Вы находитесь на странице: 1из 327


Audit and Assurance

Study Manual
For Exams until June 2021


British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library


ISBN 978-1-78480-774-0

Third Edition 2020

© 2020 InterActive World Wide Limited

London School of Business & Finance and the LSBF logo are trademarks or registered
trademarks of London School of Business & Finance (UK) Limited in the UK and in
other countries and are used under license. All used brand names or typeface names
are trademarks or registered trademarks of their respective holders.
We are grateful to the Association of Chartered Certified Accountants (ACCA) for
permission to reproduce syllabuses, study guides and pilot/specimen papers.
We are grateful to the Chartered Institute of Management Accountants (only where
applicable) and the Institute of Chartered Accountants in England and Wales (only
where applicable) for permission to reproduce past exam questions. The answers
have been prepared by InterActive World Wide.
All our rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior written permission of
InterActive World Wide.


Getting Started on Audit and Assurance����������������������������������������������������������������������� 5

Chapter 1 - Audit Framework and Regulation������������������������������������������������������������� 33
Chapter 2 - Professional Ethics������������������������������������������������������������������������������������ 65
Chapter 3 - Pre-acceptance, Planning and Risk Assessment��������������������������������������� 81
Chapter 4 - Internal Control��������������������������������������������������������������������������������������� 119
Chapter 5 - Audit Evidence – Testing������������������������������������������������������������������������� 157
Chapter 6 - Audit Evidence – Other Issues to Consider��������������������������������������������� 197
Chapter 7 - Audit Completion������������������������������������������������������������������������������������ 217
Chapter 8 - Reporting������������������������������������������������������������������������������������������������ 231
Chapter 9 - Internal Audit������������������������������������������������������������������������������������������ 249
Question bank����������������������������������������������������������������������������������������������������������� 263
Index�������������������������������������������������������������������������������������������������������������������������� 325


Getting Started on Audit
and Assurance


Aim of the paper

The aim of the paper is to develop knowledge and understanding of the process
of carrying out the assurance engagement and its application in the context of the
professional regulatory framework.

Outline of the syllabus

A. Audit framework and regulation
B. Planning and risk assessment
C. Internal control
D. Audit evidence
E. Review and reporting

Format of the exam

The syllabus is assessed by three-hour computer-based examination. All questions
are compulsory. The exam will contain both computational and discursive elements.
Some questions will adopt a scenario/case study approach.
The total exam time is 3 hours in length. Prior to the start of the exam candidates are
given an extra 10 minutes to read the exam instructions.
Section A of the exam comprises three 10 mark case-based questions. Each case has
five objective test questions worth 2 marks each.
Section B of the exam comprises one 30 mark question and two 20 mark questions.
Section B of the exam will predominantly examine one or more aspects of audit and
assurance from planning and risk assessment, internal control or audit evidence,
although topics from other syllabus areas may also be included.


Efficient and effective studying with us

1. Study in a good environment
There are so many potential distractions you need to avoid. Your studies require
you to gain enough depth of knowledge. E-mail, mobile phones, social networking
sites act as threats to you. For example, seeing that you have a new e-mail in your
Inbox distracts you and it is hard not to respond to its existence, even if it is only
spam e-mail. Get away from all of these and you’ll have a far better retention of the
knowledge you have gained. You’ll stay alert if you sit at a desk so long as you don’t
have your PC/Mac on!
2. Get an overview of the subject early
Knowing the big picture of the subject you are about to study is a great way to study
efficiently. This is hard for you to gain without knowledge of the subject, so use the
knowledge of your provider of material for the exam, like the Overview given in this
Study Manual.
3. Study when best for you in the day
Many people can double their reading speed and improve their concentration by
studying early in the day. Also it has been shown that revision in the evening without
major distractions afterwards (avoid late-night parties, for example!) allows your brain
to work on the material once you are asleep and can significantly improve your memory.
4. Skim the chapter first for the main ideas
Read the Chapter Context and scan the structure of the main chapter sections. You’ll
improve your reading speed and comprehension if you understand the structure of
the chapter first.
5. Form a question or questions
Boost your reading comprehension, reading speed, and concentration by formulating
your own questions (write them down if it helps) and/or using the ones that we have
provided. Read the chapter to obtain the answers. Your reading speed improves by
doing this, and you become far more focused on your material so you will retain
more. Use the following questions – what, when, why, who, which, where, how –
and the main section titles in the chapter.
6. Take notes
Improve your overall study effectiveness by jotting brief notes immediately after
reading each section of the chapter. Linking your points together, using a mind map
for example, helps memory. Refer back to your notes later to test your understanding
(and see point 7 below).
7. But avoid highlighting
Although some readers believe that highlighting in yellow (or any other colour, for
that matter) improves their reading speed and comprehension, the reverse is actually
true. Highlighting simply means they don’t bother learning the material right now.


The result: they end up reading the material twice, and possibly not understanding or
remembering it either time! Similarly, using material that has been highlighted by the
publisher is ineffective for your learning.
8. Repetition, repetition, repetition
We learn by repeating. It can be shown that if you don’t repeat knowledge almost
immediately then you have no chance of remembering it. We also need to repeat
that knowledge again within the next 90 to 120 minutes or we will forget it. So build
in time to your studies to do this, it will be very effective for you. How do we learn?
9. What’s the story?
At the end of each chapter, try to generate your own story for what you have just
been reading. Use the Questions at the start of the Chapter and the Key Learning
Points at the end of the Chapter to help here. Making your own story is a very
powerful way of helping you remember. It can have a start a middle and an end, just
like a normal story!


Our material – how we help you

99 Our authors are all experienced at producing targeted material for your exam.
So you will gain from that wealth of knowledge, for example by understanding
the Overview of the syllabus at the start of your studies and reviewing your
knowledge in line with it as you progress.
99 Our material is based on knowledge of how your brain works to help you
study better.
99 We pose you questions at the start of each chapter to assist your learning and
boost your interest and retention. Look for the ‘3 Questions’ that we have at
the start of each chapter. These help you become engaged with the material
and will mean you can answer the three questions better as well as the other
material in the chapter. For example:

1. Can you describe each of the key three decisions?


2. What aim in a company is ‘a fundamental aim’ and hence key to this paper?
3. What types of government policy can come into conflict?

99 You will be advised where you should stop and spend time learning/
memorising key facts or knowledge. Look out for the ‘Learn’s to help your
repetition of important knowledge.

G Learn
99 Similarly if you have to be familiar with the principles behind a few paragraphs
(such as a calculation) then we will prompt you with ‘Principle’ plus guidance
on what to go back for. Take time to stop yourself and check that you are
happy with these, they are key for the exam. For example:

P Principle
Learn the steps above so you can apply them in the exam

99 You will find when a formula or other information is given in the exam. Look
out for the ‘Given’s.

ü Given
99 We want you to build up a ‘story’ based on the material to help you remember
it better. When you see the ‘What’s the Story’ at the end of each chapter, take
time to link the chapter together and also link to any relevant previous chapters.


What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

99 Importantly, we don’t bloat our material with extra unneeded features (for
example in the margins of the page, which are inefficient for students to learn
from). All the reminders to learn are in the centre of the page.
99 You will leave with ‘Key learning points’ to go away with that will help you
build up that story.
99 We are interested in your feedback – please complete the Feedback Form at
the end of studying this paper and have the chance to win a prize!


The ACCA Audit and Assurance paper, looks at an important area for many
accountants. It is important that organisations, such as companies, produce financial
statements that can be relied upon by the users of those financial statements. Audit
and Assurance looks at the background framework and regulation as well as the
procedures to help this happen.
The syllabus states that the aim of the paper is ‘to develop knowledge and
understanding of the process of carrying out the assurance engagement and its
application in the context of the professional regulatory framework’.
Let’s see how this is reflected in this Study Manual and its chapters. There are
chapters that cover the background to audit and assurance. We will then move onto
the planning and preparation for the audit, which require the auditor to understand
the risks involved and the internal controls in place. The auditor then has to gain
sufficient audit evidence to be able to give an opinion on the financial statements.
This means the audit can be completed and reported upon. Finally we will see
Internal Audit, which looks at how a company will check its own activities through
the year to give greater confidence in its financial statements

Background to audit and assurance

We cover Audit Framework and Regulation (Chapter 1) so that you can see
why audits are required and the legal and professional requirements for them.
Professional Ethics and Other Pre-Acceptance Issues (Chapter 2) gives guidance on
whether an auditor is able to properly accept an audit engagement.

Planning and Preparation

Once we are sure that we, as auditor, can conduct an audit then Planning and Risk
Assessment (Chapter 3) helps us decide how complex the audit is and how much risk
there will be in giving an audit opinion. Some of this decision will be based on how
strong the Internal Control (Chapter 4) system is within the organisation.

Audit evidence
Audit Evidence – Testing (Chapter 5) looks at how we gather evidence to get
assurance on the organisation. Audit Evidence – Other Issues to Consider (Chapter 6)
makes sure that we have suitable evidence.

Completion and reporting

Firstly we look at Audit Completion (Chapter 7) to ensure that we have suitable
evidence given the planning and risks we were facing. Reporting (Chapter 8) looks
at where we can give a ‘true an fair’ audit report or whether we have to modify the
report in light of the evidence found.

Internal audit
Finally Internal Audit (Chapter 9) shows how organisations can conduct audit procedures
themselves to give more confidence that their financial statements are reliable.


Audit and Assurance

Framework and Regulation

Professional Ethics and Other Pre-Acceptance Issues Internal Audit

Planning and Preparation

Planning and Risk Assessment

Internal Controls

Audit Evidence

Other Issues to Consider

Completion and Reporting

Audit Completion

You can see the diagram covers the main areas that we have discussed.
Learn this diagram so that you can see where the subjects you have learnt fits in. It
will be useful to come back to so that you can see the ‘big picture’ for the paper.
Finally look around at businesses or other organisations that you are involved with.
If you are involved in audit work, whether internal or external this will help you see
things in practice. If not think how you would apply the knowledge you are gaining
to the businesses and organisations you know. If you can think how you would apply
your knowledge there you will be in a stronger position for the exam.


Syllabus and Study Guide







1. Intellectual levels
2. Learning hours and educational recognition
3. The structure of the ACCA Qualification
4. Guide to ACCA examination structure and delivery mode
5. Guide to ACCA examination assessment


6. Relational diagram linking Audit and Assurance with other exams
7. Approach to examining the syllabus
8. Introduction to the syllabus
9. Main capabilities
10. The syllabus


11. Detailed study guide
12. Summary of changes to Audit and Assurance (AA)

The syllabus is designed to progressively broaden and deepen the knowledge, skills
and professional values demonstrated by the student on their way through the
The specific capabilities within the detailed syllabuses and study guides are assessed
at one of three intellectual or cognitive levels:

Level 1: Knowledge and comprehension

Level 2: Application and analysis
Level 3: Synthesis and evaluation

Syllabus and Study Guide

Very broadly, these intellectual levels relate to the three cognitive levels at which the
Applied Knowledge, the Applied Skills and the Strategic Professional exams are assessed.
Each subject area in the detailed study guide included in this document is given a 1,
2, or 3 superscript, denoting intellectual level, marked at the end of each relevant
learning outcome. This gives an indication of the intellectual depth at which an area
could be assessed within the examination. However, while level 1 broadly equates
with Applied Knowledge, level 2 equates to Applied Skills and level 3 to Strategic
Professional, some lower level skills can continue to be assessed as the student
progresses through each level. This reflects that at each stage of study there will
be a requirement to broaden, as well as deepen capabilities. It is also possible that
occasionally some higher level capabilities may be assessed at lower levels.


The ACCA qualification does not prescribe or recommend any particular number of
learning hours for examinations because study and learning patterns and styles vary
greatly between people and organisations. This also recognises the wide diversity of
personal, professional and educational
circumstances in which ACCA students find themselves.
As a member of the International Federation of Accountants, ACCA seeks to enhance
the education recognition of its qualification on both national and international
education frameworks, and with educational authorities and partners globally. In doing
so, ACCA aims to ensure that its qualification is recognised and valued by governments,
regulatory authorities and employers across all sectors. To this end, ACCA qualification
is currently recognised on the education frameworks in several countries. Please refer
to your national education framework regulator for further information.
Each syllabus is organised into main subject area headings which are further broken
down to provide greater detail on each area.



ACCA member
Strategic Professional
Essentials Options (Pick 2)
Strategic Business Advanced Audit and Advanced Performance
Leader Assurance Management Requirement
Strategic Business Advanced Financial Advanced As well as
Reporting Management Taxation completing
exams and
the Ethics and
Ethics and Professional Skills module (EPSM) Professional Skills
EPSM prepares you for the Strategic Professional exams as well as module, you
providing you with the skills needed to become a trusted finance need to complete
professional in today’s digital world. three years’
relevant work
Applied Skills experience.
Performance Audit and
Management Assurance
Corporate and Financial Financial
Business Law Reporting Management

Applied Knowledge
Accountant Financial Management
in Business Accounting Accounting

Find out more about ACCA’s Foundation level qualification at

*See accaglobal.com for details


The structure and delivery mode of examinations varies.
Applied Knowledge
The Applied Knowledge examinations contain 100% compulsory questions to
encourage candidates to study across the breadth of each syllabus. These are
assessed by a two-hour computer based examination.

Syllabus and Study Guide

Applied Skills
The Corporate and Business Law exam is a two-hour computer-based objective test
examination for English and Global. For the format and structure of the Corporate
and Business Law or Taxation variant exams, refer to the ‘Approach to examining the
syllabus’ in section 9 of the relevant syllabus and study guide.
For the format and structure of the variant exams, refer to the ‘Approach to
examining the syllabus’ section below.
The other Applied Skills examinations (PM, TX-UK, FR, AA, and FM) contain a mix of
objective and longer type questions with a duration of three hours for 100 marks.
These are assessed by a three hour computer-based exam. Prior to the start of
each exam there will be time allocated for students to be informed of the exam
The longer (constructed response) question types used in the Applied Skills exams
(excluding Corporate and Business Law) require students to effectively mimic
what they do in the workplace. Students will need to use a range of digital skills
and demonstrate their ability to use spread sheets and word processing tools
in producing their answers, just as they would use these tools in the workplace.
These assessment methods allow ACCA to focus on testing students’ technical
and application skills, rather than, for example, their ability to perform simple
Strategic Professional
Strategic Business Leader is ACCA’s case study examination at Strategic Professional
and is examined as a closed book exam of four hours, including reading, planning
and reflection time which can be used flexibly within the examination. There is no
pre-seen information and all exam related material, including case information
and exhibits are available within the examination. Strategic Business Leader is an
exam based on one main business scenario which involves candidates completing
several tasks within which additional material may be introduced. All questions are
compulsory and each examination will contain a total of 80 technical marks and 20
Professional Skills marks.
The other Strategic Professional exams are all of three hours and 15 minutes
duration. All contain two sections and all questions are compulsory. These exams all
contain four professional marks.
From March 2020, Strategic Professional exams will become available by computer
based examination. More detail regarding what is available in your market will be on
the ACCA global website.
With Applied Knowledge and Applied Skills exams now assessed by computer based
exam, ACCA is committed to continuing on its journey to assess all exams within the
ACCA Qualification using this delivery mode.
The question types used at Strategic Professional again require students to effectively
mimic what they would do in the workplace and, with the move to CBE, these
exams again offer ACCA the opportunity to focus on the application of knowledge to


scenarios, using a range of tools – spread sheets, word processing and presentations
-not only enabling students to demonstrate their technical and professional skills but
also their use of the technology available to today’s accountants.
ACCA encourages students to take time to read questions carefully and to plan
answers but once the exam time has started, there are no additional restrictions as
to when candidates may start producing their answer.
Time should be taken to ensure that all the information and exam requirements are
properly read and understood.
The pass mark for all ACCA Qualification examinations is 50%.


ACCA reserves the right to examine any learning outcome contained within the
study guide. This includes knowledge, techniques, principles, theories, and concepts
as specified. For the financial accounting, audit and assurance, law and tax exams
except where indicated otherwise, ACCA will publish examinable documents once a
year to indicate exactly what regulations and legislation could potentially be assessed
within identified examination sessions.
For most examinations (not tax), regulations issued or legislation passed on or before
31 August annually, will be examinable from 1 September of the following year to 31
August of the year after that. Please refer to the examinable documents for the exam
(where relevant) for further information.
Regulation issued or legislation passed in accordance with the above dates may be
examinable even if the effective date is in the future.
The term issued or passed relates to when regulation or legislation has been
formally approved.
The term effective relates to when regulation or legislation must be applied to an
entity transactions and business practices.
The study guide offers more detailed guidance on the depth and level at which the
examinable documents will be examined. The study guide should therefore be read
in conjunction with the examinable documents list.
For UK tax exams, examinations falling within the period 1 June to 31 March will
generally examine the Finance Act which was passed in the previous year. Therefore,
exams falling in the period 1 June 2020 to 31 March 2021 will examine the Finance
Act 2019 and any examinable legislation which is passed outside the Finance Act
before 31 May 2019.
For additional guidance on the examinability of specific tax rules and the depth in
which they are likely to be examined, reference should be made to the relevant
Finance Act article written by the examining team and published on the ACCA website.
None of the current or impending devolved taxes for Scotland, Wales, and Northern
Ireland is, or will be, examinable.

Syllabus and Study Guide


This diagram shows links between this exam and other exams preceding or following
it. Some exams are directly underpinned by other exams such as Advanced Audit
and Assurance by Audit and Assurance. This diagram indicates where students are
expected to have underpinning knowledge and where it would be useful to review
previous learning before undertaking study.

Advanced Audit
Strategic Business
and Assurance
Reporting (SBR)

Corporate Audit and

and Business Assurance
Reporting (FR)
Law (LW) (AA)


The syllabus is assessed by a three-hour computer based examination. All questions
are compulsory. The exam will contain both computational and discursive elements.
Some questions will adopt a scenario/case study approach. Prior to the start of the
exam candidates are given an extra 10 minutes to read the exam instructions.
Section A
Section A of the exam comprises three 10 mark case-based questions. Each case has
five objective test questions worth 2 marks each.
Section B
Section B of the exam comprises one 30 mark question and two 20 mark questions.
Section B of the exam will predominantly examine one or more aspects of audit and
assurance from planning and risk assessment, internal control or audit evidence,
although topics from other syllabus areas may also be included.
Total 100 marks



The Audit and Assurance syllabus is essentially divided into five areas. The syllabus
starts with the nature, purpose and scope of assurance engagements, including
the statutory audit, its regulatory environment, and introduces governance and
professional ethics relating to audit and assurance.
It then leads into planning the audit and performing risk assessment.
The syllabus then covers a range of areas relating to an audit of financial statements
including the scope of internal control and the role and function of internal audit.
These include, evaluating internal controls, audit evidence, and a review of the
financial statements.
In addition to final review procedures, the final section concentrates on reporting,
including the form and content of the independent auditor’s report.

On successful completion of this exam, candidates should be able to:
A. Explain the concept of audit and assurance and the functions of audit, corporate
governance, including ethics and professional conduct.
B. Demonstrate how the auditor obtains and accepts audit engagements, obtains
an understanding of the entity and its environment, assesses the risk of material
misstatement (whether arising from fraud or other irregularities) and plans an
audit of financial statements
C. Describe and evaluate internal controls, techniques and audit tests, including
IT systems to identify and communicate control risks and their potential
consequences, making appropriate recommendations. Describe the scope, role
and function of internal audit.
D. Identify and describe the work and evidence obtained by the auditor and others
required to meet the objectives of audit engagements and the application of the
International Standards on Auditing (ISAs)
E. Explain how consideration of subsequent events and the going concern principle
can inform the conclusions from audit work and are reflected in different types
of auditor’s report, written representations and the final review and report.

Syllabus and Study Guide

Audit framework and regulation (A)

Planning and risk assessment (B)

Internal control (C) Audit evidence (D)

Review and reporting (E)

This diagram illustrates the flows and links between the main capabilities of
the syllabus and should be used as an aid to planning teaching and learning in a
structured way.


A. Audit framework and regulation
1. The concept of audit and other assurance engagements
2. External audits
3. Corporate governance
4. Professional ethics and ACCA’s Code of Ethics and Conduct
B. Planning and risk assessment
1. Obtaining, accepting and continuing audit engagements
2. Objective and general principles
3. Assessing audit risks
4. Understanding the entity and its environment
5. Fraud, laws and regulations
6. Audit planning and documentation
C. Internal control
1. Internal control systems
2. The use and evaluation of internal control systems by auditors
3. Tests of controls
4. Communication on internal control


5. Internal audit and governance and the differences between external audit and
internal audit
6. The scope of the internal audit function, outsourcing and internal audit assignments
D. Audit evidence
1. Financial statement assertions and audit evidence
2. Audit procedures
3. Audit sampling and other means of testing
4. The audit of specific items
5. Automated tools and techniques
6. The work of others
7. Not-for-profit organisations
E. Review and reporting
1. Subsequent events
2. Going concern
3. Written representations
4. Audit finalisation and the final review
5. The Independent Auditor’s Report


A. Audit framework and regulation
1. The concept of audit and other assurance engagements
(a) Identify and describe the objective and general principles of external audit
(b) Explain the nature and development of audit and other assurance engagements.[1]
(c) Discuss the concepts of accountability, stewardship and agency.[2]
(d) Define and provide the objectives of an assurance engagement.[1]
(e) Explain the five elements of an assurance engagement.[2]
(f) Describe the types of assurance engagement[2]
(g) Explain the level of assurance provided by an external audit and other review
engagements and the concept of true and fair presentation.[1]
2. External audits
(a) Describe the regulatory environment within which external audits take place.[1]
(b) Discuss the reasons and mechanisms for the regulation of auditors.[1]
(c) Explain the statutory regulations governing the appointment, rights, removal and
resignation of auditors.[1]
(d) Explain the regulations governing the rights and duties of auditors.[1]
(e) Describe the limitations of external audits.[1]
(f) Explain the development and status of International Standards on Auditing (ISAs).[1]
(g) Explain the relationship between International Standards on Auditing and
national standards.[1]

Syllabus and Study Guide

3. Corporate governance
(a) Discuss the objectives, relevance and importance of corporate governance.[2]
(b) Discuss the provisions of international codes of corporate governance (such as
OECD) that are most relevant to auditors.[2]
(c) Describe good corporate governance requirements relating to directors’
responsibilities (e.g. for risk management and internal control) and the reporting
responsibilities of auditors.[2]
(d) Evaluate corporate governance deficiencies and provide recommendations to
allow compliance with international codes of corporate governance.[2]
(e) Analyse the structure and roles of audit committees and discuss their benefits
and limitations.[2]
(f) Explain the importance of internal control and risk management.[1]
4. Professional ethics and ACCA’s Code of Ethics and Conduct
(a) Define and apply the fundamental principles of professional ethics of integrity,
objectivity, professional competence and due care, confidentiality and
professional behaviour.[2]
(b) Define and apply the conceptual framework, including the threats to the
fundamental principles of self-interest, self-review, advocacy, familiarity, and
(c) Discuss the safeguards to offset the threats to the fundamental principles.[2]
(d) Describe the auditor’s responsibility with regard to auditor independence,
conflicts of interest and confidentiality.[1]
B. Planning and risk assessment
1. Obtaining, accepting and continuing audit engagements
(a) Discuss the requirements of professional ethics and ISAs in relation to the
acceptance / continuance of audit engagements.[2]
(b) Explain the preconditions for an audit [2]
(c) Explain the process by which an auditor obtains an audit engagement.[2]
(d) Discuss the importance and purpose of engagement letters and their contents.[1]
(e) Explain the overall objectives and importance of quality control procedures in
conducting an audit.[2]
(f) Explain the quality control procedures which should be in place over engagement
performance, monitoring quality and compliance with ethical requirements [2]
2. Objective and general principles
(a) Identify the overall objectives of the auditor and the need to conduct an audit in
accordance with ISAs.[2]
(b) Explain the need to plan and perform audit engagements with an attitude of
professional scepticism, and to exercise professional judgment.[2]
3. Assessing audit risks
(a) Explain the components of audit risk.[1]
(b) Describe the audit risks in the financial statements and explain the auditor’s
response to each risk.[2]
(c) Define and explain the concepts of materiality and performance materiality.[2]
(d) Explain and calculate materiality levels from financial information.[2]


4. Understanding the entity and its environment

(a) Explain how auditors obtain an initial understanding of the entity and its
(b) Describe and explain the nature, and purpose of, analytical procedures in planning.[2]
(c) Compute and interpret key ratios used in analytical procedures.[2]
5. Fraud, laws and regulations
(a) Discuss the effect of fraud and misstatements on the audit strategy and extent
of audit work.[2]
(b) Discuss the responsibilities of internal and external auditors for the prevention
and detection of fraud and error.[2]
(c) Explain the auditor’s responsibility to consider laws and regulations.[2]
6. Audit planning and documentation
(a) Identify and explain the need for, benefits of and importance of planning an audit.[2]
(b) Identify and describe the contents of the overall audit strategy and audit plan.[2]
(c) Explain and describe the relationship between the overall audit strategy and the
audit plan.[2]
(d) Explain the difference between an interim and final audit.[1]
(e) Describe the purpose of an interim audit, and the procedures likely to be
adopted at this stage in the audit.[2]
(f) Describe the impact of the work performed during the interim audit on the
final audit.[2]
(g) Explain the need for, and the importance of, audit documentation.[1]
(h) Describe the form and contents of working papers and supporting
(i) Explain the procedures to ensure safe custody and retention of working papers.[1]
C. Internal control
1. Internal control systems
(a) Explain why an auditor needs to obtain an understanding of internal control
relevant to the audit.[1]
(b) Describe and explain the five components of internal control[2]
i) the control environment
ii) the entity’s risk assessment process,
iii) the information system, including the related business processes, relevant
to financial reporting and communication
iv) control activities relevant to the audit
v) monitoring of controls
2. The use and evaluation of internal control systems by auditors
(a) Explain how auditors record internal control systems including the use of
narrative notes, flowcharts and questionnaires.[2]
(b) Evaluate internal control components, including deficiencies and significant
deficiencies in internal control.[2]
(c) Discuss the limitations of internal control components.[2]

Syllabus and Study Guide

3. Tests of controls
(a) Describe computer systems controls including general IT controls and
application controls.[2]
(b) Describe control objectives, control procedures, control activities, key controls
and tests of controls in relation to:[2]
i) The sales system;
ii) The purchases system
iii) The payroll system
iv) The inventory system
v) The cash system
vi) Non-current assets
4. Communication on internal control
(a) Discuss the requirements and methods of how reporting significant deficiencies
in internal control are provided to management and those charged with
(b) Explain, in a format suitable for inclusion in a report to management, significant
deficiencies within an internal control system and provide recommendations for
overcoming these deficiencies to management.[2]
(c) Discuss the need for auditors to communicate with those charged with
5. Internal audit and governance, and the differences between external audit and
internal audit
(a) Discuss the factors to be taken into account when assessing the need for
internal audit.[2]
(b) Discuss the elements of best practice in the structure and operations of
internal audit.[2]
(c) Compare and contrast the role of external and internal audit.[2]
6. The scope of the internal audit function, outsourcing and internal
audit assignments
(a) Discuss the scope of internal audit and the limitations of the internal
audit function.[2]
(b) Explain outsourcing and the associated advantages and disadvantages of
outsourcing the internal audit function.[1]
(c) Discuss the nature and purpose of internal audit assignments including value for
money, IT, financial, regulatory compliance, fraud investigations and customer
(d) Discuss the nature and purpose of operational internal audit assignments [2]
(e) Describe the format and content of internal audit review reports and make
appropriate recommendations to management and those charged with


D. Audit evidence
1. Financial statement assertions and audit evidence
(a) Explain the assertions contained in the financial statements about:[2]
i) Classes of transactions and events and related disclosures;
ii) Account balances and related disclosures at the period end;
(b) Describe audit procedures to obtain audit evidence , including inspection,
observation, external confirmation, recalculation, re-performance, analytical
procedures and enquiry.[2]
(c) Discuss the quality and quantity of audit evidence.[2]
(d) Discuss the relevance and reliability of audit evidence.[2]
2. Audit procedures
(a) Discuss substantive procedures for obtaining audit evidence.[2]
(b) Discuss and provide examples of how analytical procedures are used as
substantive procedures.[2]
(c) Discuss the problems associated with the audit and review of accounting
(d) Describe why smaller entities may have different control environments and
describe the types of evidence likely to be available in smaller entities.[1]
(e) Discuss the difference between tests of control and substantive procedures.[2]
3. Audit sampling and other means of testing
(a) Define audit sampling and explain the need for sampling.[1]
(b) Identify and discuss the differences between statistical and non-
statistical sampling.[2]
(c) Discuss and provide relevant examples of the application of the basic principles
of statistical sampling and other selective testing procedures.[2]
(d) Discuss the results of statistical sampling, including consideration of whether
additional testing is required.[2]
4. The audit of specific items
For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures to obtain sufficient,
appropriate evidence in relation to:
(a) Receivables: [2]
i) direct confirmation of accounts receivable
ii) other evidence in relation to receivables and prepayments,
iii) other evidence in relation to current assets; and
iv) completeness and occurrence of revenue.

Syllabus and Study Guide

(b) Inventory: [2]

i) inventory counting procedures in relation to year-end and continuous
inventory systems
ii) cut-off testing
iii) auditor’s attendance at inventory counting
iv) direct confirmation of inventory held by third parties
v) valuation, and
vi) other evidence in relation to inventory.
(c) Payables and accruals:[2]
i) supplier statement reconciliations and direct confirmation of
accounts payable,
ii) obtain evidence in relation to payables and accruals,
iii) other evidence in relation to current liabilities; and
iv) purchases and other expenses, including payroll.
(d) Bank and cash: [2]
i) bank confirmation reports used in obtaining evidence in relation to
bank and cash
ii) other evidence in relation to bank and
iii) other evidence in relation to cash.
(e) Tangible and intangible non-current assets [2]
i) evidence in relation to non-current assets,
ii) depreciation, and
iii) profit/loss on disposal
(f) Non-current liabilities, provisions and contingencies[2]
i) evidence in relation to non-current liabilities, and
ii) provisions and contingencies
(g) Share capital, reserves and directors’ emoluments: [2]
i) evidence in relation to share capital, reserves and directors’ emoluments
5. Automated tools and techniques
(a) Explain the use of automated tools and techniques in the context of an audit,
including the use of audit software, test data and other data analytics tools.[1]
(b) Discuss and provide relevant examples of the use of automated tools and
techniques including test data, audit software and other data analytics tools.[2]


6. The work of others

(a) Discuss why auditors rely on the work of others.[2]
(b) Discuss the extent to which external auditors are able to rely on the work of
experts, including the work of internal audit.[2]
(c) Explain the audit considerations relating to entities using service organisations.[2]
(d) Explain the extent to which reference to the work of others can be made in the
independent auditor’s report.[1]
7. Not-for-profit organisations
(a) Apply audit techniques to not-for-profit organisations.[2]
E. Review and reporting
1. Subsequent events
(a) Explain the purpose of a subsequent events review.[1]
(b) Explain the responsibilities of auditors regarding subsequent events.[1]
(c) Discuss the procedures to be undertaken in performing a subsequent
events review.[2]
2. Going concern
(a) Define and discuss the significance of the concept of going concern.[2]
(b) Explain the importance of and the need for going concern reviews.[2]
(c) Explain the respective responsibilities of auditors and management regarding
going concern.[1]
(d) Identify and explain potential indicators that an entity is not a going concern.[2]
(e) Discuss the procedures to be applied in performing going concern reviews.[2]
(f) Discuss the disclosure requirements in relation to going concern issues.[2]
(g) Discuss the reporting implications of the findings of going concern reviews.[2]
3. Written representations
(a) Explain the purpose of and procedure for obtaining written representations.[2]
(b) Discuss the quality and reliability of written representations as audit evidence.[2]
(c) Discuss the circumstances where written representations are necessary and the
matters on which representations are commonly obtained.[2]
4. Audit finalisation and the final review
(a) Discuss the importance of the overall review in ensuring that sufficient,
appropriate evidence has been obtained.[2]
(b) Describe procedures an auditor should perform in conducting their overall
review of financial statements.[2]
(c) Explain the significance of uncorrected misstatements.[1]
(d) Evaluate the effect of dealing with uncorrected misstatements.[2]
5. The Independent Auditor’s Report
(a) Identify and describe the basic elements contained in the independent
auditor’s report.[1]
(b) Explain unmodified audit opinions in the auditor's report.[2]
(c) Explain modified audit opinions in the auditor's report.[2]
(d) Describe the format and content of key audit matters, emphasis of matter and
other matter paragraphs.[2]

Syllabus and Study Guide


ACCA periodically reviews its qualification syllabuses so that they fully meet the
needs of stakeholders such as employers, students, regulatory and advisory bodies
and learning providers.
Amendments to AA

Section and subject area Syllabus content

B1d) Wording clarified to refer to Discuss the importance and purpose of
purpose of engagement letters. engagement letters and their contents.[1]
B6a) Wording of learning outcome Identify and explain the need for, benefits
clarified to refer to benefits of planning. of and importance of planning an audit.[2]
D5a) b) Terminology has been revised D Audit Evidence
to bring the syllabus in to line with 5. Automated tools and techniques
the proposed approach by the IAASB.
a) Explain the use of automated
Learning outcome D5(a) and (b) have
tools and techniques in the
been reworded for clarity.
context of an audit, including the
use of audit software, test data
and other data analytics tools.[1]
b) Discuss and provide
relevant examples of the
use of automated tools and


Audit Framework and

This chapter introduces the concept of assurance and how it is important within the
business environment. Parties such as shareholders, directors and the other users
of financial statements, such as creditors and investors, need assurance over the
financial and non-financial information produced by companies. This includes the
statutory audit of financial statements and other key assurance services, such as
reviews of systems and internal controls.
Auditors need to fulfil certain legal requirements with regard to their qualifications
and the appointment process, before they accept appointment to a client. This
chapter takes you through the legal requirements that auditors need to fulfil. We will
then go on to consider other acceptance considerations, including the engagement
letter – and then discuss corporate governance and the role of audit committees.

1. Who are the three main parties in an assurance engagement?

2. Why should incoming auditors obtain professional clearance, and how is it

related to opinion shopping?

3. Can you list some of the typical duties of external auditors?

Audit Framework and Regulation

1.1 Assurance
1.1.1 The concept of assurance
The concept of assurance is something we come across often in everyday life. We ask
for assurance when we need to know whether or not things are OK.

IE Illustrative example 1.1

• Is this house I am about to buy structurally sound or about to fall down?
• Is this restaurant safe to eat in?
• Is this car safe to drive?
Often it is not possible to check a situation for ourselves so we rely on someone else
(usually an expert) to do it for us.
• We employ a buildings surveyor to assess our potential new home before we
sign the sales contract.
• Restaurants have health and safety checks by specialist environmental
health officers.
• It is a legal requirement in the UK for cars to pass an MOT carried out by a
qualified mechanic.
These are all examples of assurance.

1.1.2 Assurance in the business environment

Assurance is a concept that is also widely used in the business environment. For example:
• Shareholders need assurance that the published financial statements of a
company are accurate, so external auditors check these financial statements
(this is known as the statutory audit and is covered in detail later).
• Directors need assurance that the systems inside a company are working, so
internal auditors check these systems.
These are all examples of assurance engagements.

An assurance engagement is one in which an assurance provider (practitioner)
expresses a conclusion designed to enhance the degree of confidence of the intended
users, other than the responsible party, about the outcome of the evaluation or
measurement of a subject matter against suitable criteria.

G Learn


1.1.3 The five elements of an assurance engagement

Although each assurance engagement will differ in terms of the exact detail, each has
common features.
• There is a subject matter – what is it we are examining?
• There are three main parties involved:
– the responsible person – the person who prepares the subject matter
being examined;
– the assurance provider (practitioner) – the party who forms the opinion on
the subject matter and gives the assurance;
– the intended user – the party who relies on the assurance report.
• A report will be written stating the assurance provider’s conclusion. The
intended users can read this report to get their assurance.
• The assurance provider doing the work will have some standards to use, ie
appropriate criteria.
• Sufficient appropriate evidence.

G Learn
1.1.4 Levels of assurance: Positive and negative assurance
As noted above, the amount of work done by the practitioner can vary and this will
affect the level of assurance that is provided. Depending upon the amount and
the nature of the work performed, the assurance provider will give either positive
(reasonable) or negative assurance.

Positive (reasonable) assurance

If a lot of detailed work is performed on the subject matter, the assurance provider
can conclude whether or not the subject matter has been properly prepared.
Positive assurance is a high level of assurance so a high level of reliance can be
placed upon it. Positive assurance however is not a 100% guarantee.

G Learn

IE Illustrative example 1.2

Imagine taking your car to a garage. If the mechanic does a lot of detailed testing on
the main parts of the car (engine, breaks, exhaust, radiator etc.) he or she will be able
to give you a high level of assurance that your car is working properly. And in turn
you could place a high level of reliance on this. We would call this positive assurance.
What the mechanic will not do is take apart every nut and bolt and give you a 100%
guarantee that your car is free from problems – this would be impractical.
An example of positive assurance is given in the statutory audit report. In their
conclusion auditors say ‘in our opinion the financial statements give (or do not give) a
true and fair view of the state of the company’s affairs’.

Audit Framework and Regulation

Negative assurance
If a smaller amount of work is performed on the subject matter then the assurance
provider may only be able to confirm that ‘nothing has come to light to suggest
errors or problems exist’. In other words, there may be inaccuracies/problems but
the assurance providers did not come across them! This is a much lower level of
assurance and is known as negative assurance. Obviously less reliance should be
placed on negative assurance.

1.1.5 Different types of assurance engagement

The syllabus distinguishes between two main types of assurance engagements:
• The external (statutory) audit;
• Other types of assurance services.

The external (statutory) audit

Company directors are responsible for producing financial statements and the
shareholders need to be assured that they are accurate.
In most countries it is a statutory (legal) requirement for a team of auditors
(qualified accountants) from outside the company to come in to examine
the financial statements on behalf of the shareholders. The auditors give the
shareholders assurance that the financial statements are:
• true and fair; and
• properly prepared in accordance with the relevant accounting standards and
legal framework.
This is known as the statutory audit.
True – The financial statements are true if they are factual and are free from
material error.
Fair – The financial statements are fair if they are free from bias and reflect the
commercial substance of the transactions that have taken place.
Materiality – An item is material if it is important enough to affect the users of the
financial statements. This could be due to its size or its very nature (there is much
more on materiality in later chapters).

G Learn
In the UK most companies over a certain size are required to have their financial
statements audited in accordance with the Companies Act 2006.
The criteria that the auditors will use to audit the financial statements are the
Accounting Standards (and in the UK the Companies Act 2006).
The final outcome of a statutory audit is an audit report, which is addressed to the
shareholders and contains the auditor’s opinion as to whether or not the financial
statements give a true and fair view.


The need for statutory audit: Stewardship theory and agency theory
Some companies (often smaller companies) are run on a day-to-day basis by their
owners (shareholders). For the vast majority of companies however (especially
larger companies), a team of directors will be appointed to run the company on the
shareholders’ behalf. These directors act as stewards of the company and as a result
they are accountable to the shareholders. Stewardship is the responsibility to look
after resources carefully, and the directors have that responsibility with respect to
company assets and shareholder wealth.
The directors are responsible for producing periodical financial statements (typically
at the end of each twelve month period). These financial statements set out the
position and performance of the company. As most shareholders are not involved in
the day-to-day running of their company or the production of these statements how
do they know that these financial statements are accurate and unbiased? How do
they know whether or not to trust the directors?
This is where the statutory audit comes in. The financial statements are subject to
checks by an independent and knowledgeable third party (ie the auditors) to give
the shareholders the assurance they need.
You may often hear both the directors and the auditors referred to as agents. An
agent is a person used to provide a particular service.
The directors act as agents for the shareholders by running the company on their
behalf. The auditors act as agents for the shareholders, by giving them assurance
over the financial statements.

P Principle
Stewardship and agency theories to explain the need for
statutory audit

Stakeholders who use financial statements

Although financial statements are primarily produced for shareholders, other
interested parties (stakeholders) also make use of these statements. They include:
• Lenders: For example, a bank will want to see financial statements when
deciding whether or make a loan to the company.
• Suppliers: If a supplier is being asked to provide credit they might first ask to see
financial statements. This will give them an idea of the size of the company and
its liquidity.
• Customers: customers might depend on a supplier for vital supplies or services.
For example, if you buy software from a company you want some assurance that
the company will be likely to still exist after a few years so that software updates
will be available.
• Government: For taxation.
• Employees: To assess how safe their jobs are.

Audit Framework and Regulation

The statutory audit: Level of assurance

The level of assurance provided by a statutory audit report is always positive
(reasonable). In order to provide such a level of assurance the auditors must carry
out extensive and detailed work on the financial statements, which will include:
• assessing risk;
• planning procedures;
• conducting procedures;
• assessing results;
• expressing an opinion.
Because financial statements are based upon historic information, the auditor should
be able to obtain the evidence they need to give assurance that they are correct;
hence the use of positive assurance.
The statutory audit will never give a 100% guarantee that the financial statements
are true and fair. This results from factors such as:
• The inherent limitations in audit including:
– the use of testing;
– the inherent limitations of internal control;
– the fact that most audit evidence is persuasive rather than conclusive;
– the impracticality of testing all transactions;
– the possibility of fraud.
• The fact that audit work is permeated by judgement eg
– judging the amount of audit evidence required to give the opinion;
– concluding on estimates and judgements made by the directors.

G Learn

EG Learning example 1.1

The statutory audit is a specific type of assurance engagement. Using it as an
example, fill in the following blanks. The first has been done to help you.

Subject matter Financial statements

Responsible party _________________
Assurance provider _________________
Intended user _________________
Level of assurance provided _________________

Other assurance services

We have now been introduced to the specific assurance engagement that is the
statutory audit. However, there are plenty of other areas over which stakeholders in
a company may seek assurance even though it is not required by law.


For example:
• Directors are looking to raise finance from the company’s bankers and have
produced a cash flow forecast that the bank will rely on when making their
decision. They wish to be assured that this forecast is reasonable.
• A company has many complex internal systems and controls to help prevent
fraud and errors and wish to be assured that these systems are working.
• A company has discovered a fraud and wants to know the extent of the loss and
which staff members were involved. It could commission its auditors to carry out
a forensic investigation.
• A company is thinking of taking over another company and wants the target
company to be investigated. It could commission a due diligence report form
its auditors.
As with a statutory audit, a report will be issued to the users containing the
assurance provider’s conclusions, but often these will be negative assurances. For
example, it would be impossible to provide a positive assurance on a company’s
cash flow forecast: how could the auditors state that the forecast was correct when
it involves estimates about the future? The best the auditor could do is to state that
nothing has come to light which suggests that the forecast is incorrect.

EG Learning example 1.2

You are the external auditors of Zafiro Limited which designs and manufactures parts
for car engines and supplies to many of the major car manufacturers in the UK. Zafiro
has invested heavily in research and development in recent years and has recently
developed a new engine part that can help cars use fuel more efficiently. Many of its
suppliers have expressed an interest in purchasing this new engine part but in order
to meet demand, Zafiro will need to expand its production line and employ five new
members of staff.
Zafiro has approached its bank about obtaining a loan to help fund the expansion and
the bank have asked to see a profit and loss forecast for the next five years before
they will make a decision as to whether or not to provide the loan. Zafiro’s directors
have completed the forecast but have asked you as external auditors to review and
report on the forecast before it is presented to the bank.
Explain what level of assurance this report on the cash flow forecast will give to the
directors and explain how and why this level of assurance differs to that given in a
statutory audit report.

1.1.6 The benefits and limitations of statutory audit

The audit can bring various advantages to the company and shareholders. The key
benefit to shareholders is the impartial view provided by the auditors on the financial

Audit Framework and Regulation

statements and therefore to tackle the agency problem. However, the following
benefits may also arise from external audit:
• The auditors will be able to recommend improvements to systems and controls,
thereby reducing the risk of fraud and error. As part of their work, auditors are
required to understand the company’s accounting systems and procedures.
If these are inadequate then this will increase the likelihood of fraud or error.
Auditors routinely report inadequacies and weaknesses in clients’ systems
together with recommendations about how the problem can be rectified.
• The auditor’s presence may act as a fraud deterrent.
• The credibility of the company’s financial information may be enhanced.
Although, strictly, an audit report is addressed only to the shareholders of the
company, inevitably an audit will add credence to the financial statements.
• A qualified audit opinion will highlight material issues with the company’s financial
statements. For example, an auditor might believe that the company’s inventory
is materially overstated in the financial statements. If so, their audit report would
make reference to this and would also state what the profits and assets would be
if the inventory had been valued at the auditor’s estimated figure.

G Learn
The limitations can give rise to what is known as the expectations gap: some users of
financial statements believe that a ‘clean’ audit report is a guarantee that auditors
prepare the financial statements, that they are accurate to every last detail and that
the company will be a good investment. None of these is true.

G Learn
The audit report contains the phrase “…we have collected sufficient appropriate
audit evidence to provide reasonable assurance that the financial statements are
free of material misstatement”. Note the words in italic.
In particular:
• It is management’s responsibility to prepare the financial statements.
• Auditors do not, in general, re-perform, examine or verify every transaction.
They investigate matters on a test basis.
• Auditors are not responsible for preventing or identifying fraud. Again that is
management’s responsibility.
• Auditors are not responsible for safeguarding company assets or designing their
accounting system (thought they might advise on improvements).
• Auditing does not ensure that the company is profitable: it is merely concerned
that if there is bad news then it is fairly reported.

G Learn


1.2 Legal and regulatory considerations

There are also a number of statutory (legal) requirements that must be fulfilled
before an external auditor accepts appointment. We shall consider these in turn:
• Audit regulation and ISAs
• Auditor eligibility
• Auditor appointment and removal
• Auditor rights and responsibilities

1.2.1 Regulation of auditors

In each country, regulation comes from a number of sources. However, international
regulation can play a major role.
International Federation of Accountants (IFAC)
IFAC is the global organisation for the accountancy profession. It works with its 164
members and associates in 125 countries and jurisdictions to protect the public
interest by encouraging high quality practices by the world's accountants. The ACCA
is a member of IFAC.
Through its independent standard-setting boards, IFAC develops international standards
on ethics, auditing and assurance, education, and public sector accounting standards
The International Audit and Assurance Standards Board (IAASB)
The IAASB is one of the independent standard setting boards of IFAC. The IAASB sets
the International Audit Standards (ISAs).

1.2.2 International Standards on Auditing (ISAs)

Knowing that each audit has been conducted in accordance with common standards
enhances the confidence of the users of audit reports.
The International Standards on Auditing (ISAs) contain the guidance and rules that
auditors follow when auditing historical financial information. The ISAs are set by
the International Audit and Assurance Standards Board (IAASB), which is part of the
International Federation of Accountants (IFAC).
Many countries have their own national audit standards however, for countries
without their own audit standards, the ISAs provide a set of standards that can be
adopted, or altered based on national requirements.
In the UK, the Auditing Practices Board has adopted ISAs (UK and Ireland), which
were edited from the original ISAs and are more comprehensive.

G Learn
The IAASB clarity project
The IAASB has completed a comprehensive project to enhance the clarity and
understandability of the ISAs and as a result, auditors worldwide now have access

Audit Framework and Regulation

to updated and clarified ISAs and a clarified International Standard on Quality

Control (ISQC).

Structure of the ISAs

The ISAs have a structure in which information is presented in separate sections:
Introduction, Objective, Definitions, Requirements, and Application and Other
Explanatory Material.
• Introduction
The introduction to an ISA explains the purpose, scope, and subject matter of the
ISA, in addition to the responsibilities of the auditors.
• Objective
Each ISA contains a clear statement of the objective of the auditor in the audit
area addressed by that ISA.
• Definitions
For greater understanding of the ISAs, applicable terms have been
defined in each ISA.
• Requirements
Each objective is supported by clearly stated requirements. Requirements are
always expressed by the phrase "the auditor shall", rather than "the auditor
may" which makes the ISAs more prescriptive and should help auditors to
understand their responsibilities more clearly.
• Application and Other Explanatory Material
The application and other explanatory material is designed to explain more
precisely what a requirement means or is intended to cover, or includes
examples of procedures that may be appropriate under given circumstances.

G Learn
Changes resulting from the clarity project
The aims of the clarity project included:
• Helping auditors to understand their objectives when conducting an audit in
accordance with ISAs;
• Setting an objective in each ISA and establishing the auditor's obligation in
relation to that objective;
• Clarifying the obligations imposed on auditors by the requirements of the ISAs
and the language used to communicate such requirements;
• Eliminating any possible ambiguity about the requirements an auditor needs
to fulfill; and
• Improving the overall readability and understandability of the ISAs through
structural and drafting improvements.


Status and authority attached to ISAs

In exceptional circumstances, an auditor may deem it necessary to depart from an
ISA in order to achieve the objective of the audit. When such a situation arises, the
auditor must be able to justify the departure.
In addition, ISAs do not override the local regulations governing the audit of financial
or other information in a particular country. Where local regulations differ from ISAs
on a particular subject, local authorities should be encouraged to make changes to
local regulations so that they comply with ISAs.
Throughout the course of your studies in Audit and Assurance you shall become
familiar with the ISAs relevant to each particular area of the audit.

1.2.3 Auditor eligibility and appointment

How the auditor obtains an engagement
Usually firms of auditors will be approached by potential clients. If the company
has an audit committee, that committee will probably have drawn up a shortlist of
auditing firms they think might be suitable because of their size and expertise. These
firms will be invited to make a presentation to the company where they will set out
their approaches to the audit, methodologies, fees and so on. Note that audit firms
might decline the invitation to present to new clients because they have identified
legal or ethical problems or excessive risk with the audit.

Who is allowed to be an external auditor?

To be allowed to perform external audits, an individual must go through an approval
process. The individual must:
• pass an approved set of examinations set by a Recognised Qualifying Body
(RQB). Examples of an RQB include the ACCA and the ICAEW;
• become a member (and stay a member) of a Recognised Supervisory Body
(RSB). The ACCA and the ICAEW are also examples of RSBs.
In addition, the individual must not be either of:
• a director or employee of the client or any of its associated companies;
• a business partner or employee of a director or employee of the client, or any of
its associated companies.

G Learn
Appointment of external auditors – The legal process
In the vast majority of cases the company's shareholders appoint the external auditors.
In practice the Board of Directors will propose an audit firm, which is subject to
approval by the shareholders (usually on an annual basis at the company AGM).
Shareholders approve the appointment by passing what is known as an
ordinary resolution.

Audit Framework and Regulation

An ordinary resolution is a specific legal term. In order for an ordinary resolution to

be passed there are two requirements to be met:
• > 50% of the shareholder votes must approve the appointment;
• The shareholders must be given 21 days’ notice that the vote will take place.
In rare cases the auditors are approved by the Board of Directors or, in the UK, the
Secretary of State for Business, Innovation and Skills.

The Board of Directors May appoint the company's first

auditors or, if auditors resign mid-year,
they may appoint auditors to fill this
'casual vacancy' until the next AGM.
Secretary of State for Business, May appoint auditors when the
Innovation and Skills shareholders fail to reach an agreement.

G Learn
Appointment of external auditors – Client assessment and
professional clearance
Apart from the ethical and legal issues we have already covered, there are a number
of other issues that audit firms should consider before accepting appointment. These
are split into the following main areas:
• Client assessment and professional clearance
• Agreement of the terms of audit engagements (ISA 210)
Client assessment considerations
Before accepting a client, and also before accepting the audit for an existing audit
client for another year, the auditor will need to think about the following practical
• Do they have the resources (time and staff) available to do the work?
• The fee and the client's credit rating
• Client deadlines and whether or not they can be met
• The integrity of the client and its directors
• The level of audit risk
• The risk of money laundering and the performance of procedures to verify the
identity of the client and their source of income

G Learn
Professional clearance
It is imperative that the incoming auditors obtain professional clearance before
accepting a new appointment. This is a rigorous process that involves contacting the
client's previous auditors to discuss potential reasons why the appointment should
not be accepted.


Often clients have perfectly good reasons for removing their previous auditors
for example; the previous auditors were not providing value for money. What is
unacceptable, however, is the client removing the auditors because they wrongly
disagree with their audit opinion. This is known as opinion shopping. In contacting
the outgoing auditors, the incoming auditors will be able to decide whether the client
has a legitimate reason for changing auditors or is in fact opinion shopping.
The following professional clearance flowchart summarises the process.

