Answers

Part 3 Examination Paper 3.1 (HKG) Audit and Assurance Services (Hong Kong) 1 HYDRASPORTS (a) (i) Business risks (ii) Financial statement risks

December 2003 Answers

Tutorial note: As part (ii) is clearly related in the requirement to part (i), it is appropriate that a tabular approach be adopted. The standard design of facilities increases operational risk as any difficulties encountered in one facility will be compounded by the number of other facilities (potentially all) which are similarly affected. This is illustrated by the closure of the saunas. Tutorial note: Standard design may also reduce risk as it results in a higher quality product. Centralised control through company policy is resulting in inefficient and ineffective operations as managers cannot respond on a timely basis to local needs. Management circumvention or override of control procedures laid down by head office may result in system weaknesses. If errors arising are not detected and corrected the risk of misstatement in the financial statements is increased. Information processing risk is increased as accounting information flowing into the financial statements may not be properly captured, input, processed or output by the centre managers. Inherent risk, of errors arising, in monthly branch returns is high. Revenue may be overstated if an accurate cutoff is not achieved. In particular, there is an estimate risk in determining the amount of deferred income at the balance sheet date. An error of principle may also arise if Hydrasports revenue recognition policy does not comply with HKSSAP 18 Revenue. Hydrasports cannot operate a centre if a licence is suspended, withdrawn or not renewed (e.g. through failing a local authority inspection or failing to apply for renewal). An error of principle arises if licences are not capitalised as intangible assets (but instead written off as expenses when incurred). Intangible assets (licences) should be reviewed for impairment at each balance sheet date (e.g. for centres which are closed). Closure may result in customers finding alternative facilities with permanent loss of fee revenue. Early bird customers dissatisfaction similarly increases operational risk. Failure risk (i.e. that Hydrasports will not continue to operate as a going concern) is increased. This creates disclosure risk if the disclosures relating to going concern as the basis of accounting do not meet the requirements of HKSSAP 1 Presentation of Financial Statements. The carrying amount of the associated non-current assets (i.e. equipment, fixtures and fittings) is likely to be overstated as they are likely to be impaired if they are not in use.

Business reporting risk is likely to be increased by centre managers preparing monthly accounting returns. Operational risk may be increased if centre managers cannot fulfil their day-to-day responsibilities (e.g. relating to customer satisfaction, human resources, health and safety).

Advanced payments contribute to business reporting and financial (cash flow) risk. Cash received must be available to meet the costs of providing future services.

 Serious accidents may prompt investigation by local authority resulting in penalties, fines and/or withdrawal of licence to operate.

If licences are withdrawn, the intangible asset (amounts prepaid) should be written off to the extent that monies are not refundable. The likelihood of contingent (if not actual) liabilities increases disclosure risk.

Although fees are non-refundable, suspension of a facility (e.g. sauna) may result in customers asking for partial refund. In particular Hydrasports may have an obligation to refund fees paid in advance when centres are closed (e.g. the Verne centre from JulySeptember 2003). Permanent loss of customers requiring childcare facilities increases operating risk. Compliance risk is increased if the new guidelines are not met. Similarly, inability to retain lifeguards increases operational risk that pools cannot open (due to health and safety regulations). Compliance risk is increased by the possibility that pools may be operated without a lifeguard being on duty. High staff turnover indicates increased operational risk (poor human resource management, inefficiency in working practices, reduced capacity, etc). Limitations on centre managers levels of authority may not be commensurate with their responsibilities. Empowerment risk arises if managers are not properly led (and if they, in turn, do not properly lead their centre staff). More centres may become loss-making if the reasons for falling membership are not addressed. The hydrotherapy pool cannot operate until construction is completed and completion may be threatened by cash flow difficulties. Cash flow difficulties increase liquidity/financial risk.

Provisions may be understated at 31 December 2003 if Hydrasports has a legal obligation to refund fees where it has failed to provide services.

Disclosure risk is (again) increased if fines/penalties arising are material and not disclosed.

Staff costs may be overstated as the risk that payments may be made to leavers is increased.

Any lack of integrity may increase the risk of management and/or employee fraud, illegal acts and unauthorised use of company assets. In particular the assertion of existence of assets may be at risk (resulting in overstatement). Loss-making centres should be tested for impairment as cash-generating units. The value of the asset in construction should be written down if it is impaired (even though it has not yet been brought into use). See above reference to going concern and disclosure risk. Depreciation may be overstated if Hydrasports continues to calculate depreciation on fully-depreciated assets. Disclosures for capital commitments (e.g. to replace equipment) in the financial statements may be inappropriate if Hydrasports does not have funds to finance such commitments.

Obsolete gym equipment increases operational risk as customer satisfaction decreases and health and safety risks are increased.

The reduction in insurance cover reduces the recoverable amount of assets in the event of loss through fire (for example). Inability to replace lost/damaged assets increases operational risk (see obsolete gym equipment above). Operational risk is increased if the substantial increase in liability insurance premiums is a reflection of an increase in the level of claims being made.

See above reference to going concern and disclosure risk.

Disclosure risk is increased in relation to contingent assets (for reimbursement under insurance policies).

