Audit and Assurance Revision Notes F8

1. The concept of audit and other assurance engagements

1.1. Identify and describe the objective and general principles of external audit engagements

ISA 200 Definition: Obtains reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error, in order to enable them to express an opinion on whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting framework.
Definition: The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial
statements are prepared in accordance with an applicable financial reporting framework in all material aspects. An audit of financial
statements is an example of an assurance engagement.
Statutory Audit: Audits are required under national statute (Companies Act). Most incorporated entities are legally required to have
the financial statements audited, although many smaller companies are exempt. The key benefit to shareholders is the impartial
view produced by the auditors.
Non Statutory Audit: Performed by independent auditors because interested parties want them rather than law. Advantages include
settling accounts between partners, taxation authority agreement and sale of a business.

1.2. Discuss the concepts of accountability, stewardship and agency

Recap: An audit provides assurance to shareholders and other stakeholders of a company on the financial statements because it is
independent and impartial.
Overview: The accounting and auditing professions have been under scrutiny due to a number of corporate scandals. E.g. Enron (US
energy company had been deceiving investors by overstating profitability, Arthur Andersen lacked objectivity in evaluating
accounting methods), Xerox, WorldCom, Lehman Brothers etc. This resulted in the Sarbanes Oxley Act 2002 (regulation).
Accountability Definition: Required / expected to justify actions and decisions suggests an obligation.
Stewardship Definition: Duties and obligations of a person who manages another persons property.
Agency Problem: In a company the management acts as agents for the shareholders (principals). Management are accountable to
the shareholders for the stewardship of the entitys assets which are placed under their control. This brings a conflict of interest
inherent to the relationship i.e. between management and shareholders. The manager, acting for shareholders, is supposed to make
decisions to maximise shareholder wealth (return on investment) even though it is in his best interest to maximise his own wealth.
Agents are in a position to affect that return.
Solution: Assurance! An audit provides a) a knowledgeable review of the companys business and accounts, an impartial view which
is presented to shareholders.
Interested Parties: Shareholders, creditors, tax authorities, employees, investors, and directors.

1.3. Explain the five elements of an assurance engagement

Recap: Auditors must be independent of the organisation and provide an opinion to the shareholders as to whether the financial
statements are presented fairly / give a true and fair view (factual, free from bias). This opinion enhances the credibility of FS by
providing reasonable assurance the FS are free from material misstatement (high level of assurance).
Assurance Definition: An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance the
degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of
a subject matter against criteria (International Framework for Assurance Engagements).
Elements of an assurance engagement:
o Criteria: The subject matter is evaluated or measured against criteria in order to reach an opinion.
o Report: A written report with the opinion for the intended user, the appropriate form to provide reasonable assurance /
limited assurance.
o Evidence: Sufficient and appropriate evidence needs to be gathered to support the required level of assurance.
o Subject Matter: Data evaluated by the responsible party e.g. financial information, processes, internal control.
o Three Party Relationship: Intended users (e.g. shareholders), responsible party (directors), practitioner (auditor firm).

1.4. Define and provide the objectives of an assurance engagement

Depends on the level of assurance provided.

Reasonable Assurance: Provides a high level of assurance e.g. statutory audit. The objective is a reduction in assurance engagement
risk to form a positive expression e.g. In our opinion internal control is effective, in all material aspects, based on XYZ criteria. To
give reasonable assurance, a significant amount of testing is conducted.
Limited Assurance: Provides a lower level of assurance e.g. review of cash flows. The objective is to obtain a level of meaningful
assurance to form a negative expression e.g. Based on our work described, nothing has come to our attention that causes us to
 Audit and Assurance Revision Notes F8

believe the internal control is ineffective. To give limited assurance this involves limited evidence gathering and techniques such as
enquiry and analytical procedures.

1.5. Describe the types of assurance engagement

There are two types of assurance engagements, attestations and direct engagements. The main difference is who is measuring or
evaluating the subject matter against the criteria.
Attestation Engagement: The underlying subject matter is NOT measured or evaluated by the practitioner and the practitioner
concludes whether or not the subject matter is free from material misstatement. E.g. a review of a sustainability report prepared by
management.
Direct Engagement: The underlying subject matter IS measured or evaluated by the practitioner and the practitioner concludes
whether or not the subject matter is free from material misstatement.
Internal Audit: Employed by the business, performing assurance and consulting activities to improve the effectiveness of the entitys
governance, risk management and internal control processes.

1.6. Explain the level of assurance provided by an external audit and other review engagements and the concept of true and fair
presentation (Audit Reports). Describe limitations of statutory audits.

Recap: Audit reports must present and fair view. This means they are factual, free from bias and reflect the commercial substance of
the businesss transactions.
What is Included in an Audit Report?
o Opinion i.e. true / fair
o Basis of Opinion i.e. standards prepared
o Key Audit Matters i.e. matters of most significance
o Responsibilities of Management i.e. reducing the expectations gap
o Auditors Responsibilities
Limitations of Audit and Materiality:
o Audits are not objective, judgements have to be made e.g. how much to test, what to test
o Not all items in the FS are testing sampling
o Limitations in account and control systems e.g. human error, non-routine transactions
o Audit report has inherent limitations standard format, audit jargon
o Audit report is issued a long time after the balance sheet date
o Audit evidence sometime indicates what is possible not certain estimates, judgements, intentions
Materiality Definition: Expression of the relative significant or importance of a particular matter in the context of FS. A matter is
material if its omission or misstatement would influence economic decisions of its users.
Assurance Process: Assess the risk, agree the scope of work to be performed, formalise the terms of the engagement in a contract
(engagement letter), plan audit procedures based on the risk and level of assurance, perform overall review (obtain sufficient
evidence), form opinion and issue report.
Audit and Assurance Revision Notes F8

