ACCA AA - Course Notes (2021-22)
ACCA AA - Course Notes (2021-22)
ACCA
Audit and Assurance (AA)
Exams from September 2021
Tutor details
ii Introduction ACCA AA
Contents
Page
1 Your exam v
2 The syllabus v
3 Technical Articles v
1 Overview diagram 15
2 Obtaining and accepting audit engagements 16
3 Objective and general principles of audit planning 18
4 Planning an audit 18
5 Understanding the entity and its environment 20
6 Assessing the risks of material misstatements 21
7 Materiality, fraud, laws and regulations 22
8 Analytical procedures (including data analytics) 25
9 Interim and final audits 26
10 Audit documentation 26
11 Knowledge diagnostic 28
3: Internal control 29
1 Introduction 29
2 The use of internal control systems by auditors 30
3 Transaction cycles 32
4 IT controls 37
5 Tests of control versus substantive procedures 37
6 Internal audit and governance and the differences between external audit and internal audit 39
7 The scope of the internal audit function, outsourcing and internal audit assignments 41
8 Knowledge diagnostic 43
4: Audit evidence 45
1 Subsequent events 67
2 Going concern 69
iv Introduction ACCA AA
3 Written representations 71
4 Audit finalisation and the final review 72
5 The independent auditor’s report 72
6 Application to scenarios 76
7 Reports to Management 78
8 Knowledge diagnostic 78
Chapter 5 79
1 Your exam
Your examination is a 3-hour computer based examination.
You will have three hours for the exam PLUS you may have up to 10 minutes to familiarise
yourself with the CBE system before starting the exam.
The exam is divided into two sections:
Section A Three 10-mark case-based questions (each case has five objective questions worth 2 marks each)
Section B One 30-mark question and two 20-mark questions
2 The syllabus
Full details of the syllabus can be found on the ACCA website at:
https://www.accaglobal.com/ca/en/student/exam-support-resources/fundamentals-exams-study-
resources/f8/syllabus-study-guide.html
First Intuition has confirmed with the ACCA that this syllabus area relates to your ability to use the
ACCA software to complete the exams. There is no additional learning and therefore no additional
material on this in these notes. However, we do recommend that you complete two of the exams on
the ACCA practice platform as part of this course in order that you are prepared to demonstrate the
above skills when you sit your exam.
3 Technical Articles
The ACCA publish a number of technical articles relating to Audit and Assurance on their website at
https://www.accaglobal.com/gb/en/student/exam-support-resources/fundamentals-exams-study-
resources/f8/technical-articles.html
These provide useful additional reading, and are worth reading once you are comfortable with
material in these notes. We suggest looking at them between the tuition and revision stage of your
course.
vi Introduction ACCA AA
1
Company
Owned by Run by
Financial
Shareholders Directors
statements
Independent examination
Opinion Auditor
1.2 Explain the level of assurance provided by audit and other review
assignments
There are two levels of assurance that an assurance engagement can provide, depending on the
amount of work performed.
2 External audits
2.1 Describe the regulatory environment within which external audits take
place
External audits are audits carried out by auditors who are independent of the entity being audited.
Most companies (except small or dormant companies) are required to have an external audit by law,
in which case, they are usually referred to as “statutory audits”. Some companies may choose to have
an external audit, even if one is not legally required.
Statutory audits have to be carried out in accordance with the legal requirements of the country in
which they are taking place.
2.2.2 Rights
Once appointed, the auditor has the following rights:
Access to the company’s books, accounts and vouchers.
To receive all information or explanations that they think necessary for the performance of their
duties as auditors.
To receive all communications relating to written resolutions.
To receive all notices of, and other communications relating to, any general meeting which a
member of the company is entitled to receive.
To attend any general meeting of the company and to be heard at any general meeting which
an auditor attends on any part of the business of the meeting which concerns them as auditor.
Other rights relating to removal and resignation (see paragraphs 2.2.3 and 2.2.4)
2.2.3 Removal
The auditor can only be removed by shareholders at a General Meeting with a majority vote. Again,
the shareholders will be led by the directors in their decision making
When the Directors write to the shareholders to communicate the holding of the meeting, they must
also inform the auditor. The auditor has the right to attend the meeting and speak.
The auditor must produce a “statement of circumstances” (see below). If there are no circumstances
that need to be brought to the attention of the shareholders, then a statement of no circumstances is
required. If they have been removed before the end of their term of office, they must notify ACCA.
2.2.4 Resignation
An auditor can resign, at any time, in writing. If they wish, they can also request that the company calls
an Extraordinary General Meeting (EGM). As with removal, the auditor can attend and speak at this
meeting.
In all cases where an auditor ceases to audit a particular company, it must submit a “statement of
circumstances” to the company, explaining any issues involved in the auditor ceasing to audit the
company.
This statement must be submitted, even if it says there are no circumstances that need to be reported.
Again, if the auditors have resigned before the end of their term of office, they must notify ACCA.
ACCA AA 1: Audit framework and regulation 5
3 Corporate governance
3.1 Corporate governance
KEY TERM
Corporate governance: refers to the way in which companies are organised and controlled.
of all non-executive directors, and ensures that directors receive accurate, timely and clear
information. (Chair should be independent on appointment.)
The board should include an appropriate combination of executive and non-executive (and, in
particular, independent non-executive) directors, such that no one individual or small group of
individuals dominates the board’s decision-making. There should be a clear division of responsibilities
between the leadership of the board and the executive leadership of the company’s business. (Code
recommends at least half the board should be independent non-executive directors)
Non-executive directors should have sufficient time to meet their board responsibilities. They should
provide constructive challenge, strategic guidance, offer specialist advice and hold management to
account.
The board, supported by the company secretary, should ensure that it has the policies, processes,
information, time and resources it needs in order to function effectively and efficiently.
3.2.5 Remuneration
Remuneration policies and practices should be designed to support strategy and promote long-term
sustainable success. Executive remuneration should be aligned to company purpose and values, and
be clearly linked to the successful delivery of the company’s long-term strategy.
A formal and transparent procedure for developing policy on executive remuneration and determining
director and senior management remuneration should be established. No director should be involved
in deciding their own remuneration outcome. (This should be done through a remuneration
committee.)
Directors should exercise independent judgement and discretion when authorising remuneration
outcomes, taking account of company and individual performance, and wider circumstances.
8 1: Audit framework and regulation ACCA AA
Financial reporting – the audit committee can assist the board by checking the financial
statements to ensure that they comply with appropriate accounting standards. As noted above,
one of the members should have “financial expertise”.
The audit committee could have a variety of business backgrounds, bringing valuable skills,
knowledge and expertise to the company.
May be easier and cheaper to raise finance if there is a perception of good corporate
governance created by the presence of an audit committee.
Acts as a bridge between the external auditor and the board and can help the external auditor
to maintain independence in the audit process (by being a buffer between the external auditor
and the executive directors)
Internal audit can report to the audit committee ensuring an element of independence in their
role too, giving a similar buffer to executive directors, especially the finance director.
3.7 Discuss the need for auditors to communicate with those charged with
governance
The auditor should communicate audit matters of governance interest arising from the audit of
financial statements with those charged with governance of an entity.
“Those charged with governance” means “the person(s) with responsibility for overseeing the:
Strategic direction of the entity
Obligations relating to the accountability of the entity, including overseeing the financial
reporting process.
This implies that the communication should be with the highest level of management, including the
executive and non-executive directors, and the audit committee, where relevant.
10 1: Audit framework and regulation ACCA AA
Matters to be communicated:
Auditors must communicate the fact that they are responsible for forming and expressing an opinion
on the financial statements. The following must also be communicated:
Planned scope and timing of the audit
Significant findings from the audit, including:
– Changes in accounting policies
– The potential effect on the financial statements of any material risks and exposures, such
as pending litigation, that are required to be disclosed in the financial statements.
– Audit adjustments, whether or not recorded by the entity that have, or could have, a
material effect on the entity’s financial statements.
– Material uncertainties that may cast significant doubt on the entity’s ability to continue
as a going concern.
– Disagreements with management about matters that, individually or in aggregate, could
be significant to the entity’s financial statements or the auditor’s report.