10

(b)

Principal audit work Deferred income Agreeing Hydrasports analysis of joining fee and peak/off-peak membership fees on a sample basis. Tutorial note: Initial joining fees should not be deferred but recognised when received. Reconciling membership income to fees paid. If customers can renew their membership without payment there should be no deferral of income (unless the debt for unpaid fees is also recognised). Assessing the collectibility of unpaid fees (if any) by reviewing after date receipts and correspondence with members. Recomputing the deferred income element of fees received in the three months before the balance sheet date. Comparison of year-end balance with prior year and investigation of variance. Hydrotherapy pool Verifying the initial cost of this constructed asset will include an examination of: the contract with the builder contractors billings; and stage payments. Hydrasports is likely to be advised by its own expert (a quantity surveyor) on how the contract is progressing. Audit work will include a review of the experts assessment of stage of completion as at the balance sheet date, estimated costs to completion, etc. Physical inspection of the construction at the year end to confirm work to date and assess the reasonableness of stage of completion. Borrowing costs associated with this substantial (heavy) investment should be agreed to finance terms and payments. The calculation of any amount capitalised should be recomputed to confirm accuracy. The basis of capitalisation, if any, should be agreed to comply with HKSSAP 19 Borrowing Costs (e.g. interest accruing during any suspension of building work should not be capitalised). As the construction has already cost twice as much as budgeted, its value in use (when brought into use) may be less than cost. Managements assessment of possible impairment (of the hydrotherapy pool and the centre) should be critically appraised. Tutorial note: The asset should not yet be subject to depreciation as it has still to be brought into use.

(c)

Performance indicators social/environmental responsibility Member satisfaction Number of people on membership waiting lists (if any). Number of referrals/recommendations to club membership by existing members. Proportion of renewed memberships. Actual members: 100% capacity membership (sub-analysed between peak and off-peak). Membership dissatisfaction Proportion of members requesting refunds per month/quarter. Proportion of memberships lapsing (i.e. not renewed). Staff Average number of staff employed per month. Number of starters/leavers per month. Staff turnover/average duration of employment. Number of training courses for lifeguards per annum. Predictability Number of late openings (say more than 5, 15 and 30 minutes after advertised opening times). Number of days closure per month/year of each facility (i.e. pool, crche, sauna, gym) and centre.

11

Safety Incidents reports documenting the date, time and nature of each incident, the extent of damage and/or personal injury, and action taken. Number of accident free days. Other society Local community involvement (e.g. facilities offered to schools and clubs at discount rates during off-peak times). Range of facilities offered specifically to pensioners, mothers and babies, disabled patrons, etc. Participation in the wider community (e.g. providing facilities to support sponsored charity events). Environment Number of instances of non-compliance with legislation/regulations (e.g. on chemical spills). Energy efficiency (e.g. in maintaining pool at a given temperature throughout the year). Incentives for environmental friendliness such as discouraging use of cars/promoting use of bicycles (e.g. by providing secure lock-ups for cycles and restricted car parking facilities). Evidence Tutorial note: As there is a wide range of measures of operational performance which candidates could suggest, there is always a wide range of possible sources of audit evidence. As the same evidence may contribute to providing assurance on more than one measure they are not tabulated here, to avoid duplication. However, candidates may justifiably adopt a tabular layout. Membership registers clearly distinguishing between new and renewed members, also showing lapsed memberships. Pool/gym timetables showing sessions set aside for over 60s, ladies only, schools, clubs, special events, etc. Staff training courses and costs. Staff timesheets showing arrival/departure times and adherence to staff rotas. Documents supporting additions to/deletions from payroll standing data (e.g. new joiner/leaver notifications). Engineers inspection reports confirming gym equipment, etc is in satisfactory working order. Also, engineer and safety check manuals and the maintenance program. Levels of expenditure on repairs and maintenance. Energy saving equipment/measures (e.g. insulated pool covering). Safety drill reports (e.g. alarm tests, pool evacuations). Accident report register showing date, nature of incident, personal injury sustained (if any), action taken (e.g. emergency services called in). Any penalties/fines imposed by the local authorities and the reasons for them. Copies of reports of local authority investigations. The frequency and nature of insurance claims (e.g. to settle claims of injury to members and/or staff).

12

PACIFIC GROUP (a) Applicable vs non-applicable risks (b) Internal controls (only FOUR applicable risks are required to be addressed)

Tutorial note: Remember that not all controls are preventative! Some should detect (so as to correct!) things that have gone wrong. (i) Lack of investment Applicable risk PG has a strategy of following developments rather than setting the pace for the industry (by keeping the product up to date with competitor products). PGs business success therefore depends on a timely awareness of competitors activities. Failure to respond to innovations in the market place (e.g. in graphic design) will threaten advertising revenues. (ii) Uncreditworthy customers non-applicable It is in the nature of providing goods/services on credit terms that a proportion of revenue will not be collectible (i.e. the risk of bad debts is one which can be reasonably borne). Given the large number of advertising customers it is unlikely that additional controls would be cost effective. Monthly review and monitoring of developments in competitor publications (e.g. The Deep) relating to the presentation of advertisements. Monthly comparison of actual development expenses against budget to see the extent to which the expected level of investment in development is being made.

Tutorial note: If, alternatively, this is judged to be an applicable risk additional internal controls suggested might include: independent creditworthiness checks (e.g. against agency credit ratings); authorisation of credit limits to ensure they are not set too high; independent review of aged-debt analysis to identify slow-payers; monitoring of the bad debt expense in relation to turnover.

(iii) Incomplete data transfer Applicable risk Invoices will be incomplete/inaccurate if data transfer is incomplete. There is a lack of controls to prevent what should be judged to be potentially significant (as advertising revenues are very material). Serial numbering of advertisements by editorial department and sequence checking by invoicing department. Monthly reconciliations of actual invoiced amounts to expected advertising revenue (based on number of pages of advertisements) and investigation of shortfalls. Monitoring of instances of incomplete/inaccurate data transfer how identified, reason for occurrence, amounts involved, how rectified.