Ask client for permission refused
to speak to outgoing Reject
auditors appointment

granted No

Ask outgoing auditor if

Yes Ask client if problem
there are any reasons
can be explained away
why appointment should
to auditor’s satisfaction
not be accepted
No reasons Yes

Accept Accept
appointment appointment

G Learn
Agreeing the terms of assurance engagements (ISA 210)
Assuming the above procedures have been followed, the incoming auditors are
almost in a position to accept appointment. Final considerations are:
• To confirm that the preconditions for audit are present and;
• Create an engagement letter for the auditors and the client to sign.
Before accepting the statutory audit for a client, the auditor must establish whether
or not the preconditions for an audit are present. ISA 210 defines the preconditions
for an audit as:
"The use by management of an acceptable financial reporting framework in the
preparation of the financial statements and the agreement of management and,
where appropriate, those charged with governance to the premise on which an audit
is conducted"

Audit Framework and Regulation

In order to establish whether or not these preconditions are present, the auditor shall:
• Determine whether the financial reporting framework to be applied in the
preparation of the financial statements is acceptable; and
• Obtain the agreement of management that it acknowledges and understands its
– For the preparation of the financial statements in accordance with the
applicable financial reporting framework.
– For such internal control as management determines is necessary to enable the
preparation of financial statements that are free from material misstatement
– To provide the auditor with:
o Access to all information of which management is aware that is
relevant to the preparation of the financial statements such as records,
documentation and other matters;
o Additional information that the auditor may request from management
for the purpose of the audit; and
o Unrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence.

G Learn
Engagement letter
For any piece of work it is necessary to have a contract in place that sets out the
terms of the assignment. A contract will:
• Reduce misunderstandings
• Create a legal basis for payment
Audit work is no different and the auditors should ensure a contract, known here as
an engagement letter, is signed immediately after appointment.
Engagement letters tend to have a standard format and content including:
• The objective and scope of the audit
• Responsibilities of directors and auditors
• The nature of audit work ie testing
• Basis on which fees are calculated
• The format of any reports that will be issued
On recurring audits, the auditor shall assess whether circumstances require the
terms of the audit engagement to be revised and whether there is a need to remind
the entity of the existing terms of the audit engagement.

G Learn


1.2.4 Removal of external auditors

Sometimes it is necessary for the auditors to resign. If an auditor resigns, they should
do so in writing and they may wish to speak to the shareholders to explain their
reasons. The law gives the auditor two specific rights in this case:
• the right to send a written explanation to shareholders (a written
representation); and
• the right to request a general meeting where they may speak to the
Once the auditors have resigned they must issue a statement of circumstances. This
statement explains the specific reasons for the resignation or removal. Or, if there
are no reasons, this too must be stated.

Forced removal
Sometimes, the Board of Directors or some shareholders may wish to remove
the auditors.
A general meeting must be called so that the shareholders can vote on the proposal
(via an ordinary resolution). Once again, the auditors have a legal right to send a
written explanation to the shareholders or speak at the general meeting.
Again, once the auditors have been removed, they must issue a statement of

G Learn
Auditors do not wish to seek reappointment
Sometimes the auditors finish the annual audit and decide they do not wish to
audit the company in future years. As such, when the board asks them to accept
nomination for the following year, the auditors should politely decline and issue a
statement of circumstances.

G Learn
1.2.5 Rights and responsibilities
In this section, we look in some detail at the rights and responsibilities of the parties
involved in the audit. Specifically, we consider:
• The legal rights and responsibilities of external auditors
• The responsibilities of company directors
• Auditor responsibilities with regard to fraud
• Auditor responsibilities with regard to law and regulations

Audit Framework and Regulation

Legal rights and responsibilities of external auditors

Auditors are usually given rights within national law to help ensure they can do their
job properly. Rights will vary between countries but typically include:
• The right to access all books and records of the company.
• Access to all information and explanations.
• The right to:
– receive notice of a general meeting;
– attend a general meeting;
– speak at a general meeting.
• the right to resign;
• the right to circulate information to shareholders.

G Learn
Typically, auditor duties are also set by the national government so once again, will
vary from country to country. Typical duties include:
• To audit the financial statements and give an opinion on:
– truth and fairness;
– whether or not they are properly prepared (in accordance with national rules);
– any other opinion required by government eg whether proper accounting
records have been kept or if the director's report is consistent with the
financial statements;
• To issue a statement of circumstances on resignation or removal from a client.
This statement explains the specific reasons for the resignation or removal. Or, if
there are no reasons, this is also stated;
• After leaving a client to respond to any requests for information from the new
incoming auditors.

G Learn
Note that the detection of error is only expected if the error (or errors) arising are
material to the financial reports audited. Auditors are not responsible for the prevention
or detection of fraud, although material frauds should be discovered as part of normal
audit work. Fraud prevention and detection is the responsibility of management.

Directors’ responsibilities
Directors have overall responsibility for running the company on a day-to-day basis.
As far as auditors are concerned, however, their primary responsibility is to produce
financial statements showing a true and fair view.


Other secondary responsibilities include the following:

• to keep adequate accounting records;
• to give the auditors reasonable explanations;
• to apply the accounting standards correctly;
• to select appropriate accounting policies;
• to appropriately apply the going concern basis of accounting;
• to design and implement appropriate accounting system;
• to implement internal controls to actively prevent and detect errors and fraud.
• In some cases, a breach may have external reporting consequences

1.3 Corporate governance

1.3.1 The need for corporate governance
You have seen that annual financial statements and the auditing process help
shareholders to monitor how their company and the company’s directors are
performing. Shareholders are provided, once a year, with the information they
need to appraise the principal/agent relationship and director’s stewardship of the
company assets.
However, a year is a long time and the gap between the financial statements
provides plenty of opportunity for directors to carry on unsupervised.
There had been numerous examples of poor management leading to unexpected
company failure but matters came to a head in 2001 with the Enron scandal
(shareholders lost around $74 billion) and in 2002 with WorldCom (shareholders lost
around $180 billion). Both collapses involved unorthodox accounting and fraud.
The investigations which followed these scandals, identified poor corporate
governance as partially to blame. Corporate governance is how companies are
directed and controlled and both of these companies were headed by very powerful
individuals that boards would not stand up against. This enabled the chief executive
officers to have almost absolute power.
Many of the corporate governance principles and guidelines are aimed at ensuring
that management power is spread and shared and that shareholders should be
encouraged to become more active.

G Learn

Audit Framework and Regulation

1.3.2 The need for auditors to communicate with those charged

with governance: ISA 260 Communicating with Those
Charged with Governance
In order for management and directors to be kept up-to-date with important audit
issues, auditors are required by ISA 260 to communicate any matters of interest arising
on the audit to those charged with governance. Such matters are likely to include:
• The auditor’s responsibilities in relation to a financial statement audit including:
– A statement that the auditor is responsible for forming and expressing an
opinion on the financial statements and;
– A statement that the auditor’s work is carried out in accordance with ISAs
and in accordance with local laws and regulations.
• Planned scope and timing of the audit including:
– The audit approach to assessing the risk of serious misstatement, whether
arising from fraud or error.
– The audit approach to the internal control system and whether reliance will
be placed on it.
– The timing of interim and final audits, including reporting deadlines.
• Significant findings from the audit. This could include:
– A description of any significant difficulties encountered during the audit,
including delays in obtaining information from management.
– Material weaknesses in internal control and recommendations for improvement.
– Audit adjustments, whether or not recorded by the entity, which have,
or could have, a material effect on the entity’s financial statements. For
example, the bankruptcy of a material receivable shortly after the year-end
that should result in an adjusting entry.
• A statement on independence issues affecting the audit including:
– That the audit firm has ensured that all members of the audit team have
complied with the ethical standards of ACCA.
– That appropriate safeguards are in place where a potential threat to
independence has been identified.
• Modifications to the audit report
• Any management representation points

1.3.3 Approaches to corporate governance

In the USA, the government passed the Sarbanes Oxley Act. This Act states that the
Chief Executive Officer (CEO) and Chief Financial Officer (CFO) must personally certify
that financial reports are accurate and complete. They must also assess and report on
the effectiveness of internal controls around financial reporting. CEOs and CFOs now
face the potential for personal criminal liability for fraud if their certifications are wrong.
Management’s assessment of internal controls must also be reviewed and judged by
an outside auditing firm. The impact of this on auditors is substantial in that a large


amount of auditing resources are needed for compliance. A comprehensive review of

all internal controls related to financial reporting is a formidable undertaking.
This approach to corporate governance is referred to as a ‘rules-based approach’.
The threat of criminal prosecution makes both management and auditors take great
care in assessing financial reports and internal controls and to increase their personal
safety the assessments rely on very extensive checklists that have to be signed off.
In many other countries, including those in Europe, a ‘principles-based’ approach has
been adopted. This approach relied less on checklists relating to specific measures
and more on asking if certain principles of corporate governance have been met.
Note that the A&A syllabus only requires discussion of best practice and does not
refer to any specific code of corporate governance. Examples of best practice are
given below with references to the specific code so the location of the code is clear.
However, in the examination you are not required to mention the source of the
corporate governance requirement.

1.3.4 OECD principles of corporate governance

The Organisation of Economic Cooperation and Development (OECD) issued
principles for good corporate governance which have the following aims:
• Promoting transparent and efficient markets, which are consistent with the
rule of law and which clearly set out the division of responsibilities among
supervisory, regulatory and enforcement authorities;
• Protecting and facilitating the exercise of shareholders’ rights;
• Ensuring the equitable treatment of all shareholders, who should also have the
opportunity to obtain effective redress for violation of their rights;
• Recognising the rights of stakeholders established by law or through mutual
agreements and encouraging active co-operation between corporations and
stakeholders in creating wealth, jobs and the sustainability of financially
sound enterprises;
• Ensuring that timely and accurate disclosure is made on all material matters
regarding the corporation, including its financial situation, performance,
ownership and governance;
• Ensuring the strategic guidance of the company, the effective monitoring of
management by the board and the board’s accountability to the company and
the shareholders.
Of course, setting high-level principles such as these does not tell companies how
they might be achieved and more practical guidance is needed. In the UK this is
provided by the UK Corporate Governance Code.

Audit Framework and Regulation

1.3.5 Auditor’s evaluation of corporate governance deficiencies

The auditor will normally advise those charged with governance concerning any
corporate governance deficiencies identified by the auditor during the audit,
That advice will include recommendations on how to overcome those deficiencies.
The actual advice will also be jurisdiction specific and so will follow either OECD
principles (as summarised above), UK Corporate Governance Code (explained below)
or other governance systems as appropriate.

1.3.6 The UK Corporate Governance Code

You can use this as a model when discussing corporate governance issues in the exam.
The Code is not backed by statute, but all listed companies must adopt a “comply
or explain” approach. This means that companies listed on the stock exchange
are required to comply with the code, report to shareholders on how they have
done so, or to explain why they have not complied. This principles approach means
that although companies might not comply with a specific provision, they might
nevertheless have achieved good corporate governance by other means.


Principle A – Leadership

Principles Main implications

Every company should be headed by The board must meet regularly.
an effective board which is collectively The annual report should identify the
responsible for the long-term success chairman, the chief executive, the senior
of the company. independent director and the chairmen
and members of the board committees.
There should be a clear division of The roles of chairman and chief
responsibilities at the head of the executive should not be exercised by
company between the running of the the same individual.
board and the executive responsibility
for the running of the company’s
business. No one individual should
have unfettered powers of decision.
The chairman is responsible for The chairman is responsible for setting
leadership of the board and ensuring its the board’s agenda and ensuring
effectiveness on all aspects of its role. that adequate time is available for
discussion of all agenda items, in
particular strategic issues
The chairman should also promote
a culture of openness and debate by
facilitating the effective contribution of
non-executive directors in particular and
ensuring constructive relations between
executive and non-executive directors.
As part of their role as members of a Non-executive directors should
unitary board, non-executive directors scrutinise the performance of
should constructively challenge and management in meeting agreed
help develop proposals on strategy. goals and objectives and monitor the
reporting of performance.
They should satisfy themselves on the
integrity of financial information and
that financial controls and systems of risk
management are robust and defensible.
They are responsible for determining
appropriate levels of remuneration
of executive directors and have a
prime role in appointing and, where
necessary, removing executive
directors, and in succession planning.

Audit Framework and Regulation

Principle B – Effectiveness

Principles Main implications

The board and its committees should The board should include an
have the appropriate balance of appropriate combination of executive
skills, experience, independence and and non-executive directors (and, in
knowledge of the company to enable particular, independent non-executive
them to discharge their respective directors) such that no individual
duties and responsibilities effectively. or small group of individuals can
dominate the board’s decision taking
[Tutorial note: This means there
should be a balance of executive and
non-executive directors on the board
and this implies about 50% executive
and 50% non-executive.]
There should be a formal, There should be a nomination
rigorous and transparent committee which should lead the
procedure for the appointment of process for board appointments
new directors to the board. and make recommendations to the
board. A majority of members of the
nomination committee should be
independent non-executive directors.
All directors should be able to The board should not agree to a full-
allocate sufficient time to the time executive director taking on more
company to discharge their than one non-executive directorship
responsibilities effectively. in a FTSE 100 company nor the
chairmanship of such a company.
All directors should receive induction The chairman should ensure that
on joining the board and should new directors receive induction on
regularly update and refresh their joining the board.
skills and knowledge. The chairman should regularly review
and agree with each director their
training and development needs


The board should be supplied in a Directors should receive accurate,

timely manner with information in a timely and clear information.
form and of a quality appropriate to The board should ensure that
enable it to discharge its duties. directors, especially non-executive
directors, have access to independent
professional advice at the company’s
expense where they judge it necessary
to discharge their responsibilities
as directors. Committees should be
provided with sufficient resources to
undertake their duties.
The board should undertake a formal The chairman should act on the
and rigorous annual evaluation of results of the performance evaluation
its own performance and that of its by recognising the strengths and
committees and individual directors. addressing the weaknesses of the
board and, where appropriate,
proposing new members be appointed
to the board or seeking the resignation
of directors.
All directors should be submitted for All directors of FTSE 350 companies
re-election at regular intervals, subject should be subject to annual election
to continued satisfactory performance. by shareholders. All other directors
should be subject to election by
shareholders at the first annual general
meeting after their appointment, and
to re-election thereafter at intervals of
no more than three years.

Audit Framework and Regulation

Principle C – Accountability

Principles Main implications

The board should present a fair, The directors should explain in the
balanced and understandable annual report their responsibility
assessment of the company’s position for preparing the annual report and
and prospects. accounts, and state that they consider
the annual report and accounts,
taken as a whole, is fair, balanced
and understandable and provides the
information necessary for shareholders
to assess the company’s performance,
business model and strategy. There
should be a statement by the auditor
about their reporting responsibilities
The board is responsible for determining The board should, at least annually,
the nature and extent of the significant conduct a review of the effectiveness
risks it is willing to take in achieving its of the company’s risk management
strategic objectives. The board should and internal control systems and
maintain sound risk management and should report to shareholders that
internal control systems. they have done so
The board should establish formal The board should establish an audit
and transparent arrangements for committee of at least three, or, in
considering how they should apply the case of smaller companies, two,
the corporate reporting and risk independent non-executive directors.
management and internal control In smaller companies the company
principles and for maintaining an chairman may be a member of, but not
appropriate relationship with the chair, the committee in addition to the
company’s auditors. independent non-executive directors.
The board should satisfy itself that
at least one member of the audit
committee has recent and relevant
financial experience.
The responsibilities of the audit
committee are covered in a separate
section of this study manual.


Principle D – Remuneration

Principles Main implications

Levels of remuneration should be The performance-related elements of
sufficient to attract, retain and motivate executive directors’ remuneration should
directors of the quality required to run be stretching and designed to promote
the company successfully, but a company the long-term success of the company.
should avoid paying more than is Remuneration for non-executive directors
necessary for this purpose. should not include share options or other
A significant proportion of executive performance-related elements.
directors’ remuneration should be
structured so as to link rewards to
corporate and individual performance.
There should be a formal and transparent The board should establish a
procedure for developing policy on remuneration committee of at least three,
executive remuneration and for fixing or, in the case of smaller companies, two,
the remuneration packages of individual independent non-executive directors.
directors. No director should be involved In addition, the company chairman may
in deciding his or her own remuneration. also be a member of, but not chair, the
committee if he or she was considered
independent on appointment as chairman.

Principle E – Relations with shareholders

Principles Main implications

There should be a dialogue with The chairman should ensure that
shareholders based on the mutual the views of shareholders are
understanding of objectives. The communicated to the board as a whole.
board as a whole has responsibility for The chairman should discuss
ensuring that a satisfactory dialogue governance and strategy with major
with shareholders takes place. shareholders.
The board should use the AGM to At any general meeting, the company
communicate with investors and to should propose a separate resolution
encourage their participation. on each substantially separate issue,
and should in particular propose a
resolution at the AGM relating to the
report and Accounts.
The chairman should arrange for the
chairmen of the audit, remuneration
and nomination committees to be
available to answer questions at the
AGM and for all directors to attend.

Audit Framework and Regulation

EG Learning example 1.3

You are required to advise one of your clients of what they need to do in order to
improve their corporate governance, as they are planning a Stock Market listing and
have been advised they need to comply with the UK Code in full. At present, the
company’s board believe that they are not complying with anything, so are keen to
hear any advice. Suggest SIX things they should do in order to comply.

1.4 Audit committees

1.4.1 Functions of audit committees
Most corporate governance codes require the appointment of an audit committee.
As stated above, the UK Corporate Governance Code states that the board should
establish an audit committee of at least three, or, in the case of smaller companies,
two, independent non-executive directors.
The main role and responsibilities of the audit committee include:
• Making recommendations to the board, for it to put to the shareholders for their
approval in general meeting, in relation to the appointment, re-appointment and
removal of the external auditor and to approve the remuneration and terms of
engagement of the external auditor.
• Reviewing and monitoring the external auditor’s independence and objectivity
and the effectiveness of the audit process, taking into consideration relevant UK
professional and regulatory requirements. This will include liaising with external
auditors and to help the external auditors the external auditors might have
difficulty in obtaining the information and records they require.
• A review of the company’s internal controls and the company’s internal control
and risk management systems.
• Monitoring and reviewing the effectiveness of the company’s internal audit
function. Where there is no internal audit function, the audit committee should
consider annually whether there is a need for an internal audit function and
make a recommendation to the board. The reasons for the absence of such a
function should be explained in the relevant section of the annual report.
• FTSE 350 companies should put the external audit contract out to tender
at least every ten years. If the board does not accept the audit committee’s
recommendation, it should include in the annual report, a statement from the
audit committee explaining the recommendation and should set out reasons why
the board has taken a different position.
• Developing and implementing policies on the engagement of the external
auditor to supply non-audit services, taking into account relevant ethical
guidance regarding the provision of non-audit services by the external audit firm.
• Where requested by the board, the audit committee should provide advice on
whether the annual report and accounts, taken as a whole, is fair, balanced and
understandable and provides the information necessary for shareholders to
assess the company’s performance, business model and strategy.


• The audit committee should review arrangements by which staff of the company
may, in confidence, raise concerns about financial reporting or other matters
(this is called whistleblowing). The audit committee’s objective should be to
ensure that arrangements are in place for the independent investigation of such
matters and for appropriate follow-up action.

G Learn

IE Illustrative example 1.3

At Delta Company, there is currently no audit committee. When the internal auditors
found weaknesses in the control systems and evidence that fraud was taking place
they reported it to the Board of Directors, but several weeks have passed and
nothing seems to be happening.
The likely reason for this is that the Board, who run the company, are either
embarrassed at the criticism and so want to hide it away, or are committing the fraud
and are worried they will get caught!
Shortly after the report, the Board decides to cut back the internal audit department
making several staff redundant, including the person who authored the report
making criticisms. The smaller internal audit department finds it difficult to do proper
investigations, and fails to discover any further problems in the company as a result.
It might be the case that nothing is wrong here, but the situation suggests that the
internal audit function has been unable to get a problem solved because they were
reporting direct to those causing the problem!
In such cases, it seems obvious that the internal audit department should be under the
control of, and should report to, someone not in an executive position in the company
– hence the need for an audit committee of independent non-executive directors.

1.4.2 Benefits of audit committees

• The audit committee assists the external auditors in obtaining the information
and evidence they need for their audit.
• External auditors will usually report on internal control matters to the audit
committee who can raise the matter at board meetings. If there is no audit
committee, internal control problems would be addressed to the finance director
– who has the prime responsibility for designing the system being criticised. The
finance director might attempt to suppress criticism.
• The audit committee can follow up the external auditor’s recommendations with
regard to internal control weaknesses.
• Directors have a duty under corporate governance codes to set up an
adequate system of internal control. Audit committees can help the company
meet these obligations.
• Better communication between external auditors and the board: at least one
member of the audit committee has recent and relevant financial experience.

Audit Framework and Regulation

• Provides in the internal audit department with greater independence compared

to reporting to the finance director.
• Increases confidence in the company’s financial controls and reporting mechanisms.
• Might be more likely to identify short-comings current external auditors’ work
and to recommend a change.

1.4.3 Limitations of audit committees

• Additional costs: Non-executive directors are paid for their attendances.
• Difficulty in finding members with the right expertise
• Care is needed in carefully setting terms of reference do that the duties of the
committee, the finance director and the main board are clear.
• Resentment and bad feeling on the part of executive directors over the power of
audit committee members and a feeling of being undermined.

1.5 Internal control and risk management

1.5.1 The need for risk management
It is a requirement of the UK Corporate Governance Code that the board. The board
is responsible for determining the nature and extent of the significant risks it is
willing to take in achieving its strategic objectives. The board should maintain sound
risk management and internal control systems.
Note that it is not the responsibility of the board to eliminate risk: the pursuit of
profit is inseparable from taking on risk. Organisations must attain an acceptable
balance between risk and return – however, to get that balance, organisations must
have reliable information and control structures in place.
Good risk management will:
• Produce more predictable cash flows
• Limit the impact of disaster
• Produce greater confidence amongst investors, employees, customers, suppliers
and partners.
• Will ensure a better match to risk the appetite of shareholders. Some investors
will be interested in companies that are low risk (and probably low return). Other
investors will be seeking more exciting investments and the hope of greater returns.
Risks can arise from many sources, such as:
• The impact of new technology
• Changing competition
• Changes in interest rates or exchange rates
• Fraud
• Regulations – where transgression could result in penalties or removal of
trading licences.


If directors are offering proper stewardship of the company assets and are acting
properly as agents of the shareholders it is essential that they monitor and manage
risks. The choices available when monitoring risks are:
• Terminate the risk. This means that the risky activity is completely avoided
• Treat the risk. This means reducing the risk to acceptable levels.
• Transfer the risk. For example, have the risky activity carried on by a sub-
contractor or take out insurance.
• Tolerate the risk. A judgement is made that the risk is worth taking on, for the
rewards that might arise.

G Learn
It is essential for proper management that whatever decisions management takes
about the company’s operations and how to treat risks are properly implemented
and monitored. This is where internal control comes in.

1.5.2 Role of internal control in risk management

Internal control is the system designed to provide reasonable assurance regarding
the achievement of objectives in effectiveness and efficiency of operations, reliability
of financial reporting, and compliance with applicable laws and regulations.
Internal control therefore has a key role in the management of risks that are
significant to the fulfilment of its business objectives. A sound system of internal
control contributes to safeguarding the shareholders' investment and the company's
assets, including the prevention and detection of fraud.
Effective financial controls, including the maintenance of proper accounting records,
are an important element of internal control. They help ensure that the company is
not unnecessarily exposed to avoidable financial risks and that financial information
used within the business and for publication is reliable.
The internal control system has to evolve as a company’s operations and its
environment change. A sound system of internal control therefore depends on a
thorough and regular evaluation of the nature and extent of the risks to which the
company is exposed.
Note that it is the directors of the company, not the auditors, who are responsible
for risk management and the system of internal control. As part of their audit the
auditors will assess the internal control system (including an assessment of the
company’s risk assessment procedures) and will plan their audit accordingly. They are
required to point out where they there is a deficiency in internal control, but the final
responsibility for risk management and internal control lies with management.

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

Audit Framework and Regulation

Learning example solutions

EG Solution 1.1

Subject matter Financial statements

Responsible party Directors
Assurance provider External auditors
Intended user Shareholders
Level of assurance provided Positive/Reasonable

EG Solution 1.2
Level of assurance
The forecast is based on assumptions of future income and expenses. Any
predictions of this nature are uncertain and involve a significant amount of
judgement. It would not be possible for the auditors to give a positive confirmation
that the information is free from error so the level of assurance provided by this
report would be negative.
How it differs to statutory audit
The level of assurance given by a statutory audit report is positive (or reasonable)
assurance. This is a high level of assurance.
Why it differs
The statutory audit is based on the historic information in the financial statements.
The auditors will be able to collect sufficient evidence to prove whether or not this
information is correct and thereby give a high level of assurance. The review on the
other hand, is based upon assumptions of the future for which evidence is not yet
available. The level of assurance provided in this case must naturally be lower.
In addition, during a statutory audit a lot of detailed testing is done on the financial
statements, whereas for the review the level of testing is likely to be much lower.
This difference in the amount of work performed will affect the level of assurance
given in each case.


EG Solution 1.3
There are numerous correct answers to this because the Code has a lot more
than six areas:
Board of Directors
• The Board must include both non-executives (NEDs) as well as executives, with at
least half the board being NEDs.
• The Board should have a range of diverse people, based on varying age, gender,
experience etc.
• The person running the Board (Chairman) should not be the same person
running the company (CEO), nor should they be related.
• The NEDs should elect a leader from amongst their number, who shall be called
the Senior Independent Director.
• The NEDs and Chairman should meet at least annually to discuss the
performance of the executives.
• The Board should have a regular appraisal of its performance carried out,
preferably by an external party.
Board committees
• The company should establish a remuneration committee, a nomination
committee and an audit committee, each of which should ideally have at least
three members all of whom are independent NEDs.
• Audit committee members should include at least one with recent, relevant
audit/financial experience.
Directors’ remuneration
• A significant proportion should be performance related.
• It should be enough to attract, retain and motivate without being unduly excessive.
• Detailed disclosures of each director’s pay are required in the annual report
of the company.
Risk management and control
• A formal system of risk management should be established and documented,
including the supporting control system.
• The systems should be evaluated at least annually.
• Ideally, an internal audit function should be set up.
Shareholder communication
• The Board should aim for proactive communication with shareholders and not
rely simply on an AGM.
• There should be EGMs for any important matters to ensure no undue delay.
• AGMs should be organised in a manner to encourage debate with shareholders.

Professional Ethics

It is vital that auditors are independent from their clients, so they need to comply
with relevant ethical guidelines. This chapter discusses the issues that may threaten
auditors’ independence and outlines the safeguards that audit firms can put in place
to ensure they remain independent from their clients.
Audit ethics and regulation is a vital part of the syllabus and will be highly likely to
feature in the exam.

1. Which of the two – rules or principles – would work better in the area of
ethics and why?

2. What is lowballing and why is it an ethical threat?

3. Can you describe intimidation threats and some of the safeguards against them?

Professional Ethics

2.1 Audit ethics and regulation

2.1.1 Ethics
Ethics is concerned with behaviour and trying to ensure that auditors act in a
professional manner and stay independent from their clients. It is crucial that
auditors both:
• follow the ethical guidelines; and
• are perceived to be following the ethical guidelines.
There is a subtle difference, which becomes evident when we consider one of the
most notorious accounting scandals of recent times.

IE Illustrative example 2.1

Everyone involved in the audit profession will remember the case of the US company
Enron and its auditors, Arthur Anderson. In 2001 directors of Enron were discovered
to be perpetrating a fraud so huge that that it bankrupted the company and lost
millions of dollars of investors’ money.
Shortly after the discovery of the fraud, Arthur Anderson was found guilty in the US
of obstruction of justice for shredding documents related to the Enron audit and was
forced to stop auditing public companies.
In 2005 the conviction was overturned by the US Supreme Court but by this point the
reputation of Anderson was already damaged beyond repair due to the perception
that they were in the wrong. They were unable to remain a viable business.

2.1.2 Rules vs principles

Ethics is a difficult area in which to try and impose prescriptive rules. Imagine we
impose a rule that says auditors cannot accept free lunches from clients as this may
pose a threat to independence. Does this mean that they can accept if they are offered
free flights to Barbados? The ethical dilemmas auditors face will all differ in their exact
detail so it would be unrealistic to create a set of rules that covers every eventuality.
We solve this problem by having ethical guidance rather than prescriptive rules. In
this case, the guidance may say that we can only accept modest gifts from clients and
must refuse all others. The guidance covers a multitude of potential scenarios but it
also relies on the auditors to act professionally and apply the guidance appropriately
when faced with difficult situations.

G Learn
2.1.3 Fundamental ethical principles
An International Code of Ethics has been developed by the International Federation
of Accountants (IFAC) with the aim of promoting consistency and providing countries
with a starting point for developing their own codes.


In the UK, the Auditing Practices Board (APB) has created a series of Ethical Standards
that are based upon the IFAC Code but tailored to the UK market. All UK Institutes,
including the ACCA, have adopted these standards. The IASB Conceptual Framework sets
out the concepts that underlie the preparation and presentation of financial statements.
The ACCA’s Code of Ethics and Conduct sets out five fundamental principles with
which its members must comply:

Professional All members of the ACCA should respect the laws and regulations
behaviour of the profession. They should never act in a manner that would
discredit their profession.
Integrity Integrity means being ‘straightforward and honest’ in
professional and business relationships; fair dealing and
truthfulness; not being associated with information that contains
materially false or misleading statements or information
furnished recklessly. Hence this principle requires members to
act in a straightforward and honest manner in all their business
and professional relationships.
Professional Members have a duty to maintain their professional knowledge
competence and skills. They should act in accordance with applicable
and due care technical and professional standards when providing professional
services. Due care is the conduct that a reasonable man or
woman will exercise in a particular situation, in looking out for
the safety of others. If one uses due care then an injured party
cannot prove negligence.
Confidentiality Confidentiality is defined as a situation in which information
must be kept secret and private. Members should respect
the confidentiality of their clients and not disclose any client
information to third parties unless they have a legal or
professional right or duty to disclose.
Objectivity Objectivity is not being influenced by personal feelings or
opinions in considering and representing facts. The users of
assurance reports need to be confident that the assurance
provider's opinion can be relied upon. If the assurance provider
is linked to the client in some way there is a risk that the opinion
may be biased. It is therefore essential that assurance providers
are independent of their clients so that they can provide an
objective, unbiased opinion.

G Learn

Professional Ethics

EG Learning example 2.1

Your firm has recently been discussing how to become more efficient in a drive
to improve profitability. It has been suggested that audits are taking too long and
that therefore all audits should be required to finish in 20% fewer hours than in the
previous year, to demonstrate that the staff are learning from their experiences each
time. Further, it has been suggested that the firm should never reject a client request
for work, because the staff and partners are intelligent people and are therefore
capable of doing any piece of work offered to them.
What ethical threats are caused by these suggestions?

2.2 Ethical threats

Throughout the course of their work, assurance providers may encounter a wide
range of circumstances affecting their ability to comply with the ACCA's Code of
Ethics. We call these ethical threats and they generally fall into six distinct categories:
• self-interest threat;
• self-review threat;
• familiarity threats;
• advocacy threats;
• intimidation threats;
• management threats.
Before accepting clients, auditors must assess any ethical threats and either put in
place measures to mitigate the threats (safeguards) or reject the appointment.
We should note however that identification of ethical threats is not just something
takes place before accepting a client. Auditors must be continually aware that new
threats that may arise during the course of their work and if appropriate safeguards
cannot be put in place to mitigate these threats, they may need to consider resigning
from the engagement.
The different types of threats and the appropriate safeguards are as follows.

2.2.1 Self-interest threats

Self-interest threats arise when the auditors put their own interests above those of
the client or shareholders.


IE Illustrative example 2.2

Imagine you own a number of shares in your listed audit client. Shortly after the
financial year-end you are doing the audit work and you discover a material error in
the financial statements. You ask the directors to correct the error but they refuse. You
know that, as a result, you should qualify the audit opinion in respect of these financial
statements but you are concerned that this will affect stock market confidence in your
client and subsequently the value of the shares that you own may fall.
Do you qualify the audit opinion? If you don't, you have put your own personal
interests above those of the shareholders who need to know that the financial
statements are materially misstated.
Self-interest threats can also arise when:
• Auditors receive excessive gifts or hospitality from a client.
The risk here is that auditors ignore errors in the financial statements so as not
to upset the client as this may lead to the gifts/hospitality being withdrawn.
• Auditors receive a large proportion of their fees from one client.
Auditors may ignore errors in the financial statements for fear of losing the client
and the associated income.
• Auditors have personal or business relationships with a client
If the auditor has a personal or business relationship with then they may
ignore problems with the client's financial statements in order to protect this
• Audit fees are agreed on a contingent basis
Contingent fees are fees that are dependent on the outcome of the work
performed. If audit fees are calculated on this basis, the auditors may be
tempted to give an opinion that the directors want, rather than the correct
opinion, so as to receive these fees.
• Auditors and clients lend each other money
This relationship is almost certain to threaten an auditor's independence and
objectivity. If the client owes the auditor money, the auditor may not want
to risk upsetting them with a qualified opinion in case this leads to the client
defaulting on the debt.
Note that in a situation where there are overdue fees, the auditor runs the risk,
in effect, of making a loan to a client.

Professional Ethics

• Auditors set their fees at an unrealistically low level in order to secure work
(also known as lowballing)
By setting audit fees at an unrealistically low level in order to win other more
lucrative work such as tax advice, auditors risk not being able to resource the
audit properly. This could be perceived as negligence.

G Learn
Safeguards against self-interest threats
Financial interests (eg owning shares in a client)
The ACCA does not allow any of following parties to own a direct financial interest in
a client or a material indirect financial interest in a client (eg by investing in a pension
scheme that invests in the client's shares):
• The audit firm;
• A member of the audit team;
• The immediate family of a member of the audit team.
The following safeguards should be put in place:
• Dispose of any interest as soon as it is identified;
• Remove the individual from the audit team if necessary;
• Inform the client of the situation;
• Use an independent partner to review any work already carried out.
Gifts and hospitality
Gifts and hospitality should not be accepted unless the value is clearly insignificant.
High proportion of fees from one client
Audit firms should avoid having any one client that makes up a significant proportion
of their fee income

Any clients Gross recurring fees a single non-listed client should not
be > 15% of audit firm's total income. When these fees
reach 10% the situation should be reviewed.

Close business or personal relationships

An auditor should not participate in a personal or business relationship with a
client. If an individual team member has such an interest they should be removed
from the audit team.
An audit partner should not accept a key management position at an audit client
until at least two years have elapsed since his/her involvement in the audit.
Contingent fees
Audit firms are not allowed to enter into any fee arrangement that is
contingent in nature.


Loans and overdue fees

Audit firms or team members should not enter into any loan relationship with a client.
The only exception to this is where a loan is made to a member of an assurance team
by a bank or other lending institution. Providing this loan is on normal commercial
terms, this is not perceived to be a threat to independence.
Audit firms should guard against overdue fees and consider resigning when fees
remain unpaid.
If an audit engagement is accepted at a lower than average fee the audit firm must:
• demonstrate that appropriate staff and time are spent on the work;
• comply with the applicable professional and technical standards.

G Learn
2.2.2 Self-review threats
This threat arises when auditors perform work/produce information for the client
that they end up reviewing themselves as part of an assurance engagement.

IE Illustrative example 2.3

Imagine you are asked by a client to help with the preparation of the corporation tax
figure in financial statements. You are happy to help and then the next week you are
back at the client auditing the financial statements that contain the tax figure you
have calculated. How likely are you to find errors in your own calculation? Are you
likely to be objective?
Self-review threats arise when auditors:
• give advice on accounting or control systems and then audit them (eg by
performing internal audit services for the client);
• prepare financial information or assist with calculations then audit this information;
• provide services for the client eg tax, valuation, corporate finance, and then
review this work as part of the audit;
• join the audit team after working for the client.

G Learn
Safeguards against self-review threats
Provision of services other than audit
Providing a client with services other than audit is a highly controversial issue.
In most cases it is fine to provide other services so long as independence and
objectivity are not affected.

Professional Ethics

Safeguards should be put in place:

• the team that performs the audit should be composed of entirely different
members to the one that performs the other service;
• an independent second partner review on all work performed;
• refuse the other service if audit objectivity is threatened.
There are however some notable exceptions in terms of the provision of other services:
• Auditors should not prepare the accounts or financial statements for a listed or
public interest client;
• Audit firms should not carry out valuations on balances which may be material or
subjective to the financial statements;
• Audit firms should not be involved in the design or implementation of an IT system
for the client where that IT system is an integral part of the accounting function.

G Learn
Client employee joins audit team
If, in the previous two years, an individual has been a director of the client or
involved in any way with the information being audited they should not be assigned
to the audit team.

2.2.3 Familiarity threats

Familiarity threats arise when the auditors develop a close relationship with the client
and as a result become too sympathetic to their interests or too trusting of their work.

IE Illustrative example 2.4

You met Bob, the finance director of your client, almost 10 years ago when you first
accepted appointment as auditor. You and Bob have become good friends over this
time. So much so, you often play golf together at weekends and you regularly meet
up for dinner along with your respective partners.
Every year as part of your audit procedures you should assess the internal controls in
Bob's business. You have been auditing Bob's company for 10 years so perhaps you
can rely on your previous assessment and reduce the amount of work you do this
year? They were OK in previous years so nothing is likely to have changed, has it? And
if you do find a problem, do you really want to tell your friend who was responsible
for designing and implementing them?
Examples of familiarity threats are:
• the auditor audits a company where friends or relatives work;
• the auditor has been auditing the company for many years;
• there are people working at the client who recently worked for the audit form.

G Learn


Safeguards against familiarity threats

The ACCA sets out some specific safeguards to help to mitigate familiarity threats:
• no member of the audit team should have a close personal or business
relationship with the client.
• also for listed clients:
– the engagement partner should act for no longer than five consecutive years.
They should not return to this role until a further five years have elapsed;
– other key audit partners should act for no longer than seven consecutive years.
They should not return to the role until a further two years have elapsed;
– the person responsible for quality control review on the audit engagement
should act for no longer than seven years. They should not return to the role
until a further two years have elapsed.
• an audit partner should not accept a key management position at an audit client
until at least two years have elapsed since his/her involvement in the audit.

G Learn
2.2.4 Advocacy threats
The advocacy threat arises when auditors fail to take a balanced view on their clients
affairs and are perceived to be either 'taking their client’s side' or are biased against
their client.

IE Illustrative example 2.5

You have been auditing a client for two years and over this time have noticed that their
health and safety procedures are not entirely adequate. During this year's audit one of
your team members in injured while observing the stock-take and you take the client
to court to seek damages, as you believe that they are to blame. Will you find it easy to
remain objective when you come to giving an opinion on the financial statements?
Examples of advocacy threats include:
• Representing an audit client in a legal case or tax enquiry;
• Taking legal action against a client or being sued by a client.

G Learn
Safeguards against advocacy threats
Auditors should withdraw from the engagement if they are involved in serious
litigation with their client. It is highly likely that the client has removed them as
auditors by this point anyway!

G Learn

Professional Ethics

2.2.5 Intimidation threats

This threat is caused by a client being in a position to put pressure on an auditor
to prevent them acting objectively. This could arise from family and personal
relationships, litigation or close business relationships. As a result, the intimidation
threat is very closely related to the self-interest and the advocacy threat so the
safeguards are the same.

G Learn
2.2.6 Management threats
As we have heard repeatedly, auditors should be independent of their clients. They
should under no circumstances agree to provide services that result in them either:
• acting as management of the client; or
• making management decisions for the client.
If they take on management functions, their independence is threatened.

G Learn
Safeguards against management threats
Auditors should ensure that the client accepts responsibility for all management
decisions, even where the audit firm provides a lot of advice.
When taking on additional work for clients, auditors should ensure that they act in
an advisory capacity only and do not make decisions and perform work that is the
responsibility of the company's management.

G Learn

EG Learning example 2.2

You are one of the partners at the audit firm Miles & Co Chartered Accountants and
number of situations have arisen amongst your clients. Miles & Co is a small firm with
two partners operating from an office based in London.
For each scenario below explain the ethical threats in each case and state which
safeguards are necessary if your firm is to continue with its appointment.


• Your brother has just been appointed finance director at your client Jermain Ltd.
• The finance director of Pebbles Beach Wear Ltd has broken his leg playing
football and will be unable to work for six weeks. The financial year-end is next
week and the managing director has asked if the audit team manager will help to
prepare the corporation tax calculations.
• In recent years, Bingo UK Ltd has relied on your help to draft their financial
statements. Appropriate safeguards have always been put in place to mitigate
the self-review threat such as separate teams preparing and auditing and
independent review of the files by the second partner in the office. In the last
few years, Bingo has grown in popularity and as a result Bingo UK has expanded
rapidly. They are aiming to list on the AIM within the next six months.

2.3 Confidentiality
Generally auditors should never share client information with third parties. There
are, however, a small number of situations where auditors may have a legal duty or a
right to disclose client information.
Legal duty to disclose
Information must be disclosed if:
• the client is suspected of money laundering;
• the client is suspected of terrorism;
• the client is suspected of treason;
• the ACCA are investigating the auditors’ work;
• a court order is obtained requiring the auditors to disclose.

G Learn
Right to disclose
The auditor may decide to disclose information if:
• the client gives permission;
• the auditor feels that it is in the public interest to do so.

G Learn
2.4 Conflicts of interest
Auditors must be seen to act in the best interest of their clients at all times. Problems
often arise when auditors act for two companies who are in direct competition
with each other and particularly when the auditors have access to confidential
information about these clients.

Professional Ethics

2.4.1 Dealing with conflicts of interest

Before accepting any new appointment auditors must be aware of any potential
conflicts of interest.
• If a situation arises where auditors may be acting for direct competitors, all
clients involved should be informed and give consent for the auditors to
continue to act.
• If consent is received, auditors should put measures in place to ensure that client
information is kept confidential. This may involve measures such as:
– each client is serviced by different audit teams headed by different partners,
so the teams are kept physically separated;
– strict procedures for monitoring confidentiality are put in place – including
appointment of an independent partner to oversee the process;
– strict security over the files of each client;
– independent review of all audit files before the audit reports are signed. You
may often see these measures referred to as 'Chinese Walls'.
• If no suitable measures can be put in place or if clients refuse to consent,
declining the appointment (or resigning from an existing one) may be the only
sensible way forward.

G Learn

IE Illustrative example 2.6

You are the auditor of Kate’s Catering Company (KCC), who supply food to several
hotels in your country. One of these hotels, The Barchester, is threatening legal
action against KCC after some of their guests complained about food poisoning
and sued the hotel. Now let’s imagine that The Barchester approaches your firm to
become their auditor.
As the current auditor of KCC, some staff of your firm will know things about the
company that might be relevant to the hotel’s legal case – for example, previous
problems with food hygiene. Also, the audit team of KCC would know about the
claim and would have discussed with KCC management whether they plan to fight
it, or settle out of court. Clearly all of this information would be very valuable to the
management of The Barchester hotel.
In theory, your firm could accept the hotel audit – but clearly any staff with
knowledge of KCC should not be involved in the hotel audit and should be told not
to talk about KCC with the hotel’s audit team members. Better still, if your firm
has several offices then get an audit team from another office to audit the hotel
(which would also mean that audit working papers for the 2 clients would be kept
clearly apart). However, given the difficult legal situation and dangers of confidential


information being transferred by audit staff, both companies should be made aware
of this situation before your firm accepts the hotel audit, as either/both might not
want this conflict to arise. It might be best to decline the hotel audit, at least until the
legal issues are resolved.

Æ Key Learning Points

• There are five fundamental ethical principles that auditors/accountants must
follow – professional behaviour, integrity, confidentiality, competence and due
care, and objectivity. (A4a)
• It is essential that auditors are objective, and are perceived to be objective, so
that their opinion is more likely to be correct and shareholders are more likely to
trust the opinion is correct. (A4b)
• Auditors must identify threats to their objectivity (self-review, self-interest etc) and
then try to reduce these threats to an acceptable level using safeguards. (A4b, A4c)
• Conflicts of interest between two clients are best avoided completely, but if they
arise it may be possible to reduce the problems caused by using two separate
teams of staff, subject to both clients agreeing to this. (A4d)
• Client information should be kept confidential unless the law forces disclosure
(eg suspicions of money laundering or terrorism), or the auditor believes that
disclosure is in the best interests of society. (A4d)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

Professional Ethics

Learning example solutions

EG Solution 2.1
If all audits are required to be done 20% faster than the prior year, irrespective of the
level of audit risk, there is a strong chance that some audits will not have enough time to
collect sufficient appropriate evidence to respond to the assessed risks. This represents
a lack of due care in that insufficient time is being taken to do the audit properly.
Never rejecting a client request for work is a risk to the competence of the audit
firm, as they are at risk of taking on an assignment which they do not have the skills
or experience (or perhaps the resources) to audit properly.
Note that both of the above suggestions are putting the firm at risk of doing the work
wrong (eg on an audit, forming the wrong audit opinion) and this will threaten the
reputation of the firm.
Also, agreeing to all work requests from clients could lead to objectivity threats
being created. For example, if an audit client asks for its financial statements to be
prepared in addition to the audit, a clear self-review threat arises to the objectivity
of the audit team who would be checking the work of their own colleagues. As such,
it is not appropriate to simply accept every piece of work – numerous checks and
issues must be considered before acceptance can take place.

EG Solution 2.2
Jermain Ltd
Ethical threats
The audit partner of Miles & Co will have a close personal relationship with
the finance director of Jermain (his brother) so therefore his objectivity and
independence will be threatened.
If the audit partner comes across material errors in the financial statements he may be
reluctant to issue a qualified opinion as this may affect his relationship with his brother.
Even if the partner and his brother do not have a close relationship the perception
that they are close may still exist amongst outsiders.
The only acceptable safeguard in this situation is for Miles & Co to resign as auditors
of Jermain Ltd.
Pebbles Beach Wear Ltd
Ethical threats
If the audit team manager helps the client to prepare its tax figure he will end up
auditing this figure and therefore the self-review threat exists.


There is the risk that the team manager does not spot (or ignores) the errors in
his own work.
We could also suggest that the management threat exists here. Ultimately, the
directors are responsible for the numbers in the financial statements so the auditors
are taking on a management role if they carry out this task for them.
In order to mitigate the self-review threat another member of Miles & Co staff who is
not involved in the audit should help with the tax figures. The second partner should
review the audit work on the tax figures.
To mitigate the management threat we should ensure that the client accepts final
responsibility for the numbers in the financial statements.
If we decide that the self-review and management threat is too great, even with the
safeguards in place then we should politely decline the tax work.
Bingo UK Ltd
Ethical threats
With Bingo UK expanding so rapidly, and Miles & Co we will have to consider whether
or not they still have the resources as a firm to perform their audit competently.
Both preparing and auditing the financial statements gives rise to the self-review
threat and although we have safeguards in place to mitigate this, once Bingo UK
becomes listed, we will not be able to perform this function anymore.
Also, when Bingo lists, the maximum fee we can receive from them will fall from 15%
to 10% of our firm’s total income. We are therefore at risk of breaching the fee limit
and which may be perceived as a threat to our independence.
Miles & Co will need to show that they have the necessary resources to service a
larger client.
Once Bingo lists, Miles & Co will need to politely refuse to prepare the
financial statements.
Miles & Co should regularly review their fees from clients to ensure that they do not
breach the limits set by the ACCA’s Code of Conduct. If Bingo’s listing results in the
fee limit being breached they may need to consider resigning as auditors.

Pre-acceptance, Planning
and Risk Assessment

Any project that is not planned effectively risks going wrong at some point. The
worst possible outcome for the auditors would be to give the wrong opinion on
the financial statements and to be subsequently sued by the shareholders. After
accepting appointment, all auditors will plan the audit work. Effective planning
ensures that the audit work is properly organised and managed, that the right people
are assigned to the job and, most importantly, areas of audit risk are identified and
dealt with. Throughout the entire audit, the audit firm will also ensure that audit
quality standards are adhered to. Audit risks are identified by auditors through
careful consideration of all aspects of the clients’ business and through the use of
analytical procedures.
Identifying audit risks for a client is a popular requirement in the exam.

1. What is professional scepticism?


2. What is audit risk and when does it occur?

3. Why should the audit process be documented?

Pre-acceptance, Planning and Risk Assessment

3.1 Audit objectives

3.1.1 ISA 200 overall objectives of the audit
In Chapter 1, we were introduced to the basic concept of audit of financial
statements. ISA 200 provides auditors with formal guidance for understanding the
purpose and scope of an audit.
The overall objectives of an audit of financial statements are:
1. To obtain reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or error,
thereby enabling the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework; and
2. To report on the financial statements, and communicate as required by the ISAs,
in accordance with the auditor’s findings.

G Learn
In all cases when reasonable assurance cannot be obtained and a qualified opinion
in the auditor’s report is insufficient in the circumstances for purposes of reporting
to the intended users of the financial statements, the ISAs require that the auditor
disclaim an opinion or withdraw (or resign) from the engagement, where withdrawal
is possible under applicable law or regulation.
ISA 200 also sets out the basic requirements for auditors.

3.1.2 Ethical requirements relating to an audit of financial

The auditor shall comply with relevant ethical requirements, including those
pertaining to independence, relating to financial statement audit engagements.

Professional scepticism
The auditor shall plan and perform an audit with professional scepticism,
recognising that circumstances may exist that cause the financial statements to be
materially misstated.
A sceptical attitude means having doubt as to the truth of something. It does not
mean automatically believing that whatever you are told is untrue. It is closer to
saying that without evidence you do not know whether something is true or not. It
means having an open and enquiring mind.
Professional scepticism is an outlook that auditors are required to bring to their
work. ISA 200 requires the auditor shall plan and perform an audit with professional
scepticism recognising that circumstances may exist that cause the financial
statements to be materially misstated.


Auditors do not approach their audits on the assumption that directors and client
staff deliberately set out to mislead, but auditors are aware of human frailty, and in
particular that:
• Errors can be made.
• Optimism or pessimism can affect asset values and estimates of a business’s
future health.
• People might lack sufficient understanding to deal with accounting issues.
• People might give an ill-considered, incorrect answer because they are under
time pressure.
• People are sometimes devious and dishonest.
Seeking additional and corroborating evidence is the key to professional scepticism.
ISA 200 states that auditors must be alert to, for example:
• Audit evidence that contradicts other audit evidence obtained.
• Information that brings into question the reliability of documents and responses
to inquiries to be used as audit evidence.
• Conditions that may indicate possible fraud.
• Circumstances that suggest the need for audit procedures in addition to those
required by the ISAs.
Maintaining professional scepticism throughout the audit is necessary if the auditor
is, for example, to reduce the risks of:
• Overlooking unusual circumstances.
• Over generalising when drawing conclusions from audit observations.
• Using inappropriate assumptions in determining the nature, timing and extent of
the audit procedures and evaluating the results thereof.

Professional judgement
The auditor shall exercise professional judgement in planning and performing an
audit of financial statements.

Sufficient appropriate audit evidence and audit risk

To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit
evidence to reduce audit risk to an acceptably low level and thereby enable the
auditor to draw reasonable conclusions on which to base the auditor’s opinion.

P Principle
Ethical requirements relating to audit

3.1.3 Conduct of an audit in accordance with ISAs

• The auditor shall comply with all ISAs relevant to the audit. An ISA is relevant to the
audit when the ISA is in effect and the circumstances addressed by the ISA exist.

Pre-acceptance, Planning and Risk Assessment

• The auditor shall have an understanding of the entire text of an ISA, including its
application and other explanatory material, to understand its objectives and to
apply its requirements properly.
• The auditor shall not represent compliance with ISAs in the auditor’s report
unless the auditor has complied with the requirements of this ISA and all other
ISAs relevant to the audit.
• The International Standards on Auditing (UK and Ireland) are based on the
International Standards on Auditing (of the same titles that have been issued
by the International Auditing and Assurance Standards Board (IAASB). The
Financial Reporting Council requires these standards to be applied to the
conduct of UK audits.

3.2 Quality control

Given the importance of the work done by accountants and auditors, and the
reputational damage to both the firm and the profession that can be caused by
negligence, it is clear that quality control is extremely important.
Quality control procedures are the internal controls implemented by firms of
auditors and accountants to ensure that they produce high quality work. It is
important to understand that there should be strong quality control procedures that
cover the firm as a whole (its overall quality control environment) and strong quality
control procedures over each individual piece of work.

