried out by the inspection team.
4 A number of teams of checkers (two or three) should be appointed to go around
after the counters. The task of these checkers would be to:
 Carry out sample tests on the accuracy of the original counters
 Ensure that inventory count completion tags have been left by the counters
at each inventory location
The appointment of checkers will improve the efficiency of the overall count by
acting as a check on both the accuracy and the completeness of the count.

5 Allowing the members of staff involved in the count to deduct any goods in poor
condition from the quantities appearing on the inventory sheets increases the risk
that:
a) Errors of judgement are made.
b) This procedure could be used deliberately to cover up past or future
misappropriations of inventory.
The staff involved in the count should be instructed to identify any goods that
appear to be in poor condition on the inventory sheets and these can then be
reviewed by a more senior employee.
Goods should only be written off on the authorisation of that more senior
employee.
WHERE NET REALISABLE VALUE IS LOWER THAN COST

 Where goods are subject to changing tastes and fashions (for example clothing
lines at the end of a season)
 Where goods can become technologically obsolete (for example CDs)
 Where there is a general fall in the market price of a good
 Where production or manufacturing costs have risen significantly and the company
is unable to pass these price increases on to customers
 Where goods are slow moving and their price will be discounted in order to sell
them
INVENTORY – TRUE OR FALSE

a) Examining the prices at which inventory was sold post year end will provide audit
evidence on the completeness of inventory.
B False – it will provide evidence on the valuation of inventory.
b) It is the auditor's responsibility to ensure the inventory count is conducted in
accordance with the inventory count instructions.
B False – it is management's responsibility to manage and control the
inventory count.
c) Inventory which is identified as damaged during the inventory count should be
included in the overall quantity on the inventory sheets.
A True – all inventory should be counted; however, damaged inventory should
be separately identified so its valuation (at the lower of cost and NRV) can
be considered later.

ANALYSING THE RESULTS OF A RECEIVABLES CONFIRMATION
Jacob
 The cash in transit should be traced to the cash receipts book post year end. I
would expect it to be received within a few days of the year end.
 I would also trace the cash to the bank paying in slip. Again, this should be
stamped by the bank post year end.
Laura
 The goods in transit should be traced to a GDN dated prior to the year end.
 If inventory records exist the despatch could be traced to the records to confirm
that it was sent prior to the year end.
Tom
 The reason for the dispute and my client's views on it should be obtained from the
correspondence file between Tom and my client.
 Credit notes post year end should be scrutinised to determine whether a credit was
given for the disputed goods.
 Cash receipts should be reviewed post year end to determine whether Tom paid
the full balance.
 If the amount is outstanding at the audit date, discuss recoverability with the credit
controller.
TESTING RECEIVABLES
D Review of monies received from customers post year end
AUDITING A BANK RECONCILIATION

 Agree the balance per the bank statement to the bank confirmation letter
 Agree the balance per the financial statements to the nominal ledger
 Cast the reconciliation to confirm it is correct
 Trace the unpresented cheques to post year end bank statement to confirm they
have been paid post year end
 Agree the outstanding lodgements to post year end bank statements to confirm
they have cleared post year end
PAYABLES – ASSERTIONS
D Existence – companies are least likely to overstate their liabilities.

AUDIT PROCEDURES RELATING TO PAYABLES
1 Calculate the payables days ratio and compare to the prior year – investigate
A Completeness
2 Testing post year end goods received notes to ensure that the invoices relating to
the goods received notes have been correctly excluded from current year's balance
presented in the financial statements
B Existence
3 Review payments made to suppliers post year end and compare the level of
payments made to the balance outstanding at the year end
A Completeness
4 For a sample of purchase ledger balances, vouch the balance to the original
purchase invoice
B Existence
AUDITING THE LOAN LIABILITY AT THE YEAR END

B The bank statement
C A confirmation from the loan provider
AUDITING STATEMENT OF PROFIT OR LOSS AMOUNTS

Performed a proof in total on depreciation expense
B Proves accuracy
Vouched a sample of entries in the purchases account to goods received notes to
determine the date when the transaction occurred.
C Proves cut-off
Traced a sample of purchase invoice to the purchases account
E Proves completeness

7
COMPLETION AND
REPORTING
Learning outcomes
professionals.
• Define the assurance process, including
– concluding and reporting on the engagement
– reporting to the engaging party
where issues need to be referred to a senior colleague
 State the reasons for preparing and keeping documentation relating to an
assurance engagement
 Identify the circumstances in which written confirmation of representations from
management should be sought and the reliability of such confirmation as a form of
assurance evidence
 Recognise when the quantity (including factors affecting sample design) and
quality of evidence gathered is of a sufficient and appropriate level, after taking
account of sampling risk, to draw conclusions on which to base a report
TOPIC OVERVIEW
Completion and reporting
Written representations Auditor’s reports
Purpose of written
Types of opinion
representations
Requirement for Content of

written representations auditor’s reports
Other reports
174 Topic 7: Completion and reporting

