AUDIT GUIDE MANUAL
AUDIT GUIDE MANUAL
ta
b
Q U A L I T Y oC O N PROCEDURES SECTION le f T R O Lcontents
HOW TO USE THE RUMA CPA AUDIT GUIDE
5
RUMA CPA AUDIT PROCESS
6
QUALITY CONTROL PROCEDURES SECTION 1.0 Leadership Responsibilities for Quality within the Firm 2.0 Relevant Ethical Requirements 3.0 Acceptance and Continuance of Client Relationships and Specific Engagements 4.0 Human Resources 5.0 Engagement Performance 6.0 Monitoring RUMA CPA Audit Approach
7 7 8 9 11 15 17 19
INTERNATIONAL STANDARDS ON AUDITING (ISAs) SECTION 20 1.0 ISA 200: Overall Objectives of the Independent Auditor and the Conduct of an Audit in accordance with International Standards on Auditing 20 2.0 ISA 210: Agreeing the Terms of Audit Engagements 22 3.0 ISA 220: Quality Control for an Audit of Financial Statements 24 4.0 ISA 230: Audit Documentation 27 5.0 ISA 240: The Auditor’s Responsibility to consider Fraud in the Audit of Financial Statements 31 6.0 ISA 250: Consideration of Laws and Regulations in an Audit of Financial Statements 39 7.0 ISA 260: Reporting to those charged with Governance 40 8.0 ISA 265: Communicating Deficiencies in Internal Control to those charged with Governance and Management 41 9.0 ISA 300: Planning 42 10.0 ISA 315: Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment 46 11.0 ISA 320: Materiality in Planning and Performing an Audit 50 12.0 ISA 330: The Auditor’s Responses to Assessed Risks 52 13.0 ISA 402: Audit Considerations relating to an Entity using a Service Organization 55
1
T H E
R U M A
C P A
A U D I T
14.0 ISA 450: 15.0 ISA 500: 16.0 ISA 501: 17.0 ISA 505: 18.0 ISA 510: 19.0 ISA 520: 20.0 ISA 530: 21.0 ISA 540: 22.0 ISA 550: 23.0 ISA 560: 24.0 ISA 570: 25.0 ISA 580: 26.0 ISA 600: 27.0 ISA 610: 28.0 ISA 620: 29.0 ISA 700: 30.0 ISA 705: 31.0 ISA 706: 32.0 ISA 710: 33.0 ISA 720: 34.0 ISA 800: 35.0 ISA 805: 36.0 ISA 810:
2
G U I D E
M A N U A L
Evaluation of Misstatements Identified during the Audit Audit Evidence Audit Evidence – Specific Considerations for Selected Items External Confirmations Initial Audit Engagements – Opening Balances Analytical Procedures Audit Sampling Auditing Accounting Estimates, including Fair Value Accounting Estimates, and Related Disclosures Related Parties Subsequent Events Going Concern Written Representations Special Considerations – Audits of Group Financial Statements (including the Work of Component Auditors) Using the work of Internal Auditors Using the Work of an Auditor’s Expert Forming an Opinion and Reporting on Financial Statements Modifications to the Opinion in the Independent Auditor’s Report Emphasis of Matter Paragraphs and other Matter Paragraphs in the Independent Auditor’s Report Comparative Information – Corresponding Figures and Comparative Financial Statements The auditor’s Responsibilities relating to other Information in Documents containing Audited Financial Statements Special Considerations – Audits of Financial Statements prepared in Accordance with Special Purpose Frameworks Special Considerations – Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement Engagements to Report on Summary Financial Statements
58 59 61 62 64 65 66 70 73 75 77 79 80 86 88 89 92 95 96 98 99
100 102
ta
b
Q U A L I T Y oC O N PROCEDURES SECTION le f T R O Lcontents
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 1.0 ISRE 2400: Engagements to Review Financial Statements 2.0 ISAE 3000: Assurance Engagements other than Audits or Reviews of Historical Financial Information
107 107
INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS
135
TAILORABLE PROCEDURES SECTION 1.0 AREA 1000: Client Acceptance and Continuance 2.0 AREA 2000: Audit Planning 3.0 AREA 3000: Internal Controls Review 4.0 AREA 4000: Substantive Procedures 5.0 AREA 5000: Completion
149 149 150 152 153 179