– Expected modifications to the auditor’s report (see Chapter 5).
– Material weaknesses in internal control and recommendations for improvement. (See
Chapter 3.)
Integrity
To be honest and straightforward in performing professional services.
Objectivity
Not to compromise professional or business judgments because of bias, conflict of interest or undue
influence of others.
Confidentiality
To respect the confidentiality of information acquired as a result of professional and business
relationships.
Generally speaking, this means not to disclose client information without permission from the client.
However, there are certain circumstances where the auditor has a responsibility to disclose client
information without needing the client’s permission:
ACCA AA 1: Audit framework and regulation 11
Obligatory responsibility – where the auditor suspects that his client has committed money-
laundering, drug-trafficking or terrorist offences, he is obliged to disclose this information to a
relevant authority. Also, the auditor must make disclosure if compelled by a court order or
summons.
Voluntary disclosure – an auditor may decide to disclose information if he feels it is in the public
interest e.g. if the management are involved in fraud. They may also disclose information to
defend themselves against a claim of negligence or if suing for unpaid fees.
Professional behaviour
To comply with relevant laws and regulations and avoid any conduct that the professional accountant
knows or should know might discredit the profession.
Self-interest threat
This occurs when the audit firm or a member of the audit team has some financial or other interest in
a client resulting in the firm losing objectivity towards the client and aligning its interests with the
client.
Examples include:
Undue dependence on the fees generated by the client. Where an audit client is a public
interest entity and the total fees from the client represent more than 15% of the total fees
received by the firm for two consecutive years, the firm must:
– Disclose this to those charged with governance
– Obtain an external quality control review either before or after issuing the audit opinion
on the second year’s financial statements.
– Seek other clients to reduce the dependence on this client
– Consider resigning from the audit if the threat to independence is too great to be
mitigated by other safeguards.
Other examples of self-interest threat include:
Owning shares in a client (audit partners are specifically prohibited from holding shares in their
clients).
A loan to or from a client or any of its directors or officers.
Overdue fees from previous years’ work (akin to a loan) – the auditor should not start this
year’s audit until all previous fees have been paid.
12 1: Audit framework and regulation ACCA AA
Contingent fees – where some or all of the audit fee is dependent on, say, the client’s profit for
the year. This is not permitted for audit work.
Business relationships between the firm and the client e.g. joint ventures
Self-review threat
This occurs when the auditor has to re-evaluate work the firm has previously performed meaning
that individuals might not assess it objectively or even be tempted to ignore mistakes in it so that the
reputation of the firm is not diminished.
Examples:
A member of the audit team was recently employed by the client and is therefore reviewing his
own work.
The preparation of financial statements of an audit client. This is not allowed for listed audit
clients but may be allowed for unlisted audit clients.
The calculation of the tax figure for inclusion in the financial statements of an audit client.
The provision of internal audit services to an external audit client.
Advocacy threat
This occurs when an auditor represents their client, promoting a position or opinion to the point that
they may no longer be objective about the client as they have become accustomed to supporting
them.
Examples:
Acting as an advocate on behalf of a client in litigation or a dispute
Promoting a stock exchange listing
Attending a bank meeting to give explanations about audited financial statements
Familiarity threat
This occurs when members become too sympathetic to the interests of their client resulting in them
losing objectivity (being biased) and failing to scrutinise decisions or opinions of staff at the client (a
loss of professional scepticism).
Examples include:
Having a family/personal relationship with a director of the client.
Acceptance of gifts/hospitality from the client unless “modest” in value (also self-interest)
Long association with a client. For listed companies, a key safeguard is that engagement
partners should be rotated at least every seven years to maintain their independence. If the
company is being listed, the partner should only continue for seven years less the time already
served as partner. If the partner has already served six or more years, the permitted service is a
maximum of another two years.
Staff from the audit firm joining the client (also self-interest and intimidation)
Intimidation threat
This may occur when members are deterred from acting objectively because they are threatened.
These may be actual or perceived threats, e.g. threat of dismissal or threat of litigation or by having
unreasonable time restraints placed on the audit. This is strongly associated with self-interest, as such
a threat might only be significant to a firm if they have a significant self interest in the client. Whether
a threat causes intimidation is therefore a matter of professional judgement. A threat of the loss of a
ACCA AA 1: Audit framework and regulation 13
client representing 12% of total firm income would be considered more significant than the threat of
the loss of a client representing 0.5% of total firm income, for example.
4.2.1 Safeguards
Clearly, if these threats exist, the auditor may be less likely to audit appropriately. For example, to
reduce the risk that a client is upset by the auditors, possibly leading to loss of the client, auditors
could:
Fail to challenge inappropriate accounting policies or disclosures proposed by the client
Wrongly agree that items which the client does not want to adjust are immaterial so that the
audit opinion is not qualified in respect of them
In relation to self-review, the firm might
Not audit accounts prepared on behalf of the client by the audit firm properly ‘as they are
bound to be right’.
In many cases, simple actions adopted by the auditor reduce such threats to a level which is
considered appropriate. It is very rare that such actions (known as safeguards) cannot be implemented
so that the relationship can be maintained. If they cannot, the appropriate safeguard is to resign from
the client. However, it must be stressed that this is rare both in practice and in exam questions. Always
try and consider if there are alternative actions the firm could take which would reduce the threat that
exists.
Possible safeguards:
Use different staff to avoid familiarity or self-review threats (eg one team to prepare accounts
and another team to audit those accounts).
Similarly, rotate engagement partners and senior staff away from particular clients if there is a
familiarity threat. (For listed clients, partners should be rotated every 7 years to ensure
independence.)
Use a second partner to review a completed audit file before it is signed off (a “hot” review).
This can be relevant to various threats relating to individuals (for example, if a partner has been
the engagement partner for a long time causing familiarity, but there were appropriate reasons
not to rotate them yet, or if a member of the audit team had been subjected to threatening
behaviour and was individually possibly at risk of loss of independence).
Decline offers to carry out additional services if you are already the auditor and this would
cause self-review threats (auditing the other work) or self-interest threats (undue dependence
on the combined fee).
In this second instance, the auditor can safeguard his position by:
Notifying both clients of the approach by the competitor and obtain the consent of both (MUST
do this)
Advising both clients to seek additional independent advice
Using different engagement teams for the different clients
Applying physical controls, such as passwords to client information so that only appropriate
staff can access particular client information
Using confidentiality agreements signed by employees and partners of the firm
5 Knowledge diagnostic
Before you move on to the next chapter, complete the following knowledge diagnostic and confirm
you possess the following essential learning from this chapter. If not, you are advised to revisit the
relevant learning from this chapter.
Can you explain the levels of assurance provided by an audit or other review
assignments?
Do you know the legal requirements associated with the appointment, removal
and resignation of auditors?
Can you define the fundamental principles of ethics and the conceptual
framework?
1 Overview diagram
At this stage of the course, it is useful to put the chapters in the notes in the context of the whole
external audit process.
Chapter 2: Obtaining and accepting audit engagements
Year end
2.5 Explain the quality control procedures that should be in place over
engagement performance, monitoring quality and compliance with ethical
requirements
Quality control procedures should be exercised within an audit firm. Audit engagement partners
should ensure that audit work is planned, directed, supervised and reviewed in a manner that
provides reasonable assurance that the work has been performed in a competent manner.
Direction
The engagement team should be directed by the engagement partner. Procedures such as an
engagement planning meeting should be undertaken to ensure that the team understands:
Their responsibilities;
The objectives of the work they are to perform;
The nature of the client’s business and any significant issues for the year;
How to deal with any problems that may arise; and
The detailed approach to the performance of the audit.
The planning meeting should be led by the partner and should include all people involved with the
audit. The partner should ensure that appropriate staff, with the right qualifications and experience,
are selected.
Supervision
Supervision should be continuous during the engagement. Any problems that arise during the audit
should be rectified as soon as possible.
Attention should be focused on ensuring that members of the audit team are carrying out their work
in accordance with the planned approach to the engagement. Significant matters should be brought to
the attention of senior members of the audit team. Documentation should be made of key decisions
made during the audit engagement.