(iv) Non-charges Applicable risk Individual advertisements are not significant (being <$5,000). However, failure to recognise four pages of advertising negotiated as barter transactions (even allowing for 25% discounts) would exceed this amount. As barter transactions become increasingly popular within the advertising industry, controls will be required to ensure that revenues and costs are not understated. If material, there is a risk of non-compliance with financial reporting requirements (SIC 31). Monitoring of advertising yields (i.e. revenue generated to advertising space available). Comparison of PGs own advertising expenditure against budget (to identify potential for unrecorded costs).

13

(v)

Inaccurate production non-applicable Individual advertisements are less than $5,000 (even if a multiple placement is wrong in the first instance it should be corrected for any repeats).

Tutorial note: Advertisements cannot be guaranteed to be error-free as typos1 cannot be wholly avoided. This is therefore another example of a risk that can be accepted at a level commensurate with the level of day to day business.

(vi) Misappropriated cash Applicable risk Cash receipts are significant and prone to theft resulting in the loss of assets. Also, accounts receivable may be overstated if cash receipts from credit customers are unrecorded resulting in loss of customer goodwill if they are chased for nonpayment when they have settled amounts due. Any lack of quality (integrity) in PGs people may damage PGs reputation. Two people should man the front desk at all times. A duty log should be kept (date, time, staff member). The desk must not be left unattended while cash is held there. All cash received from customers should be counted and recorded and a signed, pre-numbered receipt given to the customer. Cash and a copy of the signed receipt should be transferred, securely, to cashiers. The existence of CCTV at the front desk should be made evident, to act as a deterrent.

(vii) Unauthorised access non-applicable The potential for deliberate or intentional error arising from unauthorised access to the editorial and invoicing systems is relatively unlikely as basic CIS controls should be expected to be in place.

Tutorial note: If, alternatively, this is judged to be an applicable risk suitable controls might include: physical and logical access controls; and computer logs of attempted and unauthorised access (e.g. outside normal working hours).

(viii) Systems not available Applicable risk Unavailability of the editorial system is judged the more significant as, if advertisements do not get published on a timely basis, customers may not pay and/or take their future business elsewhere. Back up/recovery/contingency plans must be in place to ensure that PG can receive and process advertisements even when its computer systems are unavailable. Salvage plans for continuing operations should be tested. For example, in the event of an office fire, PG may have an arrangement with a third party to outsource the editorial production of the advertisements (and magazine) to them.

(ix) Transfer accounting information non-applicable Although potentially significant to reported results it is unlikely to affect PGs financial strength (for example). Also the process is computerised and there are no other potential risks which suggest a lack of programmed controls. (x) Risk of litigation Applicable risk Although PG might be expected to have insurance adequate to cover the financial costs of being sued for printing advertisements which do not meet the Code of Advertising, it is unlikely that this would be sufficient to cover reputational risk.

Tutorial note: If judged to be applicable suitable controls might (again) include such monitoring controls as sales control account reconciliations and a review of gross margins.

PGs policy on adhering to the Code of Advertising should be communicated to all editorial staff. Any doubts about the propriety of an advertisement should be raised with a responsible official before it is authorised for publication.

Tutorial note: Some of the potential risks are more clearly applicable than others. Candidates will be given credit for all well reasoned arguments. Typographical errors

14

VEMA (a) Change in depreciation method (i) Matters The depreciation charge for the year has been reduced by $13m ($42m $29m) as a result of the change, therefore reported profit before tax has been increased by 105% ($13m $124m 0105) and is therefore material. Tutorial note: Alternative calculation, $13m $(124m 13m) 117% The write back to reserves (prior period adjustment) is 43% ($47m $110m therefore material. 0043) of total assets and

Tutorial note: It is not appropriate to gauge the materiality of this item against PBT as it represents a balance sheet adjustment and has no bearing on the income statement. The net book value of tangible non-current assets has been uplifted by $60m ($13m + $47m) which is 55% of total assets and, again, material. Management is responsible for reviewing the useful life of tangible non-current assets periodically and, if significantly different, adjusting the depreciation charge for the current and future periods (HKSSAP 17 Property, Plant and Equipment). Tutorial example: Two-year old vehicles at the beginning of the period, which management now estimate to have a remaining useful life of a further two years from the end of the current period (i.e. five years in total): opening balance = 1/3 of cost (2/3 having already been depreciated) current period charge = 1/3 opening balance (writing off balance over next three years). Management is also responsible for reviewing the depreciation method periodically and changing it, if necessary, to reflect the change in expected pattern in economic benefits. This is accounted for as a change in accounting estimate (i.e. adjusted through current and future periods depreciation charge). Managements restatement of opening reserves is the treatment for a change in accounting policy or the correction of a [fundamental] error (HKSSAP 2 Net Profit or Loss for the Period, Fundamental Errors and Changes in Accounting Policies). This is incorrect. The change in depreciation method is a change in accounting estimate, which, by nature, is an approximation. Tutorial note: The measurement basis depreciated cost has not changed. The audit opinion should be qualified except for non-compliance with HKSSAPs 2 and 17 unless the write back to opening reserves is removed and the current year charge is recalculated on the remaining useful lives (and not as currently calculated, retrospectively, as though the new method had always been applied). (ii) Audit evidence Agreement of opening balances of cost, accumulated depreciation and net book value to prior year working papers and financial statements. Clients schedules showing remaining useful lives with current year depreciation calculated at 25% of brought forward reduced balance (25% cost on additions in the period). Tutorial note: If Vemas management was not prepared to provide these calculations, the auditor would need to estimate what the correct depreciation charge for the current year should be, to quantify the extent of their disagreement. A proof in total calculation of what the depreciation charge for the year under the new basis should be (i.e. 25% (opening NBV + Additions NBV of disposals)). Test checking a sample of remaining useful lives per clients schedules to the fixed asset register. Review of Vemas fleet vehicle replacement policy (e.g. as documented in an operational manual for fleet managers). Review of age of fleet assets disposed of during the year to check for consistency with assertion that this is now every 4 to 7 years. Scrutiny of profits/losses on disposals of vehicles should expect to have consistently reported profits if they are currently depreciated too quickly.