3.2.1 Quality control within the firm as a whole

Quality control in the context of an assurance assignment means applying the
standard ISQC1 (International Standard on Quality Control 1) to the engagement.
Quality control for audit assignments is covered in ISA 220 Quality Control for an
Audit of Financial Statements.
This section focuses primarily on ISA 220 with additional detail from ISQC1 as necessary.
ISQC1 is also relevant to other assurance engagements and is mentioned again in this
context in Chapter 9. The assurance provisions of ISQC1 are summarised below.
At the overall level of the firm, several things can be done to ensure a strong quality
control environment:
• Appoint a quality control partner, to ensure quality is considered at the
highest level.
• Have documented processes for staff to follow.
• Ensure all staff are trained in these processes.
• Have strict recruitment policies to recruit the best people.
• Ensure appraisal processes recognise quality (and the lack of it).
• Ensure overall environment is one where quality is rewarded, and poor
quality is punished.
• Ensure careful selection of assignment teams, based on skills, experience, overall
workload etc.
• Have a cold review process where a selection of completed assignments are
checked to help future work be performed better.


3.2.1 Quality control on each assignment

Several measures should be taken on each assignment to ensure quality:
• Pre-appointment checks should be carried out on all clients. Do we know their
industry, their business? Do we have the right resources and experience to carry
out the assignment?
• All work should be suitably:
– Directed: All team members should be briefed and informed of their
responsibilities, the risks, and the timetable.
– Supervised: More senior members of the audit team should keep track of
the work of more junior members to ensure they are doing the right thing
and meeting deadlines
– Reviewed: Review responsibilities should be allocated so that, the work of a
team member is reviewed by someone more senior.
• There should be suitable consultation with others, where matters are unclear.
• There should be a hot review (before the work is finished) of any assignment
where the audit risk is higher.
• Careful thought should go into deciding which member of the team should
perform and review each task, and the best time for that task to be performed.
Work should be delegated based upon skills and experience.
• All work to be suitably planned and documented.
• There should be careful procedures on acceptance/continuance of client

3.3 Quality assurance in any assurance engagement

Assurance and review engagements need to be carried out to an appropriate
standard. This means that the assurance provider must have a quality control system
in place to ensure that standard is attained. International Standard on Quality
Control 1 (ISQC1) explains how an assurance firm can establish quality standards.
The standard has six main areas where quality needs to be established, which are
summarised below.
Firm leadership
The assurance firm must be led by professionals who understand the need for
quality, including the whole of ISQC1, and be able to impress on all other staff
the need for quality in every assurance engagement. These senior staff promote
a culture of quality by following this standard themselves and also by providing
appropriate training for all staff.
Human resources
Care is taken in the recruitment of staff. Members of the assurance firm are selected
not only because they have the ability to carry out the work but also because they
have a commitment to ethical principles.

Pre-acceptance, Planning and Risk Assessment

Engagement performance
All assurance engagements are monitored to ensure they are carried out to a high
standard. Included in the firm’s overall quality control systems will be:
• Direction of staff to work on specific tasks
• Supervision of all staff to ensure quality is maintained and work is
performed correctly
• Review of all work produced, including hot reviews while the engagement is in
progress and cold reviews after completion.
Assurance staff will follow an appropriate code of professional ethics at all times.
For example, the ACCA Code of Ethics and Conduct. The engagement partner will
monitor compliance by observing staff and reviewing work and where necessary
enforce ethical standards.
Client relationships
The engagement partner will ensure there are no ethical or other reasons for not
providing assurance services at the start of an engagement. If this situation changes
during provision of service then the assurance firm may consider withdrawing from
the engagement if the threat cannot be decreased to an acceptable level.
Quality control is monitored on an ongoing basis. The assurance firm’s quality
standards will be reviewed as necessary and updated where new or amended quality
control procedures are required.

G Learn

IE Illustrative example 3.1

An audit firm has a relatively small client and the audit team comprises just 1 trainee
with 3 months’ experience, and an audit senior in her 4th year at the firm. They are both
to work at the client’s premises, reporting back to an audit manager in the audit firm’s
office. Both staff are texted the client’s address late on Friday night, and told to go there
for day 1 of the audit on the following Monday, taking last year’s audit files with them.
The manager tells them to get started, as he has not yet finished writing the audit plan
for this year, and will have to email it to them at the client on Monday or Tuesday.
On Monday morning the trainee arrives at the client, but receives a text from
the audit senior that she is sick. The trainee has the previous year audit files, so
decides to get started by repeating the work done the prior year, but on this year’s
It should be very obvious that the above scenario looks bad – but how to explain that
in an exam answer? The key is to take the scenario bit by bit, and try to use quality
control terminology to explain the issues.


The audit team only has two people, but if the client is small that might be enough.
The senior should have enough experience to look after the trainee.
However, these two staff should have had a formal planning meeting with the
manager before the audit started, to brief them on key audit risks. The audit plan
should be ready and agreed by the audit partner before any work starts, so the
manager has failed to do their job (and the partner has failed in supervising the
manager in this respect). The best solution is to delay the start of the audit until the
manager has concluded the plan and the planning meeting has taken place.
Taking last year’s audit files makes some sense, as there may well be issues carried
forward to this year. But it is dangerous, because audit staff are at risk of simply
repeating prior year audit tests irrespective of whether they remain relevant. This is
especially true given the lack of this year’s audit plan, and made more likely by the
non-appearance of the audit senior.
When the senior calls in sick, the trainee should contact the manager and probably
return to the audit firm’s office. There is nobody (and no plan) to direct the trainee,
and nobody to supervise and review their work. The trainee is not capable of making
decisions about what audit work to do.
The senior is at fault because they should be telling the manager they are sick, not
the trainee, so the manager can decide what to do next. The trainee is at fault for
deciding to start the audit alone. But in both cases one could argue the manager is
at fault for failing to control the start of the audit, and the firm is at fault for failing
to train the senior and trainee well enough to know the correct procedures in this
situation, and for recruiting a manager who thinks it is OK to start an audit like this.
In conclusion, the above illustrates a lack of training, documented planning,
supervision, and direction of staff – all of which are essential for good quality control.

Pre-acceptance, Planning and Risk Assessment

IE Illustrative example 3.2

Small audit and accountancy firms face many problems with regard to implementing
quality control procedures and then deciding how they overcome these problems.
A list of these problems is given below along with examples of how those problems
can be overcome.
• Smaller firms may have less cash to spend detailed recruitment procedures.
• Audit teams are likely to be smaller, so there is less scope for review and delegation.
• Due to smaller staff numbers, they may lack skills and experience in certain
specialist areas.
• There are fewer partners to carry out independent hot and cold reviews.
• They may be fewer resources to invest in training and development of
audit methodology.
• Pair up with other small firms for things like training courses.
• Share skills and experience with other small firms.
• Allow other firms to carry out cold reviews of audit files.

3.4 Audit planning

3.4.1 Why plan?
Unless you are very fortunate, any task that is not planned properly will probably go
wrong! It could take too long, not address the key risks, or go over budget.

3.4.2 ISA 300 Planning an Audit of Financial Statements

It is a key requirement of ISA 300 that all audits are planned properly. Planning helps
the auditor to:
• Devote appropriate attention to important areas of the audit.
• Identify and resolve potential problems on a timely basis.
• Properly organise and manage the audit engagement so that it is performed in
an effective and efficient manner.
• Identify audit risks
• Select engagement team members with appropriate levels of capabilities and
competence to respond to anticipated risks, and the proper assignment of
work to them.
• Direct and supervise engagement team members and to review their work.
• Coordinate the work done by auditors of components and experts.

G Learn
Note that planning is not a discrete phase of the audit but is a continual process that
starts at the end of the previous audit and continues until the end of the current audit.


Audit planning involves setting an audit strategy and, following on from this, a
detailed audit plan.

3.4.3 Audit strategy

For each audit client, an appropriate strategy needs to be considered. The strategy
covers the scope, timing and direction of the audit. More specifically it will:
• Identify the characteristics of the engagement that define its scope. For example,
the client’s activities (and any changes to these activities since the previous year);
• Ascertain the reporting objectives of the engagement (such as key reporting
dates) to plan the timing of the audit and the nature of the communications
required (for example, the reporting framework);
• Consider the factors that, in the auditor’s professional judgement, are significant
in directing the engagement team’s efforts. For example, initial assessments of
materiality and identification of risk areas;
• Consider the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by the
engagement partner for the entity is relevant;
• Ascertain the nature, timing and extent of resources necessary to perform
the engagement.

G Learn
For example, fraud and misstatements will have an effect on the audit strategy and
extent of audit work. If there have been frauds in the past eg someone taking cash
that customers have paid, not recording the receipt but taking the money, that
reduces confidence in the accounts presented. Fraud leads to misstatement, though
these can also from errors. Misstatements are where the amounts in the financial
statements don’t match to what they should be, say per the appropriate financial
reporting framework. If there have been past misstatements, through fraud or error,
this affects the audit strategy and the extent of the audit work needed. The higher
the number of size of misstatements the more audit work needed.

3.4.4 Detailed audit plan

The audit plan is derived from the audit strategy. For example, once risk areas have
been identified in the strategy the plan will set out how those risks are to be dealt
with. If a reporting deadline is very short, then the audit firm will have to plan to
draft in a high number of staff for part of the audit.
The plan can be can be thought of as answering the questions:
• Who will perform the audit?
• When will the audit be carried out?
• What audit procedures will be used for different elements of the
financial statements?
• How much work is needed? For example, does every business location need an
auditor attending the stock-take?
• Where will the audit be done? (ie which branches, factories to visit)?

Pre-acceptance, Planning and Risk Assessment

• Will internal audit and third party experts be involved?

It is much more detailed than the strategy and includes a set of instructions to the
audit team that set out many of the audit procedures. It is likely to include:
• A more detailed description of the client including:
– economic factors and industry conditions;
– financial performance;
– key changes in the business.
• A description of key accounting policies and internal control systems (including
consideration of client’s own internal audit department if applicable).
• A more detailed materiality assessment.
• Results of preliminary analytical procedures on the draft financial statements.
• Likely audit approach (controls or substantive) for each area of the
financial statements.
• Detailed description of the high risk areas and how these are to be dealt with.
• Specific audit testing issues eg.:
– whether or not experts will be needed;
– use of computer-assisted audit techniques (CAATS).
• Timing of specific procedures eg the stock-take.
• Details of staffing, a budget and a timetable. Audit budgets are very detailed,
typically telling the audit team how many hours to spend on receivables,
payables, sales and so on.

G Learn
3.5 ISA 315 Identifying and Assessing the Risks of Material Misstatement
Through Understanding the Entity and its Environment
It would be impossible to set the audit strategy, the detailed audit plan and assess
the potential audit risks without first ensuring that the auditors have sufficient
knowledge of the audit client. The ISAs make it clear that auditors need to obtain an
understanding of the audit client and its environment.
So, what do we need to know? Well, in short, everything – although the following
diagram gives us some examples:


Understanding the audit client


its environment

regulatory and Nature of the Financial
other external strategies and Internal control
risks performance

• The economy • Products and • Control • Key ratios and

• Competition services • New products and environment statistics
• Availability of • Customers services • Control activities • KPIs
finance and suppliers • Expansion plans • Monitoring of • Forecasts and
• Laws and • Location controls budgets
regulations • Group structure • Credit rating
• Financing • Trends
• Accounting policies
• Use of IT

EG Learning example 3.1

For the last three years, your audit firm has been auditing Lowkey Ltd, a company
specialising in event organisation. As part of the planning process, you are updating
your knowledge of the client and its environment. Generate ideas as to where you
will find the information you need.

3.6 Audit risk – The practical aspects

As we have seen, a hugely important part of the planning process is assessing audit risk.

Audit risk is the risk that the auditors give the wrong opinion on the financial statements.
This occurs if auditors sign off the financial statements as true and fair when in fact,
they are materially misstated in some way.

G Learn
This means that the auditors have failed to notice a material error in the numbers
or disclosures.

Pre-acceptance, Planning and Risk Assessment

3.6.1 The importance of risk assessment

During planning it is crucial that auditors try to identify the areas of the financial
statements that are at greatest risk of misstatement. This is important for the
following reasons:
• To ensure that attention is focused early on the areas most likely to cause
material misstatements.
• A thorough risk assessment will also help the auditor to fully understand the
entity, which is vital for an effective audit.
• Any unusual transactions or balances would also be identified early, so that these
could be addressed in a timely manner.
• Assessing risks will result in a more efficient audit. The team will only focus their
time and effort on key areas as opposed to balances or transactions that might
be immaterial or unlikely to contain errors.
• Assessing risk early also ensures that the most appropriate team is selected with
more experienced staff allocated to higher risk audits and high risk balances.
• A thorough risk analysis should ultimately reduce the risk of an inappropriate
audit opinion being given. The audit would have focused on the main risk areas
and hence all material misstatements should have been identified, resulting in
the correct opinion being given.
• It should enable the auditor to have a good understanding of the risks of fraud
and money laundering and;
• Assessing risk should enable the auditor to assess whether or not the client is a
going concern.

G Learn
3.6.2 Risk assessment procedures
In order to gain this understanding of the client and assess the potential risks, ISA
315 requires auditors to use the following risk assessment procedures:
1. Enquiries of management and others within the entity
2. Observation and inspection
3. Analytical procedures (for example, ratio analysis, looking at how figures change
from month to month and year to year, comparing actual to budget).
In practice, this will include things such as arranging meetings with and speaking to
client staff, reviewing prior year financial statements and other financial information,
reviewing information from external sources such as trade journals, analysts etc and
observing the client’s operations, premises and facilities.


Examples of information gathered from these procedures and which might indicate
risk include:

Information Possible implications

Enquiry of management reveals that the Many balances would have to be
company changed its IT and accounting transferred and there is a high risk of
system in the middle of the year. error.
Staff are liable to makes errors because
of unfamiliarity with the new system
and time pressure to complete tasks.
Enquiry of the sales director imply that Inventory might not be easy to sell and
sales have been disappointing in the might have to be written down to a net
last three months of the year. realisable value that is below cost.
Inspection of the stores shows that they Inventory is at risk of being stolen
are not maintained tidily and that there
appears to be no physical security.
Machinery appears to be rusty and Non-current assets might need to
unused. be written down faster than normal
depreciation would imply.
The receivables collection periods has Receivables might not be recoverable
risen from 40 to 60 days over the year. and their valuation will be suspect.
The current ratio is fallen from 1.2 to Liquidity looks precarious and the
0.75 over the year. company might not be a going concern.

P Principle
Know to deduce possible implications from
information given.

IE Illustrative example 3.3

Your client has told you that during the accounting year that is about to end the
following things might be of interest to you as auditor:
1. They have spent $6m refurbishing their offices.
2. They have recently suffered an increase in the number of goods being returned
faulty by customers.
3. Worsening economic conditions have resulted in several customers contacting
them to say they need longer to pay their balances.

Pre-acceptance, Planning and Risk Assessment

4. The client is now selling all across the country and to make things easier is
storing inventory in 16 different locations (last year everything was in one
single warehouse).
Let us analyse the audit risks in the above information.
Refurbishment costs
These costs might be repairs (ie an expense) or improvement works (ie an asset), or
a mixture of the two. Costs should only be capitalised as assets if they are asset by
nature (IAS 16), so there is a risk of assets and repair expenses being mismatched (ie
one might be overstated and the other understated) because sometimes this analysis
is a matter of judgment rather than fact.
As a response, the audit team must get a breakdown of these costs and use
invoice details to try to establish which types of cost have been incurred – repair
or improvement.
Faulty goods
The existence of faulty goods in the warehouse suggests inventory is at risk of
overstatement. IAS 2 requires it to be valued at the lower of cost or NRV and
damaged items might be worth zero NRV, so if they remain at cost they would be
overstated. In addition, sales revenue and receivables will be overstated if items sold
before the year-end are then returned after the year-end.
A review of post year-end goods returned, and careful checks on how returned goods
are separated at the inventory count, would represent sensible responses to this risk.
Worsening economy
Receivables seem to be at risk of going bad. If the provision for doubtful debts
has not taken account of the worsening Economy, the provision is likely to be
understated (and receivables therefore overstated).
Analysis of cash received from receivables after the year-end, and investigation of
older outstanding balances post year-end would help to respond to this risk.
New warehouses
With multiple locations the auditor might find it difficult to attend all the inventory
counts, increasing the detection risk of not spotting inventory mistakes.
As such, the auditor should speak to the client before the year-end to find out when
the counts take place and try to attend as many as possible. For those not attended,
it might be possible to rely on the work done by the client’s own internal audit staff,
who would probably be attending the inventory counts at most sites.

3.7 Audit risk – The theory

Theoretically, audit risk is said to result from the interaction of three different types
of risk. This is illustrated by the audit risk model.

3.7.1 The audit risk model

Audit risk = Inherent risk × Control risk × Detection risk


Inherent risk
Inherent risk describes something about the nature of a business or its
transactions that make it particularly susceptible to material misstatements in its
financial statements.
Examples of inherent risks for companies are limitless. However, here are a
few examples:
• The car industry is one of the first industries to suffer during an economic
downturn due to the reluctance of the population to spend money or take
out loans that they may struggle to pay back. This could lead to a material
misstatement in respect of the company’s going concern disclosures.
• Financial institutions deal with complex financial instruments such as derivatives.
These instruments can be incredibly difficult to account for and value and so are
at increased risk of being materially misstated.
• Companies such as Top Shop and Primark operate in the fashion industry
where trends and tastes change rapidly. For companies such as these, inventory
balances are at risk of obsolescence and hence material misstatement.
• A company is heavily financed by debt. This is inherently risky as missed interest
payments and repayments may lead to insolvency and a material misstatement
in respect of the company’s going concern disclosures.
• A company operates a profit-related bonus scheme. Its profit figures are at risk
of material misstatement as there is the incentive to management to manipulate
them to achieve the bonus targets.

Control risk
If internal controls are the measures put in place by directors to help prevent and
detect fraud and error then it follows that control risk is the risk that a company’s
controls fail to prevent or detect material fraud or errors (either because they don’t
exist, they are designed badly or they do not operate properly).
Examples of control risk are:
• Bank reconciliations are not performed, so errors in the cash book may
go undetected;
• Expense claims are not authorised by a manager before they are paid so
fraudulent claims go undetected.
Responsibility for mitigating inherent and control risks lies with company directors
(although auditors may recommend improvements to internal controls).

Detection risk
The final risk in the audit risk model is detection risk. Detection risk is all down to
the auditors and is the risk that the auditor’s procedures fail to detect a material
misstatement. This could be due to a number of factors such as:
• choosing an unrepresentative sample to test (sampling risk);
• human error;

Pre-acceptance, Planning and Risk Assessment

• lack of training;
• inexperience (all examples of non-sampling risk).

G Learn
3.7.2 Interaction of the audit risk model
Audit risk should be as low as possible for every single client. As we have seen,
auditors have very little control over inherent and control risk so they manage the
overall risk by manipulating detection risk (the risk that they do have control over!).
Let’s see this in an illustration:

IE Illustrative example 3.4

An audit firm has two clients, A and B.
A Ltd operates in an industry that is highly exposed to the economic climate, uses
lots of complex treasury instruments such as interest rate swaps and futures and has
a very poor system of internal controls.
B Ltd operates in a low risk industry, has few complex transactions and a highly
sophisticated system of internal controls.

A Ltd’s audit risk model

Audit Risk = x x

Need to High High

be at an
Must be
low level

As inherent risk and control risk are so high, the only way we can bring audit risk
down to an acceptably low level is to lower detection risk. This means that the risk of
the auditors not finding a misstatement needs to be low. In practice this means that
the auditors need to do more work:
• Less reliance on controls and more substantive testing;
• Larger sample sizes;
• More experienced auditors.
Remember, to lower detection risk auditors need to do more work.
See more later on ISA 330 Auditors Responses to Assessed Risks.


B Ltd’s audit risk model

Audit Risk = Inherent Risk x x

Needs to Low Low

be at an Can be me-
acceptably dium/high
low level

As inherent and control risk are low then theoretically, detection risk can afford to be
high. Be careful, however, as this is a theoretical concept and under no circumstances
will the auditors do no work! They can just do a different type of work: more reliance
on the strong internal controls and less detailed substantive testing.

3.7.3 ISA 330 The Auditor’s Responses to Assessed Risks

Once audit risks have been identified, the auditor needs to respond to these risks in
an appropriate way. This will include taking steps such as:
• Designing audit procedures (tests of control and substantive tests) to address
the risk areas
• Reminding the audit team of the need to maintain professional scepticism.
• Assigning more experienced staff or those with special skills or using experts
• Providing more supervision.
• Incorporating additional elements of unpredictability in the selection of further
audit procedures to be performed.
• Making general changes to the nature, timing or extent of audit procedures,
for example: performing substantive procedures at the period end instead of
at an interim date; or modifying the nature of audit procedures to obtain more
persuasive audit evidence.

G Learn

EG Learning example 3.2

For each of the following clients determine the level of inherent and control risk.
Then, using the audit risk model, determine what detection risk should be in order to
reduce audit risk to an acceptably low level.
Paws and Co
Paws and Co is an exclusive doggy day care centre, which provides wealthy dog
owners with a number of services for their dogs. These services include dog sitting,
dog walking and grooming. The owner of Paws and Co, Jo Whoof, set up the company
10 years ago after gaining her dog training qualification. The business was financed

Pre-acceptance, Planning and Risk Assessment

by her own personal wealth and there has been no need for any external finance.
It has been performing well for the last 10 years. Jo has set up a very strong system
of internal controls. She employs a qualified bookkeeper to prepare her financial
statements and all dog handlers must have the necessary qualifications to work for
her. Transactions are relatively straightforward and she has full liability insurance.
Muttz is a charity that takes in stray dogs and finds them to suitable new homes.
Tess Leash founded it two years ago after she left her teaching post to do ‘something
worthwhile’. While waiting for adoption, the dogs are housed in kennels, which are
rented from the local authority. The charity relies heavily on public donations for
support. There is a team of five volunteer staff who run the charity on a day-to-day
basis including looking after the dogs, dealing with donations and expenses and
preparing the accounts. Tess is so busy with the dogs that she has not yet sorted
out the public liability insurance she needs. Tess says she has no need for internal
controls, as all of her volunteers are trustworthy.

3.8 The Auditor’s Responsibility to Consider Fraud in an Audit of

Financial Statements (ISA 240 redrafted)
Auditor responsibility with regard to fraud has always been a controversial topic,
even more so in light of major accounting scandals in recent years and the auditor’s
responsibilities are not always clearly understood.
The purpose of ISA 240 (redrafted) is to provide auditors with guidance in this area.

ISA 240 (redrafted) defines fraud as an intentional act by one or more individuals
amongst management, those charged with governance, employees or third parties,
involving the use of deception to obtain an unjust or illegal advantage.

There are two types of frauds relevant to the auditor:

• Misstatements due to fraudulent financial reporting (deliberate misstatement
of amounts/disclosures in the financial statements) and;
• Misstatements due to misappropriation of assets (theft of company assets)

G Learn
The factor that distinguishes fraud from error is whether or not the underlying action
resulting in the misstatement is intentional or unintentional.

3.8.1 Responsibilities
There is a common misconception that the role of auditors is the prevention and
detection of all frauds. However ISA 240 makes it very clear that the primary
responsibility for the prevention and detection of fraud lies with management and
those charged with governance.


On the other hand, the external auditor’s responsibility in accordance with ISAs is
to obtain reasonable assurance that the financial statements are free from material
misstatement, whether caused by fraud or error.
In other words, the auditor is not responsible for preventing fraud but must try to
detect frauds that result in material misstatements.
The very nature of fraud means that those perpetrating it will go to great lengths to
hide it and this makes the auditor’s job of detecting material frauds a difficult one.
ISA 240 makes the following recommendations to assist the auditor:

Professional scepticism
The auditor should maintain an attitude of professional scepticism throughout the
audit, and should remain conscious that a material misstatement due to fraud could
exist, regardless of how honest management have been in the past.
In particular, the auditor should be alert to:
• Any audit evidence that contradicts other audit evidence;
• Anything that casts doubt over the reliability of audit evidence;
• Fraud risk factors (such as weaknesses in controls or an economic downturn
putting pressure on results).

Discussion amongst the audit team

Members of the audit team (led by the engagement partner) must discuss the
susceptibility of the company’s financial statements to fraud, with particular
emphasis how on the fraud may occur, and which part of the financial statements
may be affected.

Risk assessment procedures

The auditor must carry out certain risk assessment procedures to determine the risk
of material misstatement due to fraud. ISA 240 describes these as:
• Making enquiries. This includes asking management and internal audit about
their own assessment of the risk of fraud and whether or not they are aware
of any frauds.
• Obtaining an understanding of the role of those charged with governance and
how they monitor the risk of fraud within the company.
• Evaluating unusual or unexpected relationships within the company’s financial
and non-financial information. This will involve careful use of analytical
procedures to identify possible fraud risks within the financial statements.
• Considering other information. In addition to information obtained from applying
analytical procedures, other information obtained about the entity and its
environment may be helpful in identifying the risks of material misstatement due
to fraud, such as information obtained from the auditor’s client acceptance and
continuation procedures, and experience gained on other engagements performed
for the entity, for example, engagements to review interim financial information.

Pre-acceptance, Planning and Risk Assessment

• Evaluating fraud risk factors. The auditor should look carefully for events or
conditions that indicate an incentive or pressure to commit fraud or provide an
opportunity to commit fraud (fraud risk factors). These may include factors such as:
– The need to meet terms and conditions (covenants) attached to
financing arrangements
– The existence of unrealistic profit related bonus schemes
– A weak control environment

P Principle
What auditors can do to detect fraud

3.8.2 Response to the risk of fraud

If the risk of misstatement due to fraud is deemed to be high, the auditor must take
steps to address this during the conduct of the audit. This will possibly include:
• Assigning more people to the audit team with specialised skill and knowledge
• Increased corroboration of management explanations and representations
• Incorporating an element of unpredictability in selecting the nature, timing and
extent of audit procedures
• Paying close attention to higher risk areas of the financial statements such as
estimates, journals posted around the period end and transactions that are
outside the normal course of business.

3.8.3 Reporting fraud

If fraud is discovered during the conduct of an audit, it should be reported to as soon
as possible to the management of the company and those charged with governance.
In some cases, the auditor may have a statutory duty to report fraudulent behaviour
to a third party such as a regulator. However the auditor should take legal advice
before doing so to ensure that the professional duty of client confidentiality is not
being breached.

G Learn


3.9 Auditor’s Responsibility with Regard to Law and Regulations (ISA 250)
There are a variety of laws and regulations governing companies: company law,
environmental law, health and safety regulation and employment law to name a few.
Auditors cannot know and understand every law and regulation that affects every
client, but they should aim to be aware of those that could materially affect the
financial statements. Furthermore, auditors have a duty of confidentiality and this
can conflict with their wish to report on breaches of the law and regulations. Note
that there are some situations, notably money laundering where auditors are legally
required to report their suspicions to the authorities.
If the auditor finds a material breach they have the following responsibilities:
• Report the breach to management.
• If the breach involves management, report to the highest level possible (eg the
Audit Committee).
• If the breach involves the highest level possible, the auditor may need to take
legal advice. There might be a public interest to disclose breaches but the
concept of ‘public interest’ is not defined and legal advice is essential.
• Consider the effect of the breach on the accuracy of the financial statements –
the company may need to provide for a fine and failure to do so could result in a
qualified audit report.
• If the breach is severe, consider the effect on the company’s going concern status.

IE Illustrative example 3.5

Imagine you have just become auditor of one of the big banks. Several banks have been
fined billions of dollars in recent years for alleged illegal or unethical behaviour, including
mis-selling of their products and failure to meet anti-money laundering procedures.
So, your client might have already broken rules and fines could be imminent. And
these would need to be provided for (or at the very least, a contingent liability
disclosed) if the alleged breaches took place before the year-end.
During the audit, the whole audit team should be made aware of the main areas of
breaches seen in banks in recent years, and of any specific areas of concern with this
bank, so that clues will be more likely to be spotted and the necessary accounting
adjustments proposed. Also, if things are seen that management do not appear to
be aware of, the matter would need reporting to “those charged with governance”
(management, and probably the audit committee) and the banking regulators might
have to be informed as well.
This is why ISA 250 makes it clear that auditors must understand those laws and
industry regulations that can lead to material fines, or even risk of closure, for a client.

Pre-acceptance, Planning and Risk Assessment

3.10 ISA 520 Analytical procedures

Analytical procedures are a very important tool used by auditors.
When performing an analytical procedure, the auditor compares numbers, ratios or
even non-financial information in order to identify unexpected trends or unexpected
relationships, which may indicate the existence of errors.
There are many different analytical procedures including comparisons made of figures:
• Year on year (eg revenue this year compared to revenue last year and gross profit
compared from one year to the next);
• To budget or forecast (eg actual purchases compared to budgeted purchases);
• To predictions made by the auditors (eg auditors calculation of depreciation
compared to client’s calculation);
• To industry information (eg client’s revenue compared to competitor’s revenue).

G Learn
Auditors may look for large movements in amounts and ratios because those might
have been caused by errors rather than be real events. For example, if receivables
collection periods increased from 30 days to 60 days over the year, there could be a
number of explanations such as:
• An error has been made in receivables or sales recording.
• The credit control department is performing poorly and not following up
invoices efficiently.
• The company might have changed its terms so that it now allows customers 60
days of credit.
• There might have been an increase in exports (exports are usually not paid for as
quickly as domestic sales)
• The ratio might be distorted by one large amount that has not been paid.
The results of these analytical procedures should be investigated and any findings
corroborated (confirmed) with the auditor’s knowledge of the business or external
evidence. If there are any unexpected relationships, or results that do not make
sense, then more detailed audit testing should be performed in these areas.


IE Illustrative example 3.6

Examples of the use of analytical procedures are:
1. If the auditor is told that terms of trade have changed from 30 to 60 days, the
auditor would need to collect evidence about this claim, such as looking at copy
letters notifying the change to customers and copy invoices which would be
expected to note the terms.
It is important that auditors investigate explanations fully. For example, simply being
told that the increase from 30 to 60 days has been caused by customers taking
longer to pay is no explanation at all! By definition that’s what a rise in collection
days from 30 to 60 means. Auditors need to find why the change happened.
2. Similarly, if there is a decline in gross profit percentage from, say 40% to 25%,
possible explanations are:
– An error, for example in inventory the count
– A deliberate reduction in selling prices
– An increase in costs that cannot be passed on
If the auditor was given the second explanation above, then evidence is needed.
For example, compare old and new price lists, look at publicity material, look at
competitor prices to see if they forced prices down.
Towards the end of the previous financial year, your client lost a customer that
contributed 50% of their revenue for the year. You are now at the planning
stage of this year’s audit and have performed some analytical procedures on the
statement of profit or loss to identify potential risk areas.
You would expect, due to the loss of the customer, for revenue to be around
about 50% lower than last year, however, your results tell you that revenue has
increased by 10%. As this is so unexpected, you quite rightly think that revenue
may be at risk of overstatement.
You investigate this unexpected result by asking the client why revenue has
increased by 10%. The client responds by telling you that they have a new
customer, which has replaced the old one.
Your work is not finished, however, and your next step is to corroborate this fact.
You ask the client to show you the contract that was signed with the new customer
and you trace a sample of their payments on account to the bank statement.

Pre-acceptance, Planning and Risk Assessment

Analytical procedures are used at many different stages throughout the audit:

At planning Here their use is compulsory to help identify risk. As

explained above, large changes are suspect and might
point to errors unless a good explanation is received.
When gathering evidence To help to substantiate balances. If balances are
roughly in line with last year’s then that is some
evidence (but not usually sufficient evidence)
supporting the figures. If balances are very
different, more evidence is needed.
At completion As a final review of the financial statements. The
partner ‘stands back’ and looks at the overall financial
statements to see if they look sensible and credible.

G Learn
3.10.1 The use of ratios in analytical procedures
Calculating ratios is a very useful tool when performing analytical procedures.


In a set of financial statements, it is possible to divide almost any figure by almost

any figure and come up with a percentage or ratio. The following six ratios, however,
are the most important for the Audit and Assurance examination.

Gross profit Gross profit Gross profit margin is a

margin × 100 = % fundamental measure of a
company’s performance. It tells
us how profitable a company
is after taking into account its
direct production costs. Gross
profit is affected by:
- changes in sales prices;
- changes in purchase prices.
Return On Profit before interest and tax ROCE tells us the ‘return’
Capital that is made (ie the profit) on
Debt + Equity
Employed every $ that is invested in the
(ROCE) company’s resources (ie its
debt and its equity) ROCE is
affected by changes in:
- profitability;
- levels of debt;
- share capital and reserves.
Stock days Inventory Stock days tell us how long,
× 365 = Number of days
(inventory Cost of sales on average, it takes for raw
days) materials to be converted into
finished goods and sold. Stock
days vary from industry to
industry but can be affected by:
- effectiveness of stock control;
- obsolescence.

Pre-acceptance, Planning and Risk Assessment

Debtor Trade receivables

× 365 = Number of days
Debtor days tell us how long,
days (trade Revenue on average, it takes for a
receivables company’s trade debtors to
collection pay. Once again, this can vary
period) from industry to industry but
is affected by:
- credit terms offered;
- effectiveness of credit
- general economic
environment and whether
or not customers have the
cash to pay their debts.
Creditor Trade payables Creditor days tell us how
× 365 = Number of days
days (trade Cost of sales long, on average, it takes
creditors a company to pay its trade
payment payables. It is affected by:
period) - credit terms;
- availability of cash to pay
Gearing Debt The gearing ratio tells us how
reliant the company is on
external debt finance in relation
to its equity financing. Gearing
is obviously affected by:
- new borrowings and
finance leases;
- issuing shares.

Remember a ratio does not tell us much unless we have something to compare it
to. Every time you calculate a ratio in Audit and Assurance, make sure you calculate
a comparative.

P Principle
For each ratio and comparative calculated, be able to give
reasons for any change


EG Learning example 3.3

An auditor has been performing some analytical procedures at the planning stage of
an audit. She has calculated a number of ratios using the draft financial statements
(plus prior year comparatives) and has come up with the following results, which
identify some potential audit risks that will need to be followed up. For each set of
ratios, identify what the potential audit risks could be.
You have not been given any background information to help you so use your
imagination! The first is done for you as an illustration.
Gross profit margin

This year 25.3%

Last year 11.2%

A significant increase in gross profit margin may suggest that:

• revenue is overstated eg by deliberately overstating the sales price;
• costs have been understated eg by deliberate non-recording of purchases or
deferring some of this year’s costs to next year.

This year 62% Last year 34%
This year 34% Last year 22%
Stock days
This year 98 days Last year 42 days
Debtor days
This year 63 days Last year 34 days

3.11 Materiality
When we looked at the basic principles of audit and assurance back in Chapter 1, we
saw that the objective of a statutory audit is to ensure that the financial statements
are not materially misstated.
So, what do we mean by materiality?
ISA 320 Materiality in Planning and Performing an Audit describes a misstatement as
being material if it could reasonably be expected to influence the economic decisions
of the users of the financial statements.

Pre-acceptance, Planning and Risk Assessment

In layman’s terms, something is material if it is important enough to affect the users

of financial statements.

G Learn
But how do we define important? ISA 320 is careful not to provide a specific
methodology for calculating materiality and stresses that it is really a matter of
professional judgement and this ultimately lies with the audit partner. However, during
the conduct of an audit more junior members of the team have to be given some
guidance as to when misstatements should be noted and therefore be brought to the
partner’s attention. These amounts are known as preliminary estimates of materiality
and they must be kept under constant review throughout the audit. So, if for example,
many relatively small errors were found in inventory valuation, auditors should worry
about the extent of the errors and their total impact. Materiality levels in respect of
inventory would therefore be reduced so that inventory is audited more thoroughly.

3.11.1 Materiality guidelines

Quantitative and qualitative materiality
Generally, something could be material in one of two ways:

Quantitative Qualitative
- Something that is important - Something that is important due
due to its size to its nature.
- As a guide, something is big enough - These are items that are so important
to be material if it is at least: to shareholders that they will not
- ½ – 1% of revenue; tolerate any error.
- 1 – 2% of total assets; or - The nature of the error, though small,
- 5 – 10% of PBT. could be misleading.
- Examples include director’s pay and
related party transactions: these
should be accurate.
- An error which turn a loss into a
profit could influence decisions of

G Learn
As mentioned before, it is important to understand that these are guidelines only.
Different audit firms will have slightly different methods of calculating materiality
and auditors should take into account:
• The nature of the entity
• Its business
• Its financial structure
• Its assets and liabilities


An example of using the guidelines:

IE Illustrative example 3.7

An audit client has the following characteristics:

Revenue $12 million

Profit before tax $2 million
Total assets $6 million

Errors found:
1. When auditing the statement of profit and loss, it is discovered that amounts of
$50,000 debited to repairs and maintenance related to new assets and should
have been capitalised.
½% of revenue = $60,000; 5% of profits before tax = $100,000; 1% of total
assets = $60,000
Therefore this error would be regarded as immaterial.
2. When auditing receivables, it is discovered that a customer who owed $250,000
has gone into liquidation and no money is likely to be received. The company is
reluctant to write-off the amount in the financial statements.
½% - 1% revenue = $60,000 - $120,000; 5% - 10% of profits = $100,000 -
$200,000; 1% - 2% of total assets = $60,000 - $120,000.
Therefore this misstatement is clearly material on all measures. If the financial
statements are not to be misleading the amount should be written off. If the
directors reuse to amend the financial statements the auditors will issue a
modified audit opinion.

P Principle
Calculate materiality then decide whether action is
needed – only material items normally need further

3.11.2 The different levels of materiality

Overall materiality
ISA 320 requires materiality to be determined for the financial statements as a whole
during the planning stage. In order to do this, auditors may use the guidelines above.

Pre-acceptance, Planning and Risk Assessment

Specific areas of the financial statements

In some circumstances however, the users of the financial statements may have a
particular interest in a certain balance, transaction or disclosure and a different level
of materiality may be set for these areas. For example, users may be particularly
interested in related party transactions or a balance that affects a loan covenant
and it may be prudent for the auditors to set a lower level of materiality for these
particular areas.

Performance materiality
ISA 320 also requires the auditors to set a level of performance materiality. Performance
materiality is an amount (or amounts) less than the overall materiality designed
to ensure that the total identified but uncorrected misstatements and the total
unidentified misstatements will be less than overall materiality at the end of the audit.
When determining performance materiality, auditors should consider the nature of
the entity, the level of misstatements identified in previous audits and the level of
anticipated misstatements.
For example, although the first error above (incorrect write-off of new assets)
was immaterial, if it were also discovered that the depreciation charge was too
high by $50,000 and that revenue of $50,000 had been omitted from the financial
statements, the three errors together would imply that profits were understated by
$150,000, which is potentially material.
Therefore, to help to avoid this, performance materiality allows lower
guidelines to be set.
Performance materiality also allows different materiality levels to be set or different
items in the financial statements. For example, users of the financial statements
might be likely to pay more attention to the remuneration of senior employees than
to depreciation charges, so lower materiality levels could be set for remuneration.
Remember, the lower a materiality level, the more work has to be done by the
auditor to be able to collect sufficient appropriate audit evidence to support the
contention that the financial statements are free of material misstatement.

G Learn

IE Illustrative example 3.8

The draft accounts of Oliga Co show profit before tax of $30m, and based on this the
auditors have assessed preliminary materiality at $1.5m (5% of PBT being this firm’s
standard policy). So, if the overall accounts are misstated by at least $1.5m, the
auditors believe the shareholders would want to know about it.


Audit tests are planned based on the above – ie when deciding how many items
to test, it must be done with a view to finding $1.5m mistakes should they exist
(imagine auditing is like fishing, and you have to decide which size fish you want to
catch and choose a net with the right sized holes).
But…shareholders would worry about mistakes of $1.5m overall, and this could be
caused in several ways:
• One big mistake of >$1.5m
• Several smaller mistakes which add up to an overall effect of >$1.5m
So, when carrying out the audit, audit staff must be on the lookout for smaller
mistakes than $1.5m as they could add up, and must record all mistakes they find
(unless very tiny) and then total them up at the end of the audit process.
This logic means the audit staff will choose a figure smaller than $1.5m when actually
doing the audit work, and whatever figure they choose is called performance
materiality – as it is used when performing the actual audit work.

3.11.3 Other issues with materiality

When, materiality is set at the planning stage, it is likely to be based upon results to
date and forecast or budget results for the final few months. As a result, the initial
assessment of materiality may change when the final audit is started and the draft
financial statements are available. Materiality levels must be constantly reviewed as
the audit progresses. Further changes may be required due to:
• alterations to the draft accounts;
• changes in the assessment of control or audit risks;
• errors found in testing.

3.12 ISA 450 Evaluation of Misstatements Identified During the Audit

ISA 450 requires all identified misstatements (apart from those which are clearly
trivial) to be documented and communicated to management as the audit progresses.
The auditor should request that management correct all identified misstatements
whether material or not. This has the benefit of:
• Ensuring that underlying company books and records are accurate
• Ensuring that these misstatements cannot be carried forward to future financial
statements (where they may become material)
If management refuse to correct any misstatements, the auditors must understand
why and then determine whether or not any of these misstatements are material
either individually or in aggregate (It could be that several small errors add up to an
overall material error!)

Pre-acceptance, Planning and Risk Assessment

3.13 Audit documentation

3.13.1 The importance of documentation
It is essential that the entire audit process be documented in working papers. The
ISAs require that all audit working papers should be sufficiently complete and
detailed in order to enable an experienced auditor with no previous connection with
the audit to ascertain what work was performed to support the conclusions reached.
The benefits of such working papers are:
• They show the work and audit evidence on which the audit opinion is based.
• They provide evidence that the audit was planned and performed in accordance
with ISAs and applicable legal and regulatory requirements.
Both of the above functions would be important if the auditors judgement were called
into question and the auditor had to defend his opinions, perhaps in a court of law.
In addition:
• They assist the engagement team in planning the audit;
• They enable senior staff to supervise and review the work of junior staff;
• They encourage a more methodical and rigorous approach;
• They enable the engagement team to be accountable for its work;
• They enable the conduct of quality control reviews and external inspections.
• They enable the conduct of external inspections in accordance with applicable
legal, regulatory or other requirements.

G Learn
3.13.2 Content of working papers
The exact content of the working papers will depend upon the nature of the work
being performed and the size and complexity of the client. The essential content for
every working paper is illustrated below:

Client Zafiro Gems Ltd Reference B/2/1

Accounting year-end 31 December 2008 Working paper
Prepared by M Bassett
Date 27 February 2009
Subject Review of bank reconciliations
Aim of the work The objective of the test
Work done Procedures performed.
Sample chosen. Key audit risks
addressed. Cross-referencing.


Results Results and significant findings

Conclusions of the Conclusions
Reviewed by M Smart
Date of review 3 March 2009

3.13.3 Current audit files

For each annual audit assignment, the working papers will be collected together in
the current audit file. The file will show all of the work that was done throughout the
audit process. There will be:
• a planning section;
• sections for each area of the financial statements showing what work was done.
• a completion section showing the final tasks carried out at the end of the
audit including:
– a schedule of points for manager and partner attention;
– a schedule of points for next year’s audit.

3.13.4 Permanent audit files

There is some information that will be of use to continuing use to the audit year-on-
year. This information is kept on the permanent file and includes items such as:
• the engagement letter;
• organisational charts showing group structure and key employees;
• systems flow charts;
• company Articles and Memorandum;
• long-term agreements (eg loan agreements, finance lease agreements).

3.13.5 Retention of audit files and working papers

The auditor should ensure that the audit files relating to a particular reporting period
are retained for a certain amount of time. This is usually at least five years from the
date of the audit report.
Auditors have to exercise judgement on how long the working papers are needed, for
example if they are likely to be used again.
The audit files have to be kept securely and their confidentiality maintained. Some
parts of the working papers may be disclosed to the organisation that was audited if
this does not undermine the independence of validity of the audit process.
Both paper-based and computer-based files have to be protected against fire, water
damage and other hazards. Generally a copy of computer based files would be held
at a secure, remote location. There is the possibility of Internet cloud-based back-up,
which is feasible but care needs to be taken on the security of such data. Files are
easy to save but also could be easily obtained by others if there aren’t stringent
security procedures.

Pre-acceptance, Planning and Risk Assessment

Paper-based files can be very bulky and many firms of auditors employ specialist file
storage companies who run large secure warehouses with strict access controls, fire
and flood protection procedures.

Æ Key Learning Points

• Before an invitation to audit can be accepted, there are numerous ethical and
practical issues that the audit firm needs to consider, including professional
clearance, threats to objectivity, the auditor’s competence to audit the client,
and the availability of time and staff. (B1a)
• Auditors should carry out their work with professional scepticism, challenging
the information presented to them and not just accepting it as true. (B2b)
• An assessment of audit risk involves identifying those areas of the financial
statements at risk of being materially misstated (inherent and control risks),
and identifying reasons why the audit staff are at risk of not detecting these
misstatements (detection risks). (B3a)
• Auditors then design “responses” to the assessed risks, by designing audit
tests, selecting appropriate staff for the audit team and choosing the timing for
the work. (B3b)
• Materiality is an assessment of the relative importance of misstatements to the
shareholders of the company, and can be affected by both the size and nature of
the misstatements. (B3c)
• Using analytical procedures to help understand an organisation and the
relationships between key figures in its financial statements (eg by using ratios)
can help to identify the risks of material misstatement. (B4b)
• Auditors consider the risk of fraud as part of their risk assessment, because fraud
is likely to result in the financial statements being materially misstated. (B5a)
• Auditors consider the risk of a client breaching laws and regulations as part of
their risk assessment, because such breaches can result in a need for provisions
or contingencies (or in a serious case, disclosures of going concern threats) in the
client’s financial statements. (B5c)
• Audit planning can be both at a high level (the audit strategy) and at a more
detailed operational level (the audit plan). (B6b)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).


Learning example solutions

EG Solution 3.1
• Companies House records
• Prior year financial statements
• Newspapers
• Industry journals
• Internet search
From the client
• Visits to and meetings with the client
• Client brochures
• Client website
• Minutes of board meetings
From within the audit firm
• Previous year audit files
• Audit team members

EG Solution 3.2
Paws and Co
Inherent risk = Low
The business is well established, performing well and has no need for external
finance therefore is not exposed to fluctuating interest rates and the risk of non-
repayment, which can lead to insolvency. All staff are fully qualified to perform their
roles and there is full insurance should there be an incident with one of the dogs.
There is a slight risk however that her business is not recession proof, if disposable
incomes fall, dog owners may cut back on the amount of money they spend.
Control risk = Low
There is a strong system of internal controls and the bookkeeper is fully qualified
therefore the risk of errors in the financial statements is reduced
Detection risk
Due to the low inherent and control risk, the detection risk can medium/high. The
auditors of Paws and Co can focus on testing the internal controls and reduce the
amount of substantive testing that they do.
Inherent risk = High
This is a new charity that relies heavily on public donations. If the donations stop, the
charity would quickly run out of money. Tess has not yet sorted out her public liability
insurance so if there is an accident with a dog that leads to a court case a heavy fine
or damages could wipe out the charity's income and severely damage its reputation.

Pre-acceptance, Planning and Risk Assessment

Control risk = High

The system of internal controls is very weak, as Tess prefers to rely on trust. Tess has
no prior experience of running a charity, plus her staff consists of five volunteers who
are less likely to have the experience and qualifications of paid employees therefore
the risk of errors in the accounts is high.
Detection risk
Detection risk for Muttz must be low. Inherent and control risk are high so there
is a significant risk of material misstatement in the accounts. The auditors have no
internal controls to rely on so there will be a lot of substantive testing needed.

EG Solution 3.3
A significant increase in gearing suggests an increase in the company's levels of debt.
More debt leads to increased interest payments, which will squeeze profit margins.
Plus there is the risk of default in interest and capital repayments, which could lead
to insolvency.
ROCE has increased which would suggest an increase in profit before interest and tax
or a decrease in the company's resources (debt plus equity).
As gearing has increased significantly (therefore debt has increased), it would seem
inconsistent that ROCE should increase. This could suggest that PBIT has been
deliberately overstated.
Stock days
A significant increase in stock days could indicate:
• Possible obsolescence leading to stock being overvalued;
• Falling sales which could cast doubt over the company's going concern status.
Debtor days
An increase in debtor days could suggest potential risks such as:
• Unreliable credit control procedures signifying a weak control environment overall;
• Customers being unable to pay, leading to cash flow problems for the client and
hence potential going concern problems.


Internal Control

In order to determine their audit approach, auditors need to understand, document
and evaluate their client's internal controls. The internal controls are primarily the
measures put in place to prevent and detect errors within a client's accounting
systems. If controls are deemed to be weak, then more detailed substantive testing
will need to be carried out on the balances in the financial statements. If controls
are deemed to be strong, then the auditor can place reliance on those controls and
reduce the amount of detailed testing.
We also look in detail at the controls operating within individual transaction cycles
and how the auditors go about testing these controls. In particular we shall look at:
• the sales system;
• the purchases system;
• the payroll system;
• controls over stock;
• controls over bank and cash.
Internal controls are a huge area of the syllabus and are therefore guaranteed to appear
in some format in the exam. The questions are most likely to be practical in nature.

1. How are the internal control systems of a client related to the testing
that auditors do?

2. How are tests of control and substantive tests different?

3. What are the tests of control for payroll?

Internal Control

4.1 The importance of internal controls

Internal control systems are the measures put in place by the directors of
the company primarily to help prevent and detect errors in the recording of
transactions. In addition internal controls should also exist to:
• help to prevent and detect fraud;
• help to safeguard assets;
• ensure the business runs efficiently.
Auditors must assess and understand the internal control systems of their clients in
order to determine their audit approach. If the internal control systems are strong
(low control risk) then auditors can rely on these controls and reduce the amount of
detailed (substantive) testing that they do. If the internal control systems are weak
(high control risk), the auditors cannot rely on these controls and must increase the
amount of detailed (substantive) testing that they do.

G Learn

EG Learning example 4.1

Before you move on, spend 10 minutes and generate as many ideas as you can for
the types of controls you may find in operation in a corner shop, using the above
description of a control to help.

4.1.1 The components of an internal control system

It is generally accepted that a strong internal control system is made up of five elements:
1. A strong control environment;
2. Strong control procedures;
3. Good risk assessment;
4. Good information systems;
5. Effective monitoring of the controls.

G Learn
Let us look at each of these elements in turn.

Control environment
Controls are unlikely to be effective unless there is a strong control environment.
The control environment includes the governance and management functions
and the attitudes, awareness and actions of those charged with governance and
management concerning the entity's internal control and its importance in the entity.

G Learn
The control environment can be thought of as the culture of control in the
organisation. Is it a culture which values controls and which appreciates and


understands the benefits of good internal control, or is it a culture in which controls

are seen as irritants, which get in the way of the real business of the organisation?
In less technical terms, the control environment considers, amongst other things:

Management - For the controls to be taken seriously in the organisation, the

attitude directors and management should show the right attitude.
- Lead by example by following the same controls as the staff
and not overriding the controls.
- Discipline employees who breach controls.
Staff - Must be trained and motivated to follow the controls.
- The recruitment process must aim to employ the right
sort of people; those with discipline and willingness to
understand the company and adhere to its policies.
Segregation of - Different parts of a transaction process should be shared by
duties different employees.
- No employee should review their own work.
- No employee should have control over all elements of
a transaction.

G Learn

Internal Control

Control procedures
The control procedures are the actual activities that are carried out within the
system to prevent and detect errors. These activities can be grouped into categories:

Comparison controls Comparisons are a very powerful control. Imagine we

budgeted to spend $1m on capital expenditure this year
but the actual spend was $2m. This could suggest a
number of issues:
- perhaps the 'actual' figure is wrong;
- perhaps the budgeting process is inadequate;
- perhaps there was no authorisation for the extra $1m.
Authorisation An appropriate person should approve transactions. For
example, employee expense claims should be approved by a
department manager to ensure no fraudulent expenses are
being claimed.
Reconciliations A bank reconciliation can help to pick up errors between
postings in the cash book and the bank statemen.t
Computer controls Controls over access to computer systems, such as
passwords, can help to prevent unauthorised access to
books and records.
Arithmetical controls Ensuring that balances have been added up correctly
or if number sequences are complete to detect missing
Physical controls Physical controls such as CCTV, safes and locks can help to
prevent theft and unauthorised access.
Segregation of Allocating tasks within an accounting system to different
duties employees reduces the risk of fraud and makes the
detection of errors more likely.