Review
All audit work should be reviewed by a more senior audit staff member. The reviewer should consider
whether:
The work has been carried out in accordance with the firm’s procedures and auditing standards.
The work is sufficiently documented to allow the conclusions drawn.
Significant audit matters have been raised for further consideration.
The objectives of the audit procedures have been achieved.
The conclusions are consistent with all the work performed.
18 2: Planning and risk assessment ACCA AA
The engagement partner should carry out an overall review of the working papers. He should
examine all key areas of judgement and all audit evidence relating to high risk areas.
Overall, the engagement partner’s review should be sufficient for him to be satisfied that the working
papers contain sufficient appropriate evidence to support the conclusions reached and for the
auditors’ report to be issued.
The review must be finished before the auditor’s report is signed (a “hot review”), since it is part of the
decision-making process to confirm that the firm has done sufficient work to sign the report.
The firm should require an engagement quality control review for all audits of financial statements of
listed entities (again, prior to the auditor’s report being signed). The audit engagement partner shall
then discuss significant matters arising during the audit engagement with the engagement quality
control reviewer.
The audit firm should have an ongoing consideration and evaluation of the firm’s system of quality
control, including a periodic inspection of a selection of completed engagements (“cold review”). This
helps the firm to identify areas it needs to improve practice on, or possible training needs. The firm
should entrust this responsibility to a senior partner.
Consultation
The engagement partner should arrange consultation on difficult or contentious matters. This is a
procedure whereby the matter is discussed with a professional outside the engagement team, and
sometimes outside the audit firm.
These consultations must be documented to show the issue on which the consultation was sought and
the results of the consultation.
4 Planning an audit
The nature and extent of planning activities will vary according to the size and complexity of the entity,
the engagement team’s previous experience with the entity, and changes in circumstances that occur
during the audit engagement.
Benefits of planning the audit of financial statements include:
Helping the auditor to devote appropriate attention to important areas of the audit.
Helping the auditor identify and resolve potential problems on a timely basis.
Assisting in the selection of engagement team members with appropriate levels of skills and
competence to respond to anticipated risks, and the proper assignment of work to them.
Directing and supervising engagement team members and reviewing their work.
ACCA AA 2: Planning and risk assessment 19
Assisting, where applicable, in the coordination of work done by other auditors and experts.
To develop an audit strategy i.e. a general approach for the nature, timing and extent of the
audit work. This strategy will be dictated by a number of factors, including:
– The size of the client
– The auditor’s familiarity/history with the client
– The complexity of the audit
– Any specific reporting requirements such as tight deadlines
At the end of the planning process, the auditor will prepare an audit strategy document and an audit
plan (or “audit planning memorandum” or “audit strategy document”).
The audit strategy must cover the following:
The characteristics of the engagement that define its scope
In many cases an engagement will be a pure statutory audit in line with company law and
accounting standards. However, an entity might have characteristics that extend the scope of
the engagement, for example, a charity that is a company may need a company audit and an
assurance service relating to achievement of charity objectives. Some entities might be affected
by particular legislation which would impact the audit process (for example, consideration of
laws and regulations might be a significant part of an audit in a highly regulated industry).
The reporting objectives of the engagement to plan the timing of the audit and the nature of
communications.
For example, a listed company audit needs to be completed by the filing deadlines required of
listed companies (6 months after year end) and would have more communications required (for
example, auditor needs to be report key audit matters in the auditor’s report).
The factors that are significant in directing the audit team’s effort in the professional judgement
of the auditor.
This will be the professional judgements such as materiality and professional scepticism.
Results of preliminary engagement activities and relevant past knowledge of the client
This will be related to the risk assessment arising from the risk assessment procedures carried
out, and any knowledge brought forward from previous audits (unless a new client) or
information passed on by predecessor auditors (in a new client). It would also relate to the
results of any preliminary tests of controls (for example, if they show that reduced substantive
procedures can be carried out).
The nature, timing and extent of resources necessary to perform the engagement
This will include practical factors such as who is on the audit team (ie balance of skills) and how
long the audit is expected to last, specific issues such as inventory count visits, particular
branches to be visited etc.
20 2: Planning and risk assessment ACCA AA
One of the key objectives of the audit planning process is to make sure an audit can be carried out
efficiently. This will include determining whether the most appropriate way to conduct the audit is via
tests of control (Chapter 3) or substantive testing (Chapter 4). The detailed schedule of work to be
undertaken (initial risk assessment procedures and then resulting combination of tests of controls and
substantive procedures) will be documented in a detailed audit plan.
Ultimately, the auditor needs to perform a risk analysis to reduce the risk of an inappropriate audit
opinion being given.
It will also help the auditor assess whether the client is a going concern or not.
KEY TERM
Audit risk is the risk of the auditor giving an incorrect opinion on the financial statements
being audited; for example, failing to modify the audit opinion when the financial
statements contain a material misstatement.
Audit risk has two individual components: Risk of material misstatement existing in the financial
statements x Risk that the auditor does not discover those errors.
These two components fall into three categories: inherent risk, control risk and detection risk.
Audit Risk = Inherent Risk × Control Risk × Detection Risk
These two components are the This is the risk that the auditors
risk that a material misstatement do not discover existing errors (ie
exists in the financial statements. they fail to detect them). This risk
These risks lie outside the control is controllable by the auditor, by
of the auditor. adjusting the amount and type of
work carried out.
KEY TERM
Inherent risk. This is the risk that an assertion about a class of transactions, account balance
or disclosure is susceptible to a material misstatement, either individually or when
aggregated with other misstatements, before the consideration of related controls. It arises
due to the nature of the business or the external pressures placed on the business.
Inherent risk will be considered quantitively and qualitatively. Qualitative factors include:
Complexity (ie complex accounting treatments)
Subjectivity (for example if significant judgements being made)
Change
Uncertainty
Susceptibility to management bias
22 2: Planning and risk assessment ACCA AA
KEY TERM
Control risk. This is the risk that a material misstatement that could occur in an assertion
about a class of transaction, account balance or disclosure will not be prevented, or detected
and corrected on a timely basis by the entity’s internal control system.
Control risk would be higher if a company had recently installed a new computer system or if it had
high staff turnover as these factors could contribute to controls not operating effectively, if more
mistakes are made as a result. Control risk could be high at a company where the directors don’t think
controls are important so it is common practice not to implement controls.
The auditor’s preliminary assessment of controls will help judge what level of control risk exists.
KEY TERM
Detection risk. This is the risk that the auditor’s procedures will fail to detect a material
misstatement.
Detection risk is the only risk that can be directly controlled by the auditor.
Detection risk comprises “sampling risk” and “non-sampling risk”. Sampling risk is the risk that the
samples chosen are unrepresentative of the populations from which they are drawn. i.e. if 5% of the
population of items contains a certain error, then 5% of a representative sample should too. This risk
can be reduced simply by selecting larger sample sizes.
Non-sampling risk arises from any factor that causes an auditor to reach an incorrect conclusion that is
not related to the size of the sample (e.g. using inappropriate audit tests or misinterpretation of
evidence). This element of risk can be reduced by using a more experienced audit team.
At the planning stage the auditor must assess Inherent Risk and Control Risk and use this to determine
the level of detection risk and THEREFORE, the level of audit work to be carried out.
With the statutory audit, it is not practical for the auditor to confirm that the financial statements are
“precisely correct”. This is because auditors cannot usually examine every transaction and also
because some elements of accounting are based on estimates and judgements.
The concept of materiality allows the auditor to use certain parameters in order to focus on significant
areas of the financial statements.
In assessing the level of materiality there are a number of areas that should be considered.
First, the auditor must consider both the amount (quantity) and the nature (quality) of any
misstatements, or a combination of both. The quantity of the misstatement refers to its relative size.
ACCA AA 2: Planning and risk assessment 23
financial statements. This includes inquiring with management whether the entity is in compliance
with such laws and regulations and inspecting relevant correspondence.
In a similar way to the fraud section earlier, any non-compliance should be reported to the
management or regulatory authorities if the matter is of public interest.
This can be done simply by reviewing the client’s draft financial statements to see if they appear in line
with the auditor’s expectations.