15

(b)

Termination payment (i) Matters $786,000 represents 63% of profit before tax and is therefore material. (However, it is not material to the balance sheet, being only 07% of total assets.) Tutorial note: It is more meaningful to assess the impact of the gross amount on the financial statements rather than the net payment to the former director. Mr Z was made redundant in the previous accounting period (to 30 September 2002) and the after-date payment, in December 2002, was therefore a subsequent event. If the audit for the year ended 30 September 2002 was not finished when the termination payment was made, it should have already been accounted for, i.e. the liability recognised (SSAP 9 Events After the Balance Sheet Date). If the liability should have been known about, but was omitted from the prior year financial statement, the error should be corrected by a restatement of opening reserves. It is not unusual that such a sensitive transaction be accounted for using a journal entry, rather than processed through a payroll, especially as Mr Z should have been removed from the payroll last year. Tutorial note: This avoids drawing staffs attention to the payment. The golden handshake has been lost in administrative expenses. Although it may not be considered sufficiently material to warrant separate presentation on the face of the income statement it appears sufficiently material to be presented separately in the notes (HKSSAP 1 Presentation of Financial Statements). As a regional director Mr Z would have been a related party (key management personnel), making the payment to him a related party transaction. The amount should therefore be disclosed in the notes to the financial statements (HKSSAP 20 Related Party Disclosures). Whether the $194,000 included within Other liabilities represents the accurate deduction of tax/social security contributions or a balance due to Mr Z. (ii) Audit evidence Documentation in last years working papers concerning provisions made for redundancies arising from the regional re-organisation. The bank payment $592,000 in December 2002. Settlement during the year to 30 September 2003 of $194,000. For example, inclusion of this amount in payments of tax deducted at source/pay as you earn and a notification of receipt from the relevant taxation authority. Mr Zs employment contract and directors service contract, in which the terms of the termination payment were set out. Any correspondence with Mr Z. For example, a letter accompanying the payment of $592,000 stating that it is in full and final settlement of the termination of his employment. Written management representation that there are no payments to current or former directors relating to the current or prior period which have not been included in the financial statements. Tutorial note: A management representation supporting the assertion of completeness of transactions and events.

(c)

Legal liability (i) Matter Although Weddell contributes a mere 32% of Vemas profit before taxation, it comprises 31% of total assets. The subsidiary is therefore material to the consolidated financial statements. The amount of the contingent liability disclosed is immaterial to Vema being 16% of Vemas profit before taxation and less than 02% of total assets. Tutorial note: Although it is 50% of Weddells profit before taxation it may not be considered material even in Weddells financial statements as it represents only 06% of the companys total assets. Materiality in relation to PBT is distorted because the company is reporting a near break-even position. The amount of the legal liability for costs and damages not provided for is material to Vema, being 89% of Vemas profit before taxation (and 1% of total assets). (It is 32% of Weddells total assets and would turn its reported profit into a loss.) The courts verdict in November was an adjusting post balance sheet event providing additional evidence regarding the amount and likelihood of settlement of a liability. It should therefore be adjusted for i.e. the liability recognised.

16

 The lodgement of an appeal is also a post balance sheet event however it is non-adjusting arising from a condition that did not exist at the balance sheet date (the court hearing). As Weddell is a subsidiary it is, by definition, controlled by Vema and the management of Weddell can be told to adjust the subsidiarys financial statements. Tutorial note: It is unlikely that Weddells statutory accounts will have been finalised/filed before Vemas. If no adjustment is made in Weddells financial statements the auditors report thereon should be qualified except for on grounds of disagreement about the amount and nature of a liability (being actual rather than contingent). Tutorial note: Although this is not the responsibility of the primary auditor the other auditors opinion is one source of evidence available to the primary auditor. If the amount is not adjusted in Weddells financial statements, an adjustment should be made by Vemas management on consolidation (otherwise the audit opinion on the consolidated financial statements would need to be qualified except for non-compliance with HKSSAP 28 Provisions, Contingent Liabilities and Contingent Assets). (ii) Audit evidence The official notification of the courts ruling. A copy of the appeal lodged with the court. Legal advice regarding the possible success of the appeal. Copy correspondence with legal advisers including a copy of the external confirmation letter obtained by Weddells auditor. Consolidation/reporting pack from Weddell and their local auditors report thereon (if applicable). The local firms auditors report on the financial statements of Weddell, when available. Tutorial note: This should be before the auditors report on Vemas consolidated financial statements is signed.

FRAZIL (a) Auditors responsibilities for reporting on compliance with IFRSs It has long been established that: the auditors principal responsibility for reporting (generally) is to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework (SAS 100 Objective and General Principles Governing an Audit of Financial Statements); the auditors report must clearly indicate the financial reporting framework used to prepare the financial statements (SAS 600 Auditors Reports on Financial Statements).