WRITTEN REPRESENTATIONS
PURPOSE OF WRITTEN REPRESENTATIONS
Representations are made by management to the auditors throughout the course of the
audit. These are often made orally and so are not a reliable source of audit evidence. In
order to improve the reliability of such evidence the auditor will request that certain
representations are documented in a written representation letter.
REQUIREMENT FOR WRITTEN REPRESENTATIONS
General matters
Some representations made by management are general while others relate to specific
matters. Representations may be critical in obtaining sufficient, appropriate evidence.
ISA (UK) 580 Written Representations deals with the auditor's responsibility when
obtaining such representations.
General representations made by management include providing confirmation that they
have:
 Fulfilled their responsibilities for the preparation of financial statements in
accordance with the applicable financial reporting framework
 Provided the auditor with all relevant information and access to all books and
records
 Recorded and reflected all transactions in the financial statements
The written representations are dated as near as possible to, but not after, the date of
the auditor's report on the financial statements.
Other written representations (specific representations)

In addition to general written representations about management's responsibilities, the
auditors may also request specific written representations where the auditors determine
they are necessary to support other audit evidence.
Examples of these include situations such as:
 Whether the selection and application of accounting policies are appropriate
 Plans/intentions that may affect the carrying value or classification of assets or
liabilities
 Where actual and contingent liabilities exist
 Any instances of non-compliance with laws and regulations that may affect the
 Whether all deficiencies in internal control which management are aware of have
been communicated to the auditors
 Where knowledge of facts is confined to management, for example where the
outcome of an event depends on management's intentions
 Where the matter is principally one of judgement, for example as to whether a
receivable balance is recoverable or not
Topic 7: Completion and reporting 175

Written representations are not a substitute for other forms of audit evidence.
Representations should be evaluated by the auditors, who should:
 Seek corroborative audit evidence
 Evaluate reasonableness and consistency of information
 Assess individuals making the representations
If the representations made are inconsistent with other evidence, the auditors shall:
 Perform audit procedures in an attempt to resolve the matter
 Reconsider its assessment of management if the matter is not resolved
 Determine the effect on the reliability of representations in general
Extract from a written representation letter
[Entity letterhead]
(To Auditor) (Date)
This representation letter is provided in connection with your audit of the financial
statement of ABC Company for the year ended December 31, 20X8 for the purpose
of expressing an opinion as to whether the financial statements are presented fairly,
in all material respects, (or give a true and fair view) in accordance with
International Financial Reporting Standards.
We confirm that (to the best of our knowledge and belief, having made such
inquiries as we considered necessary for the purpose of appropriately informing
ourselves):
Financial Statements
 We have fulfilled our responsibilities, as set out in the terms of the audit
engagements dated [insert date], for the preparation of the financial
statements in accordance with International Financial Reporting Standards; in
particular the financial statements are fairly presented (or give a true and fair
view) in accordance therewith.
 Significant assumptions used by us in making accounting estimates, including
those measures at fair value, as reasonable. (ISA (UK) 540)
 Related party relationships and transactions have been appropriately
accounted for and disclosed in accordance with the requirements of
International Financial Reporting Standards. (ISA (UK) 550)
 All events subsequent to the date of the financial statements and for which
International Financial Reporting Standards require adjustment or disclosure
have been adjusted or disclosed. (ISA (UK) 560)
 The effects of uncorrected misstatements are immaterial, both individually and in
the aggregate, to the financial statements as a whole. A list of the uncorrected
misstatements is attached to the representation letter. (ISA (UK) 450)
 Any other matters that the auditor may consider appropriate.

Which two of the following are purposes of a written representation letter?
Confirmation that management has received the signed auditor’s report
Confirmation that management has fulfilled its responsibility for the preparation of
the financial statements
Confirmation of all representations made by management in the course of the

audit
Confirmation that management has recorded and reflected all transactions in the
Confirmation that management understand the terms of the engagement

SUMMARY
Written representations
Purpose of written Requirement for written

representations representations
Source of audit evidence General representations:

Management's responsibilities
Unlikely to be sufficient Access to information/records
evidence
Specific representations:
Need to seek corroborative Matters of judgement
evidence Estimates
Future intentions

AUDITOR’S REPORTS
The auditor is required to give an opinion on whether the financial statements are
prepared, in all material respects, in accordance with the applicable financial reporting
framework.
To do this, the auditor needs to consider the following:
 Whether sufficient appropriate audit evidence has been obtained (ISA (UK) 330)
The auditor's responses to assessed risks which states that 'to obtain sufficient
appropriate audit evidence regarding the assessed risks of material misstatement,
through designing and implementing appropriate responses to those risks' (ISA
(UK) 300, para.3)
 Whether uncorrected misstatements are material (ISA (UK) 450) Evaluation of
misstatements identified during the audit.
TYPES OF OPINION
Type of engagement Evidence-gathering The assurance report
procedures
Reasonable assurance Sufficient and appropriate A high level of assurance
engagement evidence is obtained by: (less than absolute
eg statutory audit assurance). Description of
 Obtaining an understanding
the engagement, and a
of the engagement
positive statement of the
 Assessing risks conclusion.
 Responding to assessed
risks
 Performing further
procedures using a
combination of inspection,
observation, confirmation,
recalculation,
reperformance, analytical
procedures and enquiry.
Limited assurance Sufficient and appropriate A meaningful level of
engagement evidence (lower level) is assurance. Description of
eg review of half-year obtained as part of a the engagement, and a
accounts systematic engagement negative form of
process that includes obtaining statement of the
an understanding of the conclusion.
subject matter and other
engagement circumstances,
but in which procedures are
deliberately limited relative to
a reasonable assurance
engagement.
These procedures may include
only enquiry and analytical
procedures.