Typically, auditors will compare this year’s data against last year’s, against budget or against industry
averages. They would then seek explanation from the client for any unusual trends or fluctuations.
The auditor will generally apply analytical procedures at three distinct stages of the audit:
Analytical procedures MUST be performed at the planning stage to assess risk and to obtain an
understanding of the entity (a “preliminary analytical review”). For example, an increase in net
profit margins year-on-year highlights the risk that the client may be understating its expenses.
During the final audit, as a substantive test. Here, the auditor will need to consider a number of
factors such as the reliability of the data, whether internal or external, from which the
expectation of recorded amounts or ratios is developed and the amount of any difference of
recorded amounts from expected values that is acceptable.
In the overall review at the end of the audit – The auditor should form an overall conclusion as
to whether the financial statements as a whole are consistent with the auditor’s understanding
of the entity.
(b) Liquidity
Current assets
(i) Current ratio =
Current liabilities
Inventories
(iii) Inventory days = × 365 days
Cost of sales
Trade receivables
(iv) Receivables collection period = × 365 days
Credit sales
26 2: Planning and risk assessment ACCA AA
Trade payables
(v) Payables payment period = × 365 days
Credit purchases
(c) Gearing
Interest bearing debt
(i) Debt/equity =
Capital and reserves
10 Audit documentation
The auditor should prepare, on a timely basis, audit documentation that provides a sufficient and
appropriate record of the basis for the auditor’s report.
11 Knowledge diagnostic
Before you move on to the next chapter, complete the following knowledge diagnostic and confirm
you possess the following essential learning from this chapter. If not, you are advised to revisit the
relevant learning from this chapter.
Can you explain the considerations an auditor must have before accepting a new
engagement or continuing an existing one?
Can you describe why auditors must understand the entity and its environment,
the applicable financial reporting framework and the entity’s system of internal
control?
Can you explain each element of the audit risk model and could you identify
specific risks of material misstatement from information about a particular
company?
Do you know the different roles external auditors and directors play in relation to
fraud at a company?
Can you explain how auditors might use ratios they have calculated relating to a
client’s financial statements?
Do you know what auditors will document about the audit process, and why?
29
Internal control
1 Introduction
Internal control is the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance that an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations,
and compliance with applicable laws and regulations will be achieved.
The auditor is interested in internal controls relevant to the preparation of financial statements
primarily, although the entity’s system of internal control will extend more widely than this.
Control activities – policies and procedures that help ensure management objectives are carried out:
– Authorisation and approval - approval of transactions by a suitably responsible official
– Physical (logistical) controls - restricting access to physical assets such as cash or
inventory and accounting records
– Segregation of duties - assignment of roles and responsibilities within a process to
different people, thereby reducing the risk of fraud and error occurring
– Verification controls, for instance, in information processing - arithmetic and accounting
controls such as checking the arithmetical accuracy of accounting records
– Reconciliations - performing account reconciliations or comparing budgets with actuals.
Note that this might be considered at an assertion level as well as at the financial statement level – so
for example, the auditors might assess the controls associated with the valuation of debts (credit
controls) and reduce substantive testing in that area.
2.1.2 Flowcharts
Diagrammatic representations of the system, usually broken down into separate activities.
Advantages Disadvantages
Easier to identify missing internal controls Can be time-consuming to prepare
This visual aid can make it easier to record complex Needs a little training to prepare and understand
systems
2.1.3 Questionnaires
Internal control questionnaires are used to assess whether controls exist which meet specific
objectives to prevent or detect errors.
The audit firm will have a standard list of control questions.
Advantages Disadvantages
Quick to prepare, which means they are a cost Company could easily overstate the level of controls
effective way of recording the system present
All controls in the system are considered and Needs to be tailored for each client otherwise
recorded; hence missing controls are clearly unusual controls may be missed
highlighted
Simple to complete – any member of the team can
complete them
3 Transaction cycles
The ACCA has specifically identified the following transaction cycles and account balances as being
relevant to this section:
Sales
Purchases
Inventory
Non-current assets
Payroll
Bank and cash
Essentially, what this means is that you are likely to be given a scenario in a question based upon a
company and how it controls that particular part of the business. Your task will often be to identify the
deficiencies in that process and to make recommendations on improvements.
ACCA AA 3: Internal control 33
Sales
A company’s sales system is designed to record all of a company’s sales and ensure that all sales lead
to an eventual receipt of cash. Typical stages in such a system are as follows.
Risk Objective of control Control procedure
Stage 1: Receipt of customer order
There is a risk To ensure that sales are 1. All orders taken should be recorded on a pre-
that customer properly accounted for. numbered multi-part document generated by the
orders are not computer. One part could form the invoice and one
received or could go to the despatch department.
properly 2. Regular checks should be performed on the
recorded. completeness of the sequence of pre-numbered
Therefore, sales documents. Any documents unaccounted for should
are understated. be traced and investigated.
There is a risk To ensure that goods are sold Credit limits should be checked. Any orders that
that customers on credit only to customers exceed customer credit limits should be rejected and
are unable to pay. who can pay. the customer advised. Any increase or override of
credit limits should be authorised by the credit
controller.
There is a risk To ensure that inventory is The availability of inventory should be checked so that
that orders are available for despatch. orders cannot be taken for goods with nil/low
accepted from inventory.
customers and no
inventory is
available for
despatch.
Stage 2: Despatch of customer order
There is a risk To ensure that the goods 1. All goods despatched should be accompanied by a
that goods despatched are those that are Goods Despatch Note (GDN).
despatched are ordered. 2. The GDN should be matched to the original
not the “correct” customer order.
goods ordered by
the customer.
There is a risk To ensure that the goods 1. A quality control check should be performed on a
that the goods despatched are of a random sample of despatches, checking for correct
despatched are of satisfactory quality. quality and quantities.
a poor quality. 2. The customer should sign and return the GDN as
acceptance of the goods.
Stage 3: Invoicing of customer order
There is a risk To ensure that invoices are The sales invoice should be raised from/matched to
that customers raised correctly. the GDN.
are not invoiced
or invoiced
incorrectly.
34 3: Internal control ACCA AA
Purchases
Risk Objective of control Control procedure
Stage 1: Purchase order raised
There is a risk To ensure that goods ordered 1 Purchase orders (PO’s) should be sequentially
that goods are are properly authorised. numbered and the sequence checked regularly.
ordered without 2 All PO’s must be authorised by a responsible official.
proper
authorisation.
There is a risk To ensure that goods are 1 Only authorised suppliers are used from a preferred
that goods are ordered from authorised supplier list.
ordered from an suppliers. 2 If there is no authorised supplier, a tender should be
unauthorised invited and the best value supplier selected.
source.
Stage 2 : Receipt of goods
ACCA AA 3: Internal control 35
Inventory
Of course, there is a direct link between the controls surrounding inventory and purchases, given the
accounting entries for a purchase.
As well as those controls outlined in the purchases section above, the following controls are also
relevant.
Risk Objective of control Control procedure
There is a risk To ensure that inventory is 1. There should be appropriate physical security.
that inventory stored securely. E.g.locks/cameras.
could be stolen. 2. There should be regular manual physical checks to
make sure that actual numbers agree to stock
records.
There is a risk To ensure that inventory is 1. There should be a regular review of stock listing to
that inventory current and saleable. monitor slow moving items.
could be obsolete 2. There should be regular reviews of the physical
or slow moving. stock to check for damage.
36 3: Internal control ACCA AA
In addition, controls over the inventory count discussed in Chapter 4 of these notes should be
followed.
Payroll
Risk Objective of control Control procedure
There is a risk To ensure that only bona fide All new employees entered onto or leavers removed
that non bona employees are paid. from the payroll system should be authorised by a
fide employees responsible official. There should be segregation of
are paid. duties between the human resources and payroll
functions.
There is a risk To ensure that employees are 1. Time sheets should be reviewed for all employees.
that employees paid the correct amount. 2. Over time / bonuses should be properly authorised
are paid incorrect by an appropriate manager.
amounts. 3. Changes in pay rates should be properly
documented.
4. The monthly payroll should be reviewed for
reasonableness by an appropriate manager.