Specifically, auditors responsibilities for reporting on compliance with IFRSs are set out in the International Auditing Practice Statement Reporting on Compliance with International Financial Reporting Standards (IAPS 1014) issued by IFACs International Auditing and Assurance Standards Board (IAASB). (i) Only IFRSs The auditor should be alert to indicators of non-compliance. In the event of any material departure the auditor is responsible for giving a qualified except for or adverse opinion, on the grounds of disagreement unless management changes the accounting policy and/or disclosure, as necessary, in order to comply with IFRSs. (ii) Both IFRSs and national standards or practices For an unqualified opinion to be justified, the financial statements will need to comply with both frameworks, simultaneously, without need for reconciliation. (This will be rare. For example, where IFRS has been adopted as the national reporting framework.) The auditor is responsible for determining which is the predominant framework and encouraging management to report only in that framework. If the problem is not removed in this way the auditor reports on each framework (qualifying the audit opinion on at least one). (iii) National standards or practices with disclosure of extent of compliance As with any assertion the auditor must consider whether assertions made in the notes with respect to the extent of such compliance are factually correct and not misleading. If disclosures are misleading, the auditors report expresses a qualified or adverse opinion, unless the comment on compliance is removed.

17

(b)

Implications for the auditors report (i) Non-compliance with IAS 38 According to IAS 1 Presentation of Financial Statements, fair presentation requires that financial statements should not be described as complying with IFRSs unless they comply with all the requirements of each applicable: standard; AND IFRIC interpretation. IAS 38 Intangible Assets requires that development costs which meet all the specific criteria (e.g. technical feasibility) for asset recognition MUST be recognised as an asset and not expensed. Tutorial note: The question does not call for the regurgitation of those criteria. Total development costs expensed during the year represent 45% of reported profit before tax and are therefore material. The $14 million which should have been capitalised represents: 13% of total assets; 38% of development costs incurred during the year; and 17% of PBT. Although clearly material to PBT it is not particularly material to the balance sheet. However, this is only the amount which should be capitalised for the current year. If not adjusted for this year, it would be an unadjusted error, the cumulative effect of which should be considered in the subsequent year. Therefore, as there is clearly non-compliance, which is material, the financial statements do not comply with IFRS. Management should be asked to: increase intangible non-current assets by $14 million; reduce development expenses by $14 million (thereby increasing profit to $96 million); change the accounting policy note for development costs to state that an asset is recognised when certain criteria are met. In the absence of which the audit opinion should be qualified except for disagreement unless the assertion of compliance with IFRS is deleted. Tutorial notes: (1) As there is no reason to suppose that the prior year policy was other than to expense as incurred, there is no brought forward balance and IAS 38 transitional provisions are not retrospective. (2) If, having capitalised the intangible asset, it is apparent that it is impaired, an appropriate impairment loss should be recognised (even 100%). (ii) Reporting on the Internet The auditors duty of care is not extended solely by virtue of the report being published in an electronic form as well as hard copy (i.e. manually signed financial statements). Tutorial note: Although some commentators may argue contrary to this, this is what is asserted by recently issued guidance (e.g. by IFAC, in UK, Australian AGS, etc). The directors are primarily responsible for web-published financial statements (e.g. signing them). Management should have an internet reporting policy to ensure the same integrity of financial information as that published in traditional (i.e. paper) form. Frazils management should be in discussion with the auditors to agree the extent to which audited information will be included on the website (rather than informing that the annual report is to be so published). Audit procedures to check the information being presented electronically should include: reviewing the process by which the financial statements to be put on the web are derived from the financial information contained in the manually signed financial statements (e.g. by conversion to PDF or HTML format); proofing the content of the electronic version against the hard copy; confirming that the auditors signature copied into an electronic medium is protected from modification; checking that the conversion has not distorted the overall presentation of the financial information.

18

 It will be particularly important that it should be clear to all users of the financial information available from the website which information has been audited and which has not. (Identification of what has been reported on with page numbers is possible with pdf format, but there are no page numbers for html presentation of annual reports.) All hyperlinks in and out of the audited financial statements should be flagged (e.g. through a secure site entering/leaving notification). If the auditors report on the hardcopy financial statements refers to page numbers which are not supported by the web-based version it will require amendment. Managements responsibility for implementing an appropriate security infrastructure should be acknowledged in the management representation letter. This should encompass control procedures to reduce, as far as possible, the risk that changes are not properly authorised, and ensure that all changes can be detected and monitored. Tutorial note: Managements responsibilities are not diminished when the enterprise uses a third party to maintain its website even though the maintenance of the website has been put in the hands of a third party, management cannot outsource its responsibilities. 5 SEPIA (a) Professional enquiry Professional issues raised Krill has a professional duty of confidentiality to its client, Squid. If Krills lack of response is due to Squid not having given them permission to respond, Sepia should not accept the appointment. However, in this case, Anton Fargues should have: notified Squids management of the communication received from Sepia; and written to Sepia to decline to give information and state his reasons. Krill should not have simply failed to respond. Krill may have suspicions of some unlawful act (e.g. defrauding the taxation authority), but no proof, which they do not wish to convey to Sepia in a written communication. However, Krill has had the opportunity of oral discussion with Sepia to convey a matter which may provide grounds for the nomination being declined by Sepia. Steps by Sepia Obtain written representation from Squids management, that Krill & Co has been given Squids written permission to respond to Sepias communication. Send a further letter to Krill by a recorded delivery service (i.e. requiring a signature) which states that if a reply is not received in the next seven days (say) Sepia will assume that there are no matters of which they should be aware and so proceed to accept the appointment. (Advise also that unless a response is received, a written complaint will be made to the relevant professional body.) Make a written complaint to the disciplinary committee of the professional body of which Anton Fargues is a member so that his unprofessional conduct can be investigated.