TEMPLATE MANAGER SECTION 1.0 Initial Client Meeting 2.0 Engagement Letter 3.0 Fraud Risk Questionnaire 4.0 Documentation of Minutes of Meeting with Management 5.0 Planning Analytics 6.0 Business Analysis Framework 7.0 Audit Comfort Matrix 8.0 Summary of Comfort 9.0 Project Budget 10.0 Independence Confirmation Letter 11.0 Letter of Representation 12.0 Component Auditor’s Confirmations 13.0 Independent Auditor’s Report – Unmodified Opinion 14.0 Independent Auditor’s Report – Consolidated Financial Statements 15.0 Independent Auditor’s Report – qualified – except for 16.0 Report on the Consolidated Financial Statements – Adverse Opinion 17.0 Independent Auditor’s Report – Qualified – Limitation of Scope
185 185 185 188 189 190 191 192 192 193 194 194 195 198 199 200 202 203
121
3
T H E
R U M A
4
C P A
18.0 19.0 20.0 21.0 22.0 23.0
A U D I T
G U I D E
M A N U A L
Independent Auditor’s Report – Modified – Disclaimer Independent Auditor’s Report – Unmodified – Emphasis of Matter Independent Auditor’s Report – Corresponding Figures Independent Auditor’s Report – Corresponding Figures (2) Independent Auditor’s Report – Corresponding Figures (3) Independent Auditor’s Report – Comparative Financial Statements
205 206 207 209 210 211
LAWS AND REGULATIONS
214
FINANCIAL STATEMENT ERROR CHECKLIST
219
how Q U A L to I T Y use C O N the T R O Lruma P R O Ccpa E D U Raudit E S S E guide CTION
HOW TO USE THE RUMA CPA AUDIT GUIDE The RUMA CPA Audit Guide is your complete reference solution for all aspects of our audit approach and its supporting working practices. It has been designed for use by all members of the engagement team. It is easy to use and navigate through, saving valuable time searching for the answers to your questions. The RUMA CPA Audit Guide will be reviewed and updated annually. Currently the guide will be manually run but once an appropriate audit system is acquired the audit guide will be automated. It is suggested that you spend ten minutes understanding how the package is put together, what it contains (using the Quick Reference Guide), and how to find your way around. The structure of the guide is such that you should be able to search for information in a wide variety of ways, ensuring that you should always be able to find the guidance you are looking for.
5
RUMA CPA AUDIT PROCESS Planning
• • • •
Contract negotiations Entrance meeting Mobilize the team Hold entrance meetings with the client management • Obtain sufficient understanding of the client internal controls • Draw up a programme of activities and agree the same with client • Identify the organization’s key risk areas
Outputs • Signed contract • Audit timetable
Execution
• Review procurement process • Review books of account and client Financial Statements • Review fixed assets • Review client documents • Review the internal controls systems • Review reporting systems • Review assets and liabilities • Verify assets and stocks • Review expenditure • Review compliance with financing agreement and Government regulations • Follow up on prior period audit recommendations • Review project performance
Outputs Draft audit reports with an opinion and management letter
Completion and Reporting
• Prepare and issue draft reports to all parties for comments • Discuss and agree the final audit findings with the management • Finalize and issue the final audit reports
Outputs Final reports issued to clients
QUALITY CONTROL PROCEDURES SECTION
QUALITY CONTROL PROCEDURES SECTION 1.0 Leadership Responsibilities for Quality within the Firm Managing Partner
Audit Partner
Senior Partner
Operations & HR Consultancy Division
Advisory & Consultancy Division
Audit & Tax Division
Head, HR Consultancy Accountant Administrative Assistant Administrators Transport Officers
Manager Senior Consultant Consultant Assistant Consultant
Manager Senior Auditor Auditor Audit Assistant
The board of partners at RUMA CPA is responsible for the overall quality control. Any partner assigned operational responsibility for the firm’s system of internal control by the firm’s board of partners should have sufficient and appropriate experience and ability and authority to assume the responsibility. They should be Certified Public Accountants who are experienced practitioners and have a demonstrated commitment to quality.