You can use the mnemonic CARCAPS to help you to remember the types of activities.
In the exam you will be asked to generate ideas for internal control activities in
response to weaknesses in a system.

G Learn
Risk assessment
In order to design controls that will effectively prevent and detect errors within a system,
directors must fully understand the risks that threaten the system in the first place.
For example, if directors do not understand that cash is at high risk of being stolen,
they may not implement controls such as bank reconciliations, regular banking of
excess cash and safe storage of petty cash. Furthermore, continual risk assessment
is needed to ensure that the business responds appropriately to changes in its
operations of environment. For example, if the business starts to trade over the


internet and host of new risks, such as fraud and hacking, are created and these risks
need to be countered with suitable controls
Unfortunately, however, no internal control system can ever be 100% effective due
to inherent weaknesses such as human error, override and possible collusion to
commit fraud.

Information systems
The information system, including the related business processes, relevant to financial
reporting, and communication. An information system consists of infrastructure
(physical and hardware components), software, people, procedures and data. The
information system relevant to financial reporting objectives, which includes the
financial reporting system, consists of the procedures and records established
to initiate, record, process, and report entity transactions (as well as events and
conditions) and to maintain accountability for the related assets, liabilities and equity.
An example of reporting entity transactions is the production of monthly
management accounts. These serve an internal control function because they will
allow directors to identify problems early on rather than waiting for the year-end
financial statements.

Sometimes controls that directors think are designed and working effectively can be
out of date and often ignored by employees. Directors of companies should ensure
that controls are monitored continually to ensure that they are being followed and
achieving their objectives.
If the company has an internal audit department, they will carry out this monitoring role.

4.1.2 Limitations of internal control systems

As mentioned briefly earlier, no system of internal controls is ever 100% effective.
Reasons for this include:
• human error;
• collusion to commit fraud;
• potential for management override;
• the cost/time to implement the controls may outweigh the benefit of following
them so the controls are ignored;
• it may be impossible to design a control for a one-off transaction eg determining
a provision for a court case. Controls work best in systems where there is a high
volume of routine transactions.

G Learn
Note that the breakdown of internal control systems can be a particular problem
in cases of fraud. Fraud is defined as an intentional act by one or more individuals
among management, those charged with governance, employees, or third parties,
involving the use of deception to obtain an unjust or illegal advantage.

Internal Control

Deception will mean that the fraudsters will attempt to get round internal controls
and to target areas where they are weak. Therefore, even if the system has imposed
segregation of duties so that a transaction is split over several employees, if those
employees collude (cooperate) the effect of the segregation of duties is nullified.
Similarly a manager intent on fraud might be able to override controls for his or her
personal benefit.
Once-off or rare transactions can nevertheless be very valuable but, because not
internal control systems has been set up for them, provide a mechanism for fraud.
For example, many companies will have good internal controls for the purchase of
new non-current assets, but might not have good controls over the sale of old assets,
thus permitting a dishonest employee to pocket the proceeds or to sell at a low price
to an associate.
It is for all of the limitations set out above that the auditors will never perform a
wholly controls based audit. There will always be some element of substantive
testing regardless of the strength of the controls systems.

4.1.3 Assessing an internal control system

We now understand what internal controls are and what internal controls systems
are consist of. Let us now look at how auditors go about assessing the system in
order to decide whether to place reliance on it or not.
Auditors must understand, document and evaluate the client's internal control
systems. If the controls appear to be strong at this point they are tested to ensure
they operated throughout the financial year.


Understand Auditors need to understand how the accounting system works. This can
be done by a walk-through test in which single documents are followed
through the system from start to finish
Document Auditors then document how the system works. This can be done by:
- Narrative notes
- Flowcharts depicting document flows
The documentation will form part of the permanent audit file.
Narrative notes are relatively quick to produce but it is difficult to impose
standards on them and their success very much depends on the individual
producing them. Furthermore, in complex systems it is easy to lose track of
where documents are and what’s happened to them.
Flowcharts are slower to create but they will follow strict conventions for
depicting documents, controls and files. There are rules imposed on their
creators to ensure that a minimum level of clarity is achieved. For example,
once a document appears on the flow line it must either be filed, or sent to
another department or outside entity. It cannot be left ‘hanging’.
Evaluate There are two ways to evaluate a system of internal control.
- Internal control questionnaires (ICQs): these are designed to determine
if a specific control is present. For example “Are bank reconciliations
performed monthly?”
- Internal control evaluation questionnaires (ICEQs): These are designed
to test if errors will be prevented ie will a control objective be met. For
example “Can cash be stolen?”
Test Evidence is collected that the controls are working by performing tests of
control: enquiry and confirmation, inspection, observation recalculation
and re-performance.

P Principle
Follow this sequence to evaluate a control system

Remember, if the evaluation of the internal control system, or the results of tests of
the system, show that internal controls are weak, the auditor will have to change the
audit approach and carry out a much higher volume of substantive testing.
A deficiency in internal control exists when the design or operation of a control
does not allow management or employees, in the normal course of performing their
assigned functions, to prevent or detect misstatements on a timely basis. An example
is where there is a lack of timeliness of cash deposits and account reconciliation.
A significant deficiency is a deficiency or combination of deficiencies in internal
control that, in the auditor’s professional judgement, is of sufficient importance to
merit the attention of those charged with governance. A significant deficiency could
be management’s failure to implement appropriate remedial action on significant
deficiencies previously communicated. Also, absence of a risk assessment process
where one would expected to be in place.

Internal Control

The possibility of deficiencies and significant deficiencies need to be carefully

evaluated via ICQs and ICEQs.

4.2 Control objectives, procedures and tests

4.2.1 Control objectives
The objective of a control is to mitigate a particular risk within a system.

IE Illustrative example 4.1

Risk Control objective

One of the risks in the sales system is that It follows that the objective is
we sell to customers who will not pay. 'to ensure that we only sell to
creditworthy customers'.
A risk in the purchases system is that The control objective is 'to ensure
employees buy goods for their own that all purchases are for legitimate
personal use. business use only'.

4.2.2 Control procedures

A control procedure is an activity that is carried out to achieve a control objective.
Using the same examples:

IE Illustrative example 4.2

Risk Control objective Control procedure

One of the risks in the It follows that the Credit checks are
sales system is that we objective is 'to ensure carried out on all new
sell to customers who that we only sell to customers before orders
will not pay. creditworthy customers'. are accepted.
A risk in the purchases The control objective is 'to All purchase orders
system is that employees ensure that all purchases must be authorised
buy goods for their own are for legitimate by a manager before
personal use. business use only'. being placed.

4.2.3 Control tests

Tests of these controls are performed to:
• evaluate the effectiveness of the internal control systems; and
• ensure that the controls have been operating throughout the period.


IE Illustrative example 4.3

Risk Control objective Control procedure Control test

One of the risks in It follows that Credit checks are Auditors inspect
the sales system the objective is carried out on all the credit
is that we sell to 'to ensure that new customers references for a
customers who we only sell to before orders sample of new
will not pay. creditworthy are accepted. customers in the
customers'. year.
A risk in the The control All purchase Auditors inspect
purchases system objective is 'to orders must be a sample of
is that employees ensure that all authorised by a purchase orders
buy goods for their purchases are manager before for evidence of
own personal use. for legitimate being placed. authorisation eg a
business use only'. signature.

P Principle
Be able to write control objectives, procedures and
tests for risks

4.2.4 ICQs AND ICEQs

ICQs (internal control questionnaires) and ICEQs (internal control evaluation
questionnaires) – mentioned in an earlier table – can also be regarded as methods of
documentation as they particularly identify whether or not controls are present.
ICEQs address control objectives and whether or not an error or problem in control
can occur. So the objective 'to ensure that we only sell to creditworthy customers'
becomes the ICEQ item ‘Is it possible to sell to customers who will not pay?’ A ‘No’
answer is good news. The ICEQ leaves it up to the auditor to determine if there is
a control procedure in place which will allow the control objective to be met. For
example, credit checks are carried out, or credit card transfers are made before
goods are despatched, or the customer lodges a deposit with the supplier to cover all
purchase transactions.
Similarly the control objective 'to ensure that all purchases are for legitimate
business use only' would produce an ICEQ item like ‘Can purchases be made for non-
business purposes?’. Again the answer ‘No’ is good news and that objective could be
achieved in several ways, such as: orders have to be authorised by a manager, orders
are computer produced when inventory falls below a reorder level and so on.
ICQs (internal control questionnaires) address control procedures. For example, ‘Are
credit checks carried out before goods are despatched?’ or ‘Are all orders approved

Internal Control

by managers?’ Here ‘Yes’ answers are good news because they indicate the presence
of a control.
ICQs are therefore very specific and can be answered by relatively inexperienced
auditors. ICEQs are much more open-ended and flexible than ICQs, but they require
a higher degree of skill and judgement to answer correctly.

4.3 Tests of control compared to substantive tests

A test of control, unsurprisingly, tests controls. For example:

IE Illustrative example 4.4

Control Test of control

Overtime claims have to be authorised Inspect overtime forms and ensure
by the employee’s line manager. each is signed by the relevant manager.
Goods are counted as they are received Observe the receipt of goods and
and compared to orders. ensure that they are being counted and
compared to orders.
Invoices are cancelled when paid to Inspect the file of paid invoices to ensure
prevent them being paid twice. that each has been marked ‘PAID’.

A substantive test does not test controls. It tests the assertions made by figures
which contribute to the financial statements.

IE Illustrative example 4.5

Financial statement figure Substantive tests

Rent of $230,000. Inspect the rental agreement to ensure
that the amount of rent expense is in
line with that (assertion of accuracy).
Trace four monthly rental payments
to the cash book and the rent account
(assertions of occurrence and accuracy)
Inventory is valued at $500,000. Observe stock-take to ensure that
it is carried out correctly (assertion
of existence).
Enquire of management if any
inventory needs to be written down
to a net realisable value below cost
(assertion of valuation).


Note that in the substantive tests, no controls are being tested: the object is for the
auditor to directly collect evidence about financial statement assertions, not controls.

4.4 Reporting control weaknesses to the client: ISA 265 Communicating

Deficiencies in Internal Control to Those Charged with Governance
and Management
If the auditor believes the controls could be improved, it is a matter of professional
courtesy (and a requirement of ISAs!) to advise the client of these weaknesses, the
possible consequences of these weaknesses and recommendations for ways in which
the controls could be improved.
ISA 265 states that the auditor shall do this in writing and on a timely basis.
This is done via the management letter, which is usually sent to the client after the
controls testing or at the end of the audit.
The management letter has two parts:
1. a covering letter;
2. an appendix.
The covering letter is a brief note including:
• an explanation as to why the letter is being sent;
• a disclaimer saying that auditors have not necessarily spotted every weakness;
• a statement that the letter is for internal use only and not to be shared with
third parties.
The appendix should detail:
• the weaknesses identified (ie a description of the deficiencies);
• the consequences;
• recommendations for improvement to the controls.

G Learn

Internal Control

IE Illustrative example 4.6

The Board of Directors

Capulina Ltd
1 High Street
Dear Sir/Madam
During the course of our audit of the company’s
financial statements for the year ended 31 December
20X8, we examined the principal internal controls which
the company has established to ensure the accuracy
and reliability of its accounting records.
Reason we are writing We are writing to draw your attention to the
weaknesses discovered and to suggest ways in which
the systems could be improved.
Disclaimer Our examination is carried out for the purposes of our
audit and does not necessarily disclose every weakness.
Please be aware that:
Report not to be used This report is issued solely for the use of Capulina Ltd,
by third parties it must not be disclosed to a third party. We assume
no responsibility to any other person in connection
with this report.
We thank your staff for their assistance during the audit.
We would be grateful if you would reply to the letter
indicting your intended or actual action in respect of
the items below.
Yours faithfully
Smith and Co Chartered Accountants



Weakness Consequence Recommendation

When goods arrive they - Company may accept - When goods arrive
are not examined to and pay for goods that a sample should be
ensure that they are were not ordered. inspected against
the goods that were - Poor quality materials agreed quality criteria.
ordered nor are they may lead to increased - Agree a returns
checked for quality. waste during period with supplier
production and poor to ensure time can be
quality products being taken to examine the
sold on to customers goods properly.
which will damage the - Goods received
company's reputation should be traced
back to the approved
purchase order before
being accepted.

4.5 Internal control systems in organisations

4.5.1 The sales system
In order to understand the detailed controls operating in the sales system, it is
important to understand how a typical sales system works. A simple generic version
of the sales system is shown below:

Internal Control

All sales orders documented on a

Order Placed
(over telephone, Sales Order One copy stays in the sales department, one
internet, or in Form goes to the warehouse and one to the invoicing

The goods are chosen using the details on

the customer’s sales order form.
The goods are packaged up for dispatch and

Goods dispatched note (GDN) is raised.

Dispatched One copy of the GDN is sent with the
Note (GDN) goods, one copy stays in the warehouse,
stapled to the relevant sales order, and one
copy is sent to the invoicing department.

is raised based upon the details on the

goods dispatch note.
One copy stays in invoicing, stapled to the
relevant GDN and sales order form, one
copy goes to the customer and one copy is
sent to the sales daybook clerk.

The sales daybook clerk updates the

Update Sales sales daybook using the details on the
Daybook sales invoice.
The copy of the invoice is fi led

At the end of the day the total of the

sales day book is transferred to the
Customer Update General general ledger by the general ledger
Pays Ledger accountant.
When the customer pays this is recorded
in the general ledger.
The invoice is then stamped as paid.

The sales cycle: Control objectives and procedures

Now we have seen how the sales system operates, we can start to think about the
things that could go wrong at each stage (the risks) and suggest detailed controls to
mitigate these risks.


To devise a control objective we simply need to think about what could go wrong.
The control objective is to ensure that doesn't happen and the control is the physical
activity we need to carry out in order to ensure that it doesn't!

Stage Control objective Control

Order placed. To ensure that the order - Confirm order back to
details are correct. customer.
To ensure customer is - All new customers must
credit-worthy. be subject to credit check
with recognised agency
and approved by sales
manager before first
order is accepted.
- Perform regular credit
checks on existing
To ensure that customers - Credit limits checked
are not over their credit limit before order is accepted.
when they place an order. - Programme system
to reject a sales order
that would breach the
customer's credit limit.
To ensure the order can - Look up stock records
be fulfilled. before accepting order
and sign sales order
form as evidence this
has been done.

Internal Control

Goods To ensure that all sales - All sales orders should be

despatched to orders are sent to the sequentially numbered.
customer. warehouse. The warehouse
copy should be filed
numerically and a regular
sequence check carried
out to identify missing
numbers that have not
arrived from the sales
ordering department.
To ensure that the right - Choose goods using the
goods are despatched. copy of the sales order
- When GDN is raised,
match the details to the
sales order, sign GDN copy
to say this has been done
and staple GDN copy and
sales order together.
- - Customer should sign a
detachable part of their
copy of the GDN and
return to seller to say
that correct goods have
been received.
To ensure only good - Goods should be
quality goods are examined for quality
despatched to customers. before despatch and the
GDN signed to say this
has been done.
To ensure goods arrive at - Use reputable delivery
customer premises. firm.


Invoice raised. To ensure invoiced raised - Use sequentially

for every despatch. numbered GDNs. The
copy that is sent to
invoicing should be
filed numerically and a
regular sequence check
carried out to identify any
missing copies.
- All GDNs received by
invoicing should be stapled
to the relevant invoice
once it is raised and the
copy of the relevant sales
order. A regular review
should be carried out for
GDNs that do not have
invoice attached.
To ensure invoice raised for - Invoice should be
right amount. matched to details on the
relevant copy of GDN and
the relevant copy of sales
order and signed to say it
has been matched.
- Computer system
programmed to
automatically calculate
sales tax on relevant items.

Internal Control

Sale is recorded To ensure that all sales are - Use sequentially

in the accounts. recorded in sales day book. numbered invoices. The
sales daybook clerk should
file the copy of the invoice
numerically and identify
missing invoices.
To ensure that all sales - All entries in the sales
are recorded at the daybook should be
correct amount. traced back to the
relevant invoice. A spot
check should be carried
out by a manager.
To ensure that all sales - Manager should total
are recorded in the invoices at end of every
general ledger. day and ensure that the
total agrees to total in
sales day book.
- Perform a debtor's
ledger control account
To ensure sale is recorded - Send customer statements.
against the right debtor
in the ledger

Cash received. To ensure that the customer - Agree the payment back
has paid the correct amount. to the original invoice.
- Review the debtor's
ledger for credit balances
(customer overpaid).
To ensure that the - Produce and review aged
customer does pay. debtors listing and chase
older debts, threatening
with legal action if debt
remains unpaid.


Cash is recorded. To ensure that all cash - Send customer statements

receipts are recorded. (customers will tell you if
there is a debt that they
have actually paid.)
To ensure that cash is - Perform a bank
recorded at the correct reconciliation which is
amount. reviewed by a manager.
To ensure cash payment - Regular spot check of
is recorded in the correct remittance advice to ledger.
debtor account. - Send customer statements
(customers will tell you if
there is a debt that they
have actually paid).

EG Learning example 4.2

Describe ten control tests that the auditors would carry out on the sales system above.

4.5.2 The purchases system

A simple generic version of the purchases system is shown below:

Internal Control

copy sent to the ordering department.

Purchase The ordering department places an order
Order Form with the relevant supplier and records

One copy stays in ordering, one goes to

the supplier and one to the warehouse.
The details of the goods received note
When the goods arrive from the supplier,
a sequentially numbered, multi-part goods
received note (GRN) is raised.
Goods One copy stays in the warehouse and
Received Note is matched and stapled to the purchase
(GRN) order, one returns to the ordering
department to match to their copy of
the purchase order and one goes to the
purchase daybook clerk to update the

The details of the goods received note

Update Purchase are entered into the purchase daybook
Daybook and the GRNs are filed in numerical
At the end of the day, the total of the
purchase daybook is transferred to the
general ledger.

Once the invoice is received it is matched

Receive Update General to the detail on the ledger and stapled to
Purchase Ledger the GRN copy.
Invoice and The supplier is paid and the ledger is
Pay Supplier updated to reflect this.
The invoice is then stamped as paid.


Stage Control objective Control

Requisition To ensure that requisition - All requisitions
raised is for valid business need. authorised by
department manager
and signed as evidence
of authorisation.
To ensure all purchases - Have central ordering
are cost effective. department with
approved list of
To ensure items - Department manager
actually needed. examines stock levels
before authorising
requisition and signs
requisition to confirm
this procedure.
Order is placed To ensure order - Have sequentially
is raised for each numbered requisition
authorised requisition. pads, copies filed
numerically with copy
of order stapled to it.
Periodically examine the
requisitions ensure that
all requisitions are there
and all are matched to a
purchase order.
To ensure orders are - Ask them to confirm
accurately recorded by order with you.
To ensure all items are - Compare the quoted
correctly costed. price to approved
supplier list.

Internal Control

Stage Control objective Control

Goods received To ensure goods received - Copy of purchase order
for each order. sent to warehouse,
numbered, filed,
stapled and matched
to GRN. Regular checks
that all are there.
- Have one delivery area
to minimise chances of
goods being mislaid.
To ensure that the goods - Raise GRN and grid
received are of right stamp and sign once
quality and quantity. goods have been
agreed to purchase
order details.
Purchase To ensure purchase - Copy of GRN sent to
recorded recorded for all goods purchase daybook clerk
received. sequentially numbered.
Regular checks that all
are there.
- All entries in the
purchase daybook
should be traced back to
the relevant GRN. A spot
check should be carried
out by a manager.
- Manager should total
GRNs at end of every
day and ensure that
the total agrees to total
in sales day book.
To ensure total of - Perform a supplier's
purchase day book ledger control account
recorded accurately in reconciliation.
general ledger. Reviewed by manager.
To ensure purchase - Reconcile supplier
recorded against the statements to the detail
correct supplier. in the general ledger.
- Perform a debtor's
ledger control account


Stage Control objective Control

Invoice To ensure that invoices - Relevant invoice
received are received for all stapled to all GRNs
goods received. in purchase daybook
clerk's file.
- Regular examinations
to ensure all GRNs have
matching invoice.
To ensure we don't get - Match all invoices to
invoices for things we a GRN. Follow up on
have not received. any invoices received
where there is no
matching GRN.
Cash paid To ensure all invoices paid. - Stamp all invoices
when paid and examine
the invoices to ensure
that all are stamped.
To ensure invoices - Stamp all invoices
only paid once. when paid and keep
paid invoices separate
from unpaid ones.
To ensure paid correct - Cheque signatory to
amount. match details of cheque
to the relevant invoice.
Cash recorded To ensure all payments are - Perform a bank
recorded in the cash book. reconciliation.
To ensure payments are - Perform a supplier
recorded against the statement
correct supplier account. reconciliation.

Internal Control

Stage Control objective Control

Requisition raised To ensure that requisition is - All requisitions authorised
for valid business need. by department manager
and signed as evidence of
To ensure all purchases are - Have central ordering
cost effective. department with approved
list of suppliers.
To ensure items actually - Department manager
needed. examines stock levels before
authorising requisition and
signs requisition to confirm
this procedure.
Order is placed To ensure order is raised for - Have sequentially
each authorised requisition. numbered requisition
pads, copies filed
numerically with copy
of order stapled to it.
Periodically examine the
requisitions ensure that
all requisitions are there
and all are matched to a
purchase order.
To ensure orders are - Ask them to confirm
accurately recorded by order with you.
To ensure all items are - Compare the quoted price
correctly costed. to approved supplier list.
Goods received To ensure goods received - Copy of purchase order
for each order. sent to warehouse,
sequentially numbered,
filed, stapled and matched
to GRN. Regular checks
that all are there.
- Have one delivery area to
minimise chances of goods
being mislaid.
To ensure that the goods - Raise GRN and grid stamp
received are of right quality and sign once goods have
and quantity. been agreed to purchase
order details.


Purchase To ensure purchase recorded - Copy of GRN sent to

recorded for all goods received. purchase daybook clerk
sequentially numbered.
Regular checks that all are
- All entries in the purchase
daybook should be traced
back to the relevant GRN.
A spot check should be
carried out by a manager.
- Manager should total GRNs
at end of every day and
ensure that the total agrees
to total in sales day book.
To ensure total of purchase - Perform a supplier's
day book recorded ledger control account
accurately in general ledger. reconciliation.
Reviewed by manager.
To ensure purchase recorded - Reconcile supplier
against the correct supplier. statements to the detail in
the general ledger.
- Perform a debtor's
ledger control account
Invoice received To ensure that invoices - Relevant invoice stapled
are received for all goods to all GRNs in purchase
received. daybook clerk's file.
- Regular examinations
to ensure all GRNs have
matching invoice.
To ensure we don't get - Match all invoices to a
invoices for things we have GRN. Follow up on any
not received. invoices received where
there is no matching GRN.

Internal Control

Cash paid To ensure all invoices paid. - Stamp all invoices when paid
and examine the invoices to
ensure that all are stamped.
To ensure invoices only paid - Stamp all invoices when
once. paid and keep paid invoices
separate from unpaid ones.
To ensure paid correct - Cheque signatory to match
amount. details of cheque to the
relevant invoice.
Cash recorded To ensure all payments are - Perform a bank
recorded in the cash book. reconciliation.
To ensure payments are - Perform a supplier
recorded against the correct statement reconciliation.
supplier account.

G Learn
Tests of control for purchases
Tests of controls over purchases include:
• Inspect a sample of requisition forms for evidence of authorisation;
• Inspect a sample of requisition forms for evidence of signature showing stock
records were examined before requisitions were raised;
• Inspect a sample of GRNs for signature showing someone agreed it back to the
purchase order form;
• Observe goods received process for evidence of quality and quantity inspections;
• Inspect a sample of purchase invoices for evidence they have been traced back
to the GRN and purchase order;
• Obtain the GRN file from the purchase daybook clerk and review the GRNs to
ensure they are all there and in sequence;
• Obtain and re-perform the supplier's control account reconciliation;
• Obtain the file of paid invoices and inspect to make sure all invoices stamped
as being paid.


EG Learning example 4.3

You are the senior in charge of the audit of Dean Ltd. To assist you in your audit
planning one of the audit team had provided the following description of the
purchasing system. No other controls exist apart from those described.
Identify six weaknesses and briefly explain their audit significance.
"The company has no buying department so employees place orders in their own
area of responsibility. A three part order form is used; original, copy two is sent to
the goods inwards department and copy three is sent to the supplier."
"Goods are received, but not examined, by the goods inwards clerk. Once received, the
advice note and purchase order for those goods are sent to the purchase ledger clerk."
"When the supplier's invoice is received the purchase ledger clerk re-performs the
calculations on it, initials it and staples the advice note and purchase order to it. She
enters the invoice onto the purchase ledger."
"The invoice is then sent to the manager responsible for the employee who ordered
the goods. The manager codes the invoice and returns it to the purchase ledger clerk.
Purchase invoices are coded, entered on an analysis sheet and posted to the nominal
ledger monthly by journal entry."
"The cashier pays suppliers monthly on instructions from the purchase ledger clerk.
The purchase ledger control account is reconciled monthly by the purchase ledger
clerk who also reconciles suppliers’ statements."

4.5.3 The payroll system

Payroll is essentially a mechanical exercise with standard calculations being done
for each employee. It is typically completed using computer software. Assuming the
software is reliable, the main problems with payroll are likely to occur with the input
of information into the system.
The following is a basic representation of a generic payroll system:

Internal Control

Employee names, addresses, annual salaries

or hourly rates, tax and banking details will be
Employee details
entered into are kept permanently on the system. This is
system known as standing data.

Details of new employees are added and details

of leavers are removed.

For hourly employees, the details of the hours

Hours worked by
each employee sheets and these details are input into the system
entered into
The pay rate for salaried employees is worked
out by reference to their contract.

The wages of each employee along with the

Payroll calculated
by computer

Using the figures calculated by the system the

employees are paid by bank transfer (preferable),
cheque or cash.
Employees paid


Stage Control objective Control

Details of To ensure only legitimate - For every new employee
employees are new employees are added there must be a new joiner's
added to the to the system. form filled in and signed
system. by the Human Resources
Director. This form contains
all their details and is filed
with a copy of their contract
and a photograph in an
employee file.
- The HR director should
approve all new additions
to the system by signing the
new joiners form before
the payroll manager enters
them onto the system.
- A list of joiners and
leavers entered onto the
system should be printed
every week and reviewed
by the HR director.
- The HR manager should
regularly carry out spot
checks by choosing
names from the system
and ensuring there is a
corresponding employee file
and the details match.
To ensure all leavers are taken - A leaver’s form should be
off the system. filled out and the details of
this employee removed from
the system by the payroll
manager. This should be
verified by the HR director.
- Leavers' files should be
archived away from current
employee files.
- Regularly reconcile the
number of people on the
payroll to the number of
current employee files in
the HR department.

Internal Control

Details of To ensure standing data is - A hierarchy of passwords

employees are not corrupted or changed should protect the payroll
added to the fraudulently. system. Clerks should
system. have access to input hours
worked only, managers and
directors should have access
to change standing data.
- Any request to change
standing data must be
submitted in writing to
the HR director who must
approve this in writing
before the manager makes
the changes on the system.
- A print-out of changes to
standing data should be
obtained once a week.
The HR director should
match the changes to the
written approval.
- Regular spot checks of
standing data to other
evidence eg employee
Hours are To ensure that employees are - Clocking in and out should
entered. only paid for hours worked. be supervised.
- Clock card machine to
be in an open location,
possibly with CCTV, to
discourage staff from
clocking in their friends.
- Clock cards should be
kept locked in a safe
when not in use.
- Only clock cards and time
sheets authorised by
department managers may
be entered onto the system.
- Overtime to be
authorised by department
managers in advance.


Salaries are calculated To ensure that the correct - System produces a

by the system. salaries are calculated. net pay list which
is reviewed by
department managers.
- System to produce
exception reports (eg
any employee working
over 70 hours a week)
which are reviewed to
identify potential errors.
Employees are paid. To ensure employees - Staff to be paid by bank
receive payment. transfer if possible.
To ensure any cash kept on - If staff paid in cash, the
premises is not stolen. cash to be stored in a
- Where staff paid in cash,
staff required to sign to
confirm receipt.
- Segregate duties in the
payroll department: one
person inputs the hours,
another counts out cash,
another distributes the
cash to employees.

G Learn
Tests of control for payroll
Tests of controls over payroll include:
• Select a sample of new joiner forms and inspect for evidence they have been
signed by the HR director;
• Obtain the weekly print out of joiners and leavers and inspect for evidence that
the HR director has authorised the changes to the system;
• Observe the clocking-in and clocking-out process;
• Inspect clock cards and timesheets for evidence of manager approval;
• Obtain the exception reports produced by the system and inspect for evidence
that exceptions have been followed up and resolved;
• Carry out some test data on the system;
• Obtain the list of employees paid in cash and inspect for their signature that
wages have been received.

Internal Control

4.5.4 Inventory
The basic control objectives over inventory are to ensure:
• that inventory is not stolen;
• that inventory is not damaged;
• that inventory records are accurate.

G Learn
Examples of controls that achieve these objectives include:
• keeping valuable inventory items in secure warehouses with CCTV;
• security guard patrols;
• where necessary, ensure inventory kept at correct temperature;
• train staff in how to handle delicate inventory;
• regular inventory counts (stock-takes) and comparison of the results to
inventory records.

Inventory counts
The counting of inventory can be done at different times throughout the year.
Annual year-end inventory count
This is perhaps the most obvious. Every single item is counted as close to the
accounting year-end as possible. The benefit of the annual inventory count is that
it can be used by auditors as evidence over the inventory balance in the year-end
financial statements.
Continuous inventory counting
Continuous inventory counting, as the name suggests, is where a company counts
parts of its inventories every few weeks. The aim being that over the course of the
year all items are counted.
Sometimes stock is stratified so that high value items and fast-moving items are
counted more frequently than low value ones.
This is less disruptive to the business than a full count.
Full count near the year-end
This is sometimes necessary where the year-end date is not appropriate (eg the
company is too busy at the year-end). The figures counted are rolled forward/back by
adding or subtracting purchases and sales between the count and the year-end date.


4.5.5 Non-current assets

Purchases of non-current assets are controlled in the same way as regular purchases.
The only main differences are:
• Capital expenditure is likely to have been budgeted for at the start of the year,
as it is a significant expense to the company. A powerful control is to compare
the actual spend to budgeted spend. Any major differences may signify errors in
recording the actual figures or weaknesses in the budgeting process.
• Non-current assets will need to be examined more thoroughly for quality
on arrival as they are often high value and if they do not function correctly,
production could be held up.
• Due to the significant cost to the company of purchasing non-current assets,
authorisation is essential before any orders are placed.
• Key internal controls for non-current assets are summarised below. Substantive
testing of non-current assets is explained in section 5.8.

Internal Control

Stage Control objective Control

Purchase of non- Purchases of non-current Orders for non-current assets are
current assets assets much have appropriate authorised by the appropriate level
authorisation of management
Invoice for purchase must be
authorized by the person making
the order
Recording of non- Non-currents assets must be Purchases are allocated to revenue or
current assets recorded in the appropriate capital expenditure as necessary with
account in the financial statements the appropriate account code being
authorised by a senior management
The non-current asset register is
reconciled regularly to the general
ledger and any differences investigated
Ongoing Ensure that non-current assets Regular reconciliation of the non-
maintenance of are kept safely current asset register to the physical
non-current assets assets (and vice versa)
Portable assets (such as computers)
are appropriately tagged/labelled
Valuation of non- Non-current assets are valued Depreciation rates are reviewed
current assets appropriately regularly and any over/under
depreciation (identified by large
profits or losses on sales) considered
for amendment to accounting policy
Regular inspection of non-current
assets to ensure they are not
damaged or otherwise worth less
than their book value

G Learn
4.5.6 Bank and cash
The basic control objectives over bank and cash are to ensure that:
• money is not stolen;
• money received is paid into company bank accounts quickly;
• any payments made are for genuine business purposes and not, for example,
payments to fictitious employees or suppliers set up for fraudulent reasons.

G Learn
Examples of controls that achieve these objectives include:
• any cash kept on company premises is kept in a locked safe;


• where there are tills, these are:

– locked when no staff are present;
– have the prices of products pre-programmed;
– only accessible to authorised staff with a key or swipe card;
– reconciled daily (till record v actual cash takings).
• cash taken to the bank using security form;
• list of approved signatures for each bank account;
• regular bank reconciliations;
• cheque payments above a certain amount need two signatories.
The auditor’s control procedures should include checks to make sure that the
controls as above exist, that they are done regularly (eg bank reconciliations), that
they are effective (eg that they have been performed but also any issues arising have
been sorted out (eg any thefts of cash have been followed through, any reconciling
items on a bank reconciliation have been shown to clear properly).
Physical inspections may be necessary, for example of the company’s safe to ensure
what is reported in the safe is actually there or, for a supermarket, the procedures
for banking excess cash from the supermarket’s tills are followed correctly.

Æ Key Learning Points

• There are five elements to an internal control system, and a strong control
environment (eg through management who support and enforce the system)
helps to ensure that the other four components are likely to be effective. (C1b)
• Auditors evaluate deficiencies in control systems, because substantive testing
will need to be increased in these areas. (C1a, C2b)
• Control objectives are the aims of a control procedure (eg to avoid assets being
stolen). (C3b)
• Control procedures are the things done to try to achieve the control objectives
(eg locking assets in a secure room). (C3b)
• Tests of control are the procedures done by auditors to check the controls are
working well (eg observing that the assets are indeed in a locked room). (C3b)
• Where controls are deficient, the client should be informed and
recommendations for improvement suggested. (C4a)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

Internal Control

Learning example solutions

EG Solution 4.1
The types of controls you may find in a corner shop include the following:
• CCTV over the till to help prevent theft
• High value goods kept behind the till
• Cash banked regularly rather than kept on premises
• Reconciliation of till roll to takings
• Regular stock-takes
• Regular bank reconciliation, reviewed by manager
• Purchases authorised by manager before order being placed
• Consult stock levels before ordering to prevent over-ordering
• Examine the quantity and quality of deliveries before accepting
• Matching of purchase orders to delivery documents to ensure orders received

EG Solution 4.2
Inspect a copy of the external credit check for a sample of new customers in the year
to ensure all new customers are being credit checked.
Try to enter a sales transaction into the system that breaches a customer credit limit
– it should be rejected.
Observe staff taking sales orders to ensure they confirm details with the customer.
Inspect a file of sales orders sent to the warehouse to ensure they are filed in
numerical order.
Observe warehouse staff using copies of sales orders to choose goods to ensure that
the correct goods are chosen.
Select a sample of GDNs and inspect to see if they have been matched and stapled to
the relevant sales order and signed by the employee carrying out the task.
Select a sample of GDNs in the accounts department and inspect to ensure an
invoice is attached.
Select a file of invoices and review the number sequence to ensure they are all there.
Investigate missing invoices.
Observe credit control staff chasing up old receivables.
Inspect legal correspondence with customers whose debts have not been paid.


EG Solution 4.3
NB: The example asks for the audit significance of the weakness. In the second
column you should be thinking about how the weakness may lead to material errors
in the financial statements (not just inconvenience for the company).

Weakness Audit significance

Purchase orders are not Employees may purchase goods for their own
authorised. personal use using the company account. As
a result, there will be an accounting mismatch
between inventories and purchases.
No central buying department. Different departments may duplicate
purchases so the company ends up with too
much stock, which then becomes obsolete.
Purchase order forms are not If purchase orders are misplaced this will not
sequentially numbered. be identified by a sequence check and the
auditors will lose their audit trail.
Goods not examined for May end up accepting poor quality goods,
quality on arrival. which cannot be resold therefore affecting
the evaluation of inventories.
No goods received notes are The details on the invoice may not match
generated. the actual goods received and there is no
way of ensuring that the goods have been
received. The purchases figure may be
misstated as a result.
There is no purchase daybook and If purchase transactions are not recorded
the ledger is updated monthly. regularly, details may be lost or forgotten.
There is a lack of segregation The purchase ledger clerk may be able to
of duties in the purchase cover up a fraud that leads to a material
ledger department. misstatement.

Audit Evidence – Testing

Once the auditors have planned the audit, they are then in a position to start gather
in evidence in order to form their opinion on the financial statements. This evidence
will come from a mixture of testing controls and the more detailed substantive
testing. This chapter introduces some of the fundamental concepts of audit evidence,
which will underpin any exam questions about detailed testing.
Once the auditors have assessed the client's internal controls, they are then in a
position to determine how much substantive testing needs to be carried out. In this
chapter, we will also look at the procedures the auditors use to substantively test
the main areas of the financial statements, starting with non-current assets. Non-
current assets, both tangible and intangible are likely to be a material balance on
the statement of financial position. The auditor will determine whether the assets
exist, whether they are valued correctly and whether the correct costs have been
capitalised. Auditors will also focus on testing the depreciation charge, which is likely
to be a material expense in the statement of profit or loss.
We will also look at the procedures for testing the receivables balance, inventory
balance, cash, as well as a variety of liabilities including trade payables, payroll
liabilities, tax liabilities, long-term loans and provisions.

1. What is the purpose of an interim audit?


2. According to ISA 500, what characteristics should audit evidence have?

3. What is a bank confirmation letter?

Audit Evidence – Testing

5.1 The conduct of an audit: Audit evidence and documentation

5.1.1 The stages of an audit
So far we have covered the appointment of auditors, risk assessment, strategy
and planning. These steps are then followed up by the job of collecting sufficient
appropriate audit evidence to allow the auditor to draw conclusions about the
financial statements.
The full steps in an audit can be usefully set out in the following diagram:

Appointment process:
Legality, ethics, risk

Knowledge of business,
risk assessment

Response to risk, audit

strategy and planning

Good internal controls

Yes No

Systems based audit: Full substantive testing

Test the effectiveness
and operation of
controls (Plus letter to company
Internal control system not
operating satisfactorily setting out details of
Internal control internal control
system operating problems)

Limited substantive
Final review of financial

Audit report signed

G Learn


5.1.2 The two audit approaches

The initial risk assessment will have given the auditor insights into the inherent risks
and the control risks and this will determine the type and amount of work that has
to be performed. You will remember that the amount of audit work is adjusted to
achieve low audit risk ie a low risk that the audit opinion is inappropriate.
If the internal control system is initially assessed as being strong, the auditor will
approach the audit by testing the effectiveness and operation of that control system
(the left-hand route in the diagram above). If the controls are indeed found to be
operating well, then the risk of an error in the financial statements is low (the control
system will usually prevent or detect errors) and the auditor will have to perform
relatively little substantive testing on the financial statements amounts. This results
in an efficient and relatively inexpensive audit because the auditors work is reduced.
If, however, the company does not have good internal controls OR despite a controls
system being there it is not operating well, then the risk of errors finding their way into
the financial statements is high. Essentially, the client does little work to prevent errors.
The only way that audit risk can be kept low is by performing a very high amount of
work themselves to achieve a very low detection risk. This means an audit based on full
substantive testing rather than relying on internal controls. This will usually result in an
inefficient, expensive audit because of the high amount of audit work needed.
Occasionally, despite there being controls in operation, auditors will choose the
substantive testing route. For example, if a property investment company has only
five purchases and sales in a year, these will all be subject to substantive testing as it
is efficient and effective to look at all five transactions.

G Learn
5.1.3 Two types of audit evidence
The two pathways imply that the auditor is seeking two types of audit evidence:
• Evidence that controls are operating effectively. This evidence is collected by
performing tests of the controls.
• Evidences about the amounts in the financial statements. This evidence is
collected by performing substantive tests.

G Learn
Tests of control and substantive tests will be described more fully later in this chapter.

5.2 The external audit timeline – Interim and final audits

When does all of the audit work, usually a mix of testing controls and substantive
testing, take place? Six months, three months, one month before the financial year-
end? One month, two months after the year-end?

Audit Evidence – Testing

Generally the answer to this depends upon the size and nature of the company being
audited. It is important to note however that despite that, there are key events for
the auditors during each year, which you need to be aware of.

5.2.1 Interim audit

The interim audit will take place before the financial year-end.
The financial statements are not yet available at this point so the interim audit will
focus on the detailed audit planning and assessment of internal controls which can
be done without waiting for the accounting year to end.
An interim audit will usually cover a substantial part of the financial year and is
intended to more easily complete the final audit. It is usual for an interim audit to
cover the first three quarters of the financial year, making it possible to complete
a number of auditing tasks that will not require repetition when the analysis of the
final quarter is undertaken. The result is that a lot of the work for the final audit is
completed before the end of the financial year, and the task of finishing the audit at
the year-end is much less daunting.
For example, an interim audit is likely to cover the review of the accounting systems
an organisation employs, to hope to obtain confidence before the year-end. Allied to
this will be checks on detailed financial transactions to save the work all being done
at the end of the year.
Typically, an interim audit does not result in issuing formal reports that are shared
with investors or the general public. Company management is normally made aware
of the results of the audit, since the data may indicate the need to address some
specific issue regarding, say, inventory. Formal audit reporting is not performed until
the final audit is completed and the auditors release their final opinions on the status
of the company’s accounting processes.
On very large audits, more than one interim visit may be necessary.

5.2.2 Financial year-end

When the financial year comes to an end, the directors will begin the process of
producing that year’s financial statements.
It is too early for auditors to carry out lots of testing at this point. However, a number
of audit procedures can take place:
• Attend client’s year-end stock-take;
• Perform a debtor’s circularisation;
• Request a bank letter.


5.2.3 Final audit

The draft (unaudited) financial statements will now be available. The main focus is
substantive testing – results of controls testing determine how much substantive
testing is required. A substantive test is essentially taking each figure presented
in the financial statements and collecting supporting evidence that supports that
figure. For example, a common substantive procedure for receivables is to write to
customers asking them to confirm the balance they owe.

5.2.4 Reporting deadline

Sometime after the final audit has commenced, the auditors will conclude their work
and issue their audit report to the shareholders.
The audit timeline

Year End Deadline

• Internal Control
• Audit must be
Statements commences completed and Audit
• Some Audit Procedures Report signed
e.g. Stock Take and

Interim Audit Final Audit

Audit Evidence – Testing

IE Illustrative example 5.1

For a set of financial statements for the period ended 31/12/2017, typical
dates would be:

Perhaps around August/ Interim audit 

September 2017
Year-end 31/12/2017 Attend stock-take on 31/12/2017 or,
(more usually 1/1/2017)
1st week of January Despatch letters to selected customers
asking them to confirm balances owes as
at 31/12/2017
End of January Draft financial statements are ready and
the final audit can commence. Typically
this will take around two weeks, though
there is a wide variation in the time
needed depending on the size, nature and
complexity of the client.
End of February All reviews and outstanding matters
have been finished off and the partner is
presented with the audit documentation,
financial statements and draft audit
report for signature.

Sometimes, reporting deadlines are very short indeed and audit work has to be
pulled forward as much as possible. One technique is to perform the detailed audit
on financial statements drawn up to the end of November (the work can be done in
December) then, in early January, to review changes in the financial statements that
take place during December.

5.3 Introduction to audit evidence

5.3.1 Characteristics of audit evidence
In order to form their opinion on the financial statements, auditors must obtain
suitable audit evidence in the form of risk assessment procedures, tests of controls
and substantive procedures.
As explained earlier, tests of controls are designed to test whether or not the
client's systems and controls have been operating effectively throughout the period
being audited.
Substantive procedures are aimed at detecting material misstatements at the
assertion level (this shall be explained in more detail shortly). They include:


• Tests of detail of transactions, balances, disclosures and;

• Substantive analytical procedures.
ISA 500 (Audit Evidence) states that audit evidence should have certain
characteristics. It should be:
• sufficient;
• reliable; and
• relevant.

Sufficiency is a measure of quantity ie auditors must obtain enough evidence to form
their opinion. Sufficiency is affected by:
• Risk – The riskier an item is, the more evidence the auditors should obtain
about that item;
• Materiality – The more material an item is, the more evidence the auditors
should obtain;
• Reliability – The less reliable audit evidence is, the more of it is needed
and vice versa.

To be useful, audit evidence must be reliable in terms of its source and its nature.
The following generalisations about the reliability of audit evidence are useful.

More More
reliable reliable
Auditor than External than Client
generated (third party) generated
evidence evidence evidence

Written than Oral
evidence evidence

Orginal Photocopies
documents and faxes

Audit Evidence – Testing

When an amount appears in the financial statements is making a number of claims
or assertions. For example, an amount of $342,000 appears on the statement of
financial position against the description ‘Motor vehicles’, then the figure is asserting:
• The motor vehicles exist.
• The motor vehicles are owned by the company.
• The valuation of the motor vehicles is materially correct at $342,000.
• All the motor vehicles have been included in the figure.
When an unmodified audit report is signed it is saying that there are no material
misstatements in the financial statements. That means it is saying that each assertion
made by each figure is materially correct. Therefore sufficient appropriate audit
evidence is needed for each assertion.
Auditors do not just collect evidence about a figure in the financial statements, they
collect evidence about the assertions being made by the figure.
These assertions are different depending upon whether you are testing a number in the
statement of comprehensive income or a balance on the statement of financial position.

G Learn
Audit evidence is relevant if it tests one or more of these assertions.


5.3.2 Statement of profit or loss assertions (Assertions in

relation to classes of transactions and events and related
disclosures for the period under audit)
The auditors must test the balances in the statement of profit or loss for:

Occurrence Auditors must devise tests to ensure that the transactions and
events in the statement of comprehensive income actually
took place during that year and relate to that company.
Completeness Auditors must devise tests to ensure that all of the
transactions that took place during the year have actually
been recorded in the statement of comprehensive income
and that all related disclosures that should have been
included in the financial statements have been included.
Accuracy Auditors must devise tests to ensure that all of the
transactions that took place during the year have been
recorded at the correct amounts and that related
disclosures have been properly made.
Presentation Auditors must ensure that transactions and events are
appropriately aggregated or disaggregated and clearly
described and that all related disclosures are made in
accordance with the applicable financial reporting framework
Cut-off Auditors must devise tests to ensure that the transactions
that take place just before and just after the year-end have
been recorded in the correct accounting period.
Classification Auditors must devise tests to ensure that the transactions have
been recorded in the correct account balances eg interest
payments recorded as 'finance costs' and not 'admin expenses'.

G Learn

Audit Evidence – Testing

5.3.3 The statement of financial position assertions (Assertions in

relation to account balances and related disclosures)
The auditors must test items on the statement of financial position for:

Existence Auditors must devise tests to ensure that the items on the
statement of financial position actually exist in real life.
Completeness Auditors must devise tests to ensure that all of the items
pertaining to the company (its assets, liabilities etc) have
been recorded on the statement of financial position and
that all related disclosures have been made.
Rights and Auditors must devise tests to ensure that all of the assets on
obligations the statement of financial position are owned by the company
(Ownership) and all of the liabilities are an obligation of the company.
Accuracy, Auditors must devise tests to ensure that assets, liabilities
valuation and and equity interests have been included in the financial
allocation statements at appropriate amounts and any resulting
valuation or allocation adjustments have been appropriately
recorded and related disclosures have been appropriately
measured and described.
Presentation Auditors must devise tests to ensure that the transactions
have been presented at the correct level of aggregation in
accordance with the relevant financial reporting framework.
Classification Auditors must ensure assets, liabilities and equity interests
have been recorded in the proper accounts

G Learn
In the exam you will be asked to devise audit tests for certain items in the financial
statements eg trade receivables, purchases, fixed assets. Use the assertions to help
you generate ideas. To help you remember some of the assertions, you can use a
simple but effective mnemonic, PROVE.

P Presentation
R Records must be accurate and complete
O Ownership
V Valuation
E Existence


5.4 Evidence gathering techniques

In order to gather audit evidence, auditors can use a variety of techniques. These are:
• Analytical procedures (making comparisons of financial information to try to
identify fluctuations or unusual results).
• External confirmation (confirming something with a third party) and internal enquiry;
• Inspection (examining records, documents or assets);
• Observation (watching a process or procedure being performed by someone else);
• RecalcUlation (verifying the mathematical accuracy of documents or records)
and re-performance (auditor independently re-performs procedures or controls
originally performed by the client)
The methods can be remembered using the vowels A, E, I, O and U.

G Learn
All evidence gathering falls into one of these categories. For example,
• To collect evidence about the assertion of existence of a non-current asset,
inspection can be used.
• To collect evidence about the value of inventory, purchase invoices can be inspected.
• To collect evidence about a control in which warehouse staff count stock receipts
and compare to what was ordered, observation can be used.
• To ensure that the control of regular bank reconciliations is performed, the
reconciliation can be re-performed.
• To collect evidence about the accuracy of income tax payments, some wages
slips can be recalculated.

5.5 Use of analytical procedures as substantive procedures

Analytical procedures cannot be used to test controls, but they can be used to
generate substantive evidence about amounts in the financial statements.
Substantive analytical procedures are generally more applicable to large volumes of
transactions that tend to be predictable over time. In addition, the use of analytical
procedures as substantive procedures is based on the expectation that relationships
among data exist and continue in the absence of known conditions to the contrary.
We have seen the types of analytical procedures available to the auditor:
• Comparison of data this year to last year;
• Comparison of client data to industry data;
• Comparison of actual data to budgeted/forecast data;
• Comparison of auditor's calculated prediction to client data.
So examples of substantive analytical procedure would be for the auditor:
• to predict total payroll costs for the period (by using the number of employees
and the rates of pay throughout the period) and then compare this result to the
actual payroll cost calculated by the client.

Audit Evidence – Testing

• to compare this period’s raw material wastage rates/kg input to last years. If these
are in line then that is some evidence that wastage has been correctly recorded.
• to use the rents on a landlord’s 20 properties to predict what total rentals should be
The advantage of this type of procedure is that it can go some way to providing evidence
for multiple assertions (in these cases completeness, occurrence and accuracy)
Analytical procedures however are only as reliable as the underlying data being used
to perform them.
Auditors should consider the following when determining whether or not they can
apply substantive analytical procedures to certain data:
• Source of the data (it may be more reliable if it has come from an independent
source rather than being client generated);
• Comparability of the data (broad industry data may need to be supplemented in
order to be comparable to the results of a specialised entity);
• Nature and relevance of the data (if using budgeted data, were those budgets
realistic and achievable);
• Controls over the data (data is more reliable if there are effective controls
operating over it).

5.6 ISA 540 Auditing Accounting Estimates (Including fair value

accounting estimates)
The financial statements of a company are full of estimates and judgements:
• Doubtful debt provisions
• Depreciation
• Net realisable value
• Legal provisions
• Fair values
Estimates are a particularly difficult area for the audit as they involve considerable
judgement and are based upon future events. As a result estimates are not as
susceptible to logical, scientific evidence gathering techniques as other amounts,
such as the value of sales and electricity costs, in the financial statements.
Accounting estimates are therefore easy to manipulate and may be subject to
significant management bias.
Auditors should remain well aware of this potential for management bias when
auditing estimates and look out for indications such as:
• Management subjectively changing the estimate or the method for making it;
• Estimates being made that are inconsistent with external marketplace assumptions;
• Selection of estimates that achieve favourable objectives (eg a certain level of
profit or a certain return on a financial instrument);
• Selection of estimates that appear overly optimistic or pessimistic.

G Learn


Some practical ideas for auditing estimates include:

Review and test the process For example:

used by management to - Enquire as to who determines the bad debt
develop the estimate. provision – is it someone with seniority
and experience?
- Assess whether provision has been
accurate in the past.
- Recalculate the provision and compare it to
client's figures.
Use an independent estimate For example:
for comparison. - Compare client's provision for legal costs to
the independent estimate provided by the
company solicitors.
Review subsequent events to For example:
assess reasonableness of the - Compare the bad debt provision to the actual
estimate made. figure for bad debts after the year- end. Was
the provision adequate?
- Compare the fair value of a financial asset to
the amount it was sold for after the year-end.

5.7 Gathering audit evidence at smaller audit clients

The accounting and internal control systems at smaller companies are often not as
sophisticated or as complex as those in larger companies. This will have some effect
on the type of audit evidence that can be gathered when auditing a smaller company.
At smaller companies, ownership and management tends to be concentrated
amongst a small number of individuals who are very often actively involved in
managing the company on a day-to-day basis. On one hand, this can improve the
control environment of the company, as the managers will be on hand to resolve
any issues on a timely basis. On the other hand, however, the dominant position of
management could be open to abuse, leading to override of controls and inaccurate
accounting records.
The lack of staff at smaller companies can also lead to an issue with segregation
of duties so that many transactions are carried out entirely by one person and this
weakens the opportunity for control.
Due to these possible weaknesses in the control environment at smaller companies,
auditors will often rely on substantive tests of detail, rather than tests of control.