5. Exception reports should be generated and
reviewed for pay over a certain threshold.
There is a risk To ensure that tax and NI are 1. Tax and NI should be calculated by a trained
that tax and NI correctly calculated. official.
are incorrectly 2. Software used should be updated regularly to
calculated. account for changes in legislation.
There is a risk To ensure that wages paid in 1. There should be adequate security available.
that wages paid cash are properly secure. 2. Staff must sign to confirm receipt of cash wages.
in cash may be 3. Only pay staff directly into their bank accounts
stolen.
4 IT controls
4.1 Information processing controls
These are manual or automated procedures that operate “within” a computer system. They can be
preventative or detective in nature and aim to ensure that the transactions that are input, processed
or output recorded are complete, accurate and valid.
Examples include:
Mandatory input fields for websites e.g. postcode required
Checking the arithmetical accuracy of records
Range/limit checks e.g. a check on whether a customer has exceeded their credit limit
Edit checks of input data e.g. checking whether a customer code is input in the correct format
Numerical sequence checks
The recommendations are normally communicated to ‘those charged with governance’ – i.e. the board
of directors or Audit Committee (if one exists) at the end of the audit and a response sought.
In the covering letter, the auditor would typically include a statement that the report is not a
comprehensive list of deficiencies, but only those “significant” items that have come to light during
normal audit procedures.
In addition, a request should be made that no disclosure of the items mentioned in the report should
be made to a third party without the written agreement of the auditor
ACCA AA 3: Internal control 39
ILLUSTRATION
EXAM SMART
Be very careful with the way you word you answer to these questions. You need to make
sure you are not too brief and that you give enough detail in your recommendation to show
the examiner you understand the implications and what exactly you are telling a client to do
to put it right. For example, the following points would NOT earn credit.
Deficiency Consequence (“could”) Recommendation (“should”)
Post
Opened unsupervised Money will be stolen Segregation of duties
The internal audit function is normally performed by employees of the entity. Therefore, to
demonstrate their “independence”, they usually present their reports directly to the audit committee.
This function could alternatively be outsourced to an external company (see later).
Ideally, the internal audit function should be staffed with qualified, experienced staff, whose
appointment and remuneration is controlled by an audit committee, staffed by non-executive
directors (as discussed in Chapter 1).
6.1 Discuss the factors to be taken into account when assessing the need
for internal audit
Although not required by law, the internal audit function demonstrates management’s commitment to
good internal controls and is part of the control environment.
The decision as to whether to employ an internal audit function will be influenced by:
The size and complexity of the company
The scale and diversity of activities
Cost / benefit considerations
The desire of management to have assurance and advice on risks and controls
6.2 Discuss the elements of best practice in the structure and operations of
internal audit
The UK Corporate Governance Code does not require companies to have an internal audit
department. However, where the company does not have an internal audit department, the Code
requires the audit committee to consider annually whether one is needed make a recommendation to
the board. It also requires the company to disclose its reasons for not having an internal audit
department in its annual report.
If a company has an internal audit department, as noted above, the audit committee is responsible for
monitoring and reviewing internal audit activities.
Internal auditors are not subject to the same qualification requirements as external auditors. However,
they may be ACCA qualified, or members of other relevant professional bodies, such as the Institute of
Internal Auditors (IIA).
6.3 Compare and contrast the role of external and internal audit
External auditor Internal auditor
Objectives
To form an opinion on whether a set of accounts To improve a company’s operations, in terms of
are “true and fair” efficiency and effectiveness of their internal controls
Standards
Must follow International Standards on Auditing (ISAs) Can choose to use the guidelines of the Institute of
Internal Auditors (IIA).
Report to
Shareholders via the auditor’s report Board of Directors or audit committee
Status
Independent “Independent” (in terms of being objective) but this
can be restricted as often an employee of company
(although function can be outsourced)
Qualification
Qualified Accountant and a member of a No formal qualifications required (but many are
Recognised Supervisory Body qualified accountants or members of the IIA).
ACCA AA 3: Internal control 41
7.2 Outsourcing
Outsourcing is the contracting-out of a business process to a third party. Outsourcing internal audit
can overcome some of the limitations caused by insufficient resources outlined above.
Should be cheaper than having a full-time presence Possible self-review threat if the external auditors
– no need to recruit staff for the IA department, no are being used
“down time” for underutilised staff and less training
costs
Quicker set up time Potential confidentiality issues
The first disadvantage listed above could be reduced by using the same firm of accountants who
perform the external audit work to do the internal audit work as well, as long as separate audit teams
were maintained.
42 3: Internal control ACCA AA
7.4.2 IT
An IT audit would ensure that the organisation is controlling the key risks surrounding its hardware,
software, internet, and the overall IT environment.
7.4.3 Financial
This is the most traditional part of internal audit work, involving the review of the management
accounts and the systems that produce those accounts to ensure the business is meeting its financial
targets.
It is this area of work that external auditors are most likely to want to rely on in order to reduce their
own work. Some of this work would be similar to that of the external auditor e.g. analytical review and
detailed substantive testing.
7.6 Describe the format and content of audit review reports and make
appropriate recommendations to management and those charged with
governance
The internal audit department can produce a similar report to the report to management of external
auditors discussed above.
The format will depend on the task being performed but the main elements common to most reports
are:
Addressee – normally the audit committee or Board of Directors
Terms of reference – summarising who requested the report and what the purpose of the
report is
Executive Summary – a summary of the key findings
Detailed report – including the weaknesses found and recommendations made, together with a
schedule of follow-up procedures.
8 Knowledge diagnostic
Before you move on to the next chapter, complete the following knowledge diagnostic and confirm
you possess the following essential learning from this chapter. If not, you are advised to revisit the
relevant learning from this chapter.
Can you explain what an internal control system is and the individual elements of
such a system?
Do you know why auditors are interested in the internal control system of an
entity?
Can you describe three ways an external auditor might record a client system?
Can you give examples of the main controls you would expect to see in the key
transaction cycles of a business and explain what risks they are mitigating?
Can you identify and explain the implications of deficiencies in internal control,
and make recommendations to improve specific controls at an entity?
Audit evidence
If you are designing substantive procedures about statement of financial position items (balances)
you should:
1. Identify whether the question STATES which assertion you are trying to prove and if so, state
and explain tests which prove THAT assertion
2. If not, ensure that you suggest procedures which address each of these assertions,
remembering that some procedures address several assertions at once, and explain what you
are proving with your actions.
If asked to suggest procedures relating to transactions (eg sales), follow the same process as above:
1. Note whether the question identifies the assertion you are trying to prove, and if so, design
appropriate procedures
2. If it does not, ensure you cover all the relevant assertions with your procedures.
2 Audit procedures
2.1 Discuss the quality and quantity of audit evidence
The auditor must design and perform procedures to obtain evidence that is sufficient and appropriate
in order to obtain a reasonable level of assurance and form an opinion on the financial statements.
Sufficiency relates to the quantity of evidence obtained. The following factors have an impact on the
amount of the evidence that needs to be gathered:
The auditor’s previous experience of the client
Risky areas will require more evidence than less risky areas
Similarly, material areas will require more evidence
Areas requiring judgement will require more evidence
The quality of the evidence obtained
Appropriateness relates to the quality of evidence that needs to be collected during an audit. Audit
evidence must be relevant and reliable in order to support the auditor’s opinion.
ACCA AA 4: Assertions and audit evidence 49
There are several different techniques that the auditor can use to gather evidence:
Analytical procedures – evaluation of financial information by studying possible relationships
among financial and non-financial data
Enquiry – ask a relevant person for information
Inspection – of a record or document such as an invoice
Observation – of a process or procedure performed by the client such as an inventory count
Recalculation – check the mathematical accuracy of a document
Confirmation – obtaining a representation from a third party
Reperformance – of a key procedure by the auditor to satisfy himself that the client has done it
properly.
Typically, auditors will compare this year’s data against last year’s, against budget or against industry
averages.
important when auditing liabilities (as companies might UNDERSTATE liabilities by not
including all purchase invoices in the accounts) to make the overall SOFP look better.
However, you should still attempt to address all relevant assertions to show the examiner
you understand what you are trying to prove about the balances.