Positive statement 'In my opinion, the statement by the
Chairman regarding X is reasonable'
Negative statement 'In the course of my seeking evidence
about the statement by the Chairman,
nothing has come to my attention
indicating that the statement is not
reasonable'
CONTENT OF AUDITOR’S REPORTS

The text of the auditor’s report that is examined under this syllabus is as shown in ISA
(UK) 700 Forming an Opinion and Reporting on Financial Statements. Examples of
auditor’s reports can also be found in the FRC Bulletin October 2016
(www.frc.org.uk/auditors/audit-assurance/standards-and-guidance/bulletins)
The order of the paragraphs is important, but the content of the report depends on the
nature of the engagement, the type of company being audited and whether there are
issues that the auditor should be highlighting in the report.
In this syllabus, you are only concerned with cases where the auditor finds that they can
conclude that the financial statements give a true and fair view.
The auditor’s report makes both explicit and implied opinions:
Explicit opinions
In respect of the state of the company's affairs at the end of the financial year
In respect of the company's profit or loss for the financial year
In relation to the financial reporting framework (IFRSs or UK GAAP)
In respect of other legal requirements of the Companies Act 2006
The information given in the strategic report and the directors' report is
consistent with the financial statements
Implied opinions (reported on by exception) (RAPID)
Returns from branches not visited have been received and are adequate for the
purposes of the audit
Accounts agree to the underlying records
Proper (adequate) accounting records have been maintained
Information and explanations have been received (and full access has been given to the
auditors)
Directors' transactions have all been correctly disclosed (emoluments and benefits agree
to supporting evidence, and any loans or other transactions with directors have been
correctly disclosed)

Contents of the auditor’s report
Title
Addressee
Opinion
This paragraph will express the auditor’s opinion on the financial statements. It will also
state:
 The name of the entity, the names of the financial statements (including their
names) and the notes to the financial statements that have been audited
 The reporting date of the financial statements
 In the UK, the auditors must state whether or not the accounts give a 'true and fair
view'
 The financial reporting framework that applies to the financial statements (IFRS,
FRS 102)
 Jurisdiction of the framework, so in the UK, Companies Act 2006
Basis for opinion
This paragraph states that the audit has been completed:
 In accordance with ISAs (UK) and applicable law
 There is a reference to the auditors' responsibilities
 The independence of the auditor and the ethical standards they must comply with
(FRS Ethical Standard)
 That the auditors have obtained sufficient and appropriate audit evidence
Going concern section (where applicable)
This is only required for public interest companies.
Key audit matters (for listed companies)
At Certificate level, it is required only that you understand that a key audit matters section
may be required.
Other information
 The directors' responsibility for the other information, and what this other
information may be.
 That the auditors are not expressing an opinion on this other information, however,
that they have a duty to read it and consider whether it is materially different to the
information in the financial statements.
 A statement as to whether the auditor has anything to report or not in this respect.
Opinion on other matters (dependent on statutory requirement)
This is required if there is a directors' report and/or a strategic report produced. Auditors
will state whether or not the report is consistent with the financial statements. (ISA (UK)
720)
Reporting by exception (matters on which the auditor is required to report on
by exception)
Reporting by exception occurs in accordance with the Companies Act 2006. (See the
RAPID mnemonic regarding implied opinion.)

Responsibilities of management
 Directors' responsibility for the preparation of the financial statements and that the
company is a going concern.
Auditor's responsibilities for the audit of the financial statements
 To obtain 'reasonable assurance', and to issue an auditor's report which states their
opinion
 To obtain 'reasonable assurance', and to issue an auditor's report which states their
opinion
 A statement defining 'reasonable assurance'
 A definition of materiality
 A statement that misstatements can occur due to fraud or error.
The full list of auditors' responsibilities may be cross referenced in the report to the
website of the appropriate authority (usually the FRC).
Engagement partner's name
Engagement partner's signature
Auditor's address
Date of the report
Level of assurance and the expectations gap
Expectations gap: The difference between the apparent public perceptions of the
responsibilities of auditors and the legal and professional reality.
There are some specific issues:

 Misunderstandings of the nature of audited financial statements
 Misunderstanding as to the type and extent of work undertaken by auditors
 Misunderstanding about the level of assurance provided by auditors
AUDITOR’S REPORTS
Which two of the following matters are reported on by exception only?
A Where a written representation letter has not been obtained from management
B Where proper accounting records have not been kept
C Where there are misstatements which have not been corrected
D Where all information and explanations deemed necessary have not been obtained