G Learn

Audit Evidence – Testing

5.8 Substantive testing procedures

We shall draw on ideas seen earlier in this chapter to design substantive procedures
to test different balances in the financial statements. For the Audit and Assurance
exam you will need to be able to produce audit procedures for:
• Tangible non-current assets (Property, plant and equipment – PPE);
• Inventories;
• Receivables (and sales);
• Payables (and purchases);
• Cash, share capital, reserves and directors’ emoluments

5.9 Tangible non-current assets – PPE (Property, plant and equipment)

5.9.1 Presentation
The total net book value (ie cost less accumulated depreciation) of PPE is presented
in the top half of the statement of financial position.
In the notes to the financial statements, the total balance of these assets is broken
down into assets of different categories also showing any additions, disposals
and depreciation during the year. The financial statements must also disclose the
depreciation policies that the company uses.


IE Illustrative example 5.2

An example of a PPE disclosure note is shown below:

Freehold land Plant and Motor Total

and buildings machinery vehicles $
$ $ $
Cost or
At beginning 500,000 200,000  75,000  775,000 
of year
Additions 200,000 100,000  25,000  325,000 
Disposals - (50,000) (10,000) (60,000)
At end of year 700,000 250,000  90,000  1,040,000 
At beginning 150,000 50,000  15,000  215,000 
of year
Charge for year 25,000 10,000  5,000  40,000 
On disposals - (5,000) (2,000) (7,000)
At end of year 175,000 55,000  18,000  248,000 
Net book value 525,000 195,000  72,000  792,000 
at end of year

Audit Evidence – Testing

5.9.2 The non-current asset register

Businesses must also keep a register of all of their plant, property and equipment.
This will contain all relevant information about these assets such as:
• cost
• revaluation information
• purchase date
• supplier
• serial number
• cumulative depreciation
• useful economic life/depreciation rate
• date last physically inspected
• physical condition
• location
• date of sale
• sale proceeds
The total net book value on the fixed asset register must agree to the total net book
value in the fixed asset disclosure note.

5.9.3 Audit procedures for plant, property and equipment

As they are a statement of financial position item, the relevant assertions for the
auditors to test are:
• Presentation and disclosure;
• Completeness;
• Ownership (Rights and obligations);
• Valuation;
• Existence.

Key risks
Being assets, the main risk for auditors is that these balances are overstated. For
example, the company has capitalised assets that it does not own, that do not exist,
or which are overvalued.


Careful attention needs to be paid to ownership, existence and valuation (although

auditors will still test presentation and completeness)

Ownership For a selection of fixed assets inspect ownership documents

such as title deeds (for land), and vehicle registration
documents (for motor vehicles) to ensure that the company
has legal title to those assets.
Select a sample of operating lease agreements and inspect
the fixed asset register to ensure these assets have not
been capitalised.
Select a sample of assets that are classified under finance
leases. Inspect the terms of the lease agreements to ensure
that the risks and rewards lie with the company.
Valuation Select a sample of additions and agree the cost to a
purchase invoice.
Select a sample of re-valued assets and agree the valuation to
the valuation report to ensure it is correct.
Assess the independence, experience and qualifications of
any external valuation experts used to ensure their work can
be relied upon.
Re-compute depreciation charge for a selection of assets
and compare to the company's charge to ensure no
material difference.
Inspect fixed asset register for evidence of profits and
losses on disposal of assets which may indicate that the
depreciation policy chosen is inappropriate.
Inspect fixed asset for evidence of assets with zero net book
value that are still in use. This suggests that depreciation
policy is inappropriate.
Compare depreciation policy to that used by similar
companies in the same industry to ensure they are reasonable.

Audit Evidence – Testing

Existence Select a sample of fixed assets from the register and

physically verify that they exist.
Inspect a sample of purchase invoices relating to PPE
Review the invoices for evidence of general repairs and
maintenance charges and ensure that these have been recorded
on the purchase ledger and not the fixed asset register.
Examine a selection of fixed asset register records and
ensure that the assets have been physically inspected within
the last year.
Presentation Review the non-current asset disclosure note in the financial
and disclosure statements to ensure it meets the criteria set out in IAS 16,
Plant Property and Equipment.
Agree the total net book value in the PPE disclosure not to
the balance of PPE on the statement of financial position
to ensure that PPE has been presented net of accumulated
Completeness Select a sample of assets that physically exist and trace them
back to the fixed asset register to ensure that they have
been recorded.
Cast (add up) the fixed asset register then agree the total net
book value on the fixed asset register to the total net book
value in the fixed asset disclosure note to ensure that all assets
have been included on the statement of financial position.

5.9.4 Audit procedures for additions and disposal of plant,

property and equipment
Additions and disposals of non-current assets are often relatively rare events
compared to purchases of raw materials and the sale of goods. However, when they
do occur, the transactions are often large. There is a risk, therefore, that the internal
controls associated with these transactions are not as strong as they should be.
The purchase of non-current assets sucks cash out of a business and has to be
carefully controlled.

Additions of non-current assets

The following are typical audit procedures:
• Inspect board minutes for discussion about material acquisitions.
• Inspect capital expenditure authorisations.
• Inspect correspondence with suppliers where prices and terms are discussed.
• Inspect authorised purchase orders and supply contracts.


• Inspect purchase invoices to ensure they are in line with the supplier, terms and
amounts agreed and trace from the invoice to the cash book and to the debit of
the non-current asset cost account and VAT account.
• Trace the purchase to the non-current asset register and agree details and that
the proper rate of depreciation has been assigned to that asset.
• Inspect a number of new assets purchased in the period.

G Learn
Disposals of non-current assets
The following are typical audit procedures:
• Inspect board minutes for discussion about major disposals.
• Inspect disposal authorisations.
• Inspect documents agreeing the sale of the assets.
• Trace sale agreements to cash receipts and to entries in the disposal account.
• Trace the removal of accumulated depreciation relating to the asset from the
depreciation account to the disposal account.
• Inspect the fixed asset register to ensure that the asset is marked as ‘Disposed’
• Recalculate the calculation of the profit or loss on disposal and ensure that it is
included in the statement of profit or loss.

G Learn
5.10 Intangible non-current assets
Intangible non-current assets include items such as brands, and research and
development expenditure. Accounting standards are strict when considering to what
extent these should be recognised in the statement of financial position. Development
expenditure can be recognised as an asset provided certain criteria are met.
The main audit procedures are:
• Verify the amount paid for brands by inspecting board minutes, the sale
agreement and the cash book.
• Verify that the depreciation rate used is reasonable.
• Recalculate the depreciation charge and provision
• Verify by inspection of board minutes and confirmation with directors that the
value of the brand has not been impaired.
Research and development expenditure
• Confirm by discussion with managers, directors and by inspection of board
minutes that the amounts capitalised comply with IAS 38 (eg that the
development will probably generate future economic benefits, that the
development is technically feasible and that the company has the financial
resources to complete the development).

Audit Evidence – Testing

• Inspect invoices for amounts posted to the development account and time sheets
to ensure that these amounts have been properly and accurately described.
• Confirm that depreciation rates used relate to the estimated useful life of the
development expenditure.
• Re-perform the depreciation calculations.

5.11 Audit procedures for receivables

Receivables are presented in the statement of financial position under the heading
'current assets'. They are presented net of any provision for bad and doubtful debts.
As they are a statement of financial position item, the relevant assertions for the
auditors to test are:
• Presentation and disclosure.
• Completeness.
• Ownership (Rights and obligations).
• Valuation.
• Existence.
Key risks
The main risk with regard to receivables is that these balances are overstated. For
example, the company may be recognising debts that will never be paid, debts that
are disputed by the customer or debts that simply do not exist.
Careful attention needs to be paid to existence, valuation and ownership (although,
as with PPE, auditors will still test for presentation and completeness).

5.11.1 Existence
ISA 501 External Confirmations
The receivables balance will be listed out in detail on the receivables listing which will
show each individual debtor's balance. In order for the auditor to verify the existence
of receivables, they choose a sample of receivables from this list. The client then
writes to the debtors that have been chosen asking them to confirm their balance.
This is known as a receivables confirmation.


5.11.2 Positive and negative confirmations

IE Illustrative example 5.3

Letter on Big Industry Company

client's paper High Road
Reply sent to Dear Sir/Madam
auditor Our auditors request that you would please confirm to them
directly that you owe us an amount of £___as at (insert date).
If the amount shown above is in agreement with your
records, please sign the tear-off slip below and return it to the
auditors using the stamped addressed envelope provided.
Positive If this amount is incorrect, please indicate any discrepancies on
method of the reverse of this letter, highlighting any specific differences.
confirmation Yours faithfully
J Johnson
Financial Director
Big Industry Co
The amount shown above is correct/incorrect* as at (date)
Account number
*Please include more information overleaf

A positive confirmation either:

• States the balance and asks the customer to write back if they agree or disagree
with the balance; or
• Omits the balance from the letter and asks the customer to reply stating what
they think they owe.
A negative confirmation states the balance but asks customers to write back only if
they disagree. This is not as effective as a positive confirmation as the auditor may
assume no response from the customer is an agreement whereas the client may have
forgotten to reply or never received the letter in the post.

G Learn
In the case of non-responses, the auditor will need to perform alternative procedures.

5.11.3 Other procedures

Valuation will focus on whether or not the debts are recoverable and whether or
not the bad debt provision is adequate. Ownership will focus on whether or not

Audit Evidence – Testing

the company has legal title to the debts. Testing completeness is to ensure that all
receivables have been recorded and testing presentation ensures that the correct
disclosure has been made in the financial statements.

Valuation Select a sample of year-end receivable balances and trace

payment to the post year-end cash book to ensure the cash has
been received.
Calculate trade receivable days as at the end of each month
throughout the year and investigate any significant increase.
Obtain an aged receivables listing and investigate any amounts
over 90 days old (say). Enquire as to what management are doing to
chase the debts and whether or not they have been provided for.
Inspect legal correspondence with problem customers to
ascertain whether or not the company will recover the cash.
Recalculate the bad debt provision and compare it to the client's
provision to ensure it is accurate.
Compare the bad debt provision to the actual level of bad debts
after the year-end to ensure that it is adequate.
Ownership Select a sample of receivables and trace to the relevant sales
invoice. Ensure that our company (not another company in the
group) is the selling company and has the rights to the receivables.
Completeness Trace a sample of unpaid sales invoices back to the receivables
listing to ensure all credit sales have been recorded.
Presentation Review the presentation of receivables in the statement of
financial position to ensure it has been presented net of the bad
debt provision.

G Learn
5.11.4 Receivables, sales and cut-off testing for sales
The receivables balance is closely related to the sales balance because any sales
made on credit will form part of the same double entry. Testing receivables therefore
links to the testing of sales.
As part of the substantive procedures on sales and receivables, the auditors will
trace the accounting for a number of sales transactions. For example:
Invoice 1200 to ABC Co for $2,400 (VAT = 20%)

Dr Receivables 2,400
Cr Sales 2,000
Cr VAT 400

As well as going from invoices to the accounting entries, some transactions in the
ledgers will also be picked and traced back to invoices, despatch notes and orders.


This provides evidence to the auditor that the existence of the transactions is
supported by orders from customers and the despatch of goods.
A key risk with sales is that they are overstated and one common way to illegally
manipulate sales is to incorrectly treat the sales around the year-end for example,
taking sales from early in the next year and pretending that they were made before
the year-end.
IAS 18 Revenue says that a sale should be recorded when the goods are delivered to
the customer.
To verify that the sales are being recorded, the auditor will:
• select a sample of goods despatch notes dated before the year-end and trace
the sale to the receivables ledger and the sales ledger and ensure the goods have
been excluded from stock;
• select a sample of goods despatch notes from just after the year-end and verify
that the sale is excluded from the year-end receivables and sales ledger and that
the goods are in year-end stock.

G Learn
5.11.5 Prepayments
Compare last year’s prepayments to this year’s. Many prepayments fall into a
regular pattern. For example, if rent is paid in arrears every three months, then if
two months’ worth was owing to the landlord at the end of last year, probably two
months’ worth is owing at the end of this period.
Scrutinise payments made in the last few months of the period for amounts which
relate to benefits or purchases to be enjoyed in the next period.
Perform analytical procedures on suitable amounts. For example, advance payments
made on purchases orders will be related to the value of orders outstanding at year-end.
Enquire of management if all prepayments have been included.
Prepayments will affect both receivables in the statement of financial position and
expenses in the statement of profit and loss.

EG Learning example 5.1

Suggest indicators that would indicate that a finance director may have to make a
bad debt provision for a specific debtor.

Audit Evidence – Testing

5.12 Audit procedures for inventories

Inventories are presented in the statement of financial position under 'current
assets'. They are valued at the lower of cost and net realisable value.
The relevant assertions to test for inventories are:
• Presentation and disclosure.
• Completeness.
• Ownership (Rights and obligations).
• Valuation.
• Existence.
Key risks
The main risk with regard to inventories is that these balances are overstated. For
example, the company may be recognising inventory that is obsolete, damaged, that
does not belong to them or does not exist.
Careful attention needs to be paid to existence, valuation and ownership
(although, as with all statement of financial position items, auditors will still test for
presentation and completeness).

5.12.1 The inventory count

The ISA 501 requires auditors to attend the client's inventory count in cases where
inventory is a material balance in the financial statements. This will normally be the
case in manufacturing and retailing industries. Inventory is less likely to be material
in service industries such as advertising agencies, banks and travel agencies.
It is important for the exam that you know about the audit procedures before,
during and after the inventory count. Note that it is not the auditor’s job to perform
the inventory count. The auditor’s work is aimed at collecting evidence that the client
planned and carried out the count so that its results can be relied upon.

Before the inventory count (Planning)

• Speak to the client about logistics such as date, time and location of the
inventory count.
• Ask the client for a copy of the inventory count instructions that will be given to
the client's staff. Review them to ensure they are adequate.
• Ask the client how they propose to deal with problem areas such as WIP (work in
progress) and consignment stock (that belongs to third parties).
• Timetable a member of the audit team to attend the stock count and give them
• Review the prior year working papers for evidence of any problems.


During the inventory count

• Observe the client's staff following the inventory count instructions.
• Inspect the stock sheets to ensure they are sequentially numbered.
• Confirm by observation that inventory is labelled as it is counted so as not to be
counted again.
• Perform some test counts:
- Select a number of items from the stock sheets and recount these to ensure
that they physically exist;
- Select a number of actual stock items and trace them to the count sheets to
ensure the stock records are complete.
• Look out for, and make a note of, damaged, obsolete and slow moving stock (eg
look out for physical damage, items covered in dust, items past their sell by date).
• Confirm that consignment stock is separately identified and not included
in the count.
• Ensure that goods received during the inventory count are kept in a separate
location and not included in the count itself.
• Obtain details of the last goods dispatch note number and the last goods inwards
note number (issued prior to the receipt of goods during inventory as noted above).
• Come to a conclusion as to whether the count has been properly carried out.

After the inventory count

• Agree the balance of items on the inventory count sheets to the final
inventory listing.
• Ensure that any damaged or obsolete items noted have been considered during
the valuation exercise.
• Perform some cut-off testing on sales and purchases of stock:
- Select a sample of goods despatch notes dated before the year-end
(ensuring that these dispatch notes are prior to the last number obtained at
the inventory count) and inspect the stock records to ensure that the items
have been excluded from year-end stock;
- Select a sample of goods despatch notes from just after the year-end (and
after the GDN number obtained on the inventory count) and trace the goods
to the stock records to ensure they have been included at the year-end;
- Select a sample of goods received notes dated before the year-end (ensuring
that these are prior to the last goods despatch note number obtained during
the inventory count) and trace the goods to the stock records to ensure they
have been included at the year-end;
- Select a sample of goods received notes dated after the year-end (and after
the GRN number obtained on the inventory count) and inspect the stock
records to ensure the items have been excluded from year-end stock.

G Learn

Audit Evidence – Testing

5.12.2 Other procedures

Valuation For a sample of raw materials, agree cost back to

purchase invoices.
For a sample of finished goods held at the year-end, inspect
post year-end sales invoices to ensure that the sales price
was greater than cost.
Obtain the costing records for a sample of WIP and:
agree labour costs to payroll;
agree labour hours to time sheets;
recalculate the overhead absorption rate.
Obtain the aged inventory analysis and ensure older items
have been written off.
Calculate inventory days as at each month end throughout
the year and investigate any significant increases.
Ownership Select a sample of consignment stock agreements and
inspect the inventory records to ensure these items have not
been included in the inventory records.
Completeness Agree the figures from the inventory records tested at
and existence the inventory count to the final inventory figures in the
financial statements.
Presentation Review the presentation of inventories in the statement
of financial position to ensure that balances of raw
materials, work-in-progress and finished goods have been
disclosed separately.

G Learn

EG Learning example 5.2

State which types of inventory may be worth less than cost and describe the
investigations you would carry out to identify this stock.

5.12.3 Continuous inventory systems

Sometimes a company may choose to count its inventory continuously, rather than
have a full count at the end of the year.
When a company employs such a system, the auditors should:
• Obtain a copy of the inventory counting procedures and review them to ensure
that they are adequate.
• Enquire of management as to whether all inventory lines are counted at least
once per year.
• Observe counting taking place to ensure necessary controls are being implemented.
• Ask management how discrepancies are dealt with and resolved.


• Perform a number of test counts on sample stock lines to ensure the inventory
records agree with the physical stock counts.
• Perform an analytical review per stock line of inventory holding days at the
end of each month. Any significant movements may highlight a problem with
count procedures.

5.12.4 Inventory held by third parties

Sometimes, companies despatch goods to be held by third parties. For example,
some manufacturers operate a sale or return scheme where a shop can display the
manufacturer’s goods and the shops only purchases the goods if they are sold on to
customers. The company’s inventory could therefore be spread over a large number
of locations and sales agents.
If inventory under the custody and control of a third party is material to the financial
statements, the auditor shall obtain sufficient appropriate audit evidence regarding
the existence and condition of that inventory. The normal approach is for the auditor
to obtain confirmation from the agents about the goods they hold. The auditor has to
be satisfied that the agent is sufficiently independent to provide reliable information
by performing one or both of the following:
• Request confirmation from the third party as to the quantities and condition of
inventory held on behalf of the entity.
• Perform inspection or other audit procedures appropriate in the circumstances.
The confirmation would be carried out in a very similar way to that of receivables
circularisation. The letter requesting confirmation would be on client’s note-paper
with replies going directly to the auditor.
The permission of the clients and their agents would be needed before the auditor
can visit the agents to directly inspect the inventory.

5.13 Audit procedures for trade payables

Trade payables are presented under 'current liabilities' in the statement of
financial position.
As they are presented as a balance in the statement of financial position, the relevant
assertions for the auditors to test are:
• Presentation and disclosure.
• Completeness.
• Ownership (Rights and obligations).
• Valuation.
• Existence.
Key risks
The main risk with regard to payables is that these balances are understated. For
example, the company may have accidentally or deliberately failed to record certain
liabilities in order for the statement of financial position to look stronger.

Audit Evidence – Testing

Careful attention needs to be paid to completeness and cut-off to ensure that all
credit purchases made just before the year-end have been captured.

Completeness, - Calculate trade payable days for each month of the year.
existence and A significant decrease may indicate understatement of
ownership trade payables.
- Compare the list of supplier balances with the previous
year and seek explanations for any suppliers that are
missing this year.
- Review the bank statement for post year-end payments
by the company and trace to supporting documentation.
If they relate to pre year-end purchases, there should be a
payable recorded in the year-end ledger
- For a sample of supplier statements received, agree the
balance owed per the supplier to the balance owed per
the client's ledger and investigate any differences.
- Consider if a payables circularisation is needed. This
would be the case if supplier statements were not
routinely received to support the amounts owing
- Perform cut-off testing – see below.
- Compare the list of accruals with prior year and
investigate any accruals that are missing this year.
- Review the bank statement for post year-end payments
that may relate to services used before the year-end.
Trace these items to the accruals listing.
Valuation - Perform a payables circularisation for a sample of suppliers
requesting confirmation that they agree with the balance
(although this is rare in practice). Valuation of trade payables
is less problematical than the valuation of receivables. It can
be tested by inspection of purchase invoices, tracing those
to the credit of supplier accounts then tracing subsequent
payments through the bank account.

G Learn
5.13.1 Payables, purchases and cut-off testing for purchases
The trade payables balance is closely related to the purchases balance because any
purchases made on credit will form part of the same double entry. Testing trade
payables therefore links to the testing of purchases.
Therefore for a selection of purchase invoices, the auditor will trace posting to
the credit of the appropriate supplier’s account and to the debit of the VAT and
purchases/expense account.


A number of entries in the purchases and suppliers’ account will be traced back
to supplier invoices, goods received notes and purchases orders to ensure that
purchases are for legitimate orders (existence, ownership).
A key risk with purchases is that they are understated and one common way to
illegally manipulate purchases is to incorrectly treat the purchases around the year-
end for example, taking purchases from shortly before the year-end and recording
them in next year's accounts.
A purchase should be recorded when the goods are received. To verify that the
purchases are being recorded in the correct period, the auditor will:
• Select a sample of goods received notes dated before the year-end and trace
the purchase to the purchases ledger and the payables ledger and ensure the
goods have been included from stock.
• Select a sample of goods received notes from just after the year-end and verify
that the purchase is excluded from the year-end trade payables ledger and the
purchases ledger and that the goods are excluded from year-end stock.

G Learn
5.14 Other liabilities
Companies often have a much wider variety of liabilities than they have receivables,
including balances such as payroll liabilities, tax liabilities, long-term loans and
provisions. One important category of other liabilities is non-current liabilities.

• Agree payroll liability in the statement of financial position back to the year-end
payroll records.
• Agree payment of net pay as per the payroll records to the bank statement.
• Agree the payment of employers’ taxes as per the payroll records to the
bank statement.
• Agree a sample of individual wages back to records such as employment
contracts or timesheet records.

Corporation tax
• Agree the year-end tax liability back to the year-end tax computation.
• Agree the year-end tax liability to the post year-end payment to the tax authorities.
• Agree the corporation tax liability to the amount owed as per correspondence
from the tax authorities.

Long-term loans
• Agree loan balances back to the loan statement from the bank.
• Inspect the bank confirmation letter for details of loans and overdrafts and
trace these amounts to the statement of financial position to ensure they have
been recorded.

Audit Evidence – Testing

• Review Board minutes for evidence of new loans being taken out in the year and
ensure they have been recorded.
• Inspect the bank statements for the year for evidence of a significant deposit,
which may be proceeds of a loan.
• Recalculate expected interest charges during the year and compare to the
client's figure.

• Compare last year’s accruals to this year’s. (Many accruals fall into a regular
pattern. For example, electricity is paid for every three months, then if two
months’ worth was owing at the end of last year, probably two months’ worth is
owing at the end of this period).
• Scrutinise payments made in the first one or two months of the new year for
amounts which relate to benefits or purchases enjoyed in the previous period.
• Perform analytical procedures on suitable amounts. For example, interest
accrued will be related to overdrafts and loans.
• Enquire of management if all accruals and other liabilities have been included.
• Accruals will affect both liabilities in the Statement of Financial Position and
expenses in the Statement of Profit and Loss

A provision is a liability of uncertain timing or amount. A provision should be
recognised therefore only when:
• an entity has a present obligation (legal or constructive) as a result of a past event;
• it is probable that a transfer of economic benefits will be required to settle the
obligation; and
• a reliable estimate can be made of the amount of the obligation.
If it is possible but not probable that economic benefits will be transferred, no
adjustment is made on the face of the financial statements but the matter has to be
disclosed in the notes. If it is merely remote that any transfer of value will take place,
then no disclosure is needed at all.
An example of a provision would be if a company were being sued for the damage
that a customer claims was caused by defective goods. Depending on the outcome of
the court case there might or might not be an amount of damages to pay.
To ensure that the correct accounting treatment and amounts are in the financial
statements, the auditor has to collect evidence about the likely amount of damages
and whether or not there is a probable, possible or merely a remote chance that the
damages will have to be paid.
Audit evidence will include:
• Inspection of the board minutes (major provisions should be discussed by the board)
• Inspection of correspondence with the injured party and their lawyers
• Inspection of correspondence with the client’s lawyers.


• Inspection of insurance arrangements and correspondence with insurance

companies in case the matter is covered by insurance
• Obtaining an independent expert legal opinion about likely damages.
• Inspecting payments and correspondence after the period end to see if a
settlement had been reached then.
If a provision is established, then the cost of that must be traced to an expense in the
Statement of Profit and Loss.
Similarly contingent liabilities (liabilities that may be incurred by an organisation
depending on the outcome of an uncertain future event, such as a court case) must
be audited. The auditor will need to review the business’s operations to see if any
contingencies are apparent and obtain representations from management as to
these contingencies, given they are uncertain and relate to the future. Checking on
past contingencies and their outcome will also be informative.
Materiality will be important, a court case for $1,000 is unlikely be relevant to a
company with profits of $20m. The auditor will need to judge the materiality.
For disclosure, the probability of the liability is important. If probable then the
contingent liability should be disclosed, with
• an estimate of its financial effect;
• an indication of the uncertainties relating to the amount or timing of
any outflow; and
• the possibility of any reimbursement

Non-current liabilities
Non-current liabilities are long-term financial obligations that are not due within
the present accounting year. Examples of non-current liabilities include long-term
borrowing, bonds payable and long-term lease obligations. An example is the
decommissioning costs of a mine. These will happen when the mine is closed.
It is important to make sure that these are correctly stated and disclosed in the
accounts. A key consideration for audit procedures is the completeness of the
liabilities, are they all there? Also, the auditor should check the accuracy of disclosing
when the liabilities are due to be paid to make sure they are recognised against the
correct time period.
Audit evidence will be obtained from:
• Reviewing any documentation detailing the non-current liabilities (eg a lease
agreement) and making sure that the documentation has been correctly followed
• Reviewing management calculations for reasonableness
• Looking at the full situation – if an operating lease has been treated incorrectly as a
finance lease then this will affect non-current assets as well as non-current liabilities

G Learn

Audit Evidence – Testing

EG Learning example 5.3

Your client Marley Ltd has the following balances for trade payables and provisions.
Describe the audit tests you would carry out to ensure that the balances are fairly stated.

$'000 $'000
Trade payables 426 789
Provisions 525 -

The provision relates to legal action brought by a competitor who says that Marley
have illegally copied the design of their best selling product.

5.15 Audit procedures for bank and cash

Positive cash balances are presented under current assets. Negative cash balances (ie
overdrafts) should not be offset against positive balances but are instead disclosed
separately under 'current liabilities'.
As they are an item on the statement of financial position, the relevant assertions for
the auditors to test are:
• Presentation and disclosure;
• Completeness;
• Ownership (Rights and obligations);
• Valuation;
• Existence.
Key risks
The main risk with regards bank and cash is that positive balances are overstated
and overdrafts are understated. Positive balances need to be tested carefully for
existence and ownership and for overdrafts, particular attention needs to be paid to

5.15.1 The bank confirmation letter

The bank confirmation letter is an effective way of proving existence, completeness,
valuation and ownership of cash.
The auditor writes to the company's bankers to request details of balances and
other information (such as loans and guarantees) so that this can be agreed to
the client's records. This is a valuable form of audit evidence as it comes from an
independent source.


IE Illustrative example 5.4

Big Bucks Bank Plc

Dear Sir/Madam

We are writing to request disclosure of the following information for our mutual client:
Account and balance details
Give full details of all bank accounts and loans.
State if any accounts are subject to restrictions.
Give the following details of all loans, overdrafts and guarantees:
Availability of finance
Limit of the facility
Does the bank hold a fixed or floating charge over any of the company's assets and
if so give details.
Additional banking relationships
Does the client have any additional relationships with branches or subsidiaries of
the bank that have not been mentioned above?
Audit Partner A
Audit Co

5.15.2 Other procedures

• Agree balances to year-end bank statements.
• Obtain the year-end bank reconciliation:
- Cast it (add it up);
- Agree the 'balance per cash book' to the cash book;
- Agree the 'balance per bank statement' to the bank statement;
- Trace the reconciling items to the post year-end bank statement to ensure
they have cleared in a timely manner.

Audit Evidence – Testing

• For any accounts in a foreign currency, re-perform the translation of the balance
at the year-end using an exchange rate from an independent source (eg the
Financial Times) and compare this to the client's translation.
• Recount a sample of petty cash tins and agree the balance to records.

G Learn
5.15.3 Cash profit and double entry
Credit entries in the cash account will have matching debit entries which could be:
• The payments of an expense for cash
• The settling of a liability
• The purchase of a non-current asset
Debit entries in the cash account will have matching entries which could be:
• The receipt of cash in respect of a cash sale
• The receipt of cash form a customer
• The receipt of loan or share capital
• The proceeds of sale of a non-current asset
It is a normal part of substantive testing to choose a variety of cash account entries
and to trace these to the other part of the posting to ensure that the receipts and
payments are being handled correctly. Such tests might discover, for example, that
a cash receipt from a credit customer has been treated as a new cash sale so that
sales, receivables and profit are all overstated.

EG Learning example 5.4

Describe four matters which may be covered in a bank letter and explain why they
are important for the auditor.

5.16 Share capital, reserves and directors' emoluments

5.16.1 Share capital and dividends
• Agree the share capital with the statutory documents governing the company's
• Agree changes to share capital with the relevant resolutions.
• Verify any issue of shares or other changes during the year to board minutes.
• Confirm that cash or other consideration has been received.
• Verify transfers of shares by reference to
- Correspondence
- Completed transfer forms
- Cancelled share certificates
- Minutes of directors' meetings
• Agree the balances in the shareholders' accounts in the register of members and
the total list with the amount of issued share capital in the general ledger.


• Agree dividends paid and proposed to the authority in minute books and
check calculation.
• Trace dividend payments to documentary evidence (eg dividend warrants).

5.16.2 Reserves
• Agree movements on reserves to supporting authority (eg movement on
revaluation reserve to non-current asset register and valuation report).
• Confirm that the company can distinguish distributable reserves from those that
are not distributable.
• Ensure appropriate disclosures of movements on reserves are made in the
company accounts.

5.16.3 Directors' emoluments

Most audit procedures for directors' emoluments will be carried out when the
auditors are testing payroll balances, for example, tracing payments in respect of
wages from the cash book to the debit of the directors’ wages and salaries accounts.
In addition, however, they will have to carry out some procedures to ensure that
disclosure requirements have been met
• Verify that directors' emoluments have been properly approved;
• Compare emoluments to director contracts, company share option schemes,
company pension schemes;
• Consider whether or not the most common types of emoluments have been omitted;
• Review the disclosure with regards to directors' emoluments.
• Trace bonus payments to both the cash book and to appropriate accounts in the
nominal ledger.

G Learn

EG Learning example 5.5

Suggest one substantive procedure to test the following assertions:
1. Cut-off of sales revenue
2. Occurrence of purchases
3. Classification of repairs and maintenance expenses
4. Valuation of inventory
5. Rights and obligations over property assets
6. Existence of an insurance prepayment
7. Completeness of contingent liability disclosures
8. Understandability of going concern threat disclosure note

Audit Evidence – Testing

Æ Key Learning Points

• Auditors obtain evidence in order to test assertions (eg the existence of an asset,
the valuation of a provision). (D1a)
• There are several types of audit tests available, both for control tests and
substantive tests, such as analytical procedures, enquiry and confirmation,
inspection, observation and recalculation. (D1b)
• Some evidence will be more persuasive than other forms of evidence (eg written
is more persuasive than verbal). (D1d)
• Evidence is collected both by testing the system (control tests) and by getting
supporting evidence to test each balance or disclosure in the financial
statements (substantive tests). (D2e)
• Some things can be hard to test, due to their subjective nature, such as
accounting estimates. (D2c)
• Substantive tests can be designed to test all relevant assertions for any balance
or disclosure item in the financial statements. (D4a–D4g)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).


Learning example solutions

EG Solution 5.1
Customers who have very old debt on the ledger – they may have forgotten to pay,
or may be disputing the amount.
Customers who have not made any payments on their accounts for a very long
time – again, they many have forgotten to pay, may be struggling to pay or may be
disputing the amount.
Customers who have made payments relating to recent invoices but who have
aged invoices that they have not paid – the old invoices may be in dispute, or may
not be genuine.
A customer that is disputing invoices – they may be dissatisfied and unwilling to pay.
Any customers who have made a high number of goods returns – they may also be
dissatisfied and unwilling to pay.
Signs that one of the customers is in financial difficulty – they may be unable to meet
the payment terms.
Customers who are asking for increases in their credit limit – they may have cash
flow difficulties and may be struggling to pay.

EG Solution 5.2
Inventories that may be worth less than cost:
• Damaged items.
• Obsolete items.
• Custom built items but the customer has since cancelled the order.
How to identify these inventories:
Calculate inventory holding days for each month of the year. An increase may suggest
slow moving inventories.
Inspect items in the warehouse for signs of damage.
Inspect a number of credit notes issued during the year to ascertain the level of
faulty items being returned by customers.
Inspect the aged inventory analysis and investigate any old stock.
Review Board meeting minutes for evidence of any production problems during the
year which may be due to faulty raw materials.

Audit Evidence – Testing

EG Solution 5.3
Trade payables
• Calculate trade payable days for each month end and follow up any significant
movement. A decrease may suggest that payables are understated.
• Compare the list of supplier balances with the previous year and seek
explanations for any suppliers that are missing this year.
• Review the bank statement for post year-end payments by the company and
trace to supporting documentation. If they relate to pre year-end purchases,
there should be a payable recorded in the year-end ledger.
• For a sample of supplier statements received, agree the balance owed per the
supplier to the balance owed per the client's ledger and investigate any differences.
• Select a sample of goods received notes dated before the year-end and trace the
purchase to the purchases ledger and the payables ledger.
• Obtain a breakdown of potential damages and costs by inspecting
correspondence from the company's lawyers and compare these to the client's
provision to ensure it is adequate.
• Inspect post year-end court documents and lawyers correspondence for
evidence of the case being settled post year-end and if the actual costs were in
line with the provision?
• Inspect correspondence with the company's lawyers to get a feel for the
likelihood of losing the case in order to decide whether it is correct to recognise
a provision or whether a contingent liability should be recognised instead.
• Review trade journals and the press to find evidence of similar cases and the
potential outcome.

EG Solution 5.4

Matter Why it is important to the auditor

Balances of any accounts held To substantiate the balance of cash and overdrafts
in the statement of financial position
Overdraft facility To understand how much short term finance is
available to the company should they run short of cash
Bank Loans To support the balance of liabilities on the
statement of financial position
Charges To understand if bank has any charges over the
company's assets as these will need to be disclosed
in the financial statements


EG Solution 5.5
Note: Only one is provided, but there are many correct answers for each of
the requirements. Make sure you can see how each test clearly relates to the
stated assertion.
1. Select Goods Despatch Notes (GDNs) just before the year-end and trace to
corresponding sales invoice, ensuring the invoice has been included in the pre
year-end sales day book.
2. Select a sample of purchases from the purchases day book, and inspect the
actual invoice, the Goods Received Note (GRN) and the purchase order to verify
the purchase took place.
3. Select a sample of repairs costs during the year and inspect invoice to
understand the nature of the expense (for example, a repair might in fact be a
piece of improvement work, requiring it to be capitalised as an asset).
4. Select a sample of year-end inventory products and agree cost of items back to
purchase invoices.
5. For each property owned (as they are all likely to be individually material),
inspect title deeds to verify in the name of the client.
6. Obtain the list of year-end prepayments and agree insurance prepayment back
to cashbook and invoice before the year-end, verifying that the payment was
indeed for a period that stretched beyond the year-end.
7. Obtain written confirmation from the client’s legal advisors that there are no
additional legal cases against the company other than those disclosed in the
financial statements.
8. Read proposed going concern disclosure note and verify that the explanation is
clear, complete, and ties in with auditor’s understanding of the situation.

Audit Evidence – Other
Issues to Consider

Auditors do not test every single transaction during the audit of the financial
statements. Firstly, it would be impractical (and almost impossible!) and secondly,
their responsibility is to find material misstatement, not all misstatements. So
instead of testing each transaction in an account balance, auditors will choose a
sample. This chapter introduces us to the concept of audit sampling; we then look at
the various sampling methods, related issues and risks.
After sampling, we move on to other topics such as Computer Assisted Audit Techniques
(CAATs), reliance on the work of others and the auditing of not-for-profit entities.

1. Why is sampling used in auditing?

2. What is stratification?

3. Why do auditors sometimes need to rely on the work of third party experts
when gathering their audit evidence?

Audit Evidence – Other Issues to Consider

6.1 ISA 530 Audit Sampling

Audit sampling is the application of audit procedures to less than 100% of the items
within an account balance or population such that all items have a chance of selection.

G Learn
A population is a set of data about which an auditor wishes to draw a conclusion.
Sampling is used in auditing because for all but the smallest clients, it is impracticable
to examine all transactions and to inspect every asset. The time and cost involved
would be huge, and the financial statements would not be ready for publication until a
very long time after the period end – so long that they would be next to useless.

6.2 Sampling methods

There are two main forms of sampling:
• Statistical sampling;
• Non-statistical sampling.

6.2.1 Statistical sampling

Statistical sampling refers to any approach that involves the random selection of
a sample. It means that every member of the population has an equal chance of
selection in the sample. If statistical sampling is used then mathematics can be used
to estimate the characteristics of the population with a certain probability, and this is
of obvious use to auditors. For example, it might enable the auditors to conclude that
on the basis of their sample, the true value of inventory is $4 million ± $50,000 with a
probability of 95%.
There are three main methods of statistical sampling:
• Random sampling
• Systematic sampling
• Monetary unit sampling

G Learn
Random sampling
Random sampling ensures all items in a population have an equal chance of being
selected. For example, if all items of the population were sequentially numbered a
computer program or random number generator can be used to select items from
the population.


This approach is easy if the items are already pre-numbered, such as sales invoices
issued by the client. However, some transaction or documents will not be neatly
numbered. For example, purchase invoices will be received from a large number
of suppliers and they will not have a coherent numbering system. It would be very
arduous to start with a file of 10,000 purchase invoices and number them all.

IE Illustrative example 6.1

During the audit of a client, you are testing the controls operating over the purchases
system. One of the control objectives is to ensure that all purchase orders are
authorised before being placed and you want to make sure that this control is
working. Well over 10,000 purchase orders have been placed during the year and it
would be impractical to test them all so you select a sample of 50 to test. You would
use random sampling to choose the 50 purchase orders.
If, say, 10 out of the 50 items were not properly authorised, then it looks as though
the control is not operating reliably. The first response of the auditor would normally
be to pick another 50 items to see if the control problem was relatively isolated. If no
other breaches of the control were found, the auditor would probably conclude that
the control was operating satisfactorily. If the next 50 had many breaches the auditor
would conclude that the control is not operating satisfactorily and cannot be relied
on. More substantive tests would then be required.

Systematic sampling
In this approach the first item in a file is chosen randomly then every nth item is picked.

IE Illustrative example 6.2

In Illustrative example 6.1, there were about 10,000 invoices and 50 had to be
chosen. That means choosing every 10,000/50 = 200th invoice in the file.
So, the first would be chosen randomly (say invoice 63) then every 200th would
be picked (263, 463 etc.). This approach normally picks items sufficiently close to
random selection to be ranked as statistical sampling.
Care is needed to ensure that the number of periodicity of the items chosen does
not resonate with a natural feature of the data. For example, if the auditor wanted
to examine the cash paying in process of a shop that operated six days per week,
picking every 30th paying in slip would always land on the same day as it jumps
forward exactly 5 weeks between items chosen.

Monetary unit sampling

Monetary unit sampling is a method of sampling that ensures every monetary unit in
a population (eg every $ or £) has an equal chance of being chosen.
Monetary unit sampling is used for substantive testing.

Audit Evidence – Other Issues to Consider

Substantive tests are concerned with verifying the numbers in the financial
statements and, as such, they are concerned with monetary value. It follows then
that sampling for substantive tests should also focus on monetary value.

IE Illustrative example 6.3

Your client has provided the receivables ledger below. You are to use monetary unit
sampling to choose a sample of debtors to circularise.

Debtor Balance $'000

A 9
B 2
C 4
D 3
E 7
F 2
G 2
H 9
I 2
J 22
K 2
L 3
M 6
N 12

In order to perform monetary unit sampling, the auditor must do three things:
1. Progress down the ledger and work out the cumulative balance of receivables
(column C below).
2. Set a sampling interval (for example every $10,000).


3. The invoices that include every 10,000th dollar is chosen for selection (ie the
invoices containing the $10,000th, $20,000th, $30,000th etc. are chosen).

Debtor Balance Cumulative Chosen for sampling 

$'000 balance
A 9 9
B 2 11 Yes (the first $10k falls between 9k and
C 4 15
D 3 18
E 7 25 Yes (The second $10k falls between 18
and 25)
F 2 27
G 2 29
H 9 38 Yes ($30k falls between 29k and 38k)
I 2 40 Yes ($40k falls here)
J 22 62 Yes ($50k and $60k fall between
$40k and $62k)
K 2 64
L 3 67
M 6 73 Yes ($70k falls between $63k and $70k)
N 12 85 Yes ($80k falls between $73k and $85k)

The debtors B, E, H, I, J M and I are chosen for sampling.

Monetary unit sampling increases the chance of items of large monetary amounts
being picked compared to small value items. It is therefore of particular use when
performing substantive tests where the auditor wants to cover a large amount by value.

G Learn
6.2.2 Non-statistical sampling
Non-statistical sampling is an approach to sampling where the auditors do not
choose items randomly. There is some judgement involved for example:
• Haphazard selection of items. The danger is that the auditor will be drawn to
certain documents or transactions and other will have no chance of being tested.
• Choosing a batch of transactions in sequence (batch sampling). Typically that
might only pick transactions dealt with on one day.
Non-statistical sampling implies that some members of the population might be
favoured because the sampling method introduced bias and the same strength of

Audit Evidence – Other Issues to Consider

conclusions cannot be drawn from the results of the sample. Non-statistical sampling
is rarely a satisfactory approach.

G Learn
6.3 Other sampling issues
• Stratification;
• Extrapolation (projection);
• Tolerable errors (tolerable deviation rate and tolerable misstatement).

6.3.1 Stratification
Stratification of populations may often be necessary when choosing an
appropriate sample.

Stratification is the process of dividing a population of items into sub-populations,
each of which becomes a separate group of sampling items.

G Learn

EG Learning example 6.1

Your client is a large supermarket and you are auditing the figure for wage costs. This
figure includes all employee wages from shelf stackers all the way up to directors.
You know that directors' salaries are material by nature so you will need to audit the
wages of every single director.
If you choose a sample based upon the entire wages population, the chances are
your sample will not contain every director. On the other hand, are you going to
audit the entire wages population so that you capture all of the directors? No, this
would be impractical and unnecessary.
What would you do in this scenario?

6.3.2 Tolerable errors

In a test of control, the tolerable rate of deviation is the maximum number of times
that a control can fail before the auditor concludes that the control is weak and
cannot be relied upon.
Often the tolerable rate of deviation for controls testing is zero. However, if the auditor
knows the client systems well and has confidence in them, they may sometimes accept
up to two failures in a control and still deem the control to be strong.
In a substantive test, the tolerable misstatement is the maximum monetary error
that the auditor is willing to accept in an account balance or class of transactions.


6.3.3 Extrapolation (Projection)

Extrapolation takes the result of a sample and projects that result over the
whole population.

IE Illustrative example 6.4

Imagine total sales are $10m. You select a sample of $1m (10% of the population) to
test. If errors of $37k are found in the sample, it could be inferred by extrapolation
that there are errors of $370k in the total population.
Extrapolation can only be applied to statistical sampling.

G Learn
6.4 Sampling risk and non-sampling risk
If auditors test a sample in order to form an opinion about a whole population, then
the sample must be representative.
Sampling risk is the risk that auditor's sample is not representative. This can happen
even with random sampling as there is always a risk that the sample contains, for
example, only transactions that were properly authorised. However, the population
contains many rouge transactions which, through bad luck in sampling, had simply
not been selected. T sting a greater number of items, or choosing a more appropriate
sampling technique can reduce the risk.
Non-sampling risk describes the other factors that can affect the auditor's opinion
such as human error and inexperience. For example, in inexperienced auditor might
look at all items in a population, but if he doesn’t understand the transactions he’s
wasting his time. Non-sampling risk is reduced by assigning more experienced audit
staff, better direction and supervision of their efforts, and better review of their work.

G Learn
6.5 Computer controls
The fundamental aspects of an audit do not change when the audit is carried out in
a computer environment although the auditor will make use of Computer Assisted
Audit Techniques (CAATs) to assist in gathering evidence. CAATs can be used to test
controls and to perform substantive testing.

Audit Evidence – Other Issues to Consider

There are two main types of controls that a client may have in operation over
their IT systems:


General controls Application controls

6.5.1 General controls

General controls cover the computer environment as a whole. Examples include:
• making regular back-ups of data and storing them off-site;
• having an IT help-desk and IT training for staff;
• access controls such as keeping computers in locked rooms;
• having a disaster recovery plan;
• all computers have log in codes;
• anti-virus software and firewalls;
• segregation of duties between programmers and users.

6.5.2 Application controls

Application controls are the controls over data in specific computer programmes.
Application controls are needed to ensure that all transactions are authorised,
recorded and processed accurately so they should cover the input, processing and
output of data as well as the standing data on the system.

Standing data is the information that is held on computer files for long-term use.

It is called standing data as it tends to change less frequently than other data.
Examples of standing data are:
• the rate of sales tax to be applied to sales invoices;
• the hourly pay rate for a factory worker to be used when calculating payroll;
• employee bank account details.
If standing data is wrong, then it will usually cause many errors. For example, if a
selling price is incorrect then every time that item is sold the invoice will be incorrect.
Examples of application controls include:
• passwords;
• exception reports;


• one-to-one checking of inputs (for example, every hourly-paid employee should

submit a clock card);
• batch checking of inputs (pre-determined batch totals are agrees to the values input)
• reasonableness tests (eg sales tax to total value);
• character checks (eg no unexpected characters entered);
• range limits (eg no transaction processes over or under a certain value);
• manual checks to ensure input was authorised;
• print-outs and checks of amendments to standing data.

G Learn
6.6 Computer Assisted Audit Techniques (CAATs)
Auditors can use computers and computer software to assist with the audit process.
There are two main types of computer assisted audit techniques, both with different
roles in the overall audit process. These are test data and audit software.

6.6.1 Test data

Test data is data designed by the auditor and which is used to test controls within a
client's computer system.

When using test data, the auditor invents some data and runs it through the client's
system to ensure it is processed as expected.
Examples include:
• In a sales system, the auditor may enter a large order that should be rejected
because of an automatic credit check that should be performed by the
computer system.
• In a purchases system, the auditor could try to process an invoice for which there is
no purchase order on file. The purchase invoice should be rejected by the system.
• The system may have a range limit so that when processing payroll for example,
no employee can have worked more than 70 hours per week. The auditor will try
to enter 80 hours and this should be rejected.
• In an inventory system, the auditor will issue inventory that will reduce the
inventory balance below its reorder level to see if a purchase order is issued to
the supplier.
However, there are drawbacks to the use of test data:
• Any false transactions must be removed from the system afterwards.
• This may cause inconvenience for the client.
Therefore, test data is often run as ‘dead’ test data. This means that it is run using
a copy of the client’s system so that any false transaction or damage caused by the
auditor’s data won’t matter.

Audit Evidence – Other Issues to Consider

6.6.2 Audit software

Audit software is the auditor’s software which is used to perform substantive tests on
client data. The auditor uploads a copy of the client's data onto their own computer
and runs it through the audit software, which assists in performing tasks such as:
• Reorganising the data into a more useful format eg by producing an aged listing
for receivables or stock.
• Performing detailed analytical procedures (eg inventory holding days by stock
line, the automatic calculations of ratios for analytical procedures).
• Verifying that arithmetic is correct by adding up ledgers and lists. This is vital,
for example, when auditing the inventory file because every extra $ in inventory
is an extra $ of profit. In large companies with thousands of lines of inventory,
using audit software is the only practicable way of performing this test.
• Re-performance of calculations. For example, recalculating the depreciation
charge for every non-current asset.
• Sequence checks. Printing out lists of missing documents such as missing
cheques in the cash book.
• Choosing random samples, for example for receivables circularisations.

Advantages and disadvantages of audit software

Advantages Disadvantages
Easy to use. Expensive to develop especially when the
client is new and the system is not fully
understood by the auditor or if there is a
lack of documentation on the system.
Limited IT skills required to use. Limited to procedures that can be
carried out on electronic data.
Improves efficiency of audit as large Extensive modification required if client
volumes of data can be processed quickly. changes their systems.
Can be used in future audits and for Use of copy files (auditors are using
similar clients. copies of the client's data and need to
be sure that these copies accurately
reflect the genuine live data).

G Learn

EG Learning example 6.2

Describe a number of tests you could perform using test data and audit software on
a client's sales and receivables ledger files.


6.6.3 Data Analytics

What is data analytics?
Data analytics involves the extraction of data from large databases. In terms of big
data, this means databases from an entire company from all of its locations, within
one country or worldwide.
The technique is an extension of data mining where databases are analysed to
identify relationships between different elements of data. For example, supermarket
customers can be categorised into different groups based on their purchase history.
The group is then analysed identifying products that individuals in that group have
not purchased which the group normally purchases. Incentives are then given to
purchase those products (offering money-off coupons).
Examples of data analytics in audit include:
• Recalculating depreciation using different methods e.g. actual purchase date or
average length of time held in the year
• Matching purchases (Goods Receipt Notes) with purchase invoices and supplier
payments to prove the accuracy of the purchases and payments systems
• Detailed analysis of revenue by product, region or customer type to assist in
trend analysis
• Inventory analysis matching goods despatched with date of goods receipt, to
provide information on inventory ageing
In other words, similar techniques to the use of audit software a few years ago, but
now based on company data from all locations with potentially more complicated
analysis being carried out.
Benefits of using data analytics in audit
Benefits include:
• Visual display of results – visual in terms of graphs and pie charts making data
analysis easier to carry out
• Use of analytical software by non-audit specialists decreasing training
requirements (and therefore training costs)
• Ability to analyse up to 100% of company data
• Quick processing of data to provide the analysis
Problems of using data analytics in audit
Problems include:
• Cost. Investment in improving audit software and provision of user-friendly
interfaces to use that software
• Time. Of writing the software and training staff
• Interpretation of results. The analytics simply display trends and analysis; the
auditor must still interpret the results to decide whether there is any material
error to investigate

Audit Evidence – Other Issues to Consider

Benefits for audit clients

Benefits include:
• Decreased cost of audit due to less manual testing and more use of automation
• Independent testing of control systems to identify weaknesses (in this case
computer control weaknesses) including confirmation that weaknesses
previously identified have been rectified (or not!).
• Visual representation of transactions which may not be available from the
company’s existing software solutions
• Ability to compare different sectors, regions etc, for internal benchmarking
where the information is not available from the company’s own software.
Issues with using Data Analytics
• What is the quality with the data being produced in data analytics? To rely on the
data still means testing the systems that produce the data – auditors may need
to devise additional audit software to ensure the integrity of data being used.
• What type of analyses give the best audit evidence? As this is a newer area
for auditors, time will be needed to decide what analysis to do and how to
use the results.
• What will happen with audit regulation? The issue here is that ISAs have
historically been written on the assumption that less than 100% of transactions
will be audited – this is not necessarily the case with data analytics as all
electronic transactions can be audited.