For each of the following account balances, you may be required to explain the substantive procedures
used in auditing each balance and the purpose of those procedures in relation to financial statement
assertions:
Receivables
Inventory
Payables, accruals, provisions and contingencies
Bank and cash
Tangible and intangible non-current assets
Share capital, reserves and directors’ emoluments
You may also get questions on procedures relating to transactions (eg revenue/purchases) or events
(eg disclosure of non-adjusting subsequent events).
Receivables circularisation
The most common procedure used to confirm assertions relating to receivables is the direct
confirmation (or “circularisation”). This involves writing to a sample of customers on the year end
trade receivables listing and asking them to confirm whether they agree that the debt is correctly
stated.
This “positive” circularisation (which includes the expected balance) is a useful substantive audit
procedure because it helps to confirm four key assertions:
Existence – confirmed by the receivable acknowledging the debt is valid.
Rights and obligations – the receivable confirms that the amount is owed to the company by
replying to the confirmation.
Valuation – the receivable will dispute any amounts that do not relate to that account or that
they have requested credit for.
Cut-off – the circularisation will help identify reconciling items such as sales invoices/cash in
transit. These should be verified to initial documents (such as goods despatched notes) to
ensure items are recorded in the appropriate period (debt is not reduced on the company books
until the company RECEIVES cash payments, for instance).
52 4: Assertions and audit evidence ACCA AA
Procedure
The steps to follow here are:
Obtain the listing of the year end trade receivables from the client:
Company X – Receivables Ledger
31/12/20X1
Customer Total 30 days 60 days 90 days > 90 days
$ $ $ $ $
A 500 400 100
B 1,870 1,870
C 5,250 5,250
D 11,125 8,400 2,650 75
E 3,060 2,400 540 120
Total 21,805 16,450 3,290 120 1,945
Cast the listing and reconcile the total of this listing to the nominal ledger.
Review the listing for any unusual items, for example, a negative amount might suggest
payables and receivables have been wrongly netted off - classification.
Select a sample of customers to circularise, paying particular attention to material or overdue
amounts.
The circularisation letter should be on the client’s paper, with a copy of the current statement
attached. It should request that the reply be sent direct to the auditor.
If no reply has been received after a reasonable period, the auditor should telephone the
customer.
If the customer still doesn’t reply, alternative procedures will be needed e.g. check to see if any
of the invoices on the listing have been paid after the year end (this gives persuasive evidence
that the customer believed the debt existed and was valued correctly) or check invoices back to
the customer order (this is less persuasive, as it relies on client-generated evidence) and the
delivery note signed by the customer (this adds to the persuasiveness, as the client has
acknowledge receipt of the goods, suggesting a debt exists for those goods).
3.2 Prepayments
The schedule of prepayments should be obtained and reconciled to the financial statements.
Depending on the materiality of the prepayments balance, simple analytical procedures, such as
confirming the components of the prepayments balance compared to last year may be sufficient.
If further testing is required, then the auditor should obtain the client’s backup schedule for the
calculation of the prepayment. The schedule should then be vouched to the cash book and invoice
documentation.
The mathematical accuracy of the prepayment can then be checked.
3.3 Inventory
Inventory is an important element of a set of financial statements as it is often a material balance
affecting both the statement of profit or loss and the statement of financial position.
When auditing inventory, it is important to remember that there are two distinct aspects of the final
year-end balance: valuation and quantity (existence).
Valuation
Inventories should be valued at the lower of cost and net realisable value.
Cost should comprise all costs of purchase, costs of conversion and other costs incurred in bringing the
inventories to their present location and condition.
To audit valuation, for a sample of inventory items on the final inventory sheets, the cost of those
items should be traced back to the original purchase invoice.
For a manufacturing company, the components of cost will be materials, labour and production
overheads:
Material costs can be checked back to purchase invoices. The quantities of materials recorded
in finished goods, work-in-progress and raw material inventory can be verified by inspection.
Labour costs can be vouched by agreeing labour rates to payroll records and hours worked by
observation and by reference to timesheets.
Overheads can be tested by ensuring that only production overheads are included, based on a
normal level of activity.
Net realisable value is the estimated selling price, less the estimated costs of completion and the
estimated costs necessary to make the sale.
54 4: Assertions and audit evidence ACCA AA
This can be tested by checking a sample of post year-end sales invoices back to the final inventory
sheets ensuring that the sales value exceeds the cost. Where sales value is less than cost, ensure that
the inventory is stated at the realisable value on the inventory sheet.
Where an item has been in inventory for a long period of time, discuss the item with the client to
determine whether the item can be sold for more than cost.
Note that for most businesses, the NRV will be more than cost. The auditor may want to check that the
inventories are being sold for more than cost by selecting a sample of items and ensuring that the
selling price per the invoice is greater than the cost per the purchase invoice.
Also, a sample of inventories can be physically verified to see if it looks old or out of date which will
affect value (for example, in a food business, auditors could check ‘best before’ dates of inventory).
Quantity
Most companies keep track of the quantities of stock by performing regular inventory counts
(“stocktakes”) or via a “perpetual inventory” system.
A perpetual inventory system is an alternative to the year-end inventory count. With a perpetual
inventory count, the client counts a sample of goods every day or week on a rotational basis. This is
quicker and less disruptive than closing the whole warehouse down for a full year end count.
The client should ensure that all items are counted at least once a year.
Such a system is particularly beneficial for companies whose business relies on accurate, up-to-date
inventory information.
If an annual inventory count is performed, there are various tests that the auditor should undertake.
3.4 Payables
When testing any liability, the key risk for auditors is the understatement of the liability. Therefore,
audit testing tends to focus on the completeness assertion.
Audit procedure Reason for procedure
Obtain the list of payables balances and check that it To ensure that the list is accurate and that the total
casts. fairly represents the individual balances.
Agree the total of the payables list to the nominal To ensure that the company’s payables are recorded
ledger and financial statements. accurately.
Perform an analytical review on the trade payables Provides an initial indication as to the accuracy and
listing by comparison with prior periods. completeness of the list.
Calculate trade payables days and compare to last
year.
Any significant variations should be investigated and
substantiated, with particular attention being paid
to old outstanding amounts.
56 4: Assertions and audit evidence ACCA AA
3.5 Accruals
A schedule of purchase accruals should be obtained and checked for arithmetical accuracy and
completeness by comparison with prior periods and invoices received after the period-end.
Both trade payables and purchase accruals should be tested for the accuracy of cut-off by
checking samples of invoices for goods received just before and just after the year-end to goods
received notes, purchase invoices and records of inventory counts.
3.6 Provisions
A provision must be recognised when all of the following criteria are met at the year end:
When an entity has a present obligation (legal or constructive) as a result of a past event (the
“obligating event”);
It is probable (“more likely than not”) that an outflow of economic resources will be required to
settle the obligation, and
The amount can be estimated reliably.
ACCA AA 4: Assertions and audit evidence 57
Remember, Net Book Value = Cost – accumulated depreciation to date. Therefore, to vouch the
valuation of the non-current asset figure, both the cost and accumulated depreciation figure need to
be confirmed.
Accuracy / Valuation
Cost / Valuation
1. Obtain non-current asset register from client. Cast the cost, depreciation and net book value
columns of the register and agree to the financial statements.
2. For a sample of new additions and other material items in the non-current asset register, vouch
the cost and title back to the purchase invoice.
3. For a sample of assets revalued in the year, confirm the valuation to third party verification such
as a valuation report.
Depreciation
4. Check the appropriateness of the depreciation charge used by considering the physical
condition of the assets and by comparing to industry standards to ensure the useful life (which
determines the depreciation charge) is reasonable.
5. Perform a proof in total calculation of depreciation, considering the timing of additions and
disposals and compare this expectation to the actual charge, and investigate any significant
differences.
6. Test the calculation of depreciation in the non-current asset register, ensuring that the rates
used are those disclosed in the financial statements.
7. Review the profit (or loss) on disposal calculation and check for accuracy. The sale proceeds can
be traced back to the bank statement and the depreciation charge vouched as reasonable.