(b)

Take-over bid Professional issues raised Sepia has a professional duty of confidentiality to its existing audit client, Vitronella. Vitronella may ask Sepia to give corporate finance advice on Hatchets take-over bid which would be incidental to the audit relationship. Providing Sepia can maintain and demonstrate integrity and objectivity throughout, there would be no objection to Sepia providing such an additional service, to advance their existing clients case. It is often in a companys best interests to have financial advice provided by their auditors, and there is nothing ethically improper in this. So it seems unusual that Hatchet should have approached Sepia, rather than their current auditors. HKSAs Professional Ethics1 consider that it would not be improper for an audit firm to audit two parties, even if the take-over is contested, and that to cease to act could damage the clients interests. However, the situation is different here in that Sepia is not Hatchets auditor. Sepia should take all reasonable steps to avoid conflicts of interest arising from new engagements and the possession of confidential information. Sepia cannot therefore resign from Vitronella in order to undertake the advisory role for Hatchet. (A relationship which has ended only in the last two years is still likely to constitute a conflict.)

Steps by Sepia As it is clear that a material conflict of interest exists, Sepia should decline to act as adviser to Hatchet. Advise Vitronellas management that Hatchets approach has been declined.

1 Similarly ACCAs Rules of Professional Conduct

19

(c)

Lowballing Professional issues raised Lowballing is a practice in which auditors compete for clients by reducing their fees for statutory audits. Lower audit fees are compensated by the auditor carrying out more lucrative non-audit work (e.g. consultancy and tax advice). The fact that Keratin has quoted a lower fee than the other tendering firms (if that is the case) is not improper providing that the prospective client, Benthos, is not misled about: the precise range of services that the quoted fee is intended to cover; and the likely level of fees for any other work undertaken. Although an admission to lowballing Setting the early price in an arrangement at a low amount to secure business with the intent later to raise the price may sound improper, it does not breach current ethical guidance providing Benthos understands the situation. So, for example, Keratin could offer Benthos a free first-year audit, providing Benthos appreciates what the cost of future audits would be. The risk is, that if the non-audit work does not materialise, Keratin may be under pressure to cut corners or resort to irregular practices (e.g. the falsification of audit working papers) in order to keep within budget. If a situation of negligence (say) were then to arise, Keratin could be found guilty of incompetence. As the provision of other services is under scrutiny and becoming increasingly restricted this risk is likely to be high. For example, non-audit services which are prohibited in the US include bookkeeping, financial information systems design and implementation, valuation services, actuarial services, internal audit (outsourced), human resource services for executive positions, investment and legal services. Keratin may not be just lowballing on the first year audit fee, but in the longer term. Perhaps indicating that future increases might only be in line with inflation. In this case if, rather than comprise the quality of the audit, Keratin were to substantially increase Benthos audit fees, a fee dispute could arise. In this event Benthos could refuse to pay the higher fee. It might be difficult then for Keratin to take the matter to arbitration if Benthos was misled. Steps by Sepia There are no steps which Sepia can take to prevent Benthos from awarding the tender to whichever firm it chooses. If Keratin is successful in being awarded the tender, Sepia should consider its own policy on pricing in future competitive tendering situations.

PROFESSIONAL RESPONSIBILITIES AND LIABILITY Tutorial note: The answer which follows is indicative of the range of points which might be made. Other relevant material will be given suitable credit. (a) External audit opinion Responsibilities Management is primarily responsible for the proper preparation and presentation of financial statements and this is clearly stated in the auditors report. The statutory auditors duty is to report, expressly, an opinion on a true and fair view (or presents fairly in all material respects). In some jurisdictions this duty may extend to reporting expressly (as in the Republic of Ireland) or by exception (as in Great Britain) on matters such as whether or not all information and explanations necessary for audit purposes have been received. The auditors report is addressed (usually) to the shareholders and it has long been established that the auditor is liable to shareholders in cases of negligence. Tutorial note: Cases which could be cited here include London and General Bank Ltd (1895); Re Kingston Cotton Mill (1896); Re Thomas Gerrard & Son Ltd (1967). Cases on liability to third parties have focused on the question of whether a duty of care is owed and the issue of foreseeability (e.g. Donoghue v Stevenson (1932); Candler v Crane Christmas (1951); Hedley Byrne v Heller & Partners (1963); JEB Fasteners v Marks Bloom (1981); Twomax Ltd v Dickson, McFarlane & Robinson (1983), Al Saudi Banque v Clarke Pixley (1989)). However, the case of Caparo Industries plc v Dickman and Others (1990) narrowed the scope of liability by introducing a condition of proximity of relationship into duty of care.

20

Recent developments In the US, the Sarbanes-Oxley Act, introduced in the wake of the Enron and Worldcom scandals, requires the principal executives and finance officers (CEOs and CFOs) to certify that accounts of SEC-registered companies: do not contain any untrue statements or omit anything that would be necessary for the report not to be misleading; and fairly present the companys financial position and results.