2. Statutory audit and regulation

2.1 Describe the regulatory environment within which external audits take place

Recap: Most companies are required to have an external audit by law, but some small companies are exempt. The outcome of the
audit is the auditors report, which sets out the auditors opinion on the financial statements. Requirements for the eligibility,
registration and training of auditors are designed to maintain standards in the auditing profession. The profession is subject to
regulation from a range of sources including:
o National Legislation (to establish rights and duties of auditors, eligibility of auditors)
o National Regulation and Standard Setting
o International Standard Setting
o Professional Bodies

2.2 Discuss the reasons and mechanisms of the regulation of auditors

Why?
o Check adequate accounting records have been kept
o Returns are adequate for the audit
o Accounts agree with records and returns
o All information and explanations have been received
o Details of benefits are appropriately disclosed
Value?
o Enhance credibility
o Highlight deficiencies in the internal control system
Small Entity Exemption: A smaller entity possesses the following characteristics:
o Concentration of ownership and management (often a single person)
o One or more of the following; straight forward transactions, simple record keeping, few lines of business, few internal
controls, few levels of management, few personnel.
Low risk of agency problem.

2.3 Explain the statutory regulations governing the appointment, rights, removal and resignation of auditors.

Recap: The law gives auditors rights and duties to allow auditors to have sufficient power to carry out an independent and effective
audit.
Duties: Report on every statement i.e. BS, P&L, Y. The auditors must consider; compliance with regulation (local / international law),
truth and fairness of accounts, adequate accounting records and returns, agreement of accounts to records, consistency of other
information, directors benefits (Companies Act 2006).
Rights: The auditors have certain rights to enable them to carry out their duties effectively. This includes; access to records,
information and explanations, attendance at notices of general meetings, right to be heard at general meetings, rights in relation to
receive written resolutions.
Appointment: Auditors should be appointed and therefore are answerable to the shareholders. They are normally appointed annually
and can be appointed by directors, members, secretary of state. This is normally done by shareholders resolution. In particular
circumstances such as first audit, directors can appoint. The remuneration of auditors will be fixed by whoever made the
appointment.
Resignation: Auditors may resign at any time. This will be done by giving a written notice with a statement of circumstances to
relevant members / creditors. The notice of resignation is sent by company to the regulatory authority, the circumstances are sent by
auditors to the regulatory authority and the company to everyone entitled. Auditors can require directors to call a general meeting
within 21 days to discuss the circumstances and have the right to speak on matter that concern them.
Removal: Auditors may be removed by resolution of shareholders. A notice of removal is sent either by special notice (28 days) or by
notice of resolution. Auditors can make written representation on why they ought to stay in office. If resolution is passed company
must notify regulatory authority and auditors must deposit statement of circumstances within 14 days. Auditor can receive notice of
and right to speak at general meeting.

2.4 Explain the regulations governing the rights and duties of auditors.

Recap: The law gives auditors rights and duties to allow auditors to have sufficient power to carry out an independent and effective
audit.
Audit and Assurance Revision Notes F8

National Legislation, Regulatory and Standard Setting: Varies in structure from country to country. In the UK there are a number of
relevant professional bodies e.g. ACCA, ICAEW, ICAS. All of these vary however they have the same characteristics stringent
entrance requirements, strict code of practice, and technical updates of members. In the UK, we are governed by the Companies Act
2006 under EU law. Legislation establishes:
o Rights and duties of auditors
o Eligibility to act as an auditor (membership of reg body, qualifications etc.)
The Companies act define recognised supervisory bodies (RSBs) to supervise and monitor auditors (e.g. ACCA).
International Level: Set a minimum standard and requirements, provide guidance without a well-developed national framework and
aids intra-country recognition. International Federation of Accountants (IFAC) ACCA is a member. As a member, ACCA must comply
with guidelines on pre-qualification education and training and continued training.
o Education: Theoretical knowledge e.g. audit, general accounting
o Examinations: Demonstrate passed professional competence. Assess theory and practical application.
o Experience: Consistent application in the work place.
Supervision and Monitoring: Properly structured audit approach, carefully instituted quality control procedures, commitment to
ethical guidelines, technical excellence, fit and proper adherence, peer reviews, appropriate audit fee.
International Standards: ISAs set by the International Auditing and Assurance Standards Board (IAASB).

2.5 Explain the development and status of ISAs

IFAC: 157 members (accountancy bodies of good standing e.g. ACCA) not for profit organisation (1977)
Council: 1 rep from each member elects members of Board, determines financial contributions
IASB: President and reps from each country (elected every 3 years) - supervises IFACs work programme
Committees: E.g. Compliance, Ethics etc. carries out IFACs work programme
IAASB: 18 members nominated by IFAC Board sets out ISAs, facilitates convergence with international and national standards,
and strengthens public confidence. The IAASB achieves its objectives by:
o Establishing high quality standards which are generally accepted and recognised worldwide
o Establishes standards and guidance for other types of assurance (financial and non-financial)
o Establishes standards and guidance for other related services
o Establishes standards for quality control covering the scope of services addressed by IAASB
o Publishes other pronouncements on auditing and assurance matters, advancing public understanding of roles and
responsibilities of assurance providers. Pronouncements include International Standards on Auditing (ISAs) and
International Standards on Assurance Engagements (ISAEs).