7
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The various elements of quality control to be delegated to specific partners include: • Human Resources – recruitment, training, staff allocation and disciplinary matters • Independence, Risk and Quality Assurance – professional ethics, professional standards, anti-money laundering, client acceptance and continuance, and engagement quality control. • Security- Physical security, IT security and office management The Senior Partner and the board of partners are ultimately responsible for any elements of quality control delegated and thus need to be updated continually by the partner in charge. The engagement leader in an audit assignment has the responsibility to ensure that he has reviewed: • All significant matters relating to the engagement (critical matters) • The financial statements • The summary of adjusted differences and the summary of unadjusted differences • The audit report • The firm’s independence – both for the firm and for the individual team members • Documentation of the steps that have been designated key risk areas RUMA CPA seeks to promote a culture of quality and consistently communicates this to all staff through its internal communications (emails and staff meetings), code of conduct, induction of new staff, training sessions and through good example shown by the leadership. The leadership of RUMA CPA will not directly or indirectly give the impression that commercial considerations outweigh the quality of work either by; understaffing project teams, accepting unrealistic client deadlines, taking on projects that it lacks the expertise to handle, inadequate staff training budgets etc.
2.0 Relevant Ethical Requirements RUMA CPA has developed policies and procedures to ensure its personnel comply with the relevant ethical requirements.
Independence:
The policies shall enable the firm to: • Communicate independence requirements to its personnel • Identify and evaluate circumstances that create threats to independence • Take action to eliminate threats to independence
The policies require: • Personnel to promptly notify the firm of breaches of independence • The firm to promptly communicate identified breaches to the engagement partner and other relevant personnel where appropriate. Partners and staff are not expected to have a business, family or personal relationship with a key client staff. They are not expected to have significant shareholding in the company, to receive or give loans to the client or to receive goods and services exceeding GBP 50 per annum.
8
QUALITY CONTROL PROCEDURES SECTION At least annually, the firm shall obtain written confirmation of compliance with its policies and procedures on independence from all personnel required to be independent by relevant ethical requirements. (See independence confirmation letter in the template manager section.)
Integrity, objectivity, professional competence and due care At RUMA CPA, we believe that partners and staff should be free of any interests, influences, or relationships in respect of the client’s affairs which impair professional judgment or objectivity. We seek to uphold high professional and ethical standards in the conduct of our work.
Confidentiality RUMA CPA will endeavor to keep secure all client and personal information obtained in the course of business. Documents will be kept under lock and key. Documents should only be kept on file as long as is necessary to fulfill professional and regulatory requirements (7 years) after which it should be disposed of. Documents should be shredded in the office before being transferred to third parties for recycling or disposal. Electronic information should also be restricted by use of passwords, firewalls etc. There should be back-up of electronic data onto drives that are stored at a secure off site location. There will be the use of encryption technology in transmitting data to prevent interception. There will be use of software (antivirus) to prevent hackers from accessing the system. This should be configured in such a way that it automatically updates to ensure maximum protection. All members of staff will be required to sign a declaration of confidentiality at least annually. They should also be aware of the RUMA CPA policy on confidentiality and not break this policy. Staff members are not allowed to talk to the press or any third parties on any client matters, unless required by law e.g. when testifying in court. Only a suitably nominated partner may make representations in the media.
Professional behavior RUMA CPA stands for the highest standards in professional behaviour. Our partners and staff are courteous in their conduct and communications; both verbal and written communications (electronic and hardcopy documents). Our client-facing staff are required to dress formally when on client engagements. The dress code should reflect professionalism and thus items like jeans, sports shoes, open shoes, t-shirts, hipsters, low-cut blouses are not allowed. The use of jewelry and other accessories is also required to be subtle.