G Learn

Æ Key Learning Points

• A rulebook provides a prescriptive set of rules to follow (no judgement is
involved), whereas ethical principles can be adapted to the situation (application
depends on the judgement of the individual auditor). (G1)
• A transnational audit is an audit of financial statements where reliance on
those statements will be not just in the home jurisdiction of the company being
audited but in other jurisdictions around the world. (G2)
• The main issues of an integrated report are identifying what is being reported
on and then obtaining the evidence to verify the report is correct. Most social
or environmental issues are outside of the normal accounting systems hence
separate reliance on the information will be necessary. (G3)
• Current issues, as their name suggests, are now – so be aware of articles being
written in Student Accountant by the examining team because an article signifies
an issue is probably current. (G4)

6.7 Reliance on the work of others

6.7.1 ISA 620 Using the Work of an Auditor's Expert
In some cases, the preparation of financial statements involves the use of an expert
in a field other than accounting (eg the valuation of land and buildings, actuarial


calculation of pension scheme assets and liabilities or interpretation of laws and

regulations). In these cases, auditors may need to rely on the work of third party
experts when gathering their audit evidence.
• Experts such as:
- Lawyers
- Valuation experts
- Actuaries
• The client's internal auditors (who have reviewed the internal controls)
• Another firm of external auditors (who may, for example, be auditing an overseas
subsidiary of the client)
The external auditor retains full responsibility for the opinion, so when using the
work of others it is essential to make sure that their work is reliable:
• Are they suitably qualified?
• Do they have the experience?
• Are they independent of the client?
• Did they carry out their work in a professional manner, planning and
documenting their process and following professional standards?

G Learn

IE Illustrative example 6.5

Imagine your client is a trader in diamonds and other precious stones. Clearly
inventory valuation is going to be material to the financial statements and individual
items might be valuable enough to be material in their own right.
Of course, you are a qualified accountant not a jeweller, so the chances are you
cannot value the stones and are going to need help.
The client will have expertise (it is their company’s business to understand precious
stones after all) amongst their own staff, or possibly from external consultants they
use, and no doubt they are capable of assigning values based on their own industry
experience and professional qualifications. Such a person is called “management’s
expert”. However, if they are internal client staff, you might be concerned about their
obvious lack of independence and ability to be controlled by the client’s directors.
Even if the management’s expert is an external consultant, if the client is paying
them fees for work they remain of questionable independence.
ISA 500 Audit Evidence covers reliance on management’s experts, and advises the
auditor to tread carefully, especially with regard to independence of the expert.

Audit Evidence – Other Issues to Consider

As a result, the auditor might decide to engage their own expert. Should this be the
case, ISA 620 Using the Work of an Auditor’s Expert applies. Of course, experts in
precious stones are not available in large numbers so the audit firm will need to find
someone, probably by contacting trade organisations within the jewellery industry. As
such, the expert hired by the auditor is likely to be appropriately qualified, experienced
and independent – because otherwise the auditor would not have hired them!
The auditor will now need to ensure that their expert clearly understands what is
required, is provided with all relevant information and assumptions, and understands
the timeframe of the work required.
The auditor will need to review the work done by the expert to ensure it is what was
agreed (in writing) before the work started, and can then decide whether the expert’s
opinions are sufficient audit evidence or whether additional evidence is required.

6.7.2 Referring to the expert in the audit report

The auditor should not refer to the work of the expert in the audit report unless:
• Required by law or regulation to do so or;
• In the case of a modified audit opinion, if reference to the work of the expert
in the audit report is relevant to understanding the modification. The auditor
should indicate however that such a reference does not reduce the auditor's
responsibility for that opinion.

6.7.3 ISA 402 Audit Considerations Relating to an Entity Using a

Service Organisation
Many companies outsource aspects of their business to organisations that provide
specific services such as payroll processing for example. There may be special
considerations for an auditor when the client makes use of a service organisation if the
use of these organisations affects a client company's accounting and internal control
systems. For example, if a company’s payroll is looked after by a computer bureau, the
auditor has not legal rights to obtain information or to examine the records of that
bureau. They are the auditors of their client, not of the computer bureau being used
by the client. Therefore, how can the auditor obtain evidence about the accuracy of
the processing and of the information being provided by the bureau?
Many of the steps below will require the cooperation of the service organisation.
Ideally, cooperation with their auditor should be a term of the client’s contract with
the service organisation.
The nature and extent of the work to be performed by the auditor regarding
the services provided by the service organisation depends upon the nature and
significance of those services to the client company but auditors may need to
perform procedures such as:
• Obtain a report from the service organisation's auditors regarding the adequacy
of controls and their operation at the service organisation. The auditor must
be satisfied as to the competence, independence and standards of the service
operation’s auditors.


• Contact the service organisation to ask for specific information;

• Visit the service organisation and evaluate controls;
• Use another auditor to evaluate controls at the service organisation.

G Learn
Client Data out Service organisation
Auditor can audit Processing performed here.
transactions occurring But what processing?
within the client Data back How can it be audited?

6.8 Not-for-profit entities

Some not-for-profit entities (eg charities) may be required to, or may choose to, have
a statutory audit. Although the audit process may be very similar in some ways to
that adopted for a normal commercial company, there will be some differences.
The examiner has said that some scenario questions may include a not-for-profit entity,
rather than a typical commercial company eg to identify inherent risks for a charity.

6.8.1 Examples of not-for-profit entities

Not all companies operate with their main objective being to maximise shareholder
wealth. Some exist mainly for charitable purposes, providing education or providing
local services for example. These are known as not-for-profit entities.
Examples include:
• Charities
• Housing associations
• Hospitals
• Schools
• Trade unions

6.8.2 Audit of not-for-profit entities

Where a statutory audit is required or requested, the auditor's responsibility (as with
other companies) will be to provide an audit opinion as to the truth and fairness of
the organisation's financial statements.
Some differences may arise though with regard to:
• Planning the audit
• Non-business orientated
• Gathering evidence and,
• Reporting

Audit Evidence – Other Issues to Consider

6.8.3 Planning
When planning the audit of a not-for-profit entity, it is important for the auditor to
consider the following:
• The scope of the audit. Not-for-profit organisations might not be companies
so would not be subject to company law. Charities are often subject to
special regulations.
• The accounting policies used by the entity. For example, how does the entity
account for income and expenditure?
• Any changes in circumstances of the entity in recent years
• Past experience of the entity's accounting systems
• Key audit risks

6.8.4 Key audit risks

For a not-for-profit entity, the key risks are likely to involve:
• Cash, particularly where money is donated or collected directly from donors.
Cash is notoriously difficult to audit because it is so difficult to trace.
• Internal controls. Many of these sorts of entities can have a weaker control
environment and are more likely to use unqualified staff such as part-
time volunteers. It can be difficult to instruct well-meaning staff to follow
internal controls.
• Strict regulation with regards to how income can be spent, for example in line
with the organisation’s objectives or constitution. Sometimes a donation can be
made with strict instructions about how that money should be spent.

6.8.5 Evidence
Obtaining audit evidence may be an issue, particularly where the organisation keeps
limited accounting records or operates in an informal manner.
The auditors should be particularly aware of the risks of:
• Misstatement of cash (due to theft);
• Misstatement of expenses (perhaps in an attempt to stay within charity
• Misuse of funds.


6.8.6 Reporting
The nature of the report will depend upon the statutory and entity requirements but
it should be consistent with the general criteria in ISA 700.
The following matters should be made clear however:
• The addressee (members or trustees?);
• What the report relates to;
• The scope of the audit;
• Responsibilities of auditors and entity managers/trustees/directors;
• The work done;
• The opinion.

G Learn

Æ Key Learning Points

• Auditors cannot test everything, so tend to select a sample that is designed to be
representative of the overall population of transactions from which it is drawn. (D3a)
• Given that both audit clients and audit firms use IT in the modern world,
auditors may wish to use computer assisted audit techniques such as test
data to verify computerised controls are operating, and audit software to
assist with the substantive testing (especially when there is a large volume of
transactions). (D5a, D5b)
• Auditors may be forced, or may decide on the basis of efficiency, to rely on
the work of people outside of the audit team (eg client’s internal audit staff, or
outside experts), but will have to check the reliability of these people and their
work before reliance can be placed. (D6a, D6b)
• As well as companies, not-for-profit organisations (eg charities) often have their
financial statements audited, and whilst the procedures are typically very similar
to a company audit some differences will exist (eg more control testing over the
heavily cash-based income that a charity is likely to have). (D7a)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

Audit Evidence – Other Issues to Consider

Learning example solutions

EG Solution 6.1
What you would do is to stratify (ie break down) the total wages population
into two groups:
1. The directors, where you would test 100%.
2. The remaining employees where you would choose a random sample.

EG Solution 6.2
Test data
• Try to enter the system to record a sale with a fake password to ensure it is rejected.
• Try to enter a sale that breaches the customer's credit limit to ensure it is rejected.
• Try to enter a sale without all of the customer details, eg delivery address, to
ensure the transaction cannot continue without all of the details.
• Try to enter a sales order without accessing stock records first to ensure that the
system prompts the user to check stock levels before proceeding.
• Enter a sales order with the wrong date (eg 12/14/56) to ensure it is rejected.
Audit software
• Produce an aged receivables listing so that the older receivables can be
• Calculate trade receivable days at the end of each month of the year so that
significant changes can be followed up.
• Select a sample of trade receivables to be circularised in order to prove
their existence.
• Cast the receivables and sales ledgers to ensure the additions are accurate and
agree to the totals on the control accounts.
• Re-perform the calculation of sales tax for a sample of sales invoices.
• Extract all of the negative balances from the receivables ledger so they can be
moved to liabilities.


Audit Completion

Before the auditors reach their conclusion on the financial statements (referred to as
‘finalisation’) there are a number of important reviews that need to take place. These
allow finalisation of the audit. Of particular concern are the subsequent events and
the going concern reviews. Both subsequent events and going concern can have a
material impact on the financial statements so it is up to the auditors to ensure that
the directors have made the correct disclosures with regard to these two areas. If
not, there may be consequences for the audit opinion.
Both subsequent events and going concern have featured heavily in the

1. What are the responsibilities of auditors with regard to subsequent events?


2. Can you list some indicators of going concern problems?

3. What is the need for management representation?

Audit Completion

7.1 Final review

7.1.1 Purpose
It is crucial that auditors carry out a final review of the audit work before finalisation
and forming the audit opinion. The final review should be designed to answer
questions such as:
• Has the audit work been performed in accordance with the relevant legal and
professional requirements?
• Has sufficient appropriate audit evidence been collected to support the financial
statement assertions?
• Is the quality of audit work up to standard?
• Are the financial statements consistent with our knowledge of the business?
• Have the financial statements been prepared in line with relevant accounting
and legal requirements?
• Have all required disclosures been made in the notes?
• Do the financial statements give a true and fair view?
• Have significant issues, such as misstatements, been resolved?
• Have there been any events occurring after the period end which need to be
taken into account?
Often auditors will perform analytical procedures as part of this final review. The
analytical procedures act as a final sense check on the numbers in the accounts. The
auditor must stand back from the detail of the audit work performed and look at the
financial statements as a whole and decide it they give a true and fair view: it is on
the financial statements as a whole that the audit report is issued.
Most firms of auditors will use an Audit Completion Checklist or Completion
Memorandum to ensure that all matters are covered.

7.1.2 Uncorrected misstatements

ISA 450 requires auditors to accumulate misstatements identified during the audit,
other than those that are clearly trivial. As the audit progresses the auditor should
determine whether the accumulated misstatements imply that the audit strategy
needs to be modified.
The auditor must communicate on a timely basis all misstatements accumulated
during the audit with the appropriate level of management and must request
management to correct those misstatements. If management refuses to correct
some or all of the misstatements communicate, the auditor must obtain an
understanding of management’s reasons for not making the corrections and
shall take that understanding into account when evaluating whether the financial
statements as a whole are free from material misstatement.
Prior to evaluating the effect of uncorrected misstatements, the auditor shall
reassess materiality to confirm whether it remains appropriate in the context of the
entity’s actual financial results.


The auditor shall determine whether uncorrected misstatements are material,

individually or in aggregate. In making this determination, the auditor shall consider
the size and nature of the misstatements, both in relation to particular classes of
transactions, account balances or disclosures and the financial statements as a whole.
The auditor shall communicate with those charged with governance uncorrected
misstatements and the effect that they, individually or in aggregate, may have on the
opinion in the auditor’s report. The auditor’s communication shall identify material
uncorrected misstatements individually. The auditor shall request that uncorrected
misstatements be corrected.
In summary:
• Management is asked to correct all misstatements.
• If they are not corrected the auditor must decide whether the size and nature of
those misstatements will affect the audit opinion.

G Learn
7.2 ISA 560 Subsequent Events

Subsequent events are those events occurring between the year-end and the date
that the financial statements are authorised for issue (ie signed by the directors) that
may affect the numbers or disclosures in the year-end financial statements.

Events that take place

in this period are known as
Year-end subsequent events and may affect
authorised by
the numbers or disclosures
in the year-end financial

7.2.1 Treatment of subsequent events: A financial reporting recap

There are two types of subsequent events:
• Those that we adjust the year-end financial statements for: Adjusting events
• Those that we do not adjust for: Non-adjusting events

Audit Completion

Adjusting events Non-adjusting events

Those that provide evidence of Those providing evidence of conditions
conditions existing at the year-end. arising the year-end.
For example: For example:
A company has a receivable in its year- A company has a balance of inventory
end statement of financial position but in its year-end statement of financial
shortly after the year-end, this customer position but shortly after the year-end,
goes into liquidation. The liquidation this inventory is destroyed in a fire. The
is evidence of the condition of the fire is evidence of a condition arising after
debt after the year-end ie it is bad (the the year-end and, in fact, the condition of
customer will have been experiencing the inventory at the year-end is fine.
difficulties before the year-end).
The directors will adjust the year- The directors will not adjust the year-
end financial statements by writing end financial statements to write off the
off the debt. inventory but will disclose any material
non-adjusting events in a note to the
financial statements.

7.2.2 The auditor's responsibility with regard to subsequent events

The auditor has a responsibility to review subsequent events before they sign their
audit report and may have to take action if they become aware of subsequent events
arising between the date the audit report is signed and the financial statements are
distributed to shareholders.


The exact responsibilities are shown on the timeline below:

Year-end Financial statements Financial statements

authorised and audit distributed to
report signed shareholders
The auditor should actively The auditors do not have Since the shareholders
perform audit procedures any responsibility to already have the signed
to actively identify perform procedures to FS and audit report, the
subsequent events such as: identify subsequent events auditors' active duty
- enquiries of but if they come across a has finished. But if the
management as to major subsequent event that may auditors are now aware
events such as customer affect the year-end financial that the audit report
liquidations, destruction statements, they should: is wrong, they must
of assets, issue of - consider the effect on ensure the shareholders
shares, litigation, going the financial statements; are informed, and
concern problems; - consider the effect on should find out if the
- review meeting the audit opinion; client is planning to
minutes for evidence of - if necessary ask correct the mistake.
subsequent events; the directors not to
- review of press and distribute the financial
trade journals for statements and issue a
evidence of customer new audit report and
liquidations. seek legal advice.

G Learn

EG Learning example 7.1

One week before the accounting year-end, the board of a company received a letter
from a firm of solicitors indicating that a senior executive was taking legal action against
the company for wrongful dismissal. The amount claimed is material, and as at the
year-end no further events relevant to this case had taken place as some of the board
members were on overseas business trips and holidays. No mention of this matter is
included in the draft financial statements either in the figures or the disclosures.
The planned date for the audit to finish and the audit report to be signed is two
months after the year-end, with the AGM planned for 6 weeks later.
Describe the audit procedures that should be carried out during the final audit work,
relevant to the above matter.

Audit Completion

EG Learning example 7.2

Continuing from Learning example 7.1 – when the final audit finished, the financial
statements had a contingent liability disclosure note indicating that the legal case
existed and that the claim of $3.2m might need to be paid. The auditors agreed with
this accounting solution based on the evidence they had seen. Two weeks after the
audit report was signed, the company paid the full $3.2m in compensation. Their
legal advisers had sent a letter instructing them that they would probably lose the
case and that the reputation damage would be huge. This letter was sent to the
board before the audit report was signed, and the board had decided to follow the
advice and pay, but the auditors had not been told.
Explain what the auditors should do in response to the above developments.

7.3 Going concern

Companies will normally prepare their accounts on a going concern basis if the
company is expected to continue in operation for the foreseeable future. This is usually
taken to be a period of one year from the date of approval of the financial statements.
Directors of all companies therefore need to reach a conclusion about the ability of
the company to continue as a going concern. The disclosures which follow from the
directors’ conclusion will be:
• The use of the going concern basis of accounting is appropriate because there are
no material uncertainties related to events or conditions that may cast significant
doubt about the ability of the company to continue as a going concern. In this
case the directors should use the going concern basis of accounting in preparing
the financial statements and make the necessary disclosures, including those
about liquidity risk, necessary to give a true and fair view;
• The use of the going concern basis is appropriate but there are material
uncertainties related to events or conditions that may cast significant doubt
about the ability of the company to continue as a going concern. The directors
should use the going concern basis of accounting in preparing the financial
statements. However they should disclose the material uncertainties that may
give rise to significant doubt and make the disclosures, including those about
liquidity risk, necessary to give a true and fair view. An example of where there
might be doubt would be if the company were in the middle of negotiating
renewal of a bank loan;
• The going concern basis is not appropriate. Such a conclusion will result in
abandoning the going concern basis of accounting in preparing the financial
statements and making detailed disclosures about the basis of accounting that
has been used, for example a break-up basis. This is rare and is only used if
company failure seems inevitable.
Auditors have a responsibility to consider whether or not it is appropriate for the
accounts to be prepared on a going concern basis. If there are doubts over going
concern, auditors must ensure that these are adequately disclosed.


Auditors therefore will need to:

• audit the directors’ review of going concern
• apply audit procedures to assess a company's going concern status.

7.3.1 Indications of going concern problems

The possibilities are extensive but auditors should look out for potential
indicators such as:
• net liabilities;
• operating losses;
• major debt repayments due;
• loss of major customers or suppliers;
• loss of key staff;
• withdrawal of financing such as overdrafts;
• cash flow problems;
• technological advancements causing client's product to become obsolete;
• major litigation.

7.3.2 Audit procedures to assess ability to continue as a

going concern
The actual procedures that auditors will carry out will vary from client to client
depending upon the exact circumstances but will tend to involve procedures such as:
• review and discuss cash-flow forecasts to ensure company has enough cash to
continue in operation for the next year.
• review budgets and interim financial statements to assess projected results over
the next year and identify any concerns over profitability.
• inspect correspondence with the company's bankers to assess the availability of
financing such as overdrafts and loans.
• inspect business plans to assess company's efforts to expand into new areas to
replace unprofitable operations.
• inspect employee contracts to ensure company is replacing key staff and
providing incentives for current staff.
• inspect correspondence to understand possible consequences of legal action
being brought against the company.
• inspect new sales contracts to ensure company is replacing customers who
have been lost.
• consider management's process for identifying going concern problems and how
they propose to respond to those problems.

7.3.3 Reporting implications

If the directors conclude that going concern is not in doubt and the auditors agree,
then there are no reporting implications.
If the directors conclude that there is a going concern doubt and make appropriate
disclosures in the financial statements, then the financial statements show a true and
fair view. However, to ensure that the going concern worries are not overlooked by

Audit Completion

shareholders, auditors will include a “material uncertainty related to going concern”

paragraph in the audit report to draw shareholders’ attention to the disclosure
note. Note this paragraph is not an emphasis or matter or a Key Audit Matter, but
additional disclosure required by ISA 570 (revised in 2016).
If the directors conclude that there are no going concern doubts (so will make
no disclosures in this respect), but the auditors disagree then the directors, then
the financial statements contain a material misstatement and the audit report
will be modified.
Similarly, if the directors make inadequate disclosures about their going concern
doubts, the financial statements will contain a material misstatements and the audit
opinion will be modified.

G Learn

IE Illustrative example 7.1

Your client has been struggling financially for some time. They have a large bank loan
and have been late with some repayments recently, causing the bank to send them a
letter requesting a meeting to agree a way forward.
Based on this information, you believe there is a real risk that the bank cancels the
loan and demands immediate full repayment. The directors are also nervous and have
started to talk to other finance providers to assess if alternative finance could be raised.
So, what are the audit report implications?
Assessing going concern is a very subjective exercise, not helped by the fact that
the directors will clearly want their auditors to think that things are better than they
actually are. There are several possibilities in such a situation:
• If the auditor believes the client is not a going concern, but the financial
statements are prepared on a going concern basis, the auditor will conclude
that the financial statements do not give a true and fair view because the
misstatement is going to be pervasive, affecting many of the balances not just
one or two. In other words, the opinion is likely to be adverse.
• If the auditor believes the client is a going concern, but that the meeting with
the bank suggests a significant doubt exists over going concern, they will ask the
client to add a disclosure note (required by IAS 1) to their financial statements
explaining the threat in full.
- If the client fails to provide this disclosure note, the auditor will need to
modify the audit opinion because going concern is a material area. An
“except for” qualified opinion is likely, although it is possible that the
auditor will express an adverse opinion if they feel the lack of disclosure
affects the overall view given by the financial statements


- If the client does fully disclose the threat, then the financial statements are true
and fair so the audit opinion would not be modified. Given the importance of
the disclosure note, the auditor would add a “material uncertainty related to
going concern” paragraph under the basis for opinion. This paragraph would
refer the reader to the disclosure note in the financial statements, making clear
that the audit opinion is not modified in relation to this matter.
• The auditor might conclude that the client is holding back important evidence
relevant to the going concern assessment, because the client realises the auditor
is aware of the problems and is trying to manipulate the auditor’s opinion by
keeping key facts from them. If that is the case, a disclaimer of opinion will be
necessary because the auditor is unable to conclude without all relevant evidence.

7.4 ISA 580 Management Representations

7.4.1 The need for management representations
A written representation is a statement by management provided to the auditor to
confirm certain matters and to support other audit evidence.
Written representations from management are necessary information that the
auditor requires in connection with the audit of the entity’s financial statements.
Although written representations provide necessary audit evidence, they do not
provide sufficient appropriate audit evidence on their own about any of the matters
with which they deal. The representations support other audit evidence relevant
to the financial statements or specific assertions in the financial if determined
necessary by the auditor or required by other ISAs.
The auditor shall request management to provide a written representation that:
• It has fulfilled its responsibility for the preparation of the financial statements in
accordance with the applicable financial reporting framework, including, where
relevant, their fair presentation, as set out in the terms of the audit engagement.
• It has provided the auditor with all relevant information and access as agreed in
the terms of the audit engagement;
• All transactions have been recorded and are reflected in the financial statements.
If management do not provide one or more of the requested representations or the
representations are considered to be unreliable, this may cast doubt on the integrity
of management and auditors should consider the effect that this may have on:
• The reliability of other audit evidence obtained from management and,
• On the audit opinion (in this case a disclaimer of audit opinion due to
insufficient evidence).
In addition, the auditor may consider it necessary to request management to provide
written representations about specific assertions in the financial statements. In
particular to support an understanding that the auditor has obtained from other
audit evidence of:

Audit Completion

• Management’s judgement
• Management’s intent in relation to specific assertions
• The completeness of a specific assertion.
For example, if the intent of management is important to the valuation basis for
investments (for example, an intention to close part of the business), it may not
be possible to obtain sufficient appropriate audit evidence without a written
representation from management about its intentions.

7.4.2 Matters typically included in a management

representation letter
General matters
Directors confirm that:
• They have provided the auditor with all relevant information and access as
agreed in the terms of the audit engagement;
• All transactions have been recorded in the financial statements;
• They are responsible for internal controls and for preventing and detecting fraud;
• The going concern basis is appropriate;
• All related party transactions have been disclosed;
• There are no undisclosed subsequent events that require adjustment or disclosure.
Specific matters
Included here is anything else that the auditor would like a representation
on, for example:
• that a certain debt is recoverable;
• all bank accounts have been disclosed;
• any plans to reorganise the business or discontinue product lines have already
been disclosed.

G Learn


Æ Key Learning Points

• Client events after their financial year-end can result in adjustments or
disclosures at the year-end (IAS 10 Events After the Reporting Period), so
auditors must investigate all such events to see if such changes to the financial
statements are required. (E1a, E1b)
• Even after the audit report is signed, if an auditor is told of an event at a client
it could still result in the financial statements of the client needing amendment,
and the audit report needing reissuing. (E1c)
• Financial statements are typically produced under the going concern
assumption, and sometimes require disclosures of threats to going concern, so
auditors must assess whether their client is likely to continue trading for the
foreseeable future. (E2a)
• Going concern issues can result in several different outcomes in an audit report,
including adverse opinions and emphasis of matter paragraphs. (E2g)
• Whilst not being the most reliable audit evidence, written representations from
management are often useful in subjective areas of the financial statements, and
to confirm management have fulfilled their responsibilities in terms of supplying
all evidence. (E3b, E3c)
• Before signing the audit report, an auditor should ensure the audit plan has
been completed in full, all relevant audit, legal and accounting issues have been
considered, all required corrections to the financial statements have been dealt
with, and that the final financial statements provide a view consistent with the
auditor’s understanding of the client. (E4a, E4b)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).

Audit Completion

Learning example solutions

EG Solution 7.1
The auditors should:
• Ask the directors what the latest position regarding the legal case is, and what
their plans are (fight the case, attempt to settle out of court etc.)
• Inspect board minutes for mention of the case and to confirm the directors plans
in relation to it
• Obtain written confirmation from company’s legal advisers of the likelihood of
the claim’s success
• Obtain written confirmation from board that no more legal cases exist other
than this one
• Inspect copy of correspondence with claimant to confirm details of dates
and amount of claim to verify existence and accuracy of potential obligation
before the year-end
• Inspect cash flow projections to see if any payments relevant to the case are
predicted for the following year, to verify directors' stated plans are true
• Inspect post year-end cashbook for any payments related to the case and ensure
accrued at year-end

EG Solution 7.2
The financial statements are materially misstated. Based on the legal opinion, this
claim was always probable not possible, and as such a provision should have been
made. This was clear to the directors before the end of the audit, and this should
raise some suspicion with the auditors as to why this information was withheld
(whether accidentally or deliberately).
If the directors now agree to change the financial statements to correct the mistake,
the auditors should:
• Check the alteration is made correctly in the financial statements
• Agree the payment to the cashbook and bank statements
• Inspect the legal advice to confirm it was true and sent before the audit had finished
• Check all other content of the financial statements to verify no other things have
been amended, just the legal case issues
• Extend the subsequent events review from when it stopped 2 weeks ago (on
signing the audit report) because additional adjusting or disclosable events after
the reporting period may have taken place in this 2-week gap
• Once assured the financial statements have been accurately reissued, issue a
new audit report at today’s date, including an emphasis of matter paragraph
to explain that this audit report replaces the original one because the original
financial statements were reissued


If the directors refuse to amend the financial statements:

• Explain the misstatement to shareholders at the AGM
• Given the AGM is still 4 weeks away, consider informing the shareholders now by
letter, and withdrawing the original audit report
• Take legal advice
• Consider resignation, as the integrity of management is questionable
In any case, consider the value of any management representations made during the
audit, due to question marks over their integrity after the above events.


The final thing for the auditors to do is to pull together all of the evidence and give
their opinion on the financial statements. This opinion is contained in the audit
report. A true and fair opinion with no other issues will lead to an unmodified report.
There are, however, certain situations where the auditors may have to modify their
opinion or add in an ‘emphasis of matter’ paragraph.
This chapter deals with audit reports, their modification and the emphasis of matter
and other matter paragraphs.

1. What are the elements of an audit report?


2. What is a modified audit report?

3. What does the emphasis of matter paragraph in an audit report contain?


8.1 Audit reports

8.1.1 The audit report
The ultimate aim of the work performed by the auditor is to give an opinion on the
financial statements and this opinion is contained in the auditor's report.
All audit reports follow a basic format, which is prescribed by the ISAs. However there
is scope for individual countries to tailor the report format for their own purposes.
The advantages of a standardised format are:
• comparability between companies;
• the guarantee of a minimum level of content.
On the other hand, disadvantages of a standardised format are:
• the technical language used;
• auditors are restricted in terms of what they can actually say.

G Learn


8.1.2 ISA 700 Forming an Opinion and Reporting on

Financial Statements
In accordance with ISA 700, each audit report contains the following elements:

Title 'The Independent Auditor's Report'. The word

'independent' shows that the auditor is literally
independent of the entity being audited. .
Addressee The report is addressed to the shareholders
(ie the members).
Opinion The opinion section explains what has
been audited and gives the auditor’s
opinion. Specifically, the opinion section
of the report will
• Identify the entity (by name) whose
financial statements have been audited
• State that the financial statements have
actually been audited
• Identify section of the financial statements
that have been audited by giving the
title of those sections (e.g. statement of
comprehensive income, statement of
financial position etc.)
• Refer to the notes in the financial
statements, including any significant
accounting policies, and
• Specific the date or period covered by
each section of the financial statements
(e.g. statement of financial position date
or the period covered by the statement of
comprehensive income)
The auditors then say whether or not the
financial statements present a true and fair
view and are properly prepared
Basis for opinion Details how the audit was carried out in order
to arrive at the opinion. Specific reference
will be made to the ISAs as the standard of
work and ethical standards to confirm that the
auditor has followed these.
Key Audit Matters This is a summary of the significant matters
identified during the audit. The explanation
of each matter follows ISA701 Communicating
Key Audit Matters in the independent
auditor’s report.


Responsibilities of Explains that management are responsible

management and those for preparing the financial statements and
charged with governance for assessing the company’s ability to continue as
the financial statements a going concern.
Auditor’s responsibilities for the Explains that the auditors have obtained
audit of the financial statements reasonable assurance that the financial
statements are free from material misstatement,
whether caused by fraud or error.
Report on other legal and This section will vary depending on the
regulatory requirements legal and regulatory requirements of the
jurisdiction that the auditor is working in.
Signature and address of the The report must contain the auditor's
auditors and the date that the signature (this will be that of the engagement
report was signed partner), detail their location and be dated.

IE Illustrative example 8.1

The report below is an example of an audit report prepared under ISA 700.


To the Shareholders of ABC Company [or Other Appropriate Addressee]

Report on the Audit of the Financial Statements

We have audited the financial statements of ABC Company (the Company), which
comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement
of cash flows for the year then ended, and notes to the financial statements,
including a summary of significant accounting policies.

In our opinion, the accompanying financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of the Company as at
December 31, 20X1, and (of) its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing
(ISAs). Our responsibilities under those standards are further described in the
Auditor’s Responsibilities for the Audit of the Financial Statements section of our
report. We are independent of the Company in accordance with the International
Ethics Standards Board for Accountants’ Code of Ethics for Professional Accountants
(IESBA Code) together with the ethical requirements that are relevant to our audit


of the financial statements in [jurisdiction], and we have fulfilled our other ethical
responsibilities in accordance with these requirements and the IESBA Code. We
believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our opinion.
Key Audit Matters
Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These
matters were addressed in the context of our audit of the financial statements as
a whole, and in forming our opinion thereon, and we do not provide a separate
opinion on these matters.
[Description of each key audit matter in accordance with ISA 701.]
Responsibilities of Management and Those Charged with Governance for the Financial
Management is responsible for the preparation and fair presentation of the financial
statements in accordance with IFRSs,39 and for such internal control as management
determines is necessary to enable the preparation of financial statements that are
free from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters
related to going concern and using the going concern basis of accounting unless
management either intends to liquidate the Company or to cease operations, or has
no realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s
financial reporting process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud
or error, and to issue an auditor’s report that includes our opinion. Reasonable
assurance is a high level of assurance, but is not a guarantee that an audit conducted
in accordance with ISAs will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if,
individually or in the aggregate, they could reasonably be expected to influence the
economic decisions of users taken on the basis of these financial statements.
<Additional detail on the work of the auditor is inserted into the report here>


Report on Other Legal and Regulatory Requirements

[The form and content of this section of the auditor’s report would vary depending
on the nature of the auditorother reporting responsibilities prescribed by local law,
regulation, or national auditing standards.]

Auditor's name
Auditor's address
Date of audit report

8.2 ISA 701 Communicating key audit matters in the audit report
Audit reports produced after 15 December 2016 are required to include a summary
matters that the auditor considered to be most significant to the audit of the financial
statements in the audit report. Those matters will be drawn from matters already
communicated to those charged with governance. Key audit matter paragraphs are
compulsory for listed companies but optional for non-listed companies.
Key audit matters include:
• Areas with a higher risk of material misstatement
• Areas involving significant judgement on the part of management where there
large accounting estimates are involved, and
• The effect on the audit of significant events or transactions that occurred
throughout the period being audited.
Each matter will be included in the report under it’s own heading so it is clear what
matters the auditor is actually reporting on.
The key matters section of the audit report must not be used as an excuse for not
issuing a modified opinion; if the opinion needs modification (see the next section)
then it must be modified.
The only reasons for not including a key matter in the audit report are:
• Where law or regulation prohibits, or
• Where the auditor believes that the matter should not be communicated in the
public interest

8.3 Modification to the audit report

An unmodified report is one that contains the standard wording (as above).
A modified report is any change from this standard wording and arises when:
• The auditor needs to change the opinion, or
• There is no need to change the opinion but the auditor wishes to add an
emphasis of matter paragraph or other paragraph into the report.
We shall consider each in turn.


8.3.1 ISA 705 Modifications to the Opinion in the Independent

Auditor's Report
Certain issues may arise during the audit that result in the auditor needing to modify
the audit opinion (ie a problem may arise suggesting that the financial statements
are not true and fair or properly prepared).
Before deciding upon which opinion to give the auditor needs to consider:
1. The nature of the problem; and
2. The materiality of the problem.

Nature of the problem

There are two main types of problem, which can give rise to a modification
of the opinion:
Misstatements: This is where the auditors audit a balance or disclosure and disagree
with the client. The client however refuses to change the balance or disclosure.
Insufficient evidence: This type of problem arises when the auditor is unable to audit
a balance or disclosure because evidence that should be available isn't available.

Materiality of the problem

Once the nature of the problem has been identified, the auditor determines the
materiality of the problem and this in turn determines the audit opinion. If the
problem is immaterial then the opinion will not be modified. However, there are then
two degrees of materiality and a problem could be material or pervasive. The word
pervasive means ‘found everywhere’, ‘saturated’ or ‘spread through’. A pervasive
misstatement therefore has the effect of affecting the whole of the financial
statements so that they are, in effect, useless.



Size of disagreement Example Audit opinion

Immaterial misstatements The auditor has audited the The opinion will be unmodified
company's sundry expenses as we are not concerned about
and disagrees with the an immaterial problem.
client by $100. The opinion states that the
financial statements are true
and fair and properly prepared.
Material misstatements The auditor has audited trade The opinion will be modified.
receivables and disagrees In this case, we use a particular
with the client's figure by type of modification called
$75,000. Total sales revenue 'qualified with except for'.
is $1,500,000. This opinion says that 'the
financial statements are true
and fair except for receivables'.
The auditors will also disclose
the true value of receivables
in the audit report and also
the effect on profits had the
proper amounts been used.
Pervasive misstatements The auditor has audited The opinion will be modified.
revenue and concludes it A pervasive problem is one
should be stated as $1,000,000. that is so serious, that unless
The client is saying $5,000,000. it is corrected, the financial
statements cannot possibly be
true and fair.
In this case we use a
modification known as an
adverse opinion.
This opinion states that 'the
financial statements are not
true and fair'.


Insufficient evidence

Size of limitation Example Audit opinion

Immaterial The auditor has not been able to The opinion will be
audit window cleaning expenses unmodified as we are
for the finance department, as the not concerned about an
receipts have been lost. immaterial problem.
The opinion states that the
financial statements are true
and fair and properly prepared.
Material The inventory records were The opinion will be modified.
destroyed in a warehouse fire In this case, we use
before the end of the year. The the particular type of
client is stating that inventories modification called 'qualified
are $245,000 out of gross assets of with except for'.
$4,900,000. The auditor is unable This opinion says that 'the
to substantiate this inventory financial statements are true
balance to audit'. and fair except for inventories
which we have not been able
Pervasive The auditor's client is involved The opinion will be modified.
in the construction industry and This problem is one that is so
most of its revenue comes from serious unless we obtain the
the construction of assets under required evidence, we cannot
long-term contracts. During the possibly say whether the
year they entered into a new financial statements are true
contract making up 60% of their and fair or not.
$900,000 revenue however they In this case we use a
have not been able to provide any modification known as a
records of this contract. disclaimer of opinion.
This opinion paragraph states
that 'we cannot give an opinion
on these financial statements'.

G Learn
8.3.2 Opinion paragraph titles and basis of opinion paragraphs
An unmodified audit opinion paragraph is headed up ‘Opinion’ or ‘Opinion on the
financial statements’
If a qualified audit opinion is given (ie an ‘except for’ opinion) the opinion paragraph
is headed up ‘Qualified opinion’. This immediately highlights the qualification to
users. In addition, immediately after the Qualified Opinion paragraph, the auditor will
include a paragraph headed ‘Basis of qualified opinion’. In this paragraph the auditor
will set out the full details and reasons for the qualification.


If an adverse opinion if given, the opinion paragraph is headed up ‘Adverse opinion’,

again serving as a warning flag to users. In addition, immediately after the Adverse
Opinion paragraph, the auditor will include a paragraph headed ‘Basis of adverse
opinion’. In this paragraph the auditor will set out the full details and reasons for the
If a disclaimer of opinion is given, the opinion paragraph is headed up ‘Disclaimer of
opinion’, again serving as a warning flag to users. In addition, immediately after the
Disclaimer of Opinion paragraph, the auditor will include a paragraph headed ‘Basis
of disclaimer of opinion’. In this paragraph the auditor will set out the full details and
reasons for the qualification.

8.4 ISA 706 Emphasis of Matter Paragraphs and Other Matter

Paragraphs in the Independent Auditor's Report
8.4.1 Introduction
There may be times where the financial statements are deemed to be true and fair
and properly prepared however, the auditor wishes to draw something fundamental
to the shareholder's attention. This can be done in two ways:
• Firstly, using an Emphasis of Matter paragraph. This paragraph refers to a matter
that is appropriately presented or disclosed in the financial statements, but in the
auditor’s judgement it is fundamental to the users’ understanding of the financial
statements and so the emphasis of matter paragraph draws attention to this.
• Secondly, using an Other Matter paragraph. This paragraph refers to a matter
which is not presented or disclosed in the audited financial statements but in
the auditor’s opinion is relevant to the users’ understanding of the audit, the
auditor’s responsibilities or the audit’s report.
Where either of these paragraphs are included in the audit report, then the matters
will also be communicated to those charged with governance.

8.4.2 Emphasis of Matter paragraphs

This paragraph draws attention to an issue in the audited financial statements that
the auditor believes the readers of the financial statements need to be aware of.
While the Emphasis of Matter paragraph is used to draw attention to this issue, the
audit opinion is not modified and the matter is not a Key Audit Matter. In other
words, where the opinion needs to be modified, ISA 705 will apply and where there is
a Key Audit Matter, ISA 701 will apply. The Emphasis of Matter paragraph cannot be
used as an “excuse” for not applying ISAs 701 or 705.


Where used, the Emphasis of Matter paragraph will:

• Be included as a separate paragraph within the audit report with the heading
“Emphasis of Matter”. ISA 706 is no prescriptive on where to place this
paragraph although it will be somewhere below the opinion paragraph.
• Make a clear reference to the matter being emphasised. This matter will be part
of the audited financial statements.
• Confirm that the auditor’s opinion is not modified in respect of the matter being

8.4.3 Other Matter paragraphs

These are matters relating to the conduct of the audit, as noted above.
This paragraph can be included in the audit report as long as it is not prohibited by
legislation and the matter is not a Key Audit Matter as determined by ISA 701. If the
matter is a Key Audit Matter then it must be included in the report as such.
The placement of the other matter paragraph in the audit report is not prescribed
in detail in ISA 706. However, examples of other matter paragraphs and their
placement in the audit report include:
• If the other matter is to draw attention to matters affecting the audit and the
audit report includes a Key Audit Matters section, then the other matter can
be included in the KAM section of the report. This paragraph will be headed
“Other matter – Scope of the audit” and could refer, for example, the points that
would otherwise be made in bullet point 3 below – that is prior year audits being
carried out by a different firm of auditors.
• If the other matter is to draw attention to other reporting responsibilities
the matter can be included in the Report on Other Legal Requirements and
Regulatory Requirements section. An example of this is where the auditor
has been requested to report on matters in accordance with specific laws in a
country or where the auditor cannot legally resign from an audit, even though
sufficient appropriate evidence has been obtained.
• If the other matter is assist users understand the audit report in more detail,
the then matter can be included in a separate section of the report after the
Report on the Audit of Financial Statements and the Report on Other Legal and
Regulatory Requirements. An example of this is where the prior year audit was
carried out by a different firm of auditors
From the examination point of view, it is important to explain how the audit report
is modified.
• In all situations, the use of an Other Matter paragraph does not modify the
auditor’s opinion.
• The other matter must be clear in stating that the information is not required
to disclosed or included in the financial statements and does not include any
information that the auditor is precluded from providing by law. In this sense the
audit report itself is not modified.


8.5 ISA570 Going Concern

In Chapter 7, going concern disclosures were summarised. Below is a summary of
those disclosures and the impact on the auditor’s report and opinion for ease of
reference in this chapter on reporting.
• Where there are doubts about going concern, but these are adequately disclosed
in the financial statements, then auditor will include a paragraph entitled “Material
Uncertainty Relating to Going Concern” in the audit report. This paragraph will
draw attention to the going concern disclosure in the financial statements and
state that the auditor’s opinion is not modified in respect of this disclosure.
• Where there are doubts regarding going concern and these are not sufficiently
disclosed or explained in the notes to the financial statements then the auditor’s
opinion will be modified. The modification will be either “except for” where the
matter is material but may be an adverse opinion where the lack of disclosure is
fundamental to understanding the financial statements.
• Unusually, the auditor may conclude that there is no material uncertainty
regarding going concern, and so a disclosure note is not required. However,
audit work on going concern may still be a Key Audit Matter and so issues such as
substantial losses or refinancing and the audit work thereon will be included as a
Key Audit Matter.
• Finally, where the going concern basis is used to prepare the financial statements
and this basis is in the auditor’s opinion inappropriate (that is the company is not
a going concern) then an adverse opinion will be issued.

G Learn

IE Illustrative example 8.2

Benson Ltd has suffering from cash flow problems all year and the directors have
recognised that there may be doubts regarding the company's going concern status.
These doubts have been fully disclosed in a note to the financial statements.
As Benson have followed the correct treatment accounting treatment (ie the
full disclosure) there is no need to modify the audit opinion. However as this is a
fundamental and uncertain issue, the auditor will include a “material uncertainty related
to going concern” paragraph in the report. This is not an emphasis of matter paragraph.
Note that the material uncertainty related to going concern or an emphasis of matter
paragraph does not cause a modified opinion. The financial statements are still ‘true
and fair’ and make full disclosures but the auditor wants to make sure that users do
not overlook the important note to the financial statements.


8.6 ISA 720 The Auditors Responsibilities Relating to Other Information

8.6.1 Auditors’ responsibilities relating to other information

This ISA relates to the other information that is issued with the audited financial
statements of a company. For example, most companies issue Annual Reports, or
an Integrated Report, which includes not only the audited financial statements and
audit report, but also other information such as a Chairman’s review of the year,
environmental reports, strategic review of the company etc. The problem is that
this “other information” may be different, either in terms of numbers or explanation,
compared to the audited financial statements. So numbers such as turnover may be
stated differently in this other information or explanations such as why turnover has
changed may be stated differently compared to the audited financial statements.
This potential difference gives two different scenarios:
• Firstly, numbers or explanation in the other information may be different to the
audited financial statements – and this other information needs amending.
• Secondly, numbers or explanation in the audited financial statements may
be different to the other information, and the audited financial statements
need amending.
The issue with scenario one is that the audited financial statements may be
undermined by the other information being different.
The ISA therefore requires the auditor to read the Other Information to make sure it
is consistent with the audited financial statements. Where differences are found, as
noted in the scenarios above, then action must be taken.

8.6.2 Actions to be taken

For scenario two, ask the directors to amend the financial statements, having ensured
the accuracy of the Other Information and the reason for the audited information
being different. If the directors refuse to amend the financial statements, and
the difference is material, then the audit opinion will be modified. To be fair, this
scenario is very unlikely as the audited financial statements should be accurate.
For scenario one, ask the directors to amend the Other Information. If the directors
do amend it, then no further action is necessary. However, if the directors refuse,
then the audit report (not the opinion) will be modified using an extra section to
include the following information:
• A statement that management is responsible for the Other Information
• Identification of what “Other Information” the auditor has obtained
• A statement that the audit does not audit or give an opinion on this
“Other Information”
• A statement that the auditor reads this Other Information to identify any
material inconsistencies with the audited financial statements, and


• An explanation of any uncorrected material misstatements in the Other Information

(or if a listed company and there are no misstatements if this is the case)
Note that the “Other information” section of the audit report is compulsory for
listed companies, but is only used for non-listed companies where the auditor has
matters to report.

EG Learning example 8.1

Determine whether or not the auditors will modify the audit report for each of the
following scenarios:
1. Jones Limited did not carry out an inventory count at the year-end and have
insufficient records to support their stock valuation of $4m. Revenue was $50m
and profit before tax $15m.
2. Scott Limited did not provide for a bad debt of $50,000 despite the fact that the
customer went into administration just after the year-end. Profit before tax was
$500,000 and receivables was $200,000.
3. Phillips Limited is being sued by a competitor for the theft of intellectual
property. The lawyers believe that this important case could go either way and
costs could reach $200,000 (although the costs will be no higher than this and
can be paid without causing the company significant cash flow difficulties). The
matter is material and a contingent liability has been disclosed in a note to the
financial statements.


EG Learning example 8.2

The audit of Reynolds Co is nearing completion. The detailed audit testing has been
completed and final review procedures are being done. You have been handed the
draft annual report of the company, into which the final financial statements and
audit report will be placed.
As per ISA 720 requirements, you have read the content of the integrated report and
have noticed three interesting statements within the Chairman’s Statement and the
Social and Environmental disclosures:
“As Chairman, I am delighted to see sales revenues increasing well above
“During the year, we were delighted to welcome two new independent non-
executives to strengthen our board.”
“During the year, the company donated more than $2m to research aimed at
developing sustainable new energy solutions.”
In fact, the profit or loss (audited, and found to be materially correct) shows sales
revenues were below expectations and rose only slightly, the two new board
members joined in the previous year (it was correctly reported in last year’s
Chairman’s Statement), and the level of donations in the statement of profit or loss
(audited, and found to be materially correct) is $0.2m.
Describe the auditor’s responsibilities relating to the three matters above.

Æ Key Learning Points

• Like most types of reports, audit reports have a title, addressee, opinion, key
matters section, , explanation of responsibilities and work done (E5a)
• There are four reasons for modifying the audit opinion, two of which create an
“except for” qualified opinion, one which creates an adverse opinion and one
which leads to a disclaimer of opinion. (E5c)
• Where the opinion is not modified, an additional paragraph might be required
(either an “Other matter” or an “Emphasis of matter”). (E5d)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).


Learning example solutions

EG Solution 8.1
1. Jones Limited
Nature of the problem
Limitation of scope due to lack of evidence over inventory valuation and quantity.
The value of the inventories is 8% of revenue and 27% of profit before tax so is
considered to be material.
A material limitation of scope will result in a modified opinion. The particular
modification will be a 'qualification with an except for'.
2. Scott Limited
Nature of the problem
This is a disagreement over a bad debt that should have been provided for
(the bankruptcy of the customer is an adjusting post-statement of financial
position event).
The value of the debt is 10% of revenue and 25% of receivables so is considered
to be material.
A material disagreement will result in a modified opinion. The particular
modification will be a 'qualification with an except for'.
3. Phillips Limited
Nature of the problem
The lawyers have indicated that the case could go either way therefore it should
be considered 'possible' that Phillips will lose. As a result, Phillips should be
disclosing a contingent liability and they have done this.
It is stated that the matter is material to the financial statements.
There is no need to modify the opinion as Phillips has followed the correct
accounting treatment. An emphasis of matter paragraph would be added if the
case was considered to be a fundamental issue however, as the costs are limited
and easily covered by the company's cash resources, this is not a serious enough
matter to mention in an emphasis of matter paragraph.


EG Solution 8.2
In all three cases, it would be best if the company changed the comments. However,
if they do not:
The first statement regarding revenue is misleading. It does not specify whose
expectations have been exceeded so technically it might not be untrue, but it implies
revenue has risen a lot when it has not. This could lead shareholders to be confused
as to whether the revenue figure in the financial statements is correct, even though
the audit report suggests it is. Given the comment might reduce trust in the audit
report, an extra paragraph is needed in the Other Information section of audit
responsibilities in the audit report to explain the comment is misleading.
The second comment seems to be a cut and paste mistake with a sentence from the
prior year not being removed. In any respect, whilst it is incorrect it seems to have no
relevance to the financial statements and therefore no relevance to the audit report.
As such, this matter is probably best mentioned by the auditor when attending the
AGM, rather than mentioning in the audit report.
The third statement seems to be plain wrong. It would be wise to double check
the audit work on this area just to make sure that the P or L is correct. But given
that this statement could imply the financial statements are wrong, the same
solution as for the first statement applies, in the Other Information section of audit
responsibilities in the audit report, highlighting the mistake and making clear the
financial statements are not affected.

Internal Audit

External audit gives an opinion on the published financial statements as a legal
requirement, whereas internal audit focusses on assessing the effectiveness of a
company’s risk management and internal controls. Internal audit is typically done to
achieve a well-governed company rather to comply with the law.
In this chapter, we look at the different aspects of internal audit including its role and
limitations, the need for internal audit, the outsourcing of internal audit, internal
audit assignments and internal audit reports.

1. Why is internal audit needed?

2. What are the differences between internal and external auditors?

3. What factors should external auditors consider before relying on the work of
internal auditors?

Internal Audit

9.1 The role of internal audit

Internal audit is part of an effective risk management and internal control system,
a central area of good corporate governance. As such, internal audit does not just
assist good governance, it is an integral part of it.
Internal audit can be used to carry out a variety of roles within the
organisation including:
• monitoring internal control;
• monitoring the company's compliance with laws and regulations such as the
corporate governance requirements;
• fraud investigations;
• examining financial information, for example to find errors;
• review of the economy and efficiency of the company's operations.

9.2 The need for internal audit

The influences on whether or not an internal audit department is needed follow on
from the role of internal audit. Most of the routine internal audit work relates to
ensuring that the internal controls system is well-designed and operating properly.
The effort required to monitor internal control systems is influenced by:
• The size of the business
• The number of branches or locations
• The number of people employed
• The nature and complexity of the transactions
In general, as these factors increase, internal control becomes more complex and
there is a greater need for internal audit and more potential benefits from having an
internal audit department.
Other influences are the control environment of the regulatory environments of the
organisation. For example, the board that has a very high regard for good internal
controls is more likely to implement an internal audit department. Highly regulated
industries (such as banking) are almost certain to have internal audit departments
because their compliance risks are high and it is essential that they do all they can to
ensure that their internal controls are working effectively.
For internal audit to be effective the following elements of best practice
should be followed:
• Appropriate resourcing: money, time, training, quality of staff and leadership.
• Good organisation, including standard planning and audit documentation.
• A series of review of the work performed.
• Independence.
Achieving independence can be particularly difficult for internal auditors as they are
often employed by the company they are reporting on, and reporting to the finance
director who was responsible for setting up the internal control system. Reporting to
audit committees greatly strengthens internal auditors’ independence.


In general, acceptable independence for the internal audit function can be achieved by:
• Ensuring that internal audit does not report to the person in charge of the
main financial accounting and internal control system (eg, by reporting to an
independent audit committee)
• Independent review of their work by senior staff who are not part of the
accounting function.
• Outsourcing the internal audit function.

9.3 Limitations of internal audit

The following are limitations of the internal audit function:
• Independence. Although reporting to an audit committee increases the
independence of internal auditors, they are nevertheless employees of the
company and might feel inhibited when reporting on problems and shortcomings.
This would certainly be so if reporting directly to the finance director.
• Statutory backing. External auditors have a statutory right to obtain all the
explanations and to see all the documentation they require for their audit.
Internal auditors have no similar legal backing.
• Scope. The scope of external auditors’ work is defined by statute and cannot
be limited by the company. The internal auditors’ work is set internally by
management and this might build in limitations.
• Familiarity. Internal auditors might have long service with their company and
may have become friendly with colleagues in other departments. This will affect
the professional scepticism needed for all audit work. Internal auditors might not
want to report poor work by colleagues.
• Appointment. Internal auditors are appointed by management whereas external
auditors are appointed by members. Managers might appoint auditors that they
know will not be the best.
• Quality. External auditors earn their income by performing audits and it is
essential that they keep up-to-date with latest developments and undergo
regular training. Internal auditors can be regarded as an overhead of the company
and might not be encouraged to keep up-to-date or to recruit the best people.