OTHER REPORTS
Professional accountants do not only carry out statutory audits but also wider assurance
engagements such as reviews on the effectiveness of an entity's internal controls.
When conducting an assurance engagement the International Standard on Assurance
Engagements requires that an assurance report must have the following components:
 Title indicating that the report is an independent assurance report
 Addressee
 Subject matter (identification and description)
 Identification of the criteria
 Description of any significant inherent limitations (such as limitations of evaluation
or measurement)
 Identification of the responsible party and a description of their responsibilities and
those of the practitioner
 Engagement performed in accordance with International Standards on Assurance
Engagements (ISAEs)
 Summary of work performed
 The practitioner's conclusion
 Assurance report date
 Name and location of practitioner
Many of these are similar to the auditor's report but the content of an assurance report
can be tailored (to some extent) to the requirements of the responsible party and the
intended user.

SUMMARY
Auditor’s reports
Content of auditor’s
Types of opinion Other reports
reports
Reasonable assurance Title 'Non-audit' assurance

(positive expression) Addressee reports − key differences
Introductory paragraph
Limited assurance Describe subject matter
(negative expression) Management's responsibility Identification of criteria
Auditor's responsibility
Extra detail Fact that engagement
Scope paragraph performed in accordance
Opinion paragraph with ISAEs
Date
Auditor's address and
signature

ACTIVITY ANSWERS

Confirmation that management has fulfilled its responsibility for the preparation of the
Confirmation that management has recorded and reflected all transactions in the
AUDITOR’S REPORTS
B Where proper accounting records have not been kept
D Where all information and explanations deemed necessary have not been obtained

8
ETHICAL AND PROFESSIONAL
BEHAVIOUR
Learning outcomes
Students will be able to understand the importance of ethical behaviour to a professional
and identify issues relating to integrity, objectivity, professional competence and due
care, confidentiality, professional behaviour and independence.
• State the role of ethical codes and their importance to the profession
• Recognise the differences between a rules-based ethical code and one based upon
a set of principles
• Recognise how the principles of professional behaviour protect the public and
fellow professionals
• Identify the key features of the system of professional ethics adopted by IESBA
and ICAEW
• Identify the fundamental principles underlying the IESBA and ICAEW Code of Ethics
• Identify the following threats to the fundamental ethical principles and the
independence of assurance providers: self-interest threat, self-review threat,
management threat, advocacy threat, familiarity threat and intimidation threat
• Recognise the importance of integrity and objectivity to professional accountants,
identifying situations that may impair or threaten integrity and objectivity
• Identify safeguards to eliminate or reduce threats to the fundamental ethical
principles and the independence of assurance providers
• Suggest courses of action to resolve ethical conflicts relating to integrity and
objectivity
• Suggest how a conflict of loyalty between the duty a professional accountant has
to their employer and the duty to their profession could be resolved
• Recognise the importance of confidentiality and identify sources of risks of
accidental disclosure of information
• Respond appropriately to the request of an employer to undertake work outside
the confines of an individual's expertise or experience
• Identify steps to prevent accidental disclosure of information
• Identify situations in which confidential information may be disclosed
• Define independence and recognise why those undertaking an assurance
engagement are required to be independent of their clients
TOPIC OVERVIEW
Ethical and professional

behaviour
Codes of professional Ethical Standards Confidentiality

ethics
Importance of
Professional ethics Threats and safeguards
confidentiality
Ethical codes Resolving ethical Authorised disclosures

conflicts
188 Topic 8: Ethical and professional behaviour

CODES OF PROFESSIONAL ETHICS
PROFESSIONAL ETHICS
Need for ethics

Why is it important for auditors to have ethical guidance?
 Responsibility for acting in the public interest
 People need to be able to place reliance on auditors
 Access to confidential and sensitive information
 Protection for auditors
Sources of ethical guidance

All ICAEW members (including trainees) are subject to the ICAEW Code of Ethics.
The ICAEW's Code of Ethics is influenced by the International Ethics Standards Board for
Accountants (IESBA) and within the UK, auditors are also subject to the FRC's Ethical
Standard for auditors.
Rules or framework?
UK guidance is mainly in the form of a framework. The ICAEW could have taken a rules-
based approach to ethics. This would have involved creating a large book of rules, trying
to cover every possible ethical scenario that could be faced, with an answer to every
single ethical problem.
In the modern day business environment it would be very difficult to include rules on all
situations a member may encounter. There would also be scope for manipulating the
rules.
So instead, a principles-based approach was adopted which allows the individual to
decide what behaviour is appropriate and to exercise professional judgement on a
case-by-case basis.
The ICAEW Code of Ethics is designed to give guidance on what behaviour is considered
ethical. It is not legally binding but gives advice on how to comply with the law.
RULES AND PRINCIPLES

There are two main approaches to a code of professional ethics: a rules-based ethical
code and a code based on a set of principles.
Requirement
Indicate whether the following statements are true or false.
True False
a) A code based on a set of principles rather

than rules is more flexible in a rapidly
changing environment.
b) ICAEW's Code of Ethics is principles based.
Topic 8: Ethical and professional behaviour 189