2.6 Explain the relationship between ISAs and national standards

Many national standard setters are moving towards the adoption of ISAs in place of previous standards. By 2009, over 100
countries adopted / incorporated ISAs.
There is a relationship between national standard setters and the IAASB (two way communication). Liaison group of national
standards setters include the UK Auditing Practices Board (APB).
The Liaison Group include standard setters who are significantly active in the development of national standards, have / or plan to
adopt ISAs, are sufficiently resourced to participate and represent the worlds largest economies.
Annual meetings are held to share knowledge, bringing the group together during early stages of development, achieve close
cooperation and collaboration to minimise duplication and achieve wider involvement in IAASB task forces / research agendas.
The process to develop IAASB standards includes:
o Research and Consultation - Taskforce to draft standards
o Transparent Debate Proposed standards is discussed at meeting and open to public
o Exposure for Public Comment Exposure draft to put on website and distribute for comment (min 120 days)
o Consideration of Comments Any comments are considered at an open meeting and revised if necessary
o Affirmative Approval Approval made by a vote of at least 2/3 IAASB members
As statutory audit is governed by local legislation, the status of ISAs will vary between countries
Audit and Assurance Revision Notes F8

3. Corporate Governance

3.1 Discuss the objectives, relevance and importance of corporate governance

Definition: Corporate governance is the system by which companies are directed and controlled. It describes the framework of rules
and practices by which a Board of directors ensures accountability, fairness and transparency in a companys relationship with each
of the stakeholders.
Importance: There have been several reviews performed to establish a set of principles for corporate governance due to failings. The
Cadbury Report commissioned by the UK government identified the following stakeholders:
o Directors: Responsible for corporate governance
o Shareholder: Linked to directors by financial statements
o Other Relevant Parties: Employees, customers and suppliers (stakeholders)
In some companies the shareholders are fully informed about the management of the business as they are also directors. However,
otherwise shareholders only have the opportunity to find out at the AGM. These are often poorly attended therefore there is a
potential conflict of interest.

3.2 Discuss the provisions of international codes of corporate governance (such as OECD) that are relevant to auditors

OECD (Organisation for Economic Cooperation and Development): Own principles for corporate governance to provide best practice
recommendations and are used as a worldwide benchmark.
o Consistency with Law promote transparent and efficient markets and clearly articulate the division of responsibilities
among supervisory, regulatory and enforcement bodies
o The Rights of Shareholders protect and facilitate the exercise of shareholders right
o The Equitable Treatment of Shareholders all shareholders should be treated equally including minority and foreign. All
should have effective redress for violation of rights
o The Role of Stakeholders recognise the rights of stakeholders and encourage active co-operation between corporations
and stakeholders in creating wealth, jobs and the sustainability of financially sound enterprises
o Disclosure and Transparency ensure timely and accurate disclosure is made on all material matters including the
financial situation, performance, ownership and governance
o The Responsibility of the Board ensure strategic guidance of the company, effective monitoring of management and the
Board accountability to the company and shareholders
The UK Corporate Governance Code: Provides detailed guidance to companies how they should be directed and controlled produced
by the FRC. The Code is not law, however all listed companies on the LSE must comply or explain.
History: As a result of several accounting standards, the Cadbury committee produced a report. Subsequent reports were produced
to provide additional guidance including Greenburt, Turnball and Smith. Following these, the UK Corporate Governance Code was
published to incorporate the Walker Report.
Principles: The Code contains broad principles and more specific provisions.
o Leadership: Board, Responsibilities, EDs vs NEDs (required to challenge), Chairman.
o Effectiveness: Skills, experience and knowledge, director appointment procedures, sufficient time, induction and training,
timely information, annual evaluation of performance, requirement for regular re-election.
o Accountability: Understand the company position, risk management system, formal arrangements for corporate reporting.
o Remuneration: Designed to promote long term success (fair), performance related elements should be transparent,
formal procedures for executive remuneration (no involvement in their own).
o Relations with Shareholders: Dialogue with shareholders, AGM.

3.3 Discuss good corporate governance requirements relating to directors responsibilities and the reporting responsibilities of auditors

Auditors and the Code: The principles and provisions in the accountability section detail with the Board and its auditors. In the UK,
auditors are required to review whether listed companies have complied with specific provisions. The Code suggests the following is
good corporate governance:
o Is the directors responsibility for preparing the annual report and accounts explained?
o Have the directors reviewed and reported on the effectiveness of the risk management and internal control systems?
o Has the board established an AC with at least 3 NEDs or 2 for smaller companies?
o Does the AC have written ToR?
o Is the AC ToR available in the annual report?
o Does the AC arrange methods for staff to report impropriety in financial reporting?
o Dos the AC monitor and review the effectiveness of the external auditors?
Audit and Assurance Revision Notes F8

o Are there procedures in place to ensure auditor independence is maintained where the external auditor provides non-
audit services?
The directors are also responsible for monitoring the effectiveness of systems and control. Internal auditors have an important role
here. The Turnbull report on internal control made the following recommendations:
o Have a defined process for the effectiveness of internal control
o Review regular reports on internal control
o Consider key risks and how they have been managed
o Check the adequacy of action taken to remedy weaknesses and incidents
o Consider the adequacy of monitoring
o Conduct an annual assessment of risks and the effectiveness of internal control
o Make a statement on this process in the annual report