3.0 Acceptance and Continuance of Client Relationships and Specific Engagements The firm has policies to provide reasonable assurance that it will undertake or continue relationships where; • The firm is competent to perform the engagement, in terms of time and capabilities. • The firm can comply with ethical requirements • The firm has considered the integrity of the client and doesn’t have information that would lead it to conclude that that client lacks integrity.
9
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
During the planning phase of the audit, the firm will determine whether it has the required resources to do the job. In case the client is too complex or too big for the timelines determined, the firm will not accept the engagement. RUMA CPA will consider the use of experts and other affiliated audit firms to in determining whether it has the required resources. The use of templates in the planning phase of the audit (per the template manager e.g. Business Analysis Framework, Preliminary Analytics, Summary of Comfort, Project Budget) will ensure that the key considerations are met consistently. The firm should ensure that it obtains all information necessary before accepting an engagement and if a potential conflict of interest is identified, the firm should determine whether it’s appropriate to accept the engagement. If the firm decides to accept the engagement, it should document how the issues were resolved. RUMA CPA will ensure that for clients that are profiled as high risk, the engagement leader’s judgment on acceptance and continuance must be approved by a second partner or the senior partner. For potential new clients, RUMA CPA will ensure that it communicates with the predecessor auditor to determine the reasons why the client is switching firms. The firm should consider whether there are legal or professional responsibilities, including a requirement to report to the regulatory authorities, and the possibility of withdrawing from the engagement. If the firm decides to withdraw, it must meet with the client’s management to discuss the circumstances leading to the withdrawal and it must document the significant matters that led to the withdrawal.
10
QUALITY CONTROL PROCEDURES SECTION
4.0
Human Resources The firm should establish policies and procedures to ensure it has sufficient personnel with the competence, capabilities and commitment to ethical principles necessary to perform quality audits and enable engagement partners issue appropriate reports.
RUMA CPA Organization Chart The firm will have the following grades of staff/ career path.
Managing Partner Senior Partner Audit Partner Audit Manager Assistant Audit Manger Audit Senior 1 Audit senior 2 Audit Senior 3 Auditor 1 Auditor 2 Auditor3
Each of the levels of auditor and senior auditor are designed to take 1 year each. What this means is that it takes an auditor 3 years to master the required competencies, and 3 years for a senior auditor. At the manager level, it may take anything from 2 years upwards.
11
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Competencies The required competencies are:
Auditor
i. • • • • •
Relationships and Client Service Participates in professional, business or community organizations and promotes a positive image of RUMA CPA Demonstrates awareness of the various service offerings by RUMA CPA. Demonstrates understanding of roles and responsibilities on the project. Delivers quality work free from errors and in compliance with RUMA CPA guidelines. Cultivates effective working relationships with the clients and other team members
ii. Learning, Sharing and Collaboration • Uses technical resources and tools to expand one’s sphere of resources and skill sets. • Contributes to team discussions to share knowledge that can benefit the group. • Learns from mistakes. Demonstrates commitment to continuous performance improvement. • Assumes responsibility for own learning and asks for help as needed. • Understands team objectives and cooperates and collaborates with others to achieve them; develops and earns trust by sharing information. Offers to help team members and take on additional tasks when appropriate. • Selects and uses communication methods appropriately, e.g., email, voice messages, face-to-face. • Consistently seeks feedback at completion of project or period. • Assists new hires or less experienced staff by answering questions and providing direction on how to complete assignments iii. Quality • Demonstrates behaviour reflective of the RUMA CPA code of conduct • Maintains confidentiality of client, staff and firm information. • Adheres to internal and external compliance responsibilities in a timely manner, e.g., professional standards, independence, continuing education. • Questions basic inconsistencies in information reviewed and update the senior auditor. • Leverages knowledge and expertise gained from other relevant projects.