Such a demonstration of managements responsibility may assist auditors in claiming that they are not liable in cases where management is fraudulent. As a deterrent, wilful breach of this provision2 can result in a $5 million fine or 20 years imprisonment (or both). In the Bannerman case3, a Scottish court held that auditors could be held to have a duty of care to a third party (in this case a lending bank) if they knew, or ought to know, that the bank would rely on audited accounts and they did not disclaim liability. The knew or ought to have known principle is the same as in pre-Caparo cases (above). What is different about the Bannerman case is that the auditors failure to disclaim liability was what supported the existence of the duty of care. Impact on professional liability The auditors responsibility to conduct an audit in accordance with auditing standards is unchanged. However, liability to third parties is clearly increased if the auditor does not disclaim such liability. This is not to be confused with: a disclaimer of liability to shareholders; or the disclaimer of an audit opinion in accordance with SAS 600 Auditors Reports on Financial Statements.

Auditors wishing to manage the risk of liability to third parties are advised to include a separate disclaimer of such responsibility, at the same time stating that the auditors report is to the shareholders (as a body) and that audit work is undertaken solely for that purpose. (b) Internal financial controls Responsibilities Risk management is the primary responsibility of management whose fiduciary duties include the safeguarding of assets and ensuring the completeness and accuracy of financial records. Internal audit provides objective assurance and advice to boards, especially the non-executive directors, on the effectiveness of the risk management processes and the ways in which risks are managed and controlled. In accordance with existing auditing standards, the external auditor is required to make a preliminary assessment of internal controls and to test them if seeking to place reliance on them as audit evidence. Developments There has been much debate concerning reporting, in the public interest, statements by directors of listed companies. UK Listing Rules (for example) require that auditors review the effectiveness of managements systems of internal control. However auditors are not required to provide assurance on internal control (as suggested by The Combined Code). Tutorial note: As illustrated above, marks will be awarded for relevant reference to developments in corporate governance (e.g. Cadbury, 1992; Hampel, 1998; Combined Code, 1998; Turnbull, 1999), in the context of the question set. The spectacular collapses of Barings Bank/Enron clearly demonstrate the need for management to have risk management practices and effective internal financial controls. It is unlikely that auditors can report on such matters in short form. The judgements involved and the lack of generally accepted suitable criteria will require a lengthy narrative report to avoid misunderstandings in communicating conclusions. Post-Enron legislation in the US, the Sarbanes-Oxley Act, now requires4 that CEOs and CFOs certify that: they are responsible for internal controls and have reported on their effectiveness; and all significant control weaknesses and management frauds have been reported to the auditors and the audit committee.

Auditors are required to report on managements report on internal control effectiveness. Impact on professional liability Reporting on the effectiveness of financial internal controls is perceived to increase auditors liability if the auditor fails to identify significant risks or potential weaknesses in the design and operation of a system of internal financial controls. In particular, allegations of negligence may be directed to the auditor because of a lack of understanding that absolute assurance is not possible due to inherent limitations of internal control (e.g. human error, collusion, and management override). 2 Effective on 20 July 2002 (when the Act was passed) 3 Royal Bank of Scotland v Bannerman Johnstone Maclay and others 4 Effective 29 August 2002

21

(c)

Management representation letters Responsibilities Management representation letters provide written evidence that management acknowledges its collective responsibility for the preparation of the financial statements and that they have approved them. Auditors have a professional responsibility to gather sufficient audit evidence to support their audit opinion, including obtaining written representations when appropriate. SAS 440 Representations by Management requires that: written representation be obtained when sufficient appropriate evidence cannot reasonably be expected to exist; the reliability of representations be reconsidered if contradicted; if management refuses to provide representation the implications for the auditors report be considered.

Also, auditors are required to consider whether the individuals making the representation can be expected to be well informed on the particular matters. Recent developments The High Court decision in the Barings case5 raised some key issues in relation to the protection which management representations afford to auditors. A director, having little knowledge or understanding of Nick Leesons activities (although he was nominally his boss), made representations that there had been no irregularities and that the financial statements were free of material errors and omissions. The judge said that the external auditors (D&T) defence against the claim for damages which they faced, that the director was recklessly fraudulent, would have succeeded if fraudulent misrepresentation could have been established. In some jurisdictions it is a criminal offence for an officer of a company to knowingly or recklessly make misleading or false statements to the companys auditors. It is already clear in SAS 440 that management representations cannot be a substitute for evidence that auditors expect to be available and that uncorroborated representations do not normally constitute sufficient audit evidence. The Barings judgement does not contradict the basic principles and essential procedures contained in SAS 440. However, it has highlighted the need for emphasis of the guidance in this area. To add substance to auditors considering whether individuals are well-informed on the matters about which they are making representations, it is recommended6 that management include a specific representation that they can properly make their representations. Impact on professional liability If more cases of criminal charges are brought against officers, as a deterrent to making deceptive statements, the reliability of management representations as audit evidence should be increased. Professional liability is thereby reduced if there are fewer cases brought or proved against the auditor. Barings Futures (Singapore) Pte Ltd (BFS) v Deloitte & Touche Singapore [2002] 6 In a Technical Release
5

22

Part 3 Examination Paper 3.1 (HKG) Audit and Assurance Services (Hong Kong)