3.4 Analyse the structure and roles of audit committees and discuss their benefits and limitations

Audit Committee: An AC can help maintain objectivity with regards to financial reporting and the audit of financial statements.
Require a written ToR, sub-committee of Board, 3 NEDs.
Role: Internal and External Audit.
o External Audit: Monitor financial statements, implement policy on supply of non-audit services, review and monitor
independence and objectivity, approve remuneration and engagement terms, recommend, appoint, reappoint and
remove external auditor
o Internal Audit: Review internal controls and risk management systems, monitor effectiveness of IA, if no IA consider
annually if one is required
o Other: Monitor arrangements safeguarding the privacy of whistle-blowers
Advantages:
o Increased confidence in financial reports improve quality
o Allow executive directors to devote attention to management time
o Impartial body for auditors to consult
o IA can report to AC
o Independent point of reference for external auditors
Disadvantages:
o Difficulty selecting sufficient NEDs of the necessary competence in auditing matters
o Establishment of a formalised reporting procedure may dissuade audits from raising matters of judgement and limit to
reporting only matters of fact
o Increased costs
o Executive directors may not understand the purpose and perceive it as detracting from their authority

3.5 Explain the importance of internal control and risk management

Recap: The directors are responsible for making sure control and risk management are effective.
Importance: Safeguarding assets, prevent and detect fraud, safeguarding shareholders investment
Overview: Ultimate responsibility lies with the directors. This involves assessing risks to ensure the control framework is designed to
avoid these risks. Directors are responsible for review the control system regularly to ensure it meets its objectives. The Board may
employ an IA function to undertake this task. The system should be reported. The statement should be based on an annual
assessment of internal control which should confirm the Board has considered all significant aspects. In particular:
o Scope and quality of work
o Extent and frequency of reports
o Control failings and weaknesses
o Effectiveness of public reporting processes
o Risk assessment changes

3.6 Discuss the need for auditors to communicate with those charged with governance

Recap: Auditors shall communicate specific matters to those charged with governance (ISA 260). Communication will be on a timely
basis and through the engagement letter, planning letter, planning meeting and report to management.
Importance:
o Assists the auditor to understand audit related matters and develop a constructive working relationship
o Allows the auditor to obtain relevant information
Audit and Assurance Revision Notes F8

o Assists those charged to fulfil their responsibility to oversee the financial reporting process, thus reducing the risks of
material misstatement
Matters to be communicated:
o Planned scope and timing
o Auditor responsibilities in relation to the external audit
o Significant findings
o Auditor independence
Audit and Assurance Revision Notes F8

4. Internal Audit

4.1 Discuss the factors to be taken into account when assessing the need for an Internal Audit function

The Board should consider:

o Trends, or current factors relevant to the companys activities, markets or other aspects of its external environment that
have increased risks
o Internal factors, such as organisational restructuring, changes in reporting systems, underlying information systems
o Adverse events, from the monitoring of internal control systems
o Unexpected occurrences, increased incidence

4.2 Discuss the elements of best practice in the structure and operations of Internal Audit with reference to appropriate international
codes of corporate governance

The UK Corporate Governance Code section on accountability introduces the requirement for the Board to maintain sound risk
management and internal control systems. One way to do this IA, whilst guidance doesnt require listed companies to have IA, many
do. Companies which do not have one, must review where they should on an annual basis.
The requirement for risk management and internal control is often met by a partnership between the Board, Audit Committee and IA
function.
o Board: Overall responsibility to ensure company meets corp gov requirements, consists of ED and NEDs.
o Audit Committee: Sub-committee of the Board and comprised of at least 3 NEDs (2 for small companies).
Responsibilities include reviewing the internal control and risk management systems put in place by the Board, monitor
and review the effectiveness of the IA function, approve appointment/termination of head of IA, review and assess annual
IA work plan. AC meets with Head of IA at least once a year without management present.
o IA function: Internal control available to management. Tasks vary regular reports of IA work, direct access to Board and
AC, accountable to AC.

4.3 Compare and contrast the role of external and internal audit

IA provides independent assurance that a companys risk management, governance and internal control processes are operating
effectively. To do this, IA will examine processes and report directly and independently to senior management.
Unlike external auditors, IA looks beyond financial statements and considers wider issues such as the companys reputation,
compliance with laws and regulations, growth, its impact on the environment and employee satisfaction levels.
External auditors carry out statutory duty to report on FS i.e. present fairly the activities of the business. The external audit will be
conducted in accordance with law / legislation / ISAs.
External Audit: reports to shareholders, independent and not employed, must have qualifications.
Internal Audit: reports to management (AC), independent of activities they audit, can be employed / outsourced. No qualification
requirements however need the relevant skills and experience.
External audit may leverage IA work if the objectives overlap (ISA 610), the following conditions apply:
o Scope of work (is it relevant to EA?)
o Organisational status (how well regarded are IA?)
o Due skill and care (are they appropriately supervised, directed and reviewed?)
o Independence (how are they unbias?)
o Technical competence (do they have the appropriate skills?)
They may also use IA resource to provide direct assistance (under supervision of EA). The external auditor should consider:
o The amount of judgement involved
o The assessed risk of material misstatement
o Existence and significance of threats to objectivity and level of competence
Where they have used direct assistance, they should document:
o Evaluation of existence and significance of threats to objectivity and level of competence
o Basis for the decision
o Who reviewed the work
The audit opinion remains the responsibility of the EA.