G Learn

Internal Audit

9.4 Differences between internal and external auditors – A summary

External auditors Internal auditors

Reports to Shareholders or members The board and senior
Power from Statute – gives rights Management, so
of access and right to management sets the
obtain information and rules
explanations required
Auditors employed by External audit firm The company itself
(unless outsourced).
Objectives Adds credibility and Evaluates and improves
reliability to financial the effectiveness
reports from the of governance, risk
organisation to its management and control
stakeholders by giving an processes. This provides
opinion on the report members of the boards
and senior management
with assurance that helps
them fulfil their duties to
the organisation and its
Coverage Financial statements All categories of risk, their
management, including
reporting on them.
Responsibility for None. However, there Improvement is
improvement is a duty to report fundamental to the
problems, for example purpose of internal
with internal control. auditing.

G Learn
9.5 Outsourcing internal audit
Outsourcing (subcontracting) non-core functions has become a common management
technique and it now common for companies to outsource functions such as wage
and salaries, receivables, tax computations and so on. It is also possible to outsource
the internal audit function and many firms of accountants will provide this service


Advantages of outsourcing internal audit

• It could be cheaper. Outsource staff are used only as required whereas
permanent staff have to be paid for the whole year – even if not fully occupied.
• Greater pool of expertise. For example, if a fraud were discovered, the services
of a forensic accountant might be needed but such a person is unlikely to be on
a company’s payroll. The outsource firm might well have suitable personnel that
are used in a variety of assignments.
• Flexibility. If a serious problem is found in internal control it needs to be
investigated fully and fixed quickly. The outsource company can draft in a large
number of staff for a short to deal quickly with the problem. If internal audit
were not outsourced, the company is stuck with a fixed-size team.
• Greater independence. Outsourced internal audit personnel are not dependent
on the company for their employment and promotion.
• Up-to-date techniques and methodologies. It is in the best interests of outsource
firm to keep up-do-date and efficient.
• Reduced management time needed for managing, recruiting and training
internal staff.

Disadvantages of outsourcing internal audit

• It could be more expensive. The outsource company will charge out staff at a
substantial mark-up
• Less depth of knowledge. A permanently employed team of internal auditors can
build up great expertise about the company – particularly if there are complex
transactions and operations. Outsourcing to a third party where each year
different personnel visit will mean that this expertise is lost.
• There can be self-review threats if the internal audit function is provided by the
external auditors. To reduce this threat to an acceptable level, it is important that
internal audit projects undertaken by the audit firm are performed by partners and
staff who have no involvement in the external audit of the financial statements;
• There is a risk of less flexibility. The outsource firm will have carefully timetabled
its staff’s work and liaised with outer clients and might be reluctant to change
these arrangements to meet a special requirement of one client.
• Less direction and control over the audit. The internal audit work will have been
subject to a letter of engagement and there will be a formal process for asking
for changes to the work that will be done. If internal auditors are employees,
changing their work and assignments will be much easier.

G Learn

Internal Audit

9.6 Internal audit assignments

In addition to their normal work, internal auditors are sometime given special
assignments to undertake. These include:
• Value for money (VFM) audits. Good value for money can be defined as the
optimal use of resources to achieve the intended outcomes. These audits can
be found in both the public sector (eg the use of taxpayers’ money) and profit-
seeking organisations (eg. is the internal IT support department making good use
of company funds?).
A common way to address value-for-money audits is to use the 3Es approach:
Effectiveness: What should the department, cost centre or activity be achieving?
What is its purpose?
Efficiency: Having defined the purposes of the activity, ensure they are carried
out with the best of input cost to output achieved. For example, it might be
decided that outsourcing IT support is the most efficient way to achieve support
of the right type.
Economy: Having decided on the best approach, procure the services needed at
an economic cost. So, following on from the example above, put the IT support
up for competitive tender.
Internal audit can have a valuable role in reviewing these processes. It is, for
example, all too easy for managers to keep returning to tried and trusted
suppliers even though others might be just as good and cheaper.
• IT audit. Most organisations now maintain their accounting records on computer
systems and the operation, controls and security of these systems will be
routinely looked at by both internal and external auditors. However, internal
audit can also be asked to carry out special investigations on IT such as:
- Reporting down time
- Reporting on reliability
- Reporting on user satisfaction
- Reporting on value for money
- Assessing security. Back-up and disaster recovery procedures
Once again, the considerable independence of the internal audit department can
be very valuable when these reports are being produced.


• Best value. It can be defined as the aim to secure continuous improvement in

performance whilst maintaining an appropriate balance between quality and
cost. There are obvious overlaps with value for money audits. In the UK local
authorities have a duty to pursue best value and to do that they, and any other
type of organisation, have to:
- Understand how they are performing
- Plan to improvements
- Deliver the improvements
Internal auditors can play an important part ensuring that the information and
analyses are produced fairly.
• Regulatory compliance. Generally, compliance means conforming to a rule,
such as a specification, policy, standard or law. Regulatory compliance is the
goal where organisations try to ensure that they are aware of, and take steps to
comply with, applicable laws and regulations. Internal audit will have a role to
check that this is happening.
• Fraud investigations. Fraud is defined as deliberate deception, trickery, or
cheating intended to gain an advantage and unfortunately there are employees
that will be tempted to commit fraud. This includes a manager making up false
employees and paying them for work that they haven’t done, diverting the
money away to the manager that created them. Internal audit has a role to
discover where this has occurred or is occurring in order to stop the fraud.
• Customer experience. More positively, if the customer is ‘king’ (or ‘queen’) it is
important that the organisation is aware of how customers are being treated. A
‘mystery shopper’ is one that tries a company’s products and services without
announcing that they are auditing the experience. An internal auditor could
act in this role to see how the organisation performs, to praise staff or suggest
• Financial. The statutory annual financial statements are subject to external
audit, but there are many other financial reports and returns which need to be
accurate. For example:
- Monthly management accounts.
- Tenders for contracts
- VAT returns
- Hedging strategies against adverse exchange rate or interest rate movements.
If any of these is incorrect, the company could make incorrect decisions, face
large losses or incur penalties.

G Learn

Internal Audit

EG Learning example 9.1

Your client is Northland District Hospital. They hired your firm to provide internal
audit services after deciding to outsource their existing internal audit department
late last year, and have contacted you to request a VFM audit. Explain what is meant
by a VFM audit.

EG Learning example 9.2

Continuing from Learning example 9.1, describe nine performance measures relevant
to Northland District Hospital’s operations.

9.7 Operational internal audit assignments

An operational audit can be defined as a review of how an organisation’s
management and its operating procedures are functioning with respect to:
• Their effectiveness and efficiency in meeting stated objectives
• The internal controls governing the operations.
• The risks associated with the operations.

G Learn
Rather than auditing the whole of an organisation’s operations at the same time,
usually separate parts of an organisation will be subjected to audit in turn. For example:
• How well is the online internet selling function operating? What are the costs,
the revenues, and the percentage of returned goods and the incidents of fraud?
Have there been breaches in the security of customer data?
• Procurement. How often are new suppliers searched for? How often are contract
renegotiated? How often are deliveries late? How have prices changed over time.

9.8 Internal audit reports

Internal auditors make reports to directors and management as a result of work
performed. These reports are internal to the business and are unlikely to be shared
with third parties other than the external auditors.
There are no formal requirements for the format of such reports however there is a
generally accepted format for reports in business, which includes:
• Terms of reference;
• Executive summary;
• Body of the report;
• Appendices for additional information.


9.9 Other issues with internal audit

9.9.1 Independence
Although in many cases, the internal audit department is staffed by people working
for the company, they still need to be as independent as they possibly can from the
areas they are reviewing.
In particular internal auditors should:
• monitor and review controls, not design and implement them;
• report to the audit committee if possible, not the finance director;
• be appointed by the audit committee;
• be free to decide on the nature and scope of their work;
• be free to communicate fully with the external auditors.

9.9.2 ISA 610 Using the Work of Internal Auditors

It is likely that the internal auditors will do some work that is useful to the external
auditors, who may therefore choose to rely on rather than repeat it.
Examples include:
• Testing of the accuracy of management accounts during the year;
• Controls testing throughout the year;
• Attendance at the inventory count attendance (eg if there are many locations,
the external and internal auditors could share them out to ensure that some
auditors are attending as many as possible).
Before relying on the work of internal audit, the external auditors will need to consider:
• their experience;
• their qualifications;
• whether or not they act on the issues raised;
• whether or not their recommendations are taken seriously by the company
and implemented;
• the quality of their work – including whether or not their work is properly
planned, supervised and documented.

G Learn

Internal Audit

Æ Key Learning Points

• Whereas external audit gives an opinion on the published financial statements
as a legal requirement, internal audit focusses on assessing the effectiveness
of a company’s risk management and internal controls and is typically done to
achieve a well-governed company rather to comply with the law. (A5c)
• Some companies choose to outsource their internal audit needs to an expert,
largely to try to make the function more independent. (A6c)
• Internal audit work can be very varied, including assessments of the efficiency
of each department of the company and checking that industry regulations are
being complied with. (A6d, A6e)

What's the story?

Stop and think through the 'story' of this chapter and how it links with other
chapters (use the Overview to help).


Learning example solutions

EG Solution 9.1
A value for money audit, as its name suggests, aims to measure the extent to which
an organisation is achieving economy, efficiency and effectiveness in its operations.
By economy, we mean testing to see whether the organisation is minimising the
costs necessary to obtain the quality of supplies it needs.
By efficiency, we mean testing to see whether the organisation is getting sufficient
usage and benefit out of the resources that it has available.
Effectiveness is a measure of whether an organisation is achieving its objectives.

EG Solution 9.2
• Wages will be a major cost for a hospital, so monitoring hourly wage rates for
nurses and doctors against industry averages would be a sensible measure.
• Surgical equipment will also be a major and regular cost, so the hospital should
consider monitoring the average quarterly increase in prices per product to
establish whether these are rising faster than inflation as this might indicate poor
value is being obtained from current suppliers.
• Monitor the % of hours available that operating theatres are in use. These
theatres are an expensive and scarce resource so should get as much use as
possible. If they are lying empty this would be clear inefficiency.
• Monitor the % of beds that are empty per day. Beds are also a scarce
commodity, and if they are regularly empty this might indicate the hospital is
inefficient in allocating patients, or that it might have too many beds and could
better use the space.
• The average waiting time for patients in accident and emergency should be
monitored, and compared with the waiting times at other similar hospitals.
Waiting times in A&E are likely to lead to distressed patients and might also lead
to injuries becoming worse rather than better.
• The number of operations per week per surgeon should be monitored surgeon
by surgeon. These are likely to be the most expensive staff at the hospital and as
such their time should be used on the most important activities, namely surgery.

Internal Audit

• The % of patients admitted to A&E, or with serious illnesses, who survive. A
hospital’s main job is to treat the sick and injured and make people better, so this
seems an important statistic to monitor.
• The % of patients readmitted with the same condition should be monitored. If
this is relatively high compared with other hospitals, it might indicate a failure of
surgical techniques to adequately solve patient problems.
• The % of patients who complain must be monitored over time, and again
compared with other hospitals. If patients are dissatisfied, this might suggest a
poor level of patient care, avoidable delays in treatment, lack of cleanliness etc
all of which are basic prerequisites for an effective hospital.


Question bank

Specimen exam
This is the specimen exam paper produced by ACCA in 2016. It includes objective
testing questions in Section A in paper-based format. These questions have been
retained in their original format. Examples of Computer Based Examination format
objective testing questions are included in the Audit and Assurance Question Bank.

Section A – ALL 15 questions are compulsory and MUST be attempted

Each question is worth 2 marks.
The following scenario relates to questions 1-5
You are an audit manager of Buffon & Co, and you have just been assigned the audit
of Maldini Co (Maldini). The audit engagement partner who is responsible for the
audit of Maldini, a listed company, has been in place for approximately eight years
and her son has just been offered a role with Maldini as a sales manager. This role
would entitle him to shares in Maldini as part of his remuneration package.
Maldini’s board of directors is considering establishing an internal audit function,
and the finance director has asked Buffon & Co about the differences in the role of
internal audit and external audit. If the internal audit function is established, the
directors have suggested that they may wish to outsource this to Buffon & Co.
The finance director has suggested to the board that if Buffon & Co is appointed as
internal as well as external auditors, then fees should be renegotiated with at least
20% of all internal and external audit fees being based on the profit after tax of the
company as this will align the interests of Buffon & Co and Maldini.
1. From a review of the information above, your audit assistant has highlighted
some of the potential risks to independence in respect of the audit of Maldini.
1. Audit partner has been in the position for eight years
2. Maldini has asked for advice regarding role of internal audit
3. Maldini has asked Buffon & Co to carry out internal audit work
4. Fees will be based on 20% of profit after tax
Which of the following options correctly identifies the valid threats to
independence and allocates the threat to the appropriate category?

Self-interest Self-review Familiarity

A 1 only 2 and 3 4 only
B 1 only 2 only 4 only
C 2 only 3 and 4 1 only
D 4 only 3 only 1 only

Question bank

2. In relation to the audit engagement partner holding the role for eight years and
her son’s offer of employment with Maldini:
Which of the following safeguards should be implemented in order to comply
with ACCA’s Code of Ethics and Conduct?
A. The audit partner should be removed from the audit team
B. An independent review partner should be appointed
C. The audit partner should be removed if her son accepts the position
D. Buffon & Co should resign from the audit

3. In line with ACCA’s Code of Ethics and Conduct, which of the following factors
must be considered before the internal audit engagement should be accepted?
1. Whether the external audit team have the expertise to carry out the
internal audit work
2. If the assignments will relate to the internal controls over financial reporting
3. If management will accept responsibility for implementing appropriate
4. The probable timescale for the outsourcing of the internal audit function

A. 1, 2 and 3
B. 2 and 3 only
C. 1 and 4 only
D. 1, 3 and 4

4. Following management’s request for information regarding the different roles of

internal and external audit, you have collated a list of key characteristics.
1. Appointed by audit committee
2. Reports are publicly available to shareholders
3. Review efficiency and effectiveness of operations to improve operations
4. Express an opinion on the truth and fairness of the financial statements

Which of the following options correctly allocates the above statements to the
relevant auditor?

External Internal
A 2, 3 and 4 1 only
B 1 and 4 2 and 3
C 2 and 4 1 and 3
D 2 only 1, 3 and 4


5. If the internal and external audit assignments are accepted, what safeguards,
if any, are needed in relation to the basis for the fee?
1. As long as the total fee received from Maldini is less than 15% of the firm’s
total fee income, no safeguards are needed
2. The client should be informed that only the internal audit fee can be based
on profit after tax
3. The fees should be based on Maldini’s profit before tax
4. No safeguards can be applied and this basis for fee determination
should be rejected

The following scenario relates to questions 6-10

Balotelli Beach Hotel Co (Balotelli) operates a number of hotels providing
accommodation, leisure facilities and restaurants. You are an audit senior of Mario
& Co and are currently conducting the audit of Balotelli for the year ended 31
December 20X4. During the course of the audit a number of events and issues have
been brought to your attention:
Non-current assets and depreciation
Balotelli incurred significant capital expenditure during the year updating the leisure
facilities at several of the company’s hotels. Depreciation is charged monthly on all
assets on a straight line basis (SL) and it is company policy to charge a full month’s
depreciation in the month of acquisition and none in the month of disposal.
6. During the audit of non-current assets, the audit team has obtained the
following extract of the non-current assets register detailing some of the new
leisure equipment acquired during the year.
Extract from Balotelli’s non-current assets register

Date Description Original Depreciation Accumulated Charge for Carrying

cost policy depreciation the year value
$ $ $ $
1 May 15 18,000 36 months SL 0 4,000 14,000
20X4 treadmills
15 May 20 exercise 17,000 3 years SL 0 5,667 11,333
20X4 bikes
17 15 rowing 9,750 36 months SL 0 2,167 7,583
August machines
19 10 cross 11,000 36 months SL 0 1,528 9,472
August trainers
55,750 0 13,362 42,388

Question bank

In order to verify the depreciation expense for the year, you have been asked
to perform a proof in total. This will involve developing an expectation of the
depreciation expense for the year and comparing this to the actual expense to
assess if the client has calculated the depreciation charge for the year correctly.
What is the expected depreciation expense for the above assets for the year
ended 31 December 20X4 and the resultant impact on non-current assets?
A. Depreciation should be $10,660, assets are understated
B. Depreciation should be $18,583, assets are understated
C. Depreciation should be $9,111, assets are overstated
D. Depreciation should be $12,549, assets are overstated

7. The audit assistant who has been assigned to help you with the audit work on
non-current assets has expressed some uncertainty over why certain audit
procedures are carried out and specifically is unsure what procedures relate to
the valuation and allocation assertion.
Which of the following audit procedures are appropriate to test the
VALUATION assertion for non-current assets?
1. Ensure disposals are correctly accounted for and recalculate gain/
loss on disposal
2. Recalculate the depreciation charge for a sample of assets ensuring that it
is being applied consistently and in accordance with IAS 16 Property, Plant
and Equipment
3. Review the repairs and maintenance expense accounts for evidence of items
of a capital nature
4. Review board minutes for evidence of disposals during the year and verify
that these are appropriately reflected in the non-current assets register

A. 1 and 2
B. 1, 3 and 4
C. 2, 3 and 4
D. and 3 only


Food poisoning
Balotelli’s directors received correspondence in November 20X4 from a group of
customers who attended a wedding at one of the company’s hotels. They have
alleged that they suffered severe food poisoning from food eaten at the hotel and
are claiming substantial damages. Management has stated that based on discussions
with their lawyers, the claim is unlikely to be successful.
8. In relation to the claim regarding the alleged food poisoning, which of the
following audit procedures would provide the auditor with the MOST reliable
audit evidence regarding the likely outcome of the litigation?
A. Request a written representation from management supporting their
assertion that the claim will not be successful
B. Send an enquiry letter to the lawyers of Balotelli to obtain their view as to
the probability of the claim being successful
C. Review the correspondence from the customers claiming food poisoning to
assess whether Balotelli has a present obligation as a result of a past event
D. Review board minutes to understand why the directors believe that the
claim will not be successful

Trade receivables
Balotelli’s trade receivables have historically been low as most customers are
required to pay in advance or at the time of visiting the hotel. However, during the
year a number of companies opened corporate accounts which are payable monthly
in arrears. As such, the trade receivables balance has risen significantly and is now a
material balance.
9. As trade receivables is a material balance, the audit partner has asked that the
audit team carry out a trade receivables circularisation.
Which of the following are benefits of carrying out a trade receivables
1. It provides evidence from an independent external source
2. It provides sufficient appropriate audit evidence over all relevant
balance assertions
3. It improves audit efficiency as all customers are required to respond
4. It improves the reliability of audit evidence as the process is under the
control of the auditor

A. 1 and 2
B. 1, 2 and 4
C. 2 and 3
D. 1 and 4 only

Question bank

10. The results of the trade receivables circularisation carried out by the audit team
on balances as at 31 December 20X4 are detailed below. You have been asked to
consider the results and determine if additional audit procedures are required.

Customer Balance Balance per Comment

per sales customer
ledger confirmation
$ $
Willow Co 42,500 42,500
Cedar Co 35,000 25,000 Invoice raised 28 December
Maple Co 60,000 45,000 Payment made 30 December
Laurel Co 55,000 55,000 A balance of $20,000 is currently
being disputed by Laurel Co
Oak Co 15,000 No reply

Which of the following statements in relation to the results of the trade

receivables circularisation is TRUE?
A. No further audit procedures need to be carried out in relation to the
outstanding balances with Willow Co and Laurel Co
B. The difference in relation to Cedar Co represents a timing difference and
should be agreed to a pre year-end invoice
C. The difference in relation to Maple Co represents a timing difference and
should be agreed to pre year-end bank statements
D. Due to the non-reply, the balance with Oak Co cannot be verified and a
different customer balance should be selected and circularised

The following scenario relates to questions 11–15

Cannavaro.com is a website design company whose year end was 31 December
20X4. The audit is almost complete and the financial statements are due to be signed
shortly. Profit before tax for the year is $3·8 million and revenue is $11·2 million.
The company has only required an audit for the last two years and the board of
directors has asked your firm to provide more detail in relation to the form and
content of the auditor’s report.
During the audit it has come to light that a key customer, Pirlo Co, with a receivables
balance at the year end of $285,000, has just notified Cannavaro.com that they are
experiencing cash flow difficulties and so are unable to make any payments for the
foreseeable future. The finance director has notified the audit team that he will write
this balance off as an irrecoverable debt in the 20X5 financial statements.


11. To explain to the board the content of the audit report, the audit partner has
asked you to provide details as to why certain elements are included within an
unmodified report.
Which of the following explains the purpose of the ADDRESSEE element of the
unmodified audit report in line with ISA 700 Forming an Opinion and Reporting
on Financial Statements?
A. It demonstrates the point at which sufficient appropriate evidence has
been obtained
B. It clarifies who may rely on the opinion included within the report
C. It explains the role and remit of the audit
D. It sets out the location where the auditor practises

12. The audit assistant assigned to the audit of Cannavaro.com wants a better
understanding of the effect subsequent events have on the audit and has made
the following statements:
1. All material subsequent events require the numbers in the financial
statements to be adjusted
2. A non-adjusting event is a subsequent event for which NO amendments to
the current year financial statements are required
3. The auditor’s responsibilities for subsequent events which occur prior to the
audit report being signed are different from their responsibilities after the
audit report has been issued
4. The auditor should request a written representation confirming that all
relevant subsequent events have been disclosed

Which of the statements above in relation to subsequent events are true?

A. 1 and 3
B. 2, 3 and 4
C. 1, 2 and 4
D. 3 and 4 only

13. The audit engagement partner has asked you to make an initial assessment of
the materiality of the issue with the outstanding receivables balance with Pirlo
Co and to consider the overall impact on the financial statements.
Which of the following correctly summarises the effect of the outstanding
balance with Pirlo Co?

Material Financial statement impact

A No Revenue is overstated
B No Gross profit is understated
C Yes Profit is overstated
D Yes Going concern principle is in doubt

Question bank

14. The audit engagement partner requires you to perform additional procedures
in order to conclude on the level of any adjustment needed in relation to the
outstanding balance with Pirlo Co.
Which TWO of the following audit procedures should be performed to form a
conclusion as to whether the financial statements require amendment?
1. Discuss with management the reasons for not amending the financial statements
2. Review the cash book post year end for receipts from Pirlo Co
3. Send a request to Pirlo Co to confirm the outstanding balance
4. Agree the outstanding balance to invoices and sales orders

A. 1 and 2
B. 1 and 4
C. 2 and 3
D. and 4

15. The finance director has asked you to outline the appropriate audit opinions
which will be provided depending on whether the company decides to amend or
not amend the 20X4 financial statements for the issue identified regarding the
recoverability of the balance with Pirlo Co.
Which of the following options correctly summarises the audit opinions
which will be issued depending on whether or not the 20X4 financial
statements are amended?

Financial statements amended Financial statements not amended

A Unmodified Unmodified with emphasis of matter
B Unmodified with emphasis of matter Qualified ‘except for’
C Unmodified Adverse
D Unmodified Qualified ‘except for’

(30 marks)


Section B – ALL THREE questions are compulsory and MUST be attempted

Please write your answers to all parts of these questions on the lined pages within
the Candidate Answer Booklet.
16. Milla Cola Co (Milla) manufactures fizzy drinks such as cola and lemonade as
well as other soft drinks and its year end is 30 September 2019. You are an audit
manager of Totti & Co and are currently planning the audit of Milla. You attended
the planning meeting with the audit engagement partner and finance director
last week and the minutes from the meeting are shown below. You are reviewing
these as part of the process of preparing the audit strategy document.
Minutes of planning meeting for Milla
Milla’s trading results have been strong this year and the company is forecasting
revenue of $85 million, which is an increase from the previous year. The
company has invested significantly in the cola and fizzy drinks production
process at the factory. This resulted in expenditure of $5 million on updating,
repairing and replacing a significant amount of the machinery used in the
production process.
As the level of production has increased, the company has expanded the number
of warehouses it uses to store inventory. It now utilises 15 warehouses; some are
owned by Milla and some are rented from third parties. There will be inventory
counts taking place at all 15 of these sites at the year end.
A new accounting general ledger has been introduced at the beginning of the
year, with the old and new systems being run in parallel for a period of two
months. In addition, Milla has incurred expenditure of $4·5 million on developing
a new brand of fizzy soft drinks. The company started this process in July 2019
and is close to launching their new product into the market place.
As a result of the increase in revenue, Milla has recently recruited a new credit
controller to chase outstanding receivables. The finance director thinks it is
not necessary to continue to maintain an allowance for receivables and so has
released the opening allowance of $1·5 million.
The finance director stated that there was a problem in April in the mixing of raw
materials within the production process which resulted in a large batch of cola
products tasting different. A number of these products were sold; however, due
to complaints by customers about the flavour, no further sales of these goods
have been made. No adjustment has been made to the valuation of the damaged
inventory, which will still be held at cost of $1 million at the year end.
As in previous years, the management of Milla is due to be paid a significant
annual bonus based on the value of year-end total assets.

Question bank

(a) Explain audit risk and the components of audit risk. (5 marks)
(b) Using the minutes provided, identify and describe SEVEN audit risks, and
explain the auditor’s response to each risk, in planning the audit of Milla Cola
Co. (14 marks)
(c) Identify the main areas, other than audit risks, which should be included
within the audit strategy document for Milla Cola Co; and for each area
provide an example relevant to the audit. (4 marks)

The finance director has requested that the deadline for the 2019 audit be
shortened by a month and has asked the audit engagement partner to consider
if this will be possible. The partner has suggested that in order to meet this new
tighter deadline the firm may carry out both an interim and final audit for the
audit of Milla to 30 September 2019.
(d) Explain the difference between an interim and a final audit. (3 marks)
(e) Explain the procedures which are likely to be performed during an interim
audit of Milla and the impact which it would have on the final audit. (4 marks)

(30 marks)
17. Baggio International Co (Baggio) is a manufacturer of electrical equipment.
It has factories across the country and its customer base includes retailers as
well as individuals, to whom direct sales are made through their website. The
company’s year end is 30 September 2019. You are an audit supervisor of Suarez
& Co and are currently reviewing documentation of Baggio’s internal control in
preparation for the interim audit.
Baggio’s website allows individuals to order goods directly, and full payment
is taken in advance. Currently the website is not integrated into the inventory
system and inventory levels are not checked at the time when orders are placed.
Inventory is valued at the lower of cost and net realisable value.
Goods are despatched via local couriers; however, they do not always record
customer signatures as proof that the customer has received the goods. Over the
past 12 months there have been customer complaints about the delay between
sales orders and receipt of goods. Baggio has investigated these and found that,
in each case, the sales order had been entered into the sales system correctly
but was not forwarded to the despatch department for fulfilling.
Baggio’s retail customers undergo credit checks prior to being accepted and
credit limits are set accordingly by sales ledger clerks. These customers place
their orders through one of the sales team, who decides on sales discount levels.
Raw materials used in the manufacturing process are purchased from a
wide range of suppliers. As a result of staff changes in the purchase ledger
department, supplier statement reconciliations are no longer performed.
Additionally, changes to supplier details in the purchase ledger master file can be
undertaken by purchase ledger clerks as well as supervisors.


In the past six months, Baggio has changed part of its manufacturing process
and as a result some new equipment has been purchased, however, there are
considerable levels of plant and equipment which are now surplus to requirement.
Purchase requisitions for all new equipment have been authorised by production
supervisors and little has been done to reduce the surplus of old equipment.
(a) In respect of the internal control of Baggio International Co:
(i) Identify and explain SIX deficiencies;
(ii) Recommend a control to address each of these deficiencies; and
(iii) Describe a test of control Suarez & Co would perform to assess whether
each of these controls, if implemented, is operating effectively.

Note: The total marks will be split equally between each part. (18 marks)

(b) Describe substantive procedures Suarez & Co should perform at the year end
to confirm plant and equipment additions. (2 marks)

(20 marks)
18. Vieri Motor Cars Co (Vieri) manufactures a range of motor cars and its year end
is 30 June 2019. You are the audit supervisor of Rossi & Co and are currently
preparing the audit programmes for the year-end audit of Vieri. You have had a
meeting with your audit manager and he has notified you of the following issues
identified during the audit risk assessment process:
Land and buildings
Vieri has a policy of revaluing land and buildings, this is undertaken on a rolling
basis over a five-year period. During the year Vieri requested an external
independent valuer to revalue a number of properties, including a warehouse
purchased in January 2019. Depreciation is charged on a pro rata basis.
Work in progress
Vieri undertakes continuous production of cars, 24 hours a day, seven days a
week. An inventory count is to be undertaken at the year end and Rossi & Co will
attend. You are responsible for the audit of work in progress (WIP) and will be
part of the team attending the count as well as the final audit. WIP constitutes
the partly assembled cars at the year end and this balance is likely to be material.
Vieri values WIP according to percentage of completion, and standard costs are
then applied to these percentages.

Question bank

(a) Explain the factors Rossi & Co should consider when placing reliance on the
work of the independent valuer. (5 marks)
(b) Describe the substantive procedures the auditor should perform to obtain
sufficient and appropriate audit evidence in relation to:
(i) The revaluation of land and buildings and the recently purchased warehouse;
and (6 marks)
(ii) The valuation of work in progress. (4 marks)

(c) During the audit, the team has identified an error in the valuation of work in
progress, as a number of the assumptions contain out of date information.
The directors of Vieri have indicated that they do not wish to amend the
financial statements.

Explain the steps Rossi & Co should now take and the impact on the audit report in
relation to the directors’ refusal to amend the financial statements. (5 marks)
(20 marks)
End of Question Paper


Other exam-standard questions

Remember that in the exam, section B contains a 30 mark question and two 20 mark
questions. These questions are a mixture of 20 and 10 marks to provide you with
initial practice in Audit and Assurance questions. Your question bank will contain
more 30 mark questions for you to attempt.
1. Icarus Co manufactures sports equipment. It sells to gyms, schools, colleges and
sports shops.
When a sales order is received, if there is no account number on it, a search is done
on the receivables ledger to see if the customer already has an account. If there is
no account, one is set up to allow the sale to proceed quickly. Orders are files in
order of receipt.
An inventory check is performed to see if the ordered goods are in stock. If they are
not, the customer is notified that there will be a delay and an estimated delivery
date is given. Customers can cancel their orders if the date is not soon enough. If the
goods are in stock a despatch/delivery note set is raised by the sales department.
These sets are passed to the warehouse where a warehouse staff member uses them
to prepare the delivery.
Goods are delivered by a logistics company and a delivery note accompanies the
goods to inform customers about which order the goods relate to.
A copy of the despatch note is sent to the accounts department which uses the
information on it to raise an invoice to be sent to the customer. Invoices are raised
every Monday. A copy invoice is kept by the accounts department and listed
manually in a sales day book. Every month, items in the sales day book are debited to
customers and the total of the sales day book credited to sales.
Every month an accounts clerk reviews accounts in the receivables ledger and follows
up invoices that remain unpaid after three months. Sometimes customers inform the
clerk that the invoice is unpaid because they are awaiting a credit note (for example,
short delivery or wrong goods). The accounts clerk can issue hand-written credit
notes so that disputes can be swiftly resolved. A copy of the credit note is used to
adjust receivables and sales, then filed in date order.
(a) Identify FIVE internal control weaknesses in the sales system set out above,
describe their potential consequences and how each control weakness could
be eliminated. (15 marks)
(b) Apart from carrying out a receivables circularisation, describe FIVE substantive
tests that can be carried out on the receivables amount shown in the financial
statements. Briefly describe the purpose of each test. (5 marks)

(20 marks)
2. A customer of Daedalus Co was supplied goods for $50,000 on 1/12/2018; the
period end was 31/12/2018. On 12/1/2019 the customer complained that special
goods uniquely supplied to that customer had been defective and that they had
caused damage costing $100,000 to a machine on 10/1/2019. Icarus Co accepts

Question bank

that the goods were defective, but disputes that this caused damage. The amounts
mentioned are material in the financial statement of Icarus Co. There are no
inventories of these goods at period end.
Explain the possible implications of this claim in the financial statements of Icarus
Co and the audit procedures that would have to be carried out as a consequence.
(10 marks)
3. The audit of an existing client is due to start in two weeks. In respect of this
assurance engagement:
(a) Explain the elements of an assurance engagement. (5 marks)
(b) Explain the preconditions for an audit. (2 marks)
(c) Explain what is meant by the term ‘professional scepticism’. (3 marks)

(10 marks)
4. Kitty Co deals in electrical spares for cookers, refrigerators, vacuum cleaners and
similar domestic electrical equipment. It stocks around 20,000 different components.
The company’s auditors, Riskit & Co, have just been appointed half way through the
accounting period and have never dealt with a client with such a large range of inventory.
As part of their audit planning process Riskit & Co have discovered the following:
• The company records inventory in real time so that book inventory should
accurately record the amount that is actually in the warehouse.
• Dates of last receipts and despatches of inventory are recorded together with
total units despatched in the financial year.
• Orders are taken both over the internet and by phone. Sometimes customers or
sales staff key in non-existent part numbers in error.
• Some inventory is for very old products that haven’t been made for many years.
• Cycle counts are carried out every week so that over the course of a year every
inventory line has been counted at least once. Adjustments are processed and a
report produced each week showing differences in quantity and value.
• When inventory falls below its reorder level, an order is automatically raised and
sent to the appropriate supplier.
• When new orders are received, the unit cost on the inventory file is updated to
reflect the latest purchase price.
(a) Explain the use of computer assisted audit techniques (CAAT) of audit software
and test data in Riskit & Co. (5 marks)
(b) Explain five advantages of the using CAATs by Riskit & Co in the audit of Kitty
Co. (5 marks)


(c) Describe five examples each of the use of audit software and test data in the
audit of the inventory of Kitty Co. (10 marks)

(20 marks)
5. Manu Co manufactures a variety of steel products especially to customer’s orders.
Each order is allocated a contract number and the cost of steel requisitioned from
stores and labour time spent on each product is recorded. Costs also include an
appropriate allocation of manufacturing overheads.
Describe the substantive audit procedures that would need to be carried out to
verify the cost of an inventory item in Manu Co.
(10 marks)
(a) Explain the following terms:

(i) True and fair

(ii) Reasonable assurance
(iii) Material misstatement
(6 marks)
(b) What is the significance of the date on which the audit report is signed?
(2 marks)
(c) In each of the following situations, explain the effect of the matter
discussed might have on an audit report and whether or not the audit
opinion should be modified:

(i) Upon reviewing the going concern position of an audit client, the auditors
draw directors’ attention to a matter which casts serious doubt over the
company’s going concern. The directors reconsider the matter and insert
a full note in the financial statements disclosing the problem.
(ii) As above, but the directors do not add a note about going concern doubts
to the financial statements.
(iii) No allowance is made for a receivable that both auditors and directors
think is irrecoverable. The receivable is for $1,000 and the company’s
total assets are $1 million.
(iv) No allowance is made in the financial statements for a receivable that the
auditors think is irrecoverable. The receivable is for $20,000, operating
profits are $100,000 and total assets are $1 million.
(v) Just before the audit, the company’s sales ledger and all back-ups are
destroyed by a disgruntled employee on his last day of employment. The
control account shows a receivables balance of $0.5 million. Operating
profits are $100,000 and total assets $1 million.

Question bank

(vi) After the financial statements are signed by the directors and the auditor,
but before they are distributed, a customer owing a material amount at
the period end goes into liquidation with little prospect of any amounts
being recovered.
(12 marks)
(20 marks)
7. Apple Co is a jewellery retailer with about 20 outlets. In addition to selling new
jewellery bought from manufacturers, the company also buys and sells second-hand
jewellery, often for cash.
Following a change in company ownership at the start of the financial period new
auditors, Woucher & Co, have been appointed this year, just a month before the
period end, 31/12/2019. The new owners have ambitious plans for expansion in 2019
and want the audit to be completed quickly, with minimum testing, so that the latest
financial statements can be presented to the bank in support of a loan. Assume
today is the 11th January 2020.

Because of their recent appointment, Woucher & Co has already assigned its most
experienced staff to other clients and will deal with the audit of Apple Co using
relatively junior staff.

The draft financial statements show the following results:

Statement of profit and loss

Y/e 31/12/2019 Y/e/21/12/2018

$000 $000
Sales 1,200 1,050
Cost of sales 630 605
Gross profit 570 445
Operating costs 430 404
Finance costs 60 50
Net profit 170 154


Statement of financial position

Y/e 31/12/2019 Y/e/21/12/2018

$000 $000 $000 $000
Non-current assets 5,000 5,010
Current assets
Inventory 340 200
Receivables 50 28
Cash 45 62
435 290
5,435 5,300
Share capital and reserves 3,835 3,760
Long-term loans 1,400 1,400
Trade payables 200 140
5,435 5,300

(a) Explain what is meant by the term ‘audit risk’ and the elements which
contribute to that risk. (4 marks)
(b) Describe the factors set out above which contribute to or indicate the risk
of material misstatement in the financial statements. Use calculations as
appropriate. (12 marks)
(c) With reference to the scenario above, describe the factors, in addition to those
that give rise to the risk of material misstatement, which might give rise to
audit risk? (4 marks)

(20 marks)
8. Amput Co is a company which imports small domestic electrical goods (such as toasters,
food mixers, and vacuum cleaners) and sells them over the internet. During the
previous audit some problems were found with the company’s stock records and for
the current financial statements it has been decided that a full year-end stock-take will
be performed. The company has a main warehouse and a smaller overspill warehouse.
On the 1 December 2019 the auditors have been supplied with the company’s
stock-taking instructions for the count that is to take place on 1 January 2020. The
instructions have been reproduced below and are the same as issued to client’s staff:
Stock-take: Instructions to staff
Please read these instructions and ensure they are followed.

Question bank

• The stock-take will take place on 1 January 2020 commencing at 10.00.

• Each member of warehouse staff will be issued with a stock-take sheet on which
to note, in pencil the Product Code and Quantity.
• To allow the stock-take to be performed as quickly as possible, each counter
will work alone.
• When a sheet is full, counters should access the company’s computerised stock
records. Any differences between book stock and counted stock should be
investigated. Only after investigation should the quantities be ‘inked in’.
• Completed stock sheets should be deposited in the box labelled “Completed
stock sheets” that will be in the warehouse office.
• The stock count must be completed by 12.00.
(a) Describe the auditor’s duties before, and during attending an inventory count.
Do not describe detailed work relating to valuing inventory at cost or net
realisable value. (8 marks)
(b) Explain SIX short-comings in the stock count instructions and recommend how
these cold be rectified. (12 marks)

(20 marks)
9. Various documents are produced as an audit progresses. Initially the audit firm
will write to their client and ask the client to agree the terms of the engagement
letter. Then during an audit, the auditor will collect and record evidence on audit
documentation. Finally towards the end of the audit the auditor will request from the
audit client a letter of representation.
(a) Explain the purpose and importance of a letter of engagement. (3 marks)
(b) Explain why it is important to document audit work. (4 marks)
(c) Explain the purpose and importance of a letter of representation. (3 marks)

(10 marks)
(a) Explain what is meant by the ‘conceptual framework’ in the ACCA’s code of ethics.
(6 marks)
(b) You are a manager in QXD & Co, a firm of auditors. One of your clients is Olymp
Co, an unlisted client with a turnover of $10 million and profits of around $1
million. You have just had your annual audit planning meeting with the financial
director. During the meeting the FD raised the following points:

(i) This is the 10th year of the audit and the FD greatly appreciates the staffing
consistency that QXD & Co brings to the audit. “It’s just great having the
same audit partner from the start as all our problems are well-known
and understood”.


(ii) Earlier in the year, the internal auditor of Olymp Co discovered a fraud that
had been going on for some years. It appears that the amount of money
embezzled by two accounts assistants amounts to about $20,000 over
four years. The FD wants a discount on this year’s audit fee because QXD
& Co had not discovered the fraud.
(iii) There had been two internal auditors and one left Olymp Co and is now
working for QXD & Co. The FD would like that person to be on the audit
team because of their knowledge about Olymp Co.
(iv) Because some accounting staff members have recently left after the fraud
was discovered, the accounting department is short staffed and has
not enough capacity to prepare the financial statements. The FD has
therefore asked QXD Co to prepare the financial statements.
(v) After the audit has been completed and the financial statements signed-
off, the FD wants the audit partner to accompany him, for support, when
meeting a firm of venture capitalists from whom Olymp Co hopes to
raise some additional equity capital.
Identify ethical issues raised the planning meeting notes above and state
how QXD & Co should respond to these.
(10 marks)
(c) Explain the role of IFAC and the IESBA.

(4 marks)
(20 marks)
(a) Explain what the following terms mean.

(i) A control objective

(ii) A control procedure
(iii) A test of control.
(iv) An internal control questionnaire
(v) An internal control evaluation questionnaire
Illustrate your answer with one example for each relating to a typical
purchases system.
(10 marks)

Question bank

(b) Icy Co pays most of its staff on a monthly basis. Staff are usually paid a fixed
amount each month but occasionally earn additional amounts if they are called in
at weekends. All additional payments are authorised by each employee’s manager.

Salaries are increased when annual reviews take place or whenever an employee
is promoted to a higher grade. All salaries are authorised by the human
resources manager.
Whenever employees leave, their manager is supposed to inform human
resources to ensure that any accrued holiday is paid and that employees are
removed from the payroll. New employees complete a joiners’ form which is
authorised by the HR department. An accounts assistant enters details from the
form into the wages system. Salary rates fall into ranges, depending on the grade
of employee. For example, Grade 5 employees are paid $25,000 - $29,000 pa. If
the salary entered is outside the grade range, the wages system rejects the input
and the discrepancy is investigated
Tax and social security payments are paid monthly to the government.
Describe four tests of control and four substantive tests that can be carried out
on this system.
(8 marks)
(c) What are the appropriate auditor responses if the initial tests of control show
that controls are not operating consistently?
(2 marks)
(20 marks)
12. The receivables ledger of Sampler Co has the following characteristics:

Number of accounts Range $ Total of balances

31/12/2019 ($)
25 >1,000,000 30,481,302
30 >500,000 – 1,000,000 18,000,000
75 >50,000 – 500,000 3,842625
800 0 – <=50,000 7,651,467
10 <0 −1,234
930 Total 59,974,160

A year-end (31/12/2019) receivables circularisation is to be carried out, but there are

several opinions amongst the audit team as to how this should be done. In particular,
how should receivables balances be selected for circularisation?
The company’s operating profit is $100 million and its total assets are $500 million.
Assume today is the 18th January 2020.


Opinion 1
Only the 25 highest balances need to circularised. This covers more than 50% by
value for only 25 letters, and so is very efficient.
Opinion 2
We should simply select about 100 customers using judgement. 100 seems a decent
number of confirmations and auditing cannot be separated from judgement.
Opinion 3
We should select all accounts that have had invoices posted to them in December.
This ensures that we circularise ‘live accounts’.
Opinion 4
We should circularise all 55 of the two highest ranges of balances; something like 30
randomly selected from the 75 $50k - $500k, 100 randomly selected from balances
up to $50,000 and all balances that are in credit.
(a) Critically evaluate the four approaches to balance selection as set out above.
(10 marks)
(b) Once balances for circularisation have been selected, describe the how the
circularisation should be carried out. (6 marks)
(c) Describe four pieces of evidence that can be used to address the assertion of
valuation for receivables. (4 marks)

(20 marks)

Question bank

Specimen exam answers

Section A
1. D
2. A
3. B
4. C
5. D
6. A
7. A
8. B
9. D
10. B
11. B
12. D
13. C
14. A
15. D
1. Statement 1 – Partner has been in role for eight years, contravenes ACCA’s Code of
Ethics and Conduct and represents a familiarity threat.
Statement 3 – Providing internal audit services raises a self-review threat as it is likely
that the audit team will be looking to place reliance on the internal control system
reviewed by internal audit.
Statement 4 – This represents fees on a contingent basis and raises a self-interest
threat as the audit firm’s fee will rise if the company’s profit after tax increases.
Statement 2 – Is not a threat to independence and therefore D is the correct answer.
2. If the engagement partner’s son accepts the role and obtains shares in the company,
it would constitute a self-interest threat but as the partner has already exceeded
the seven-year relationship rule in line with ACCA’s Code of Ethics and Conduct, the
partner should be rotated off the audit irrespective of the decision made by her
son. As Maldini is a listed company, an independent review partner should already
be in place. It is unlikely that the firm needs to resign from the audit (due to stated
circumstances) as the threats to objectivity can be mitigated.
Therefore option A is correct.
3. Statement 1 is inappropriate as the external and internal audit team should be
separate and therefore consideration of the skills of the external audit team is not
appropriate in the circumstances.
Statement 4 does not apply in that the timescale of the work is not relevant to
consider the threats to objectivity.


Statement 2 and 3 are valid considerations – as per ACCA’s Code of Ethics and Conduct
providing internal audit services can result in the audit firm assuming a management
role. To mitigate this, it is appropriate for the firm to assess whether management will
take responsibility for implementing recommendations. Further, for a listed company
the Code prohibits the provision of internal audit services which review a significant
proportion of the internal controls over financial reporting as these may be relied
upon by the external audit team and the self-review threat is too great.
Therefore option B is correct.
4. Internal audit are appointed by the audit committee (external audit usually by the
shareholders) and it is the role of internal audit to review the effectiveness and
efficiency of internal controls to improve operations. External audit looks at the
operating effectiveness of internal controls on which they may rely for audit evidence
and a by-product may be to comment on any deficiencies they have found but this is
not a key function of the role.
Therefore statements 1 and 3 relate to internal audit.
The external auditor’s report is publicly available to the shareholders of the company
(internal audit reports are addressed to management/TCWG) and the external
auditor provides an opinion on the truth and fairness of the financial statements.
Therefore statements 2 and 4 relate to external audit.
C is therefore the correct answer.
5. The proposal in relation to the fees is a contingent fee basis which is expressly
prohibited by ACCA’s Code of Ethics and Conduct and therefore the only viable option
here is to reject the fee basis – D is therefore correct.
6. Depreciation should be calculated as:

Treadmills/exercise bikes = (18,000 + 17,000)/36 x 8 months = 7,778

Rowing machines/cross trainers = (9,750 + 11,000)/36 x 5 months = 2,882
Total 10,660

Therefore the correct answer is A and assets are currently understated as too much
depreciation has currently been charged.
Option B is based on depreciation being applied for a full year instead of for the
relevant months.
Option C is based on depreciation not being charged in the month of acquisition (i.e.
seven and four months).
Option D is based on depreciation for the exercise bikes being divided by the three
years instead of allocated on a monthly basis.

Question bank

7. Test 4 is a test for existence and test 3 is for completeness. All other tests are
relevant for valuation. Option A is correct.
8. While all procedures would be valid in the circumstances, only the written
confirmation from the company’s lawyers would allow the auditor to obtain an
expert, third party confirmation on the likelihood of the case being successful. This
would provide the auditor with the most reliable evidence in the circumstances.
Therefore B is the correct answer.
9. As per ISA 505 External Confirmations, the evidence obtained from the trade
receivables circularisation should be reliable as it is from an external source and the
risk of management bias and influence is restricted due to the process being under the
control of the auditor. Therefore 1 and 4 are benefits and option D is therefore correct.
Customers are not obliged to answer and often circularisations have a very low
response rate. A circularisation will not provide evidence over the valuation assertion
for receivables and therefore 2 and 3 are drawbacks of a circularisation.
10. A is incorrect as the balance with Laurel Co would need to be followed up due
to the dispute.
C is incorrect as this represents a payment in transit and the payment would need to
be agreed to post year-end bank statements – if the cash was received pre year end
this would represent a cut-off issue as this should no longer be included in receivables.
D is incorrect as the sample chosen should be verified even if there is no response. As
per ISA 505, the auditor should adopt alternative procedures.
Therefore B is the only statement which is true as this does represent a timing
difference (invoice in transit) and should be agreed to a pre year-end invoice.
11. Addressee – sets out who the report is addressed to – usually the shareholders –
and is there to clarify who can place reliance on the audit opinion. B is therefore the
correct option.
12. Statement 1 is false as not all subsequent events will require an adjustment to the
numbers within the financial statements. IAS 10 Events after the Reporting Period makes
a distinction between an adjusting and non-adjusting event. Only material adjusting
events would require an amendment to the figures within the financial statements.
Statement 2 is false as while a non-adjusting event would not require a change to
the numbers within the financial statements, IAS 10 may require a disclosure to be
made. If the non-adjusting event is material, non-disclosure could still result in a
modification to the audit report.
Statement 3 is true as the auditor is required to carry out procedures up to the date
of the audit report to gain sufficient appropriate audit evidence that all relevant
subsequent events have been identified and dealt with appropriately. After the audit
report is issued, the auditor does not need to actively look for subsequent events but
is only required to respond to subsequent events which they become aware of.


Statement 4 is true as ISA 560 Subsequent Events requires the auditor to obtain
written confirmation from management/those charged with governance that all
subsequent events have been identified and dealt with in accordance with the
appropriate reporting framework.
D is therefore correct.
13. The outstanding balance with Pirlo Co is likely to be irrecoverable as the customer is
experiencing financial difficulties.
The balance is material at 7·4% of profit before tax and 2·5% of revenue.
Currently profit and assets are overstated by $285,000. Therefore the correct option is C.
14. Writing to the customer/agreeing to invoices, while valid procedures during the
audit to verify the existence of an outstanding balance, would not allow the auditor
to assess the recoverability of the balance which is the key issue in determining
whether an adjustment is required. Therefore options 3 and 4 are incorrect.
Post year-end cash testing is the best way for the auditor to assess if the balance is
recoverable wholly or in part and therefore the cash book should be reviewed for
any receipts which will change the assessment of the debt after the year end. The
issue should also be discussed with management to understand their reasons for
not wanting to amend the financial statements as this may be due to a change in
15. The debt with Pirlo Co should be provided for and is material to the financial
statements at 7·4% of profit before tax and 2·5% of revenue. This represents a
material misstatement which is material but not pervasive. As such, if no adjustment
is made the auditor will be required to provide a qualified ‘except for’ opinion. If the
required change is made, then no material misstatement exists and therefore the
auditor will be able to issue an unmodified opinion.

Section B
(a) Audit risk and its components
Audit risk is the risk that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. Audit risk is a function
of two main components being the risks of material misstatement and detection
risk. Risk of material misstatement is made up of two components, inherent risk
and control risk.
Inherent risk is the susceptibility of an assertion about a class of transaction,
account balance or disclosure to a misstatement which could be material, either
individually or when aggregated with other misstatements, before consideration
of any related controls.

Question bank

Control risk is the risk that a misstatement which could occur in an assertion
about a class of transaction, account balance or disclosure and which could be
material, either individually or when aggregated with other misstatements, will
not be prevented, or detected and corrected, on a timely basis by the entity’s
internal control.
Detection risk is the risk that the procedures performed by the auditor to reduce
audit risk to an acceptably low level will not detect a misstatement which exists
and which could be material, either individually or when aggregated with other
misstatements. Detection risk is affected by sampling and non-sampling risk.
(b) Audit risks and responses

Audit risk Auditor response

Milla has incurred $5m on The auditor should review a breakdown
updating, repairing and replacing of these costs to ascertain the split of
a significant amount of the capital and revenue expenditure, and
production process machinery. further testing should be undertaken
If this expenditure is of a capital nature, to ensure that the classification in the
it should be capitalised as part of financial statements is correct.
property, plant and equipment (PPE)
in line with IAS 16 Property, Plant and
Equipment. However, if it relates more
to repairs, then it should be expensed
to the statement of profit or loss
If the expenditure is not correctly
classified, profit and PPE could be under
or overstated.
At the year end there will be inventory The auditor should assess which of
counts undertaken in all 15 warehouses. the inventory sites they will attend the
It is unlikely that the auditor will be counts for. This will be any with material
able to attend all 15 inventory counts inventory or which have a history of
and therefore they need to ensure significant errors.
that they obtain sufficient appropriate For those not visited, the auditor will
audit evidence over the inventory need to review the level of exceptions
counting controls, and completeness noted during the count and discuss with
and existence of inventory for any management any issues which arose
warehouses not visited. during the count.
Inventory is stored within 15 The auditor should review supporting
warehouses; some are owned by Milla documentation for all warehouses
and some rented from third parties. included within PPE to confirm
Only warehouses owned by Milla ownership by Milla and to ensure non-
should be included within PPE. There current assets are not overstated.
is a risk of overstatement of PPE and
understatement of rental expenses if
Milla has capitalised all 15 warehouses.