Senior auditor
i. • • • •
Relationships and Client Service Assists in proposal preparation and research. Begins to identify needs client may not recognize Understands and can communicate broad range of services provided by RUMA CPA. Demonstrates importance of quality by reviewing work products of auditors and making necessary modifications.
ii. Learning, Sharing and Collaboration • Identifies own knowledge gaps and learns through training, development and consultation with engagement/project members, technical experts and colleagues. • Imparts and applies knowledge; shares information and expertise with team members (e.g., presentations, external seminars, technology tips, technical training, etc). • Demonstrates respect for all members of the team. • Makes a conscious effort to thank team members for their efforts and good work.
12
QUALITY CONTROL PROCEDURES SECTION • • • •
Assesses capabilities and needs of team members; assigns tasks accordingly to promote work/life balance. Encourages team dialogue; keeps entire team informed on progress and issues. Plays active role in discussions and meetings; is in charge of the logistics (determining location, agenda, sending invitations etc), takes on the role of facilitator and contributor at the meetings. Gives candid and timely feedback to team members
iii. Quality • Demonstrates behaviour that is reflective of the RUMA CPA Code of Conduct. • Understands professional standards and the importance of regulatory responsibilities. • Sets a positive example in timely adherence to internal and external compliance responsibilities, e.g., independence, continuing education etc. • Stays current on technical matters • Makes visible progress in attaining required or recommended credentials e.g. CPA, ACCA. If credentials have been acquired, ensures that they remain active by subscribing to membership. • Addresses questions on technical matters from team members and clients • Is involved in project planning e.g. staffing of the assignment, time budgets, delegation of duties. Identifies opportunities for improved efficiencies.
Manager i. • • • • • •
Relationships and Client Service Builds, maintains and utilizes network of client and internal relationships to enhance firm connectivity, performance and profitability. Is an active member of professional, business or community organizations Interacts directly with clients or targets in marketing or business development events, clarifying points and answering questions. Takes responsibility for the quality of the team’s work. Is recognized and respected by client as a knowledgeable and valued professional. Shares client feedback with the team and incorporates recommendations into project plan where appropriate.
ii. Learning, Sharing and Collaboration • Demonstrates continuous learning. • Contributes to Learning & Education design activity or instructs at training events for the firm. • Assesses and proactively suggests staffing changes so that the team has the capability, competence, and time to perform the engagement/project in accordance with standards. Takes responsibility for work/life quality of team • Takes responsibility for team and its results; recognizes members of the team for their efforts and successes. • Creates atmosphere of trust; builds acceptance and seeks diverse views; respects cultural differences and individual needs within the team. • Addresses conflicts in a timely, sensitive manner; escalates matters to partner when appropriate. • Prepares (or coordinates the preparation of) complex written documents and presentations. • Speaks to groups with ease, conveying a strong presence. • Sets a positive example by providing timely, meaningful verbal and written feedback. • Coaches others (formally & informally) on providing meaningful feedback. • Seeks coaching and feedback from peers and leaders to strengthen effectiveness. • Directs others so that performance issues are addressed in a timely manner; counsels team members with performance issues.
13
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
iii. Quality • Demonstrates behavior that is reflective of the RUMA CPA Code of Conduct. • Respectfully and appropriately challenges behaviour of others that is inconsistent with professional standards or with RUMA CPA’s values • Consults with the relevant channels when issues arise surrounding professional or ethical conduct, application of standards, etc. • Serves as a resource when staff and/or team members face an ethical or business conduct dilemma • Sets a positive example in timely adherence to internal and external compliance responsibilities, e.g., independence, continuing education, etc. • Manages project financials, including budgets, work in progress, and timely billing and collection, and variance recognition. • Demonstrates knowledge of risk management including RUMA policies and procedures, and ensures work is performed in accordance with standard • Identifies potential risk management or other professional standards issues and consults with appropriate parties • Addresses situations before they become crises and develops solutions to avoid recurrence. • Seeks opportunities outside of one’s usual area.