True False
c) A code based on a set of rules requires

accountants to evaluate and address threats
to independence.
ETHICAL CODES
Fundamental principles
The fundamental principles are:
 Integrity
 Objectivity
 Professional competence and due care
 Confidentiality
 Professional behaviour
Independence
Independence is a key concept for assurance teams; it is required by the ICAEW Code of
Ethics that members of assurance teams be independent of assurance clients.
Threats to independence should be assessed and safeguards to address those threats
should be put into place.
If no safeguards are available, it may be appropriate to eliminate the interest or decline
(or discontinue) the engagement.
It is important that auditors are seen to have independence of mind and independence in
appearance.
Threats and safeguards

The ICAEW Code of Ethics identifies five general sources of threats and the FRC's Ethical
Standard identifies a sixth threat (the management threat):
Threat Explanation
Self-interest Occurs when the firm or a member of the assurance team

has some financial or other interest in an assurance client
which may cause them to be reluctant to take actions that
would have an adverse effect on the interests of the firm
or individual
Self-review Occurs when work previously carried out under a non-
audit service needs to be re-evaluated by members
responsible for that work
Advocacy Occurs when members promote a position or opinion to the
point that subsequent objectivity may be compromised
Familiarity (or trust) Occurs when, because of a close relationship, members
become too sympathetic to the interests of others
Intimidation Occurs when members are deterred from acting
objectively by threats, actual or perceived
Management Occurs when the audit firm undertakes work that involves
making judgements which are the responsibility of
management

There are two general categories of safeguard identified by the ICAEW Code of Ethics:
 Safeguards created by the profession, legislation or regulation
 Safeguards within the work environment
Some examples of safeguards:
 Training
 Continued professional development
 Rotation of staff
 External review
 Discussions with those charged with governance
 External review
ICAEW Code
The ICAEW Code should be followed at all times by all professional accountants in all
aspects, for example keeping the books for a local tennis club or charity.
Professional accountants should follow the spirit of the guide as well as the letter of the
guidance.
The ICAEW Code implements the IEBSA Code above so that following the former it
ensures compliance with the latter.
FRC's Ethical Standard

The FRC's Ethical Standard was published in June 2016 and amalgamates the earlier
Ethical Standards into one document, the key areas of which are:
 General guidance (covering integrity, objectivity and independence)
 Financial, business, employment and personal relationships
 Long association with the engagement and with entities relevant to engagements
 Fees, remuneration and evaluation policies, gifts and hospitality, litigation
 Non-audit/additional services

SUMMARY
Codes of professional ethics
Professional ethics Ethical codes
Required in order for the public IFAC Code

to have confidence in the audit ICAEW Code
process FRC Ethical Standard (Revised)
Provides protection for the
Integrity
auditor
Objectivity
Principles based Professional competence
and due care
Confidentiality
professional behaviour
Self-interest threat
Self-review threat
Advocacy threat
Familiarity threat
Intimidation threat
Managerial threat

ETHICAL STANDARDS
THREATS AND SAFEGUARDS
Self-interest threat
Familiarity  Close business relationships

 Partner on client board
 Family and personal
relationships
 Employment with assurance
client
 Gifts and hospitality
Financial  Loans and guarantees

 Percentage or contingent
fees
 Overdue fees
 High percentage of fees for
the firm
Financial interests
Immediate family means a spouse (or equivalent) or dependent.
Direct financial interest: One which is owned directly by and under the control of an
individual or entity or beneficially owned through a collective investment vehicle, estate,
trust or other intermediary over which the individual or entity has control, or the ability to
influence investment decisions.
Indirect financial interest: One beneficially owned through a collective investment
vehicle, estate, trust or other intermediary over which the entity has no control or ability
to influence investment decisions.
Employment with assurance client

 Assurance team/firm member moves to client.
A key audit partner should not accept a key management position with their audit
client unless at least two years have elapsed since the conclusion of the audit.
 Former member of client moves to assurance team/firm.
If during the period covered by the assurance report or the preceding two years
the individual was in a position to exert influence over the financial statements, the
individual should not be assigned to the audit team.
 Serving as an officer/director on the board of an assurance client.
The only course of action is to refuse to perform, or withdraw from, the assurance
engagement.