A new accounting general ledger system The auditor should undertake

has been introduced at the beginning of detailed testing to confirm that all
the year and the old system was run in opening balances have been correctly
parallel for two months. There is a risk recorded in the new accounting
of opening balances being misstated general ledger system.
and loss of data if they have not been They should document and test the
transferred from the old system correctly. new system. They should review any
In addition, the new accounting management reports run comparing the
general ledger system will require old and new system during the parallel
documenting and the controls over this run to identify any issues with the
will need to be tested. processing of accounting information.
Milla has incurred expenditure of $4·5 Obtain a breakdown of the expenditure
million on developing a new brand and undertake testing to determine
of fizzy drink. This expenditure is whether the costs relate to the
research and development under IAS 38 research or development stage. Discuss
Intangible Assets. The standard requires the accounting treatment with the
research costs to be expensed and finance director and ensure it is in
development costs to be capitalised as accordance with IAS 38.
an intangible asset.
If Milla has incorrectly classified
research costs as development
expenditure, there is a risk the
intangible asset could be overstated
and expenses understated.

Question bank

The finance director of Milla has Extended post year-end cash receipts
decided to release the opening balance testing and a review of the aged
of $1·5 million for allowance for receivables ledger to be performed to
receivables as he feels it is unnecessary. assess valuation and the need for an
There is a risk that receivables will allowance for receivables.
be overvalued, as despite having a Discuss with the director the rationale
credit controller, some balances will be for releasing the $1·5m opening
irrecoverable and so will be overstated allowance for receivables.
if not provided against.
In addition, due to the damaged inventory
there is an increased risk of customers
refusing to make payments in full.
A large batch of cola products has Detailed cost and net realisable value
been damaged in the production testing to be performed to assess
process and will be in inventory at the how much the inventory requires
year end. No adjustment has been writing down by.
made by management.
The valuation of inventory as per IAS
2 Inventories should be at the lower of
cost and net realisable value. Hence it is
likely that this inventory is overvalued.
Due to the damaged cola products, a Review the breakdown of sales of
number of customers have complained. damaged goods, and ensure that
It is likely that for any of the damaged they have been accurately removed
goods sold, Milla will need to refund from revenue.
these customers.
Revenue is possibly overstated if the
sales returns are not completely and
accurately recorded.
The management of Milla receives a Throughout the audit, the team will
significant annual bonus based on the need to be alert to this risk. They
value of year-end total assets. There will need to maintain professional
is a risk that management might feel scepticism and carefully review
under pressure to overstate the value of judgemental decisions and compare
assets through the judgements taken or treatment against prior years.
through the use of releasing provisions.

(c) Audit strategy document

The audit strategy sets out the scope, timing and direction of the audit and helps
the development of the audit plan. It should consider the following main areas:
It should identify the main characteristics of the engagement which define its
scope. For Milla it should consider the following:
○ Whether the financial information to be audited has been prepared in
accordance with IFRS.


○ To what extent audit evidence obtained in previous audits for Milla

will be utilised.
○ Whether computer-assisted audit techniques will be used and the effect
of IT on audit procedures.
○ The availability of key personnel at Milla.
It should ascertain the reporting objectives of the engagement to plan the timing
of the audit and the nature of the communications required, such as:
○ The audit timetable for reporting and whether there will be an interim
as well as final audit.
○ Organisation of meetings with Milia’s management to discuss any audit
issues arising.
○ Location of the 15 inventory counts.
○ Any discussions with management regarding the reports to be issued.
○ The timings of the audit team meetings and review of work performed.
○ If there are any expected communications with third parties.
The strategy should consider the factors which, in the auditor’s professional
judgement, are significant in directing Milia’s audit team’s efforts, such as:
○ The determination of materiality for the audit.
○ The need to maintain a questioning mind and to exercise professional
scepticism in gathering and evaluating audit evidence.
It should consider the results of preliminary audit planning activities and,
where applicable, whether knowledge gained on other engagements for Milla is
relevant, such as:
○ Results of previous audits and the results of any tests over the
effectiveness of internal controls.
○ Evidence of management’s commitment to the design, implementation
and maintenance of sound internal control.
○ Volume of transactions, which may determine whether it is more
efficient for the audit team to rely on internal control.
○ Significant business developments affecting Milla, such as the change in
the accounting system and the significant expenditure on an overhaul
of the factory.
The audit strategy should ascertain the nature, timing and extent of resources
necessary to perform the audit, such as:
○ The selection of the audit team with experience of this type of industry.
○ Assignment of audit work to the team members.
○ Setting the audit budget.
Tutorial note: The answer is longer than required for four marks but represents a
teaching aid.

Question bank

(d) Differences between an interim and a final audit

Interim audit
The interim audit is that part of the audit which takes place before the year
end. The auditor uses the interim audit to carry out procedures which would
be difficult to perform at the year end because of time pressure. There is no
requirement to undertake an interim audit; factors to consider when deciding
upon whether to have one include the size and complexity of the company along
with the effectiveness of internal controls.
Final audit
The final audit will take place after the year end and concludes with the auditor
forming and expressing an opinion on the financial statements for the whole
year subject to audit. It is important to note that the final opinion takes account
of conclusions formed at both the interim and final audit.
(e) Procedures which could be undertaken during the interim audit include:
○ Review and updating of the documentation of accounting systems at Milla.
○ Discussions with management on the recent growth and any other
changes within the business which have occurred during the year to
date at Milla to update the auditor’s understanding of the company.
○ Assessment of risks which will impact the final audit of Milla.
○ Undertake tests of controls on Milla’s key transaction cycles of sales,
purchases and inventory, and credit control.
○ Perform substantive procedures on profit and loss transactions for the
year to date and any other completed material transactions.
Impact of interim audit on final
If an interim audit is undertaken at Milla, then it will have an impact on the
final audit and the extent of work undertaken after the year end. First, as some
testing has already been undertaken, there will be less work to be performed
at the final audit, which may result in a shorter audit and audited financial
statements possibly being available earlier. The outcome of the controls testing
undertaken during the interim audit will impact the level of substantive testing
to be undertaken. If the controls tested have proven to be operating effectively,
then the auditor may be able to reduce the level of detailed substantive testing
required as they will be able to place reliance on the controls. In addition, if
substantive procedures were undertaken at the interim audit, then only the
period from the interim audit to the year end will require to be tested.


(a) Baggio International’s (Baggio) internal control

Deficiency Control recommendations Test of control

Currently the website The website should be Test data could be used to
is not integrated into updated to include an attempt to process orders
the inventory system. interface into the inventory via the website for items
This can result in system; this should check which are not currently
Baggio accepting inventory levels and only held in inventory.
customer orders when process orders if adequate The orders should be
they do not have the inventory is held. flagged as being out of
goods in inventory. If inventory is out of stock and indicate an
This can cause them stock, this should appear approximate waiting time.
to lose sales and on the website with an
customer goodwill approximate waiting time.
For goods despatched Baggio should remind all Select a sample of
by local couriers, local couriers that customer despatches by couriers
customer signatures signatures must be obtained and ask Baggio for proof
are not always as proof of delivery and of delivery by viewing
obtained. This can payment will not be made customer signatures.
lead to customers for any despatches with
falsely claiming that missing signatures.
they have not received
their goods. Baggio
would not be able to
prove that they had
in fact despatched
the goods and may
result in goods being
despatched twice.
There have been a Once goods are Review the report of
number of situations despatched, they should outstanding sales orders.
where the sales orders be matched to sales If significant, discuss with
have not been fulfilled orders and flagged as a responsible official to
in a timely manner. This fulfilled. The system should understand why there
can lead to a loss of automatically flag any is still a significant time
customer goodwill and outstanding sales orders period between sales order
if it persists will damage past a predetermined and despatch date.
the reputation of Baggio period, such as five days. Select a sample of sales
as a reliable supplier. This report should orders and compare
be reviewed by a the date of order to the
responsible official. goods despatch date to
ascertain whether this
is within the acceptable
predetermined period.

Question bank

Customer credit Credit limits should be set For a sample of new

limits are set by sales by a senior member of the customers accepted
ledger clerks. sales ledger department and in the year, review the
Sales ledger clerks are not by sales ledger clerks. authorisation of the credit
not sufficiently senior These limits should be limit, and ensure that
and so may set limits regularly reviewed by a this was performed by a
too high, leading to responsible official. responsible official.
irrecoverable debts, or Enquire of sales ledger
too low, leading to a clerks as to who can set
loss of revenue. credit limits.
Sales discounts are set All members of the sales Discuss with members of
by Baggio’s sales team. team should be given the sales team the process
In order to boost their authority to grant sales for setting sales discounts.
sales, members of the discounts up to a set Review the sales discount
sales team may set the limit. Any sales discounts report for evidence of
discounts too high, above these limits should review by the sales director.
leading to a loss of be authorised by sales
revenue. area managers or the
sales director.
Regular review of sales
discount levels should be
undertaken by the sales
director, and this review
should be evidenced.


Supplier statement Supplier statement Review the file of

reconciliations are no reconciliations should be reconciliations to ensure
longer performed. performed on a monthly that they are being
This may result in errors basis for all suppliers and performed on a regular
in the recording of these should be reviewed basis and that they have
purchases and payables by a responsible official. been reviewed by a
not being identified in a responsible official.
timely manner.
Changes to supplier Only purchase ledger Request a purchase ledger
details in the purchase supervisors should have clerk to attempt to access
ledger master file can the authority to make the master file and to make
be undertaken by changes to master file data. an amendment; the system
purchase ledger clerks. This should be controlled should not allow this.
This could lead to key via passwords. Review a report of master
supplier data being Regular review of any data changes and review
accidently amended changes to master file the authority of those
or fictitious suppliers data by a responsible making amendments.
being set up, which official and this review
can increase the risk of should be evidenced.
Baggio has Regular review of the Observe the review process
considerable levels plant and equipment by senior factory personnel,
of surplus plant and on the factory floor by identifying the treatment of
equipment. Surplus senior factory personnel any old equipment.
unused plant is at to identify any old or Review processed
risk of theft. surplus equipment. capital expenditure
In addition, if the As part of the capital forms to ascertain if the
surplus plant is not expenditure process, there treatment of replaced
disposed of, then the should be a requirement to equipment is as stated.
company could lose confirm the treatment of the
sundry income. equipment being replaced.
Purchase requisitions Capital expenditure Review a sample of
are authorised by authorisation levels to be authorised capital
production supervisors. established. Production expenditure forms
Production supervisors should only and identify if the
supervisors are be able to authorise low correct signatory has
not sufficiently value items, any high authorised them.
independent or value items should be
senior to authorise authorised by the board.
capital expenditure.

(b) Substantive procedures – additions

○ Obtain a breakdown of additions, cast the list and agree to the non-current
asset register to confirm completeness of plant and equipment (P&E).

Question bank

○ Select a sample of additions and agree cost to supplier invoice to

confirm valuation.
○ Verify rights and obligations by agreeing the addition of plant and
equipment to a supplier invoice in the name of Baggio.
○ Review the list of additions and confirm that they relate to capital
expenditure items rather than repairs and maintenance.
○ Review board minutes to ensure that significant capital expenditure
purchases have been authorised by the board.
○ For a sample of additions recorded in P&E, physically verify them on the
factory floor to confirm existence.
(a) Reliance on the work of an independent valuer
ISA 500 Audit Evidence requires auditors to evaluate the competence,
capabilities including expertise and objectivity of a management expert. This
would include consideration of the qualifications of the valuer and assessment of
whether they were members of any professional body or industry association.
The expert’s independence should be ascertained, with potential threats such
as undue reliance on Vieri Motor Cars Co (Vieri) or a self-interest threat such as
share ownership considered.
In addition, Rossi & Co should meet with the expert and discuss with them
their relevant expertise, in particular whether they have valued similar land and
buildings to those of Vieri in the past. Rossi & Co should also consider whether
the valuer understands the accounting requirements of IAS 16 Property, Plant
and Equipment in relation to valuations.
The valuation should then be evaluated. The assumptions used should be
carefully reviewed and compared to previous revaluations at Vieri. These
assumptions should be discussed with both management and the valuer to
understand the basis of any valuations.
(i) Substantive procedures for land and buildings
• Obtain a schedule of land and buildings revalued this year and cast to
confirm completeness and accuracy of the revaluation adjustment.
• On a sample basis, agree the revalued amounts to the valuation
statement provided by the valuer.
• Agree the revalued amounts for these assets are included correctly
in the non-current assets register.
• Recalculate the total revaluation adjustment and agree correctly
recorded in the revaluation surplus.
• Agree the initial cost for the warehouse addition to supporting
documentation such as invoices to confirm cost.


• Confirm through a review of the title deeds that the warehouse is

owned by Vieri.
• Recalculate the depreciation charge for the year to ensure that for
assets revalued during the year, the depreciation was based on the
correct valuation and for the warehouse addition that the charge
was for six months only.
• Review the financial statements disclosures of the revaluation to
ensure they comply with IAS 16 Property, Plant and Equipment.
(ii) Substantive procedures for work in progress (WIP)
• Prior to attending the inventory count, discuss with management
how the percentage completions are attributed to the WIP, for
example, is this based on motor cars passing certain points in the
production process?
• During the count, observe the procedures carried out by Vieri staff
in assessing the level of WIP and consider the reasonableness of the
assumptions used.
• Agree for a sample that the percentage completions assessed
during the count are in accordance with Vieri’s policies
communicated prior to the count.
• Discuss with management the basis of the standard costs applied
to the percentage completion of WIP, and how often these are
reviewed and updated.
• Review the level of variances between standard and actual costs
and discuss with management how these are treated.
• Obtain a breakdown of the standard costs and agree a sample of
these costs to actual invoices or payroll records to assess their
• Cast the schedule of total WIP and agree to the trial balance and
financial statements.
• Agree sample of WIP assessed during the count to the WIP
schedule, agree percentage completion is correct and recalculate
the inventory valuation.
(c) Audit report
Discuss with the management of Vieri why they are refusing to make the
amendment to WIP.
Assess the materiality of the error; if immaterial, it should be added to the
schedule of unadjusted differences. The auditor should then assess whether this
error results in the total of unadjusted differences becoming material; if so, this
should be discussed with management; if not, there would be no impact on the
audit report.

Question bank

If the error is material and management refuses to amend the financial

statements, then the audit report will need to be modified. It is unlikely that any
error would be pervasive as although WIP in total is material, it would not have
a pervasive effect on the financial statements as a whole. As management has
not complied with IAS 2 Inventories and if the error is material but not pervasive,
then a qualified opinion would be necessary.
– A basis for qualified opinion paragraph would need to be included before the
opinion paragraph. This would explain the material misstatement in relation
to the valuation of WIP and the effect on the financial statements. The
opinion paragraph would be qualified ‘except for’.

Marking Scheme

Section A
Questions 1–15 multiple choice (each question is worth 2 marks) 30
Section B Marks Marks
available awarded
16 Milla Cola Co
(a) Component of audit risk
Explanation of audit risk 2
Explanation of components of audit risk: 3
Inherent, control and detection risk
(b) Audit risks and responses (only 7
risks required)
$5 million expenditure on production 2
Inventory counts at 15 warehouses at 2
year end
Treatment of owned v third party 2
New general ledger system introduced at 2
the beginning of the year
Release of opening provision for 2
allowance for receivables
Research and development expenditure 2
Damaged inventory 2
Sales returns 2
Management bonus based on asset values 2


Max 7 issues, 2 marks each 14

(c) Audit strategy document
Main characteristics of the audit 1
Reporting objectives of the audit and 1
nature of communications required
Factors which are significant in directing 1
the audit team’s efforts
Results of preliminary engagement 1
activities and whether knowledge gained
on other engagements is relevant
Nature, timing and extent of resources 1
necessary to perform the audit
Restricted to 4
(d) Difference between interim and final audit
Interim audit 2
Final audit 2
Restricted to 3
(e) Procedures/impact of interim audit
on final audit
Example procedures 3
Impact on final audit 3
Restricted to 4
Total marks 30
17 Baggio International Co
(a) Control deficiencies,
recommendations and tests of
controls (only 6 issues required)
Website not integrated into 3
inventory system
Customer signatures 3
Unfulfilled sales orders 3
Customer credit limits 3
Sales discounts 3
Supplier statement reconciliations 3
Purchase ledger master file 3
Surplus plant and equipment 3
Authorisation of capital expenditure 3
Max 6 issues, 3 marks each 18

Question bank

(b) Substantive procedures for PPE

Cast list of additions and agree to non- 1
current asset register
Vouch cost to recent supplier invoice 1
Agree addition to a supplier invoice in 1
the name of Baggio to confirm rights
and obligations
Review additions and confirm capital 1
expenditure items rather than repairs
and maintenance
Review board minutes to ensure 1
authorised by the board
Physically verify them on the factory 1
floor to confirm existence
Restricted to 2
Total marks 20
18 Vieri Motor Cars Co
(a) Reliance on independent valuer
ISA 500 requires consideration of 1
competence and capabilities of expert
Consider if member of professional body 1
or industry association
Assess independence 1
Assess whether relevant expertise of 1
type of properties as Vieri Motor Cars
Evaluate assumptions 1
(b) (i) Substantive procedures for
revaluation of land and buildings
Cast schedule of land and buildings 1
revalued this year
Agree the revalued amounts to 1
the valuation statement provided
by the valuer
Agree the revalued amounts 1
included correctly in the non-
current assets register


Recalculate the total revaluation 1

adjustment and agree recorded in
the revaluation surplus
Agree the initial cost for the 1
warehouse to invoices to confirm
Confirm through title deeds that 1
the warehouse is owned by Vieri
Recalculate the depreciation 1
charge for the year
Review the financial statements 1
disclosures for compliance with IAS
16 Property, Plant and Equipment
Restricted to 6
(ii) Substantive procedures for work
in progress (WIP)
Discuss with management how 1
the percentage completions are
attributed to WIP
Observe the procedures carried out 1
in the count in assessing the level
of WIP; consider reasonableness of
the assumptions used
During the count, agree a sample 1
of percentage completions are in
accordance with Vieri’s policies
Discuss with management the 1
basis of the standard costs
Review the level of variances 1
between standard and actual costs
Obtain a breakdown of the 1
standard costs and agree a sample
of these costs to actual invoices
Cast the schedule of total WIP 1
and agree to the trial balance and
financial statements
Agree sample of WIP assessed 1
during the count to the WIP
schedule, agree percentage
completion is correct and
recalculate the inventory valuation

Question bank

Restricted to 4
(c) Impact on audit report
Discuss with management reasons for 1
Assess materiality 1
Immaterial – schedule of uncorrected 1
Material not pervasive – qualified opinion 1
Basis for qualified opinion paragraph 1
Opinion paragraph – qualified ‘except for’ 1
Restricted to 5
Total marks 20


Answers to other exam-standard questions

(a) Weaknesses, implications, remedies

Weakness Possible implications Remedy

1 New accounts are set Credit will be given All new customers
up without any credit to new customers should undergo credit
reference procedures who are not credit- vetting procedures
being carried out and worthy and this will and a suitable credit
without credit limits increase the risk of limit set up.
being established irrecoverable debts
2 No credit check is Excessive credit can be All customers should
performed when given to customers and have a credit limit.
orders are received this will increase the risk Before acceptance
from customers. of irrecoverable debts. all new orders should
be approved only
after reference to the
customer’s current
balance, their credit
limit, and their
payment histories
3 Orders are filed in date of Orders might be lost Orders should be
receipt order and there is and/or might not entered in a register
no way of subsequently be fulfilled and this upon receipt.
ensuring that all orders will result in lost Despatches should
have resulted in a sales and a possible subsequently matched
despatch of goods. reduction in goodwill. to each order. Long-
outstanding orders
should be investigated.
4 It is not clear who Goods might be Goods orders which
cancelled orders are dealt despatched to are cancelled should
with. customers who have be marked as such
cancelled orders on the face of the
because inventory was order and in the order
not initially available. register (see 3 above).
Goods might not be
returned; despatch and
return costs will have
to be paid needlessly.

Question bank

5 There appears to be These documents Despatch notes should

no record maintained might be misplaced so be numerically pre-
of the delivery/ that no despatch for numbered and a copy
despatch note set. them is made. kept in numerical
order in the sales
department. This
will be matched
subsequently to
evidence of delivery
and a copy invoice.
6 No independent check is Incorrect goods might The deliveries that
performed on the goods be despatched. the warehouse
prepared for delivery staff member has
prepared should
be independently
compared to the
despatch note.
7 No copy delivery note is Deliveries might be Copy delivery notes
signed by the customer disputed and Icarus should be signed by
as evidence of receipt Co has no evidence customers and then
of the goods. that customers have returned by the logistics
received them company and files with
the original order to
prove order fulfilment.
8 Invoicing is performed Receivables accounts Invoicing should be
only every Monday. could become seriously carried out more
Sales day book entries adrift from the true frequently, ideally daily.
are posted to the debit of amounts owed and this Sales day book entries
the receivables accounts will mean that credit should be debited
only every month. could be extended more frequently to
where it should not be. receivables accounts
Additionally, the – ideally daily, but at
more delay there is in least weekly.
invoicing, the more
delay there will be
receiving cash.


9 There is no way of Despatches could Despatch notes

ensuring that every be made which are should be numerically
despatch results in an never invoiced. prenumbered. When
invoice being raised an invoice is raised,
a copy should be
attached to despatch
note. The despatch
notes should be
filed in the accounts
department in
numerical order and
reviewed regularly
for completeness of
despatch notes and
10 No receivables control Errors in posting A control account
account is maintained. invoices to the should be debited from
individual accounts in the sum of the invoiced
the receivables ledger amounts in the sales
will not be picked up. day book. (Total
credit made from
the sum of the cash
book receipts form
debtors column.)This
should be reconciled
every month to the
sum of the individual
receivables accounts.
11 Statements are not No statements implies Statements should
produced regularly and that amounts in the be sent to customers
sent to customers. receivables accounts every month. Any
could easily be incorrect differences reported by
and not detected. customers should be
I addition, statements investigated.
are the first part of
receivables follow up
to encourage faster
payment of invoices.

Question bank

12 Slow payers are identified The longer amounts Slow payers should
only after three months are outstanding the be chased much
greater the chance of sooner: statements
irrecoverable debts. after one month then
Slow follow-up implies phone calls after the
long collection periods second month etc.
which has an adverse
effect on cash flows

13 The accounts clerk Issuing credit notes Credit notes should be

is allowed to issue transfers value to numerically controlled.
credit notes without customers just as They should only be
proper investigation or surely as sending them issued upon proper
authorisation. cash. Inappropriate investigation.
credit notes will cause They should be issued
revenue and profit loss. by a senior member of
accounting staff.
14 Credit notes are It is not possible to Credit notes should
handwritten and not ensure that credit be pre-printed,
numerically controlled notes are completely numerically
accounted for. prenumbered,
Inappropriate use of held securely, filed
credit notes might not numerically and
be detected. their sequence
regularly reviewed
for completeness

Tutorial note – only 5 weaknesses had to be discussed; others are shown for
learning purposes.
– Reconcile the control account balance (the amount that will be used in the
financial statements) individual account balances in the receivables ledger.
This test addresses the assertions of completeness and existence.
– Perform and analytical procedure by calculating the receivables collection
period. Compare the collection period to budget and previous period figures.
This test addresses the assertions of valuation, existence and completeness.
– Trace cash received after period end from period-end receivables. This test
addresses the assertions of valuation and existence.
– Trace invoices from the last month in the period to debit entries in
customer’s accounts. This test addresses the assertions of existence and


– Compare balances to credit limits and investigate where balances are above
the credit limits. This test addresses the assertion of valuation.
– Trace despatch notes dated the last few days of the period to their related
invoices debited to sales ledger accounts. Trace despatch notes dated the first
few days of the next accounting period to ensure that invoice for these do not
appear in the receivables balances. These tests address the assertion of cut-off.
2. There are two matters to consider:
• The customer will be reluctant to pay the invoice for these goods.
• There might be a contingent liability for damages.
Non-payment of invoice
This event is an adjusting event. The customer’s claim gives evidence of conditions
that existed at the period end date (defective goods had been supplied and the debt
was worthless at period end). If these pieces of information are confirmed then the
receivable relating to this sales will have to be reduced by issuing a credit note to the
customer (Dr Sales; Cr Receivables).
Audit procedures
• Review correspondence with the customer, including where Icarus Co concedes
that the goods were defective.
• Review board minutes for reference to this incident.
• Inspect authority for the concession by the company that the goods were
defective and that a full credit will be issued.
• Inspect the original order in respect of these goods.
• Inspect the copy invoice in respect of these goods to ensure that it was dated
1/12/2017, and that the amount was $50,000. Trace the invoice to the sales
account and to the customer’s account.
• Review credit notes issued since period end to ensure that a credit note for this
transaction has not already been issued
Contingent liability for damages
The correct treatment of this matter depends on the likelihood that an outflow of
funds will occur:
• If probably, a liability must be set up
• If possible, the matter should be noted
• If remote, no mention needs to be made about it.

Question bank

Audit procedures
• Review correspondence with the customer and the customer’s legal
• Review board minutes for reference to this incident.
• Obtain an independent expert legal opinion regarding the possibility of
damages being paid.
• Inspect any calculations that have been performed in respect of quantifying
liabilities, assess these for reasonableness and reperform the calculations.
• Ensure any calculation of potential liability includes an amount for legal costs.
• Ensure that the potential liability stems from a past event by inspecting orders
and invoices.
(a) There are the five elements in an assurance engagement:
– An appropriate subject matter. For example, a set of financial statements.
– A three party relationship involving a practitioner, a responsible party, and
intended users. In the case of an audit assignment these are the auditor, the
directors and the members.
– Suitable criteria. For example, accounting and auditing standards
– Sufficient appropriate evidence. For example, the collection of evidence to
support each relevant assertion.
– A written assurance report in the form appropriate. For example, the
audit report.
(b) The preconditions for an audit are:
– Use of an acceptable reporting framework by the management of the
company to be audited
– Obtain the agreement of management that it acknowledges and
understands its responsibilities. For example, the duty to prepare financial
statements and the requirement to provide all information.
(c) The auditor should plan and perform an audit with professional scepticism,
recognising that circumstances may exist which cause the financial statements to
be materially misstated.
An attitude of professional scepticism means the auditor makes a critical
assessment, with a questioning mind, of the validity of audit evidence obtained
and is alert to audit evidence that contradicts or brings into question the
reliability of documents or management representations. In planning and
performing an audit, the auditor neither assumes that management is dishonest
nor assumes unquestioned honesty.


(a) There are two types of computer assisted audit techniques (CAAT): audit
software and test data.
Audit software is software that belongs to the auditor and which is used to read
client data on client files. The software can reperform calculations (such as
adding up files), identify odd or noteworthy data, and select records for further
investigation and testing by the auditor.
Test data is auditor’s data that belongs to the auditor and which is operated on
by client’s programs. The correct functioning of client programs can therefore
be tested by ensuring that the results obtained are those that are expected from
the data input.
(b) CAATs have the following advantages:
– Speed and cost. Once set up, audit software can read thousands of records
very quickly and efficiently.
– Every record can be examined increasing the level of assurance
obtained on the audit
– The use of audit software is the only practical way to perform certain
important audit procedures (such as adding up a very large file).
– Random selection of items on which further audit work to be can performed,
for example selecting items for physical verification
– Test data can provide the only evidence of the correct functioning of
programs both in terms of processing of data and the operation of controls.
(c) Use of audit software in the audit of the inventory of Kitty Co
– Adding up the values of the 20,000 individual lines of inventory to ensure
that the total reconciles to the inventory figure in the financial statements.
– Selecting a sample of inventory to test count to items in the warehouse
– Identifying inventory that is below its reorder level and tracing to recently
raised purchase orders (operation of internal control).
– Selecting a sample of inventory items and tracing their cost to recent
invoices (valuation).
– Identifying inventory which is recorded as negative balances for further
investigation (valuation/operation of internal control).
– Identifying slow-moving inventory using the dates of last despatch of
inventory. (Valuation).
– Calculation of days of stock (balance compared to sales in the year) and
selection of inventory items that appear to be over-stocked (valuation.)

Question bank

Use of test data in the audit of the inventory of Kitty Co

– Process despatches and receipts to ensure that inventory records are
properly updated (existence/completeness).
– Process a despatch to ensure that its date is properly recorded and the sales
year-to-date are undated (valuation).
– Attempt to process an order with a non-existent product code and
observe what the system does (many assertions relating to sales,
receivables and inventory).
– Process cycle count adjustments to ensure that correct reports are produced
(existence, completeness).
– Process despatches that will cause inventory level to be below the reorder
level and ensure that a purchase order is produced (test of control).
– Process a purchase invoice and ensure that the latest cost is updated from
the invoice to the inventory file.
5. Material
• From contract cost records trace entries to stores requisitions, and from stores
requisitions trace to purchase invoices. Ensure that each material cost record has
a properly authorised requisition note and that costs are correct.
• From the file of requisition notes trace to purchase invoices and to properly
costed entries on the contract account.
• Obtain an estimate of the degree of contract completion then compare
actual material costs to budgeted material costs and make enquiries about
material differences.
• From contract cost records trace entries to analysed authorised time sheets and
wage records. Ensure that time and wages costs are properly recorded.
• From authorised time sheets, trace to wage rates and recalculate the value of
time spent. Trace to entries in the contract cost records.
• Obtain an estimate of the degree of contract completion compare actual time
spent to budgeted time spent and make enquiries about material differences.


Manufacturing overheads
• Recalculate the company’s estimate of the fixed overhead absorption rate and
ensure that the assumptions and absorption rates seem to be reasonable.
• Compare the current period’s absorption rate to that of last period and
investigate the reasons for any material differences.
• Recalculate the amount of overhead charged to contracts by applying the
absorption rate to the hours charged (assuming that overheads are absorbed on
a labour hour basis).
Add up the costs within each contract and ensure that the total is correct.
(i) True and fair
True: a figure is true if it conforms to reality. So, if financial statements
shows non-current assets being owned by the company, then they are
indeed owned. True can also mean accurate. For example, if the financial
statements show Cash of $3 million, then there is an expectation that this is
a true figure.
Fair: not misleading, impartial. So, it might be difficult to be absolutely sure
about the value of inventory, but the inventory should be shown at a value
which does not mislead shareholders.
(ii) Reasonable assurance
When forming an opinion on the financial statements, the auditor evaluates
whether, based on the audit evidence obtained, there is reasonable
assurance about whether the financial statements, taken as a whole, are
free from material misstatement. This involves concluding whether sufficient
appropriate audit evidence has been obtained to reduce to an acceptably
low level the risks of material misstatement of the financial statements and
evaluating the effects of uncorrected misstatements identified.
Reasonable assurance certainly does not mean absolute assurance.
(iii) Material misstatement
Misstatements, including omissions, are considered to be material if they,
individually or in the aggregate, could reasonably be expected to influence the
economic decisions of users taken on the basis of the financial statements.
Judgements about materiality are made in light of surrounding
circumstances, and are affected by the size or nature of a misstatement, or a
combination of both.

Question bank

(b) Until the audit report has been signed, the audit isn’t over and the auditors
have an active duty to look for events or evidence that might be relevant to the
financial statements and their audit report.
After the audit report is signed, the auditors have only a passive duty to take
note of relevant events ie only is they happen to become aware of a relevant
event of piece of additional evidence.
(i) The directors have made a full disclosure of the going concern problem
in the financial statements. The financial statements cannot therefore be
faulted and cannot therefore have a modified audit opinion.
A “material uncertainty related to going concern” paragraph would be added
just after the basis for opinion paragraph in the audit report to draw users’
attention to the problem. This is not a qualified opinion.
(ii) The financial statements are now flawed: they contain a material
misstatement (by omission) and the audit opinion has to be modified to a
qualified (except for) or adverse opinion. The opinion paragraph would be
retitled ‘”Qualified opinion” or “Adverse opinion” as appropriate. Just before
the opinion paragraph there would be an additional paragraph titled “Basis
of qualified opinion” or “Basis of adverse opinion” as appropriate.
(iii) This is not a material misstatement. There would be no effect on the
audit opinion.
(iv) This is a material misstatement. It does not appear to be pervasive so would
lead to a qualified “except…for” opinion, and the opinion paragraph would
be titled “Qualified opinion”. There would be a paragraph just before the
qualified opinion paragraph titled “Basis of qualified opinion” where the
problem would be described. Also the auditor would state what the profits
and assets would be if the receivable were reduced to zero value.
(v) This problem means that the auditor has been unable to collect sufficient
appropriate audit evidence about receivables. It might lead to a qualified
opinion, but the materiality of the missing information suggests that it would
probably be considered a pervasive problem and a disclaimer of opinion is
likely. The opinion paragraph would be titled “Disclaimer of opinion”. There
would be a paragraph just before the disclaimer of opinion paragraph titled
“Basis of disclaimer of opinion” where the problem would be described.
(vi) The auditor has only a passive duty to discover this problem. However,
once discovered, the auditor should ask the directors not to distribute
the financial statements because it turns out they contain a material
misstatement. The ideal solution is to have a new set of financial statements
drafted and approved by the directors and the auditor. If the directors do
distribute the original (wrong) financial statements, the auditor can use the
AGM to explain to members that the FS contain a material misstatement and
also to explain and quantify the effect of that misstatement.


(a) Audit risk is the risk that an inappropriate audit opinion is given. There are three
components of audit risk:
– Inherent risk. This can be described as the risk that an error occurs in the
absence of any internal controls.
– Control risk. This is the risk that the internal control system does not prevent,
detect and correct the error.
– Detection risk. This is the risk that the auditor does not detect and correct any
material misstatements in the financial statements.
Audit risk = Inherent risk × Control risk × Detection risk
Inherent risk and control risk cause the rise of misstatement in the
financial statements.
(b) Causes and indications of the risk of misstatement in the financial statements:
(i) Inventory is material and comprises of small items each of high value and
where valuation might be difficult (eg the value of gem stones). There is a
danger of theft, incorrect inventory quantities being recorded and incorrect
values being assigned to the inventory.
(ii) The company deals in second-hand jewellery. This could easily be incorrectly
valued (eg bought at too high a price).
(iii) The company often deals in cash. Cash increases inherent risk because cash
transactions are very difficult to verify. Additionally there is a risk that cash is
not all fully accounted for.
(iv) The company operates through 20 branches. This increases the risk
associated with proper accounting, the safeguarding of assets and the
counting of inventory at year-end.
(v) The financial statements will be prepared quickly for presentation to
the bank to support a new loan application. Fast preparation of financial
statements increases the risk of error.
(vi) Management will use the financial statements to support a loan application.
This introduces management bias because the directors will be very keen for
the financial statements to look good.
(vii) Gross profit has increased from 42.4% to 47.5%. This is a substantial increase
and might indicate errors in the financial statements.
(viii) Although revenue has increased 14.3%, operating costs have increased only
6.4%. Operating costs might therefore be understates.
(ix) Days of stock have changed from 121 days to 197 days. Inventory might
therefore be overstated (that could explain some of the GP% increase),
or the inventory might be difficult to sell and therefore might need to be
reduced in value.

Question bank

(x) Payables days have increased from 84.5 days to 116 days. This might indicate
liquidity problems or misstated payables.
(xi) It is not clear why receivables have almost doubled. Receivables could
be misstated.
(c) Detection risk will transform the risk of material misstatement into audit risk.
Detection risk depends on:
(i) Sampling risk. Sample sizes that are small have a smaller chance of
discovering errors than larger samples. The client wants minimum testing
and this opens up the danger that sample sizes are too small
(ii) Non-sampling risk. This is any detection risk that does not depend on
sampling. It can be countered by assigning more experienced staff, better
supervision and better review processes. In this scenario, more experienced
staff have already been assigned elsewhere, and it is not clear how good the
supervision and review processes will be.
(iii) The first year of an audit usually means that detection risk will be higher
because the auditor must discover all of the client’s risk areas and
accounting problems and does not have the benefits of previous years’ audit
files to give insights into previous problem areas.
(iv) Time pressure on audit completion can mean that audit work is curtailed to
meet tight deadlines.
(a) Before the stock-take
– Review the instructions that will be used by client’s staff. If there are any
problems with the instructions, the matters should be raised with the
finance director (or audit committee, if one) and if possible amended
instructions should be issued. If the stock-take is not properly organised and
inventory is material then this could result in a modified audit opinion.
– Attendance at the clients briefing of their staff should be considered to
assess the quality of the briefing and to be available to give guidance.
– Audit staffing levels have to be set – number of staff and seniority. Amput Co
has two warehouses and this implies that at least two staff members would
need to be assigned.
– Audit staff have to be briefed with respect to their duties and audit
programs issued.
– The precise time and location of the stock-take(s) must be arranged with the
client and noted.


During the stock-take

– Observe the execution of the stock-taking instructions. For example has
inventory been arranged tidily? Are stock-takers following instructions? Is
damaged stock identified? Has third party stock been identified? Does it
appear that all inventory is being included?
– Perform test counts from stock sheets to inventory and from inventory
to stock sheets. The test counts should include items in the overspill
warehouse. Obtain reasons for any differences.
– Ensure that all stock sheets are accounted for.
– Note down the last few goods received notes and sales despatch notes for
the year for subsequent cut-off tests.

Shortcomings in stock-taking Recommendation to overcome

instructions weakness
1 No-one appears to have One person must be allocated
been placed in charge of responsibility of the inventory
the stock-taking. Therefore, count to ensure the problems
tasks such as allocating noted do not occur.
work to staff, briefing staff,
ensuring instructions are
properly carried out might
not be carried out.
2 There does not appear to be There must be a definite plan
any plan of the count meaning of the counting area which is
that not all the warehouse split into sub-sections for each
will be counted (or some counting team. This will help to
items counted twice). ensure all inventory is counted.
3 Count sheets are to be Quantities must be completed in
completed in pencil – this ink so they cannot be amended.
means that quantities can be
amended later and there may
be no note made of this.
4 There is no control over Stock sheets need to be pre-
count sheets – they are numbered and the numeric
simply issued as needed. This sequence of sheets confirmed at
means that individual sheets the end of the count to ensure
can be lost and the inventory none are missing.
recording incomplete.

Question bank

Shortcomings in stock-taking Recommendation to overcome

instructions weakness
5 Counters have been told to Counting must be carried out in
work independently. This pairs to ensure that the count
means that there will be no is accurate by each counter
check over the counts made; checking the work of the other.
counters can easily hide
any count errors or simply
take the balances from
the computer rather than
actually do any counting.
6 Differences between Items counted must be
the items counted and reconciled to the computer
the computer records records by a person independent
are investigated by the of the count. Any discrepancies
counters. This means that to be investigated with this
count sheets or computer person and the count team to
records can be changed determine why differences have
without authorisation to occurred; count sheets or the
hide differences. computer records can then be
updated as necessary.
7 There is time pressure to Counters must be given sufficient
complete the count – all time to work accurately meaning
sheets to be completed by that a specific deadline should be
12.00. This means that the avoided.
count may be hurried and
mistakes made.
8 Count sheets are not signed All count sheets to be
by the counters. This means signed by the counting team
that it is not clear who so discrepancies can be
counted which inventory. investigated.

Tutorial note: Only 6 problems had to be discussed; the others are given for
tutorial purposes.
(a) The purposes of a letter of engagement
(i) Define auditors’ and management responsibilities so both parties are clear
on what these are
(ii) To provide written evidence by the client of the auditors’ terms of
engagement, effectively completely the contract between the auditor and
the audit client
(iii) Identify any work or reports to be produced in addition to audit report.


(iv) To fix the fee and confirm this will be based on the time and seniority of staff
used during the audit
(v) To set out preliminary timetables and identify key contacts in the audit firm such
as the engagement partner so the client knows who to contact with queries
(b) It is important to document audit work in order to:
(i) Show that the audit work has been done properly. The documentation provides
evidence of the work carried out and records the audit evidence collected
(ii) Enable senior staff to review the work of junior staff
(iii) Help the audit team in future years as the working papers become a source
of reference of the problems found on the audit and how they were resolved
as well as provide system notes etc. for next year
(iv) Encourage a methodical, high-quality approach to the audit work being
carried out.
(c) The purpose of a letter of representation:
(i) A letter of representation should be obtained on specific matters and also on
matters material to the FS when other appropriate audit evidence cannot be
reasonably obtained.
(ii) It cannot substitute for other audit evidence except:
о Where knowledge is confined to management
о Reliance on judgement/opinion
(iii) The letter can otherwise be used for corroboration of other evidence, to
confirm consistency with matters in the financial statements.
(iv) A letter of representation should confirm that management has fulfilled its
responsibilities with regard to the preparation of the financial statements
and that they are free form material misstatement, that all transactions
are included, that all assumptions are reasonable, that all related party
transactions have been disclosed, and that all events since the statement of
financial position date have been adjusted for or disclosed.
(a) The ACCA’s ethical code incorporates five fundamental principles:
– Integrity
– Objectivity
– Professional competence and due care
– Confidentiality
– Professional behaviour.

Question bank

The conceptual framework acknowledges that these principles may be

threatened by a broad range of circumstances. This approach categorises the
threats, and thereby assists members to identify, evaluate and respond to them.
If identified threats are not at an acceptable level, members must implement
safeguards to eliminate the threats or reduce them to an acceptable level so that
compliance with the Fundamental Principles is not compromised.
It is impossible to define every situation that creates threats to compliance with the
Fundamental Principles and specify the appropriate mitigating action that should
be taken. The conceptual framework requires members to identify, evaluate and
address threats. Members must ensure that, in the particular circumstances under
consideration, the Fundamental Principles have been observed.
The various categories of threat discussed within the Code (under which there is
a risk of breaching one or more of the Fundamental Principles) are:
– Self-interest
– Self-review
– Advocacy
– Familiarity
– Intimidation.
(i) There is a familiarity threat to independence and objectivity. If the client had
been listed, then the limit for having the same partner in charge is 7 years.
No strict time limit is laid down for private clients, but if the engagement
partner has held this role for a continuous period of 10 years then
consideration should be given as to whether a reasonable and informed third
party would consider objectivity and independence to be impaired. Where
the individual concerned is not rotated after ten years, it is important that:
о safeguards other than rotation are implemented, such as an additional
partner who has not recently been involved with the client or an
independent quality review
о the reasoning as to why the individual continues to participate in the
audit engagement without any safeguards is documented; and the facts
are communicated to those charged with.


(ii) Even though the fraud is not material to the financial statements and the
auditor had no responsibility to discover it, the client is using the fraud to
pressurise the auditor into lowering fees. There is a potential intimidation
and self-interest threat. Intimidation because the client might threaten
to publicise the fraud to embarrass the auditor and self-interest because
the client unilaterally not pay the full fee. The audit firm should explain its
responsibility in relation to fraud (it is to be hoped that this was set out
clearly in the engagement letter) and should refuse to lower the fee. The
client’s agreement to the fee should be sought. If the client wants to take
matters further, the auditor should resign as it is unlikely that the treats can
be reduced to an acceptable level.
(iii) Objectivity and independence may be threatened where a former director
or employee of the audited entity becomes a member of the engagement
team. Self-interest, self-review and familiarity threats may be created
where a member of the engagement team has to report on, for example,
financial statements which he or she prepared, or elements of the financial
statements for which he or she had responsibility, while with the audited
entity. Where a former director or a former employee of an audited entity,
who was in a position to exert significant influence over the preparation of
the financial statements, joins the audit firm, that individual shall not be
assigned to a position in which he or she is able to influence the conduct and
outcome of the audit for that entity or its affiliates for a period of two years
following the date of leaving the audited entity.
Although the internal auditor would not have prepared the financial statements,
he or she would have had influence over the system of internal control (self-
review) threat. They would also be very familiar with client staff (familiarity
threat) so that their objectivity, and independence is threatened. This staff
member should therefore not be assigned to the audit for at least two years.
(iv) This will give rise to a self-review threat. Auditors are permitted to prepare
the financial statements provided the client is (as here) not listed. However,
to reduce the self-review threat to an acceptable level, completely separate
teams should be used to FS preparation and FS auditing.
QXD should ensure that the total fees now arising from Olymp Co from both
accounting and auditing services do not jeopardise QXD’s independence.
(v) This is an advocacy threat ie the threat that a professional accountant will
promote a client’s position to the point that the professional accountant’s
objectivity is compromised. Examples of advocacy threats given in the ACCA
handbook are:
о The firm promoting shares in an audit client.
о A professional accountant acting as an advocate on behalf of an audit
client in litigation or disputes with third parties.

Question bank

Advocacy threats affect independence and objectivity.

QXD & Co should not help Olymp Co in the marketing of its shares.
(c) The International Federation of Accountants (IFAC) is the global organisation for
the accountancy profession. It is dedicated to serving the public interest and
developing high quality standards and guidance.
IFAC has a number of boards such as:
– The International Auditing and Assurance Standards Board (IAASB) which
sets International Standards on Auditing, Assurance Engagements and
Related Services.
– The Public Interest Oversight Board (PIOB) which oversees IFAC's standard-
setting activities, particularly with respect to auditing, assurance, ethics, and
independence. The PIOB also oversees IFAC's compliance activities.
Another board is the International Ethics Standards Board for Accountants
(IESBA) sets high quality ethical standards for professional accountants and has
developed an international code of ethics. ACCA’s ethical code is based on this.
(i) A control objective
A typical control objective in a purchases system would be that no goods
should be accepted without a valid order.
A control objective is therefore high level: what errors or problems
should not happen?
(ii) A control procedure
A control procedure is a way in which a control objective is achieved. A
typical control procedure in a purchases system would be comparing the
descriptions and quantities of goods received to an authorised order before
they are accepted to ensure that the goods those ordered.
(iii) A test of control.
A test of control examines the operation of a control procedure. For
example, observing the receipts of goods in the warehouse to ensure that
staff compare description and quantities to an original order and mark the
order to show it has been fulfilled.
(iv) An internal control questionnaire
An internal control questionnaire relating to a purchases system would
typically contain a question such as “Are purchase orders marked to show
that the goods have been received?” A ‘Yes’ answer implies that the internal
control system is good.


(v) An internal control evaluation questionnaire

An internal control evaluation questionnaire relating to a purchases system
would typically contain a question such as “Can that have not been ordered
be accepted?” A ‘No’ answer implies that the internal control system is good.
ICEQs are more open-ended than ICQs and require more experience and
judgement to answer.
(b) Tests of control
(i) For 20 additional payments, inspect authorisations/notifications to ensure
that they have been authorised by the employee’s manager.
(ii) For 20 salary amendments (10 for annual increments; 10 for promotion)
trace to authorisations signed by the human resources manager.
(iii) For 10 new joiners inspect new joiners’ forms for authorisation by the
HR department.
(iv) Using a test data approach, attempt to enter a new employee’s information
for each salary grade but with a salary outside the permitted range to ensure
that the entries are rejected.
Substantive tests
(i) Compare this year’s and last year’s total salaries expense with reference to
average salary increases and the change in the number of employees to ensure
that the change in salaries is reasonable [Note: an analytical procedure].
(ii) Ask managers for the names 20 of employees (in total) who have left during
the year and the date that they left. Inspect the salaries printouts for the
month preceding and the month after departure to ensure that salaries stop
being paid correctly.
(iii) Select 20 new joiners’ forms and inspect the information all the information
that has been entered into the wages system to ensure that it is accurate.
(iv) For 6 months of payments, inspect payments to the government of tax and
social security deductions and compare to the output from the salaries
printouts to ensure that payments have been accurately made.
(c) The appropriate responses are:
(i) Extend the tests of control to see if the control breakdowns seem to be
endemic or isolated events.
(ii) If the breakdown in controls appears to be endemic, the controls cannot be
relied upon and the audit must adopt a substantive approach.

Question bank

(a) Receivables are material to the financial statements so it is essential that
sufficient appropriate audit evidence is collected with regard to the relevant
assertions. Circularisation provides audit evidence particularly for the assertions
of existence and ownership. Some additional evidence is needed for valuation.
Opinion 1
Although this simple exercise covers over 50% of receivables by value, it provides
little evidence about smaller balances. For example, the company might be very
careful to account properly for its 25 key customers and be more careless when
accounting for smaller receivables.
This approach does not provide statistical evidence about any assertions relating
to almost $30 million of assets – a material amount in the financial statements.
Opinion 2
Choosing balances using judgement is likely to introduce bias into the selection
process. To be of use in drawing conclusions about populations, statistical
sampling has to be used, meaning that each item in the population has an
equal chance of selection. Choosing samples using judgement is also known as
haphazard sampling.
It’s not clear how the total sample size of 100 has been determined.
Opinion 3
This is a form of sequence or batch selection – all samples are drawn from a
narrow range. The danger with the approach here is that there will be balances
within the total receivables that might not depend on any December invoices
and these will have no chance of selection. Additionally, it will also be important
to allow the chance of zero or inactive accounts to be circularised: there is a risk
that although recorded as zero, they are not in fact zero.
Opinion 4
This is an example of stratified sampling. As long as each stratum has its entire
population examined or samples drawn at random from a stratum, the evidence
collected is valid. Here, the 55 entire population of the highest strata are
examined (sampling is not an issues here). Similarly with the balances in credit:
all are examined because credit balances imply an error or an unusual posting.
Samples are randomly drawn from the other populations, so bias is avoided.


(b) The following are the standard procedures for a receivables circularisation.
(i) On a working paper, record the account numbers, names and addresses, and
balances owing of the customers to be circularised.
(ii) Ask the client to produce circularisation letters on their notepaper. This
letter should ask for a positive response irrespective of whether or not
the customer agrees with the balances noted on the letters (negative
circularisations, where customer respond only if they disagree with the
balance, do not provide good audit evidence).
(iii) The auditor should handle the mailing of the letters to ensure that all
are sent out.
(iv) The letter should ask the customer to reply directly to the auditor. Usually
a reply-paid envelope addressed to the auditor is provided to make
replying convenient.
(v) Replies should be noted on the working paper and cases of disagreement
investigated. Often disagreement will be caused by simple timing differences.
(vi) After a couple of weeks or so, the auditor should, with the client’s
permission, write to customers who have not replied (enclosing a copy of the
original letter), to remind them to reply.
(vii) If still no reply is received, and the size of the balance is important to the
auditor, with the client’s permission, the auditor can telephone the customer
to see if an oral confirmation can be obtained.
(c) [Note: Only four examples needed]
Evidence relating to receivables valuation can be obtained by:
(i) Analytical procedures using collection period. IN the absence of other
information, an increase in collection period implies more doubt about
receivables valuation.
(ii) Aged receivables analysis. In general, the older a receivables balance, the
greater the chance that it will not be paid.
(iii) Inspection of correspondence with customers. A disputed balance is less
likely to be paid so its value is impaired.
(iv) Inspection of board minutes and correspondence with lawyers. Material
potential bad debts are likely to have been discussed with both.
(v) Receipts after period end. If an amount is paid its value is beyond doubt.
(vi) General knowledge of the economy and business failures. If a company goes
into liquidation, this can make news or will at least be searchable. Customers
in liquidation will generally manage to pay little of what they owe.


Index Internal control and risk management
Internal controls
Internal Control Systems 132
International Audit and Assurance
A Standards Board 42
Analytical procedures 103, 168 International Code of Ethics 67
Appointment of external auditors 44 International Federation of Accountants 42
Assurance 35 International Standards on Auditing 42
Assurance engagements 35 Inventories 181
Audit committee 59
Audit documentation 113 M
Audit evidence 163 Management letter 130
Audit Objectives 83 Management Representations 226
Auditor eligibility and appointment 44 Materiality 108
Auditor’s Responsibility to Consider
Fraud in an Audit 99 N
Auditor’s Responsibility with Regard to
Law and Regulations 102 Non-statistical sampling 202
Audit Planning 89 Not for Profit Entities 212
Audit risk 92
Audit risk model 96 O
Audit sampling 199 Other assurance services 39
Computer Assisted Audit Techniques 204, 206 Positive and negative assurance 36
Conduct of an audit 159 Professional clearance 45
Confidentiality 76 Professional Judgment 84
Conflicts of interest 76 Professional Scepticism 83
Control environment 121
Control objectives 127 Q
Control procedures 127
Control tests 127 Quality control 85
Corporate governance 50
E Receivables 177
Engagement Letter 47 Regulation of auditors 42
Ethical threats 69 Role of internal audit 251
Ethics 67
Extrapolation 204 S
Sampling methods 199
F Statistical sampling 199
Final review 219 Statutory audit 37
Stratification 203


Structure of the ISAs 43

Subsequent Events 220

Tangible non-current assets 171

UK Corporate Governance Code 53