December 2003 Marking Scheme

Marks must only be awarded for points relevant to answering the question set. Unless otherwise indicated, marks should not be awarded for restating the facts of the question. For most questions you should award 1/2 a mark for a point of knowledge, increased to 1 mark for the application of knowledge and 11/2 marks for a point demonstrating the higher skill expected in Part 3. The model answers are indicative of the breadth and depth of possible answer points, but are not exhaustive. Most questions require candidates to include a range of points in their answer, so an answer which concentrates on one (or a few) points should normally be expected to result in a lower mark than one which considers a range of points. In awarding the mark to each part of the question you should consider whether the standard of the candidates answer is above or below the pass grade. If it is of pass standard it should be awarded a mark of 50% or more, and it should be awarded less than 50% if it does not achieve a pass standard. When you have completed marking a question you should consider whether the total mark is fair. Finally, in awarding the mark to each question you should consider the pass/fail assessment criteria: Adequacy of answer plan Structured answer Inclusion of significant facts Information given not repeated Relevant content Inferences made Commercial awareness Higher skills demonstrated Professional commentary In general, the more of these you can assess in the affirmative, the higher the mark awarded should be. If you decide the total mark is not a proper reflection of the standard of the candidates answer, you should review the candidates answer and adjust marks, where appropriate, so that the total mark awarded is fair. Marks 1 (a) (i) Business risks Generally 1/2 mark for identification + 1 mark each point of explanation max 8

Ideas Operations risks standard design licences alternative facilities/competition customer satisfaction/poor service levels (e.g. staff lateness) human resources Empowerment risks centralised control Information for decision-making risks business reporting risks Financial risks advance payments loss of revenue cash flow Compliance risks rights to operate safety management (lifeguards, crche facilities)

23

Marks (a) (ii) Financial statement risk Generally 1 mark each point max 8

Ideas Assets impairment/overstatement (licences, tangibles and GCUs) useful lives existence assurance Liabilities understatement/non-disclosure (contingent and actual) Income statement revenue (overstatement/non-compliance SSAP 18) staff costs overstatement Controls control risk fraud/illegal acts Inherent risks branch accounting Disclosure risk going concern (SSAP 1) contingent liabilities/assets capital commitments

(b)

Principal audit work Generally 1 mark each area of principal audit work maximum 3 marks each (i) and (ii) Ideas Deferred income accounting estimate cutoff/accrual basis/matching test in total Hydrotherapy pool initial measurement/cost reliance on an expert (SAS 520) borrowing costs (SSAP 19) Impairment (SSAP 31) vs depreciation (SSAP 17)

(c)

Performance indicators Generally 1/2 mark for each measure suggested 1/ 1 mark each source of evidence 2 Ideas Performance measures types of performance measure (e.g. efficiency, capacity) numbers/proportions/%s facilities (available vs closed) members (lapsed, renewed, introduced) accidents (personal, chemical) Audit evidence oral vs written internal vs external auditor generated procedures (AEIOU)7

max 8

30 7 SAS 400 identifies five procedures for obtaining audit evidence: Analytical, Enquiry, Inspection, Observation and compUtation.

24

Marks 2 (a) Applicable risks Generally 1/2 mark for appropriate identification as applicable Up to 11/2 marks each point of explanation max 38 max 15 max 14

Ideas (types of risk) Environment competition regulatory Process operations financial empowerment information processing integrity Information for decision-making process/operations business reporting environment/strategic

(b)

Internal controls Generally 1 mark each point, max 2 4 applicable risks Ideas control procedures/specific controls control environment/pervasive controls monitoring activities (including reconciliations)

max 6

20 Judgemental marks award none if no discernment (e.g. all risks identified as non-applicable or applicable). 8] Award 1/ for each non-applicable risk consistent with reasoned assessments. 2
8

25

Marks 3 (i) Matters Generally 1 mark each comment maximum 5 marks each issue 3 Ideas materiality (assessed) relevant SSAPs (e.g. 1, 2, 9, 17, 20, 28) and The Framework risks (e.g. FS assertions existence, completeness) responsibilities (e.g. for consolidated financial statements)

max 12

(ii)

Audit evidence Generally 1 mark each item of audit evidence (source) maximum 5 marks each issue 3 Ideas (SAS 400) oral vs written internal vs external auditor generated procedures (AEIOU)

max 12

max 20 (a) (b) (c) max 8 max 6 max 6 20

26

Marks 4 (a) Auditors responsibilities for reporting on compliance with IFRSs Generally 1 mark each comment Ideas generally/background SAS 100, 600 new authority IAPS 1014 IFRSs only disagreement except or adverse both IFRS and national simultaneous compliance, predominant framework national with disclosure of IFRS compliance assertion factually correct or misleading max 5

(b)

Implications for auditors report Generally 1 mark a comment Ideas (i)i IAS 38 non-compliance SSAP 1 fair presentation IAS 38 mandatory requirement Materiality current year vs cumulative effect9 Conclusion on compliance Amendments required unqualified opinion If not amended except for disagreement (ii) Reporting on the Internet Responsibilities (auditor/management) Extent of audited information Audit procedures Identification of audited information vs unaudited information

max 10

15 9 Maximum 2 marks

27

Marks 5 Professional issues Generally 1 mark each comment maximum 5 marks each of three matters Ideas Professional issues raised Integrity (management and/or audit firm) Objectivity/independence Confidentiality Relevant ethical guidance i.e. (a) Changes in professional appointment (b) Corporate finance advice including take-overs (c) Fees Meaning of lowballing Steps (i.e. ACTIONS) Obtain . . . what? . . . why? Ask/advise . . . who? . . . when?

15

Responsibilities and liabilities Generally 1 mark a point Ideas (illustrative) Traditional responsibilities/liabilities of management internal audit external audit Recent change (legal/professional) What change has been in response to Impact on professional liability of external auditors

(a) (b) (c)

max 6 max 5 max 4 15

28