4.4 Discuss the scope of internal audit and the limitations of the internal audit function

Scope of IA:
o Value for money audits
o IT audits
Audit and Assurance Revision Notes F8

o Financial audits
o Operational audits
o Regulatory compliance audits
o Fraud investigations
o Customer experience audits
The AC reviews IAs work plan to ensure the work is appropriately focused to the needs of the business. If IA wants to be effective, the
work needs to possess the following qualities; independence, objectivity, due skill and card.
Limitations of IA:
o Independence: IA should be independent of activities they audit e.g. not involved with designing role is to review
effectiveness. IA should have sufficient status and reports should be considered appropriately by directors and
recommendations actioned. IA must have an independent reporting line to the highest level of management / AC.
o Objectivity: Mental attitude consider the facts, no pre-conceived ideas.
o Due skill and care: Wide ranging skills therefore multi-disciplinary team, training, adherence to IA quality control manual
/ procedures, work should be planned, documented, supervised and reviewed.
o IA is not normally subject to any regulatory authority.

4.5 Explain outsourcing and the associated advantages and disadvantages of outsourcing the internal audit function

Advantages:
o More specialist skills SMRs
o More likely to be Independent - not working in organisation
o Flexibility of resourcing cheaper
o No employee costs e.g. HR
Disadvantages:
o Less knowledge of the business
o Does not build in-house expertise
o Expensive
o Sensitive data
Where the IA function is the external auditor = potential self-review threat (independence).

4.6 Discuss the nature and purpose of internal audit assignments including value for money, IT, financial, regulatory compliance, fraud
investigations and customer experience

Value For Money Audits: may be performed by IA to determine whether the optimum combination of goods / services have been
obtained for the lowest level of resource. They focus on the following areas 3Es. Management will need to set objectives for each of
the three areas below detailing the goals / aims in terms of the companys economic purchase of resources, efficient use of
resources and the effectiveness of achieving the objectives. Once the objectives have been set, controls will need to be put in place
to ensure these are met.
o Economy: buying the resources needed at the cheapest cost audits concerned solely with this objective are often
termed best value audits
o Efficiency: using the resources purchased as wisely as possible
o Effectiveness: doing the right things and meeting the organisations objectives
IT Audits: increasingly important, may be a standalone computer, a database, inventory control system or ecommerce activities. An IT
audit will involve testing these internal controls. It is likely a computer specialist is required to test specific controls.
Financial Audits: companies required to develop management accounts to assess business performance, these will be relied upon to
make decisions therefore need to know the info is reliable. IA will review the financial information produced and gather evidence. E.g.
sales revenue test controls to ensure all orders are processed and despatched to customers and invoiced.
Regulatory Compliance Audits: regulatory non-compliance could have a severe impact on business e.g. fines, revoke of licence to
trade. Management need to be up to date with regulatory requirements and put controls in place. It is likely there will be an SMR.
Fraud Investigations: may be in normal BAU audits or instructed to perform a specific investigation
Customer Experience Audits: E.g. collating feedback and making recommendations regarding changes to improve customer
experience.

4.7 Discuss the nature and purpose of operational internal audit assignments

Operational Audits: management / efficiency audits as monitor performance to ensure company policy is adhered to. There are two
aspects:
o Policies are adequate read policies, discuss with staff, assess adequacy, recommendations
o Policies work effectively identify controls, observe them / test them
Audit and Assurance Revision Notes F8

4.8 Discuss the responsibilities of internal and external auditors for the prevention and detection of fraud and error

Responsibilities for fraud and error, External audit:

o No responsibility for prevention
o Responsibility to consider the risk of material misstatement due to fraud / error
o Provides reasonable assurance
o Responsibility to detect fraud and error which has a material impact on FS
Responsibilities for fraud and error, Internal audit:
o Directors are responsible for prevention and detection
o IA can assist with the prevention of fraud and error by assessing the effectiveness of internal control systems
o Existence of IA may act as a deterrent
o Can contribute to detection by reporting suspicions
o May be called to investigate
Audit and Assurance Revision Notes F8

5. Professional Ethics and Quality Control Procedures

5.1 Define and apply the fundamental principles of professional ethics of integrity, objectivity, professional competence and due care,
confidentiality and professional behaviour

ACCA has adopted the Code of Ethics for Professional Accountants (the Code) which is issued by the International Ethics Standards
Board for Accountants (IESBA). The Code applies to all members, affiliates and students, these individuals are referred to as
professional accountants.
Children Play In Odd Places
1. Confidentiality: Respect confidentiality of information. They should not disclose this to third parties without authority.
2. Professional Competence and Due Care: Maintain professional knowledge and skill to ensure clients / employees receive
competent professional service. They should act diligently in accordance with standards.
3. Integrity: Should be straightforward and honest. Implies fair dealing and truthfulness.
4. Objectivity: Not allow bias, conflicts of interest or undue influence of others to override professional / business judgment.
5. Professional Behaviour: Comply with relevant laws and regulations and avoid any action that discredits the profession.

5.2 Define and apply the conceptual framework including the threats to the fundamental principles of self-interest, self-review,
advocacy, familiarity and intimidation

There are five categories of threat:

ASIFS
1. Advocacy Threat: Promoting clients position to point objectivity is compromised.
2. Self Interest Threat: Risk that a financial or other interest will influence judgement or behaviour i.e. COI gains for firm /
personal gains.
3. Intimidation Threat: Deterred from acting objectively because of actual / perceived pressures.
4. Familiarity Threat: Close relationship with client / long relationship could lead to be too sympathetic.
5. Self-Review Threat: Review own work impairing judgement.