Family and personal relationships
Close family is a parent, child or sibling who is not an immediate family member.
Percentage or contingent fees
Contingent fees: Fees calculated on a predetermined basis relating to the outcome of a
transaction or resulting from the services performed by the firm.
High percentage of fees
If the total fees from a single assurance client represent a large portion of a firm's total
fees, the dependence on that client and concern about the possibility of losing that client
may create a self-interest threat.
Consider Perception
reasonableness of objectivity likely
Type of company
accepting or retaining to be at risk
a client
(% of firm's total fees)
Listed and other public interest 5 10
Private 10 15
Self-review threat
Where the assurance firm provides other services to the client, such as
 Taxation services
 The preparation of tax returns is allowed, provided management takes
responsibility for its contents. Tax calculations used in the preparation of
accounts may not be prepared for public-interest entities; they may be
prepared for non-public interest entities as long as appropriate safeguards
are applied.
 Corporate finance
 Generally assurance firms are not allowed to provide corporate finance
services to their clients (as the self-review threats which arise cannot be
reduced to an acceptable level by safeguards).
 Internal audit services
 Where an assurance firm provides internal audit services to a client, there is
a risk that the firm assumes management responsibilities. Therefore, audit
firms may not provide internal audit services which relate to the accounting
records to public interest entities. For other entities they may only be
provided where appropriate safeguards are implemented.
 Valuation services
 Audit firms shall not carry out valuations which have a material effect on a
public interest entities financial statements or valuations which involve a
significant degree of subjectivity and have a material effect on the financial
statements.

 Preparation of financial statements (or other accounting services)
 Auditors may not prepare the accounting records or financial statements for public
interest entities. For other companies the auditors may assist, as long as
appropriate safeguards are implemented.
 Service with an assurance client
 Any person who has worked for the client cannot be involved in the
assurance engagement for two years following the date of leaving the client
(Ethical Standard, section 5).
 Information technology services
 For public interested entities, the audit firm must not be involved in the
design or implementation of IT services which relate to a companies’
financial reporting processes. For non-public interest entities, services may
be provided if appropriate safeguards are implemented.
Advocacy threat
An advocacy threat may arise where the assurance firm assists in the legal defence of a
client or acts as their advocate. The FRC Ethical Standard forbids such support where the
item may be material in the financial statements. The firm must appraise the risk and
implement safeguards to reduce the threat to an acceptable level.
Familiarity threat
A familiarity threat arises where the audit firm and its staff are over-familiar with the
client. There is a risk of a loss of professional scepticism in this situation. Independence
may be threatened where the staff have worked for a long time with a client, or there
are relationships between the client and the assurance firm including:
 Family or personal relationship
 Employment with assurance the client
 Recent service with assurance client
Long association of senior personnel with assurance clients

Partner rotation periods (for public interest entities) depend on the type of partner:
Rotated after (years) Should not return for

(years)
Audit engagement partner 5 5
Engagement quality control 7 5

reviewer
Key partner (eg tax partner 7 2
or other audit partner)
a) Where the engagement quality control reviewer becomes the audit engagement
partner the combined service in these two positions should not be more than seven
years.
b) When an audit client becomes a listed company, the engagement partner should
only continue in the position for another two years where four or more years have
already been served by that individual.

Intimidation threat
This arises where members of the assurance team feel intimidated by members of the
client team. It may occur in cases such as
 Litigation or dispute between the firm and the client
 Members of the assurance team moving to work for the client team
 Family and personal relationships
 Close business relationships
Guidance to assurance firms is given in FRC Ethical Standard section 4.
Management threat
An important factor in whether a management threat exists is whether there is 'informed
management' at the client.
Informed management is where the auditors believe that the member of management
designated by the audit client to receive the results of a non-audit service provided by
the auditor has the capability to make independent management judgements and
decisions on the basis of the information provided.
ETHICAL THREATS
In each of the following cases, indicate the principal threat that the assurance firm is
facing.
a) Peter Perkins recently resigned as finance director of Assiduous Ltd. Peter joined
the assurance firm that provides the audit to Assiduous after his notice period of
six months.
b) Artifice Ltd has intimated to the engagement partner that a qualified auditor's
report would be unacceptable in the current year because the company is
considering a flotation.
c) Anonymous Ltd has requested that the audit team not be changed from the
previous year as they got on well with client staff.
RESOLVING ETHICAL CONFLICTS

Factors to consider:
 The relevant facts
 The relevant parties
 The ethical issues involved
 The fundamental principles related to the matter in question
 Established internal procedures
 Alternative courses of action
Steps to take:
a) Consider which course of action most aligns with the fundamental principles
b) Refer to the relevant department within their firm if unable to determine
c) Seek advice, if necessary from the ICAEW through their Technical and Ethics
Helplines

COURSES OF ACTION
You are a trainee in the audit department of Harris Brothers & Co. You have recently
started your training, have not attended any courses and have attended one audit,
where you carried out some simple audit tests under supervision from the audit senior.
An audit manager has asked you to attend the inventory count of Brox Bros, which has a
large amount of inventory that is subject to an annual inventory count. There are very
few other controls over the inventory at Brox Bros. Inventory is highly material to Brox
Bros' financial statements. No other audit staff will be attending the inventory count.
Requirement
Which of the following is the most appropriate course of action for you to take?
Perform the work
Refer to training partner
Contact the ICAEW
Conflicts of interest for the accountant

In industry, employers might not understand the importance and nature of an
accountant's professional duty.
The ICAEW Code of Ethics gives advice to accountants in such conflicting situations.
Some situations they could be faced with are:
 Acting contrary to law or regulation
 Acting contrary to technical or professional standards
 Facilitating unethical or illegal earnings management strategies
 Misleading auditors or regulators
 Being associated with published reports (for example financial statements, tax
statements) that materially misrepresent the facts
The accountant in question should evaluate the threats that such situations bring, and
then safeguards should be applied. These include:
 Obtaining advice from other technical sources (ICAEW for example)
 Using a formal dispute resolution process at work
 Seeking legal advice