Training There should be training held each year on the following areas: • Independence and ethics training • Audit methodology – documentation standards, audit process, ISAs etc • IFRS • Quality control – documentation, reviews, fraud, whistle blowing (Using the ICPAR rules as a guideline, each staff member needs at least 25 hours of training per year) The technical training can be tailored to meet the needs of the staff members. For example, Auditor 3 would require training on cash, Property Plant and Equipment, Payroll and Equity. Auditor1 would require receivables and payables, other incomes and expenses, Senior Auditor 3 would require training on revenues, cost of sales, opening balances and preparation of financials. Senior Auditors and Managers could be trained on project management, team leadership, and advanced technical areas. The training will be highly effective if the course attendees are also involved in facilitating the course. To this end, managers and seniors who have been trained on an aspect can be involved in training the Auditors.
Staffing of assignments The staffing of teams will ensure that the team is composed of personnel with varying capabilities e.g. Team 1:
14
Partner>Assistant Manager>Audit Senior 3> Auditor 2/3(Simple jobs) Team 2: Partner>Assistant Manager>Senior Auditor 2>Auditor 1/2/3 (Moderately difficult jobs) Team 3: Partner>Manager>Senior Auditor 1&2&3>Auditor 1&2 (Slightly complex jobs) Team 4: Senior Partner>Partner>Manager>Senior Auditor 1&2/3>Auditor 2&3 (Very complex jobs)
QUALITY CONTROL PROCEDURES SECTION To ensure appropriate coaching and that there is continuity within the firm; all engagements should have a senior auditor and an auditor. The aim is that the auditors will learn from the senior auditors and will be in a position to lead the team themselves in the future. Due to the high turnover rate of senior auditors, the firm will be in a position to continually replenish its ranks. It also means that when the auditor takes on the assignment later on as a senior, he/she will have some background knowledge of the client.
Recruitment The recruitment process involves HR department preparing a shortlist of candidates as per the requirements of the technical department. The department will conduct background checks, administer tests if required, and contact the applicants. The 1st interview will involve a manager from the technical department (e.g. audit manager) and the HR manager. These will then present their shortlist to the partners. Successful candidates will then proceed to the partner interview. Any partner can conduct the interview. The various partners involved in interviewing will present their preferred candidates to the board of partners for the final hiring decision to be made. Once the decision has been made, it is communicated to HR department who then proceed to notify the successful candidate. The contract offer is signed by the partner in charge of HR. It stipulates for a mandatory 3 months probation period after which the employee is due for confirmation. The contract terms will be as per the decision by the board of partners. Once the employee reports for duty, they are taken through induction training. This involves the various aspects that will assist the employee in their duty e.g. Information Technology, firm culture, policies and procedures etc.
5.0
Engagement Performance There should be procedures to ensure that engagements are in accordance with professional standards and that appropriate reports are issued. There should be consistency in documentation and this is emphasized by the use of templates for key documentation areas (see template manager section). In addition, the work of less experienced team members should be reviewed by more experienced team members; the senior auditor reviews the work of the auditor, while the manager reviews the work of the senior auditor etc. (See project budget/task plan in template manager section) The reviews by the senior team members will play a big role in the performance appraisal of the employee at the year end, and will be part of information to be considered when making the decision to promote an employee or not. There should be appropriate consultations on difficult or contentious matters. The nature of and scope of, and conclusions resulting from such consultations should be documented and agreed by both the individual seeking
15
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
consultation and the individual consulted. Conclusions arising from such consultations should be implemented. The engagement partner must be kept informed in a timely manner.