5.3 Discuss the safeguards to offset the threats to the fundamental principles

1. Advocacy Threat: Example acting on behalf of a client in disputes or promoting shares of a listed audit client. Say no!
2. Self Interest Threat: Example owning shares, receiving gift from client. Sell shares, do not accept gifts!
3. Intimidation Threat: Example being pressured to reduce work performed to reduce fees. Say no!
4. Familiarity Threat: Example Audited same client for years. Change audit partner!
5. Self-Review Threat: Example preparing FS to be audited by same firm. Use separate teams!

5.4 Describe the auditors responsibility with regard to auditor independence, conflicts of interest and confidentiality

Independence: Of mind and appearance. There are some additional requirements for public listed entities, these are defined as all
listed entities / entities that are of a significant public interest because of their business / size / no of employees / no of
stakeholders e.g. banks.
o Threats arising from financial matters: Financial interests, loans and guarantees, gifts and hospitality, fees. If audit client
is a PIE, there are additional requirements. If total fees > 15% of total fees received by the firm there is likely to be
dependence on the client = safeguards required.
o Threats arising from employment and other relationships: Business relationships, personal relationships, actual or
threatened litigation, long association, employment. If audit client is a PIE, additional requirements. If audit partner had
previous employment, should not accept a managerial position unless > 12 months have passed. Additionally a key audit
partner (engagement partner / quality partner / key decisions), must rotate after 7 years and not return for 2 years.
o Threats arising from provision of non-assurance services: preparing accounting records and financial statements, tax
services, internal audit services. If the client is a PIE, additional requirements. No accounting services should be provided
unless an emergency.
Confidentiality: Members acquiring information in the course of their professional work should not disclose any information to third
parties without obtaining permission. However, there are some circumstances where members may disclose information without
permission:
o Obligatory disclosure: Where required by law e.g. terrorism, money laundering, by process of law e.g. court order,
reporting to regulators
o Voluntary disclosure: Public interest, protect a members interests e.g. legal action / sue for fees, authorised by statute, to
non-governmental bodies
Audit and Assurance Revision Notes F8

5.5 Discuss the requirements of professional ethics and ISAs in relation to the acceptance / continuance of an audit engagement

New auditors should be appointed in a proper and legal manner. Before accepting the auditor must consider the following:
o Ensure professionally qualified to act i.e. consider whether disqualified on legal / ethical grounds
o Ensure existing resources are adequate i.e. expertise, time etc
o Obtain references i.e. enquire if directors are personally known
o Communicate with present auditors i.e. understand reasons behind the change, courtesy
The auditor must communicate with the present auditor to determine whether there are any professional reasons why they should not
accept appointment. If the audit client refuses permission to correspond with the new auditor, the new auditor should not accept
appointment.
After accepting nomination:
o Ensure resignation properly conducted in accordance with national regulation
o Ensure new appointment conducted properly
o Agree terms of engagement (ISA 2010)

5.6 Explain the preconditions for an audit

The use by management of an acceptable financial reporting framework in the preparation of financial statements
Obtain managements agreement (written representation) that it acknowledges and understands its responsibilities for:
o Preparing financial statements
o Establishing the internal controls
o Provides the auditor with access to all records and documentation
If the above has not been agreed, the auditor cannot start the engagement

5.7 Explain the process by which an audit obtains an audit engagement

Subject to rules, members may advertise / promote services and achievements in any way they see fit, ensuring this does not reflect
adversely on the firm / ACCA / profession.
Promotions should not:
o Bring ACCA into disrepute or discredit the firm / ACCA / profession
o Discredit the services of others
o Be misleading (direct / implied)
o Fall short of UK Advertising Standards Authoritys Code (legality, decency, clarity, honesty and truthfulness).
o Be clearly distinguishable as an advert
o Any reference to fees should not mislead the reader
o Promotional activities should not amount to harassment
o Commissions, fees or rewards in return for introduction are permitted as long as appropriate safeguards are in place e.g.
disclosure

5.8 Discuss the importance of engagement letters and their contents

Terms are agreed to avoid misunderstanding. It should include the following:

o Objective and scope
o Auditor responsibilities
o Management responsibilities
o Identification of financial reporting framework for preparation
o Reference to expected form and content of any reports to be issued by the auditor and a statement that there may be
circumstances in which a report may differ

5.9 Explain the quality control procedures that should be in place over engagement performance, monitoring quality and compliance
with ethical requirements

Auditors must implement quality control procedures over each engagement to obtain reasonable assurance the engagement
complies with professional standards and the report issued is appropriate.
The audit engagement partner has overall responsibility to ensure quality control procedures have been adhered to, should be
satisfied the team are competent, responsibility for the direction, supervision and review of the audit and must ensure where
contentious matters arise the audit team has taken appropriate consultation.
Audit and Assurance Revision Notes F8

Quality control reviews are required for audits of listed entities and any other engagements where the audit firm has determined a
quality control review is required. It should evaluate significant judgments made by the audit team and the conclusions reached.
The work will include a discussion of significant matters with the engagement partner, a review of the financial statements for the
report, a review of audit documentation relating to significant judgements and an evaluation of the conclusions reached.
For listed companies, the reviewer should consider the firms independence, whether appropriate consultation has taken place on
difficult matters, whether audit documentation supports the conclusions reached.
The quality control should document that quality control procedures have been performed, that the review was completed on or
before the date of the report and that they are not aware of any unresolved matters that would render judgements / conclusions
inappropriate.
Audit and Assurance Revision Notes F8

6. Risk Assessment

6.1 Identify the overall objectives of the auditor and the need to conduct an audit in accordance with ISAs

ISA 200: Overall objectives of the independent auditor and the conduct of an audit in accordance with ISAs state auditors must plan
and perform the audit with professional scepticism, exercise professional judgment and undertake a risk based approach.