SUMMARY
Ethical issues and safeguards
Integrity, objectivity and

Threats and safeguards Resolving ethical conflicts
independence
High expectations placed on the Self-interest threat Identify threats to the

auditor fundamental principles
Self-review threat
If possible, put safeguards in
Advocacy threat place to minimise threats
Familiarity threat Apply your knowledge of

ethics to the scenario
Intimidation threat
Avoid conflicts of interest
Management threat Make disclosure where they
exist

CONFIDENTIALITY
IMPORTANCE OF CONFIDENTIALITY
Confidentiality is one of the ICAEW Code of Ethics fundamental ethical principles.
Accountants are required to keep client information confidential as they may have access
to some sensitive information.
Matters should not be discussed with anyone outside of the firm of accountants and, in
cases where there is a conflict of interest with another audit client, with anyone outside
of the team assigned to that client.
The greatest risk is accidental disclosure.
SAFEGUARDS TO CONFIDENTIALITY
What types of procedures do you think should be in place?

Preventing deliberate breaches

In addition, to prevent unauthorised deliberate disclosures of information:
 Raise concerns with more senior staff in the firm
 Seek legal advice before making any disclosures of potentially confidential
information
AUTHORISED DISCLOSURES
The ICAEW Code of Ethics identifies three circumstances where the professional
accountant is or may be required to disclose confidential information:
 Where disclosure is permitted by law and is authorised by the client or the
employer
 Where disclosure is required by the law
 Where there is a professional duty or right to disclose, when not prohibited by law

Professional accountants should not use, or appear to use, information gained from work
to their personal advantage, for example:
 On a change in employment
 Insider dealing
Money Laundering
It is a criminal offence not to disclose a suspicion of money laundering.
It is a criminal offence to tip off a suspected money launderer.
Accountants should:
 Report suspicions to their Money Laundering Reporting Officer (MLRO
 Not tip off their client
 Complete all relevant training
All firms must have a MLRO, who will be responsible for making such disclosures. Staff
carrying out audit work must make a report to that MLRO when a suspicion of money
laundering arises; therefore an audit team member will never be required to make a
report to the authorities personally. Making a report to the MLRO is a defence against the
criminal offence of failing to report a suspicion of money laundering.
Examples of money laundering in this context could include (but are not limited to):
 Keeping customer overpayments
 Offences under the Companies Act that are criminal (such as making a loan to a
director – so that the director is in possession of the proceeds of the company's crime)
 Offences that involve a saved cost (such as failure to meet environmental
regulations relating to disposal and dumping waste instead)
MONEY LAUNDERING
What issues may give rise to suspicions of money laundering?



ACTIONS
During the course of an assurance engagement, Aleem, a member of the assurance team
from Goose Brothers & Co, discovers that Dave Milton, the owner of D Manufacturing
Ltd, has told certain customers to write cheque payments out in favour of DM, rather
than the full company name. Mr Milton has then been amending the cheques to read D
Milton, and paying them into his personal account rather than the company's, reducing
the company's overall tax liability.

Requirement
Which one of the following is the most appropriate action for Aleem to take in respect of
this matter?
A Discuss the matter with the client and advise them of the legal position.
B Report the matter to HMRC.
C Obtain the client's permission to report the matter to the MLRO within the firm.
D Report the matter to the MLRO within the firm.
Conflicts of interest and confidentiality

Firms should have procedures in place to enable them to identify whether any conflicts of
interest would/do exist.
If there is a conflict of interest and it can be successfully mitigated then the safeguards
required should be implemented and recorded.
Disclosure should be made to both clients of the conflict and safeguards proposed. If
consent is refused by the client then the firm cannot act for both parties.
The test to apply is whether a reasonable and informed observer would perceive that the
objectivity of the member or their firm is likely to be impaired.
CONFLICT OF INTEREST SAFEGUARDS

What safeguards could be put in place?


DISCLOSURE
There are certain situations where an assurance provider must disclose confidential
information.
Requirement
From the situations below, select what the assurance provider's responsibility is
regarding disclosure.
The assurance provider provided a clean auditor’s report which turned out to be incorrect
and is now being sued for negligence; they are trying to establish a defence.
A May make disclosure
B Must make disclosure
C No disclosure necessary
The company regularly adds a large mark-up to customer bills, charging them far more
for services than the industry average.
D May make disclosure
E Must make disclosure
F No disclosure necessary
The company has been saving money by dumping industrial waste in public recycling
facilities.
G May make disclosure
H Must make disclosure
I No disclosure necessary

SUMMARY
Confidentiality
Importance of
Authorised disclosure
confidentiality
Confidential information must Where consent has been

not be disclosed without prior obtained
consent
Public duty to disclose
Legal or professional right or

duty
Money laundering

ACTIVITY ANSWERS
RULES AND PRINCIPLES

True False
a) A code based on a set of principles rather

than rules is more flexible in a rapidly 
changing environment.
b) ICAEW's Code of Ethics is principles based. 