Critical Matter This is anything that needs to be brought to the attention the engagement leader since it can influence the audit strategy e.g. • A technically difficult area that requires significant judgment e.g. provisions • Any findings of fraud or attempted fraud • Major weaknesses in controls • Any adjustment to the financials Documentation of the critical matter 1. Title 2. Background information 3. Technical references 4. Audit team perspective 5. Result of discussion with client 6. Overall conclusion Engagement Quality Control Review An engagement quality control review that provides an objective evaluation of the significant judgments made by the engagement team and the conclusions reached in formulating the report should be done. The nature, timing and extent of the engagement quality control review should be set for each assignment. The engagement report should not be dated until the completion of the engagement quality control review. The review must include the following aspects to be covered by the engagement partner: • A discussion of the significant matters • Are review of financial statements and the proposed report • A review of selected engagement documentation relating to significant judgments and conclusions reached by the team. • An evaluation of the conclusions reached in formulating the report and a consideration of whether the proposed report is appropriate • An evaluation of the firm’s independence in relation to the specific engagement. Eligibility of the quality control reviewers There should be procedures to establish their eligibility through; • Technical competence i.e. authority and competence • The degree to which a reviewer can be consulted without compromising his objectivity Where the reviewer’s objectivity is impaired, he/she should be replaced. Documentation of the engagement quality control review The documentation should evidence that the required procedures have been performed, that the review was completed on or before the date of completion, and that the reviewer isn’t aware of any unresolved matters that would cause him to believe that inappropriate conclusions were reached.
16
QUALITY CONTROL PROCEDURES SECTION Differences in opinion There should be policies and procedures for resolving differences within the engagement team, with those consulted, and between the engagement partner and the engagement quality control reviewer. The conclusions reached should be documented and implemented. The report should not be dated until the matter is resolved. Engagement teams should complete the assembly of the final engagement files on a timely basis after the engagement reports have been finalized. The confidentiality, safe custody, integrity, accessibility and retrievability of engagement documentation should be ensured. Engagement documentation should be maintained for a sufficient period to meet the needs of the firm as required by law.
Monitoring There should be a monitoring process to ensure that the quality control system is relevant, adequate and effective. There shall be an ongoing evaluation of the quality control system, including the inspection of at least one completed engagement for each partner. The responsibility for the monitoring process should be assigned to partners or other persons with sufficient experience and authority in the firm to assume responsibility. Those who performed the engagement or the engagement quality control review should not be involved in inspecting the engagement. If the monitoring process reveals that an inappropriate report was given, the firm needs to determine what further action is appropriate to comply with professional standards and legal requirements and should consider whether to obtain legal advice. At least annually, the monitoring team shall present findings to the managing board of partners. The communication shall be sufficient to enable the firm to take prompt and appropriate corrective action where necessary in accordance with their defined roles and responsibilities .The information shall include; • A description of the monitoring procedures performed • Conclusions drawn from the monitoring procedures • A description of significant deficiencies and actions take to amend the deficiencies Key metrics for the monitoring team to watch out for: 1. Are the independence confirmations for all the team members on file? 2. Were the engagement leader and engagement manager adequately involved in the engagement? (As a rule of thumb, the engagement leader should spend at least 5% and the engagement manager at least 10% of the total engagement team time.) 3. Was the Letter of engagement signed before fieldwork commenced? 4. Is the thought process involved in the summary of comfort and the Audit Comfort Matrix logical? 5. Is the documentation in line with standards? 6. Did the Engagement leader review the completion and financial statements steps, critical matters and other related information before signing the audit report?
17
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
7. Was the file archived within the mandatory 60 days? 8. Was a quality review partner appointed for a high risk/ public interest entity? 9. Was the report given adequate, in line with the audit evidence? 10. Was the Summary of Comfort signed off before substantive procedures were performed?
Complaints and Allegations There will be policies and procedures to ensure that any complaints and allegations of noncompliance with professional standards and requirements can be made by staff in confidential manner to enable them come forward without fear of reprisals. This can be by introducing a secure feedback box to which the managing partner has the sole access. The box can be placed in a location that will enable staff drop in their written views without being noticed. There should also be exit interviews for staff that are leaving the organization to find out any grievances. Documentation of the system of internal control There should be sufficient documentation to provide evidence of the operation of the internal control system. Evaluating, Communicating and remedying identified deficiencies The firm should evaluate the effect of deficiencies noted and determine whether they are random occurrences or a systemic deficiency that requires corrective action. The findings of the review should be presented to the engagement partner and appropriate personnel (manager and senior auditor) Recommendations should include one or more of the following: a) Disciplinary action against an individual team member, especially for repeat offences. It can be low level – whereby it hinders the person’s chances for promotion within the firm, moderate level – forfeit pay