6.2 Explain the need to plan and perform audits with an attitude of professional scepticism and to exercise professional judgement

Professional scepticism: recognise circumstances may exist that cause the financial statements to be materially misstated. This
requires:
o Critical assessment question the validity of evidence obtained
o Alertness to contradictory evidence
o No assumption that management is dishonest / honest
Professional judgment: in planning and performing an audit, specifically in the following areas; materiality and audit risk, nature
timing and extent of audit procedures, evaluation of whether sufficient appropriate audit evidence has been obtained, evaluate
managements judgments in applying the applicable financial reporting framework, drawing conclusions on the audit evidence
obtained
Risk based approach: this means the auditor must analyse the risk in the clients business, transactions and systems that could lead
to material misstatement, direct testing to risky areas.

6.3 Explain the components of audit risk. Explain the audit risks in the financial statements and explain the auditors response to each
risk

ISA 200 required audit to obtain reasonable assurance, the auditor shall obtain sufficient and appropriate audit evidence to reduce
audit risk to an acceptably low level to draw reasonable conclusions on which to base the auditors opinion.
Audit Risk: the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially
misstated
o Audit Risk = Inherent Risk * Control Risk * Detection Risk (sampling / non sampling)
Inherent Risk: susceptibility of an assertion to a misstatement assuming no related internal control. This risk is greater for some
assertions and transactions that others e.g. complex calculations, accounts derived from accounting estimates etc. External
circumstances giving rise to business risks may also influence inherent risk.
Control Risk: misstatement could occur in an assertion that could be material that will not be prevented or detected and corrected
on a timely basis by the internal controls. Some control risk will always exist because of the inherent limitations.
Detection Risk: Auditors procedures will not detect a misstatement exists in an assertion. Primiarly a consequence that the auditor
only tests on a sample basis. Non sampling risks include lack of experience, time pressure, financial constraints, poor planning, lack
of industry knowledge.

6.4 Define and explain the concepts of materiality and performance materiality

ISA 320. The auditor should consider materiality and its relationship with audit risk. Information is material if omission /
misstatement could influence economic decisions.
o Auditor must be concerned with identifying material errors, omissions and misstatements. Both the amount and nature
need to be considered.
o The auditor therefore has to set materiality levels (judgment). The higher the audit risk, the lower the value of materiality.
The level set has a critical impact on the nature, timing and extent of audit procedures (lower materiality = more work) and
evaluating the effect of misstatements i.e. whether to seed adjustments or the degree of any auditors report
modification.
Calculation guidance:
o Between 0.5 / 1 % of revenue
o Between 1 / 2 % of total assets
o Between 5 / 10 % of profit before tax
Performance materiality:
o Less than materiality calculated during planning to reduce the risk that the aggregate of uncorrected and undetected
misstatements exceed materiality for the financial statements as a whole. It also refers to the amounts set by the auditor
at a less than materiality level for particular transactions. Determining this involves exercising professional judgment. It is
affected by the understanding of the entity and the results of risk assessment procedures.
Revising materiality:
Audit and Assurance Revision Notes F8

o May need to be revised due to events, new information or a change in understanding. In evaluating whether FS provide a
true and fair view, the auditor should assess the materiality of the aggregate uncorrected misstatements. This is
documented on a schedule of unadjusted differences.
Documentation:
o Materiality for FS as a whole
o Materiality for particular classes of transactions, account balances, disclosures etc
o Performance materiality
o Any revision of the above

6.5 Explain how auditors obtain an initial understanding of the entity and its environment

Firstly, perform risk assessment procedures to understand the entity and environment, secondly assess the risk of material
misstatement at the financial statement and assertion level. Key considerations:
o Industry, regulatory and other external factors including the applicable financial reporting framework
o Nature of the entity
o Objectives and strategies and related business risks
o Measurement and review of entitys financial performance
o Selection and application of accounting policies
o Internal control
Assessing risk:
o Identify the entity and environment including internal control
o Relating risks to what can go wrong at the assertion level
o Considering the significance and likelihood
o Establish materiality and assess whether appropriate
o Develop expectations for use when performing analytical procedures
o Designing and performing further audit procedures to reduce audit risk to an acceptably low level
o Evaluate the sufficiency and appropriateness of audit evidence
Risk assessment includes both an assessment of audit and business risk
o Business risks result from significant conditions, events etc that could adversely affect the entitys ability to achieve its
objectives and execute strategies. It is usually financial, operational and compliance risk. The auditor should understand
business risks relating to financial reporting objectives and determine whether it is significant. The following factors may
impact this:
Risk of fraud
Its relationship with recent economic, accounting or other developments
Degree of subjectivity in the financial information
Its an unusual transaction
Its a significant transaction
Complexity of the transaction
ISA 314 requires the following procedures to obtain an understanding of the environment; enquiry of management, analytical
procedures, observation and inspection.