ACCA AA 4: Assertions and audit evidence 59
Existence
8. Physically verify the existence of the asset. At the same time, check the physical condition of the
asset to vouch its remaining useful economic life (depreciation value) and overall valuation
(impairment).
Cut-Off
9. Check that the asset has been recorded in the non-current-asset register in the correct period.
Completeness
10. Select a sample of assets physically present at the entity’s premises and inspect the asset
register to ensure that these are included in the register, and by implication in the financial
statements.
11. Review the repairs and maintenance expense account in the statement of comprehensive
income for items of a capital nature which should have been capitalised instead of being
expensed.
Disclosure
16. Ensure that the accounting policy for depreciation is clearly stated in the financial statements
and is the same as last year.
Reserves
Discuss the company’s reserves with the directors to establish which reserves they have (e.g.
retained earnings, revaluation surplus, share premium)
Agree the movement in any of the reserves to supporting documentation:
– Share premium to board minutes
– Revaluation surplus to third party valuation report
– Retained earnings to the statement of profit and loss and dividend payments
Review the financial statements to ensure that the movements in reserves is accurately
recorded in the statement of changes in equity.
Directors’ emoluments
Perform analytical procedures of directors’ total emoluments year on year to determine
reasonableness. Discuss any large discrepancies with the directors.
For each director, obtain a breakdown of total emoluments for the year, split between salary,
bonuses, other benefits and pension contributions.
Check the addition of each schedule and reconcile the total to the nominal ledger.
Check the directors’ emoluments back to the signed directors’ letters of employment/contracts.
Obtain and review returns made to the tax authorities to ensure consistency with the amounts
recorded in the financial statements.
Review the financial statements to ensure the adequate disclosure of director’s emoluments.
It is not possible in anything but the very smallest of entities to take any other approach, as testing
100% of a population:
May not be practical
May not be cost effective
May take too long
It should also be remembered that sampling risk exists when an auditor does not pick the entire
population of a series of data to test. Sampling risk is the risk that the auditor’s conclusions based on a
sample may be different from the conclusion if the entire population were picked.
KEY TERMS
Statistical sampling means any approach to sampling that involves the random selection of a
sample; and the use of probability theory to evaluate sample results, including measurement
of sampling risk.
Non-statistical sampling is simply any approach which doesn’t use statistical methods e.g.
where the auditor picks his sample using his judgement.
6.1 Discuss the extent to which auditors are able to rely on the work of
internal audit
While the external auditor has sole responsibility for the audit opinion expressed and for determining
the nature, timing and extent of external audit procedures, certain parts of internal auditing work may
be useful to the external auditor.
Areas of the audit where the external auditor may be able to use the work of the internal auditor
might include systems documentation, controls testing and inventory count procedures. The external
auditor should consider the following when assessing whether to place reliance on the work of
internal audit:
64 4: Assertions and audit evidence ACCA AA
(a) Organisational status: In the ideal situation, internal audit will report to the highest level of
management. Also, the internal auditors will need to be free to communicate fully with the
external auditor.
(b) Technical competence: Whether internal auditing is performed by persons having adequate
technical training and proficiency as internal auditors. The external auditor may, for example,
review the policies for hiring and training the internal auditing staff and their experience and
professional qualifications.
(c) Systematic and disciplined approach including quality control: Whether internal auditing is
planned, supervised, reviewed and documented in such a way as to be able to draw reasonable
conclusions from the work. The existence of adequate audit manuals, work programmes and
working papers would be considered.
Once they have decided whether it is appropriate to rely on the work of internal audit, the external
auditors would then read the reports relating to that internal audit work and perform sufficient
procedures on that work to determine it is adequate for purpose.
It is also possible to use internal auditors for direct assistance on the external audit (i.e. to carry out
external audit procedures). Again, audit judgement must be exercised in determining exactly what
work internal audit can carry out.
6.2 Discuss the extent to which auditors are able to rely on the work of
experts
For the majority of audit work, the auditor will rely upon their own skill and judgement in forming an
opinion. However, there may be some areas where a level of expertise beyond that of the auditor is
needed e.g. the valuation of assets such as works of art and precious stones.
When planning to use the work of an expert, the auditor should evaluate the professional competence
of the expert.
This will involve considering the expert’s:
Qualifications – for example, via membership in an appropriate professional body.
Experience and reputation in the field in which the auditor is seeking audit evidence.
References – from previous work performed.
Access to information – the expert should be allowed access to whatever information he feels
necessary at the client.
Independence/objectivity of the expert (e.g. if the expert has a family/financial connection with
the client).
If the auditor is concerned regarding the competence or objectivity of the expert, the auditor needs to
discuss any reservations with management and consider whether sufficient appropriate audit evidence
can be obtained concerning the work of an expert.
The auditor may need to undertake additional audit procedures or seek audit evidence from another
expert.
6.4 Explain the extent to which reference to the work of others can be
made in auditor’s reports
In the UK, no reference can be made to any work of others in the final auditor’s report.
7 Not-for-profit organisations
Not-for-profit organisations such as charities and societies are different to most organisations in that
their primary goal is not the maximisation of profit. As many of these organisations are not
incorporated, they will probably not need a statutory audit but may need an assurance engagement
due to the requirements of their governing body.
The audit of a not-for-profit organisation will involve similar planning and testing techniques as for a
“conventional” audit, with the auditor planning their work based on the key risks inherent in the client.
In addition, the following risks are often applicable to such organisations:
The audit of “irregular” income such as cash donations and fund-raising events
The training / qualifications of volunteer or unpaid staff
Lack of traditional accounting controls due to small number of staff (e.g. lack of segregation of
duties and management override of controls)
Misuse of designated funds
Excessive administrative costs
The letter of engagement will dictate the reporting requirements of the organisation, but an element
of the audit may revolve around the recommendation of improvements to the current system of
control.
Because of the lack of controls mentioned above, the audits of not-for-profit organisations are
normally substantive in nature. The substantive procedures you have learnt above will be relevant to
the audit of a not-for-profit organisation, but when proposing audit procedures for these
organisations, you should be mindful of any particular issues highlighted in the question which might
need recognising in your audit procedures.
66 4: Assertions and audit evidence ACCA AA
8 Knowledge diagnostic
Before you move on to the next chapter, complete the following knowledge diagnostic and confirm
you possess the following essential learning from this chapter. If not, you are advised to revisit the
relevant learning from this chapter.
Can you explain what a financial statement assertion is, and give examples relating
to balances and classes of transactions?
Can you suggest procedures which give audit evidence about specific assertions
(and specific balances and transactions in financial statements)?
Can you explain what contributes to audit evidence being appropriate and
sufficient?
Can you explain the audit risks associated with accounting estimates and
recommend relevant audit procedures to address these risks?
Can you identify and explain when auditors might rely on the work on others, and
the implications of this for audit work?
1 Subsequent events
Subsequent events are those which occur after the year end date. Many will have an effect on the
financial statements.
KEY TERMS
Adjusting events – those that provide additional evidence of conditions that exist at the year
end e.g. the write-off of a trade receivable. An adjustment must be in the financial
statements to reflect this event.
Non-adjusting events – those events which did not exist at the year end e.g the loss of
inventory in a post year end fire. These events must be disclosed in the financial statements
if material.
Auditors must therefore take steps to ensure that any such events are properly reflected in the
financial statements.
Time
1 2 3
68 5: Review and reporting ACCA AA
1.2 Facts discovered after the date of the auditor’s report but before the
date the financial statements are issued
The auditor does not have any responsibility to perform audit procedures or make any enquiry
regarding the financial statements after the date of the auditor’s report. They only have a duty to act if
they are made aware of something.
ILLUSTRATION
A few days after signing the auditor’s report on 24 April 20X9, but before the client’s financial
statements have been issued, the auditors receive a phone call from a director indicating a material
error in the financial statements.
In such circumstances, the client could either:
Produce a revised set of financial statements
Where this happens, the auditor will audit the amendment and then redraft and re-date the
auditor’s report, or
Refuse to change the financial statements
Here, the financial statements are materially misstated, but the initial auditor’s report says they
are true and fair.
The auditor should consider other methods of contacting the members. For example, the auditor can
speak at the upcoming AGM to inform the members.