c) A code based on a set of rules requires
accountants to evaluate and address threats 
to independence.
ETHICAL THREATS
a) Self review
b) Intimidation
c) Familiarity (however, unless any of the members of the team have been on the
team for a significant period of time or have close personal relationships with any
client staff, this risk is probably insignificant)
COURSES OF ACTION
You should refer to the training partner.
You have no experience or training to undertake this work. The risks attached to the
audit tests being carried out are high. The person allocating the work must have
allocated you in error.
SAFEGUARDS TO CONFIDENTIALITY
 Do not discuss client matters with any party outside of the accountancy firm (for
example friends and family, even in a general way).
 Do not discuss client matters with colleagues in a public place.
 Do not leave audit files unattended (at a client's premises or anywhere else).
 Do not leave audit files in cars or in unsecured private residences.
 Do not remove working papers from the office unless strictly necessary.
 Do not work on electronic working papers on systems that do not have the
requisite protection.

MONEY LAUNDERING
 High number of cash transactions without genuine business reason
 Offshore bank accounts
 Unusual related party transactions
 Lack of expected costs in statement of profit or loss
 The existence of a complicated group structure with no obvious business reason
for the complexity
ACTIONS
D The appropriate thing is to make a report to the MRLO.
C is inappropriate because it could constitute a crime to warn Dave Milton that a report
has been made about his money laundering.
A is therefore also inappropriate.
B might be an appropriate act, but it is better practice for assurance team members
always to make reports to the MRLO and let them take responsibility for determining
whether a report should be made.
CONFLICT OF INTEREST SAFEGUARDS

 Disclosure of the circumstances of the conflict to the clients
 Obtaining the informed consent of the client to act
 The use of confidentiality agreements signed by employees
 Establishing information barriers
 Regular review of the application of safeguards by a senior individual not involved
in the relevant client engagement
 Ceasing to act

DISCLOSURE
The assurance provider provided a clean auditor’s report which turned out to be incorrect
and is now being sued for negligence; they are trying to establish a defence.
A May make disclosure
Assurance providers have the right to defend themselves in a court of law.
The company regularly adds a large mark-up to customer bills, charging them far more
for services than the industry average.
F No disclosure necessary
This is part of the company's normal trade; if the customers are aware of what they are
being charged for and the bills are for actual services then there is no need to disclose.
The company has been saving money by dumping industrial waste in public recycling
facilities.
H Must make disclosure
This is an example of money laundering.

BPP Assurance Course Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BPP Assurance Course Notes

Uploaded by

Copyright:

Available Formats

Assurance

Published by Dear Customer

Improving material and removing errors

Course Study Study

1. The concept of assurance 7 1 1

2. Obtaining and planning assurance 25 2, 3 21

3. The nature of and process for effective 57 5, 9 95

4. Internal control systems 81 6, 7, 8 117

Revenue system 83 6 117

5. The process of gathering sufficient 109 4, 11 71

Documenting 111 10 177

6. Substantive testing 143 13 231

Assets 146 13 231

7. Completion and reporting 173 4, 10, 177

Written representations 175 12 219

Codes of professional ethics 189 14 261

6 Links with other papers

The concept of assurance

Benefits and limitations of

Why can assurance never

8 Topic 1: The concept of assurance

Definition (parties, subject matter, criteria)

'An assurance engagement is one in which a practitioner expresses a conclusion

There are five key elements of an assurance engagement (CREST):

Topic 1: The concept of assurance 9

10 Topic 1: The concept of assurance

Topic 1: The concept of assurance 11

The following table summarises the key areas:

Summary of types of engagement

Type of Evidence Example of wording Conclusion

Reasonable Sufficient appropriate In our opinion, the Positive

12 Topic 1: The concept of assurance

Legal and professional requirements for auditors

Topic 1: The concept of assurance 13

14 Topic 1: The concept of assurance

Practitioner expresses an Reasonable assurance: Statutory audit

Topic 1: The concept of assurance 15

WHY IS ASSURANCE IMPORTANT?

A Attests to the correctness of the financial statements

B Enhances the credibility of the information being reported upon

16 Topic 1: The concept of assurance

THE EXPECTATIONS GAP

This concept is explained in the following worked example:

Topic 1: The concept of assurance 17

Resolutions to the expectations gap

18 Topic 1: The concept of assurance

Benefits and limitations of assurance

The difference between the

Provides users with confidence Nature of subject matter, for

Not 100% testing of all items

Topic 1: The concept of assurance 19

Understand the entity (including documenting and confirming

Assess risk of material misstatement

Select audit procedures to respond to risk of material misstatement

Risk assessment Risk assessment does

Tests of controls (to confirm expectation)

20 Topic 1: The concept of assurance

The audit overview

The process involved in an

Topic 1: The concept of assurance 21

22 Topic 1: The concept of assurance

A Attests to the correctness of the financial statements

Topic 1: The concept of assurance 23