6.6 Describe and explain the nature and purpose of analytical procedures in planning

ISA 520. Means the analysis of relationships to identify inconsistencies and unexpected relationships. These should be applied as
part of the risk assessment and overall review at the end of the audit. They can be used as substantive audit evidence when more
effective / efficient that tests of detail in reducing detection risk for specific assertions.
Analytical procedures include:
o Prior periods
o Budgets and forecasts
o Industry information
o Predictive estimates i.e. expectations
o Relationships between elements of financial information and non financial information

6.7 Compute and interpret key ratios used in analytical procedures

Profitability
o Return on capital employed (ROCE) = PBIT / (share capital + reserves + NC liabilities)
o Net profit margin = PBIT / revenue
Audit and Assurance Revision Notes F8

o Asset turnover = revenue / (share capital + reserves + NC liabilities)

o Gross margin = gross profit / revenue
Liquidity
o Current ratio = current assets / current liabilities
o Quick ratio (Acid Test) = (current assets inventories) / current liabilities
o Inventory turnover = (inventories / cost of sales) * 365 or (cos / inventories) = no of times turnover
o Trade receivable days = (trade receivables / credit sales) * 365
o Trade payable days = (trade payables / credit purchases) * 365
Gearing
o Debt / equity = interest bearing debt / share capital and reserves

6.8 Discuss the effect of fraud and misstatements on the audit strategy and extent of audit work

ISA 240 requires audit to obtain an understanding of how those charged with governance exercise oversight over the identification of
the fraud risks and the implementation of the internal control. Where risk assessment suggests material misstatement from fraud,
the main effects will relate to:
o Assignment and supervision of personnel
o Consideration of accounting policies
o Unpredictability in nature, timing and extent of audit procedures
Audit and Assurance Revision Notes F8

7. Audit Planning and Documentation

7.1 Identify and explain the need for and importance of planning an audit

ISA 300 states the auditor should plan the audit work so that it is performed effectively. This involves establishing the overall audit
strategy for the engagement and developing an audit plan.
The form and nature of planning is affected by the size of the organisation, complexity of the audit, experience, knowledge of the
business, commercial environment, reporting requirements etc.
Objectives of planning
o Ensure appropriate efforts are on the important areas
o Ensure potential problems are identified
o Ensure work is completed quickly
o Resource appropriately
Planning decisions may be changed throughout the audit, these must be documented with sufficient rationale.

7.2 Identify and describe the contents of the overall audit strategy and audit plan

The audit strategy includes the financial reporting framework, reporting requirements, coverage, knowledge, availability of data and
team, materiality, expected control testing, use of CAATs, budgeting etc. The audit strategy guides the development of the audit plan.
The audit plan is more detailed and includes the nature, timing and extent of audit procedures timetable and staff allocation, audit
procedures for each material class of transaction etc, planning these procedures takes place over the course of the audit.

7.3 Explain and describe the relationship between the overall audit strategy and the audit plan

The audit strategy guides the development of the audit plan. The audit plan is more detailed.

7.4 Explain the difference between interim and final audit

The main audit procedures are carried out in two phases, the interim and final:
o Planning visit happens approx. midway through the year
o The interim audit follows
o The final audit is after the year end
The interim audit will include analytical procedures, risk assessments, test of controls, review of relevant reports, substantive testing
for the first half of the year
The final audit will include finishing the tests from the first half of the year and performing more detailed testing. At this stage, the FS
and trial balance will be available.

7.5 Describe the purpose of an interim audit, and the procedures likely to be adopted at this stage in the audit

The interim audit procedures are likely to include:

o Analytical procedures
o Test of controls
o Updating risk assessments
o Review of relevant internal audit reports
o Substantive testing (transactions in first part of year)
The final audit procedures are likely to include:
o Completion of tests of controls and substantive tests of transactions started at interim
o Analytical procedures on financial statements
o Detailed substantive testing of financial statements

7.6 Describe the impact of the work performed during the interim audit on the final audit

Spread of workload
Audit and Assurance Revision Notes F8

7.7 Explain the need for and the importance of audit documentation

Audit documentation is the record of procedures performed, relevant evidence obtained and conclusions reached (working papers).
This should be prepared on a timely basis (ISA 230).
Purpose:
o Assist in planning and performance of audit
o Assist in the supervision and review of audit
o Enable the audit team to be accountable for its work
o Retain a record of matters of continuing significance to future audits
o Enable quality control review to be performed

7.8 Describe the form and contents of working papers and supporting documentation

Contents:
o Sufficiently compete and detailed to enable an experienced auditor to be able to understand the work performed and
conclusions
o Should record information on the planning, nature, timing, extent of audit procedures performed, results and conclusions
from the evidence
o Auditors reasoning on all significant matters requiring exercise of judgement with auditor conclusions
Types:
o Permanent File (information of continuing importance) e.g. engagement letters, legal documents, detailed of the history,
previous accounts, accounting notes etc
o Current File (relevant to current year audit) e.g. FS, audit strategy, audit plan, details of testing, review notes etc

7.9 Explain the procedures to ensure safe custody and retention of working papers and supporting documentation

The firm should establish policies and procedures designed to maintain confidentiality, safe custody, integrity, accessibility and
retrievability of documentation e.g. password restricted access, back up routines, confidential storage of hard copies.
ACCA recommends 7 year retention period.