The auditor may also obtain legal advice and consider resignation.
ACCA AA 5: Review and reporting 69
1.3 Facts discovered after the financial statements have been issued
After the financial statements have been issued, the auditor has no obligation to make any inquiry
regarding such financial statements.
However, if the auditor becomes aware of a fact which existed at the date of the auditor’s report and
which, if known at that date, may have caused the auditor’s report to be modified, the auditor should:
Consider whether the financial statements need revision;
Discuss the matter with management; and
If needed, issue a new report on the revised financial statements. This report should include an
emphasis of matter paragraph referring to the reason for the revision.
If management do not revise the financial statements, the auditor should take legal advice with the
objective of trying to prevent further reliance on the report.
2 Going concern
Under the going concern assumption, an entity is ordinarily viewed as continuing in business for the
“foreseeable future” with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors. This “foreseeable future” should be at least 12 months after the
period end.
Financial
Net liability or net current liability position (or other adverse financial ratios)
Fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment.
Negative operating cash
70 5: Review and reporting ACCA AA
Substantial operating losses or significant deterioration in the value of assets used to generate
cash flows.
Inability to pay creditors on due dates.
Operating
Loss of key management without replacement.
Labour difficulties or shortages of important supplies.
Is the company a
going concern?
Yes No
Yes, but a material
uncertainty exists
No Yes Yes No
3 Written representations
Written representations (or “written management representations”) are a form of audit evidence.
They are contained in a letter, written by the company’s directors and sent to the auditor, prior to the
completion of audit work and before the auditor’s report is signed.
Representations are required for two reasons:
So the directors can acknowledge their collective responsibility for the preparation of the
financial statements and to confirm that they have approved those statements.
To confirm any matters, which are material to the financial statements where representations
are crucial to obtaining sufficient and appropriate audit evidence.
In the latter situation, other forms of audit evidence are normally restricted to items generated by the
client because knowledge of the facts is confined to management and the matter is one of
judgement or opinion. For example, a warranty provision is essentially an estimate as to how many
goods will need to be repaired under warranty in the future. While the client’s calculation and
supporting documents are available for the auditor to review, by its very nature, this figure will be an
estimate for which independent third party evidence is unlikely to be available.
Obtaining representations does not mean that other evidence does not have to be obtained. Audit
evidence will still be collected and the representation will support that evidence. Any contradiction
between sources of evidence should, as always, be investigated. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that an
auditor would ordinarily expect to obtain.
The letter also usually confirms that:
All matters occurring since the year end date that should be brought to the attention of auditors
have been brought to their attention
All of the accounting records have been made available to the auditors
All related party relationships and transactions have been appropriately disclosed
72 5: Review and reporting ACCA AA
If management refuses to provide a representation that the auditor considers necessary, the auditor is
unable to obtain sufficient appropriate evidence on which to base his opinion. Therefore, the auditor
should express a qualified opinion or a disclaimer of opinion.
Other information – clarifies that the auditor is responsible only for reading this and assessing
whether consistent with the financial statements
Management’s responsibility - for preparing the financial statements – in accordance with the
applicable financial reporting framework
Auditor’s responsibility– for expressing an opinion on them and the audit was conducted in
accordance with International Standards on Auditing
Other reporting responsibilities – will vary according to the jurisdiction in which the audit is
taking place e.g. UK auditors have additional reporting responsibilities under the Companies
Act.
Name, signature and address of auditor
Date of the auditor’s report
Pervasive is a term used to describe the extent of the effect on the financial statements of
misstatements/possible misstatements that have not been detected due to an inability to provide
sufficient appropriate audit evidence.
Pervasive effects are those that:
Are not confined to specific elements, accounts or items in the financial statements
If so confined, represent or could represent a substantial portion of the financial statements
In relation to disclosures are fundamental to users understanding of the financial statements
An additional, explanatory paragraph is added to the auditor’s report after the opinion paragraph,
called a “Basis for Disclaimer of Opinion” paragraph. This explains the reason for the inability to
obtain sufficient appropriate evidence and the possible effect on the financial statements had the
evidence been available.
The opinion paragraph will include wording such as “we do not express an opinion on the financial
statements”.
6 Application to scenarios
The following diagram helps to apply the theory to scenarios given in exam questions.
Yes No
Yes No
No Yes
QUALIFIED DISCLAIMER
Is there a “EXCEPT FOR...” OF OPINION
fundamental No Yes
uncertainty properly
disclosed in the FS?
Material Pervasive
During the audit of Bodie Co, the auditors notice that the company’s main office building has not been
depreciated. After challenging the directors about this, the directors feel that a charge is not necessary
as the office is painted every three years and therefore won’t suffer a fall in value.
Will this matter affect the auditor’s report?
Solutions to the Lecture examples can be found in the back of these Notes.
During the audit of Doyle Co, the auditors notice that the company hasn’t kept any purchase orders or
invoices and estimates the year end trade payables figure based on statements received from key suppliers.
Will this matter affect the auditor’s report?
During the audit of Jackson Co, the auditors notice that the company is being sued for $4m by a
customer who slipped and injured themselves on Jackson’s premises. The court case is scheduled for a
date after the date of the auditor’s report. The directors have correctly disclosed the matter as a
contingent liability.
Will this matter affect the auditor’s report?
78 5: Review and reporting ACCA AA
7 Reports to Management
Auditors must communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance.
Those charged with governance means those entrusted with the supervision, control and direction of
an entity and would therefore include management, the audit committee and non-executive directors.
Such communications normally take the form of a letter, written promptly after the completion of the
audit, addressed to the audit committee or Board of Directors if there is no audit committee. One of
the main features of these letters is a list of the control weaknesses identified during the audit and the
recommendations made regarding those weaknesses. See Chapter 3 for further details.
The letter should be discussed with the client before it is sent to ensure that all of the statements
made in the letter are factually correct. A reply should be sought from the client’s management at
their earliest convenience.
8 Knowledge diagnostic
Before you move on in your course, complete the following knowledge diagnostic and confirm you
possess the following essential learning from this chapter. If not, you are advised to revisit the relevant
learning from this chapter.
Can you explain the responsibilities of management and auditors in relation to the
going concern assumption?
Can you explain five different auditor’s report outcomes relating to going concern
and explain when each might arise?
Do you understand the two reasons that written representations are obtained?
Can you explain the main components of a standard audit opinion and report?
Can you explain when it is necessary to report key audit matters in an auditor’s
report, and give two general examples of what these might be?
Can you explain what pervasive means, and what impacts determining an issue to
be pervasive or potentially pervasive will have on the audit opinion?
79
Solutions to
Class lecture examples
Chapter 5
Lecture example 5.1
All tangible non-current assets apart from land must be depreciated. The auditors would therefore
consider this to be a material misstatement. If they could not persuade the directors to amend the
financial statements, they would have to issue a qualified auditor’s report, using the “except for”
wording.
The table below shows where topics covered in these course notes are included within the Study Text.
The Study Text provides useful background reading and can be found on your online course. However,
please note that we do not think that you need to read the Study Text to pass this exam. These course
notes should provide all you need to obtain a pass.
First Intuition course notes Covered in Study Text
1: Audit framework and regulation Chapter 1: Introduction to assurance
1 The concept of audit and other assurance
engagements Chapter 2: Rules and Regulation
2 External audits
3 Corporate governance Chapter 3: Corporate governance
4 Professional ethics and ACCA’s Code of Ethics and
Conduct Chapter 4: Ethics and acceptance
2: Planning and risk assessment Chapter 5: Risk
1 Overview diagram
2 Obtaining and accepting audit engagements Chapter 6: Planning
3 Objective and general principles of audit planning
4 Planning an audit Chapter 7: Evidence
5 Understanding the entity and its environment
6 Assessing the risks of material misstatements
7 Materiality, fraud, laws and regulations
8 Analytical procedures (including data analytics)
9 Interim and final audits
10 Audit documentation
82 Comparison of course notes content with Study Text ACCA AA
© With thanks to Kaplan Publishing Limited for permission to reproduce excerpts from their text in these notes.
For references and acknowledgements of materials used in these notes, please see the back of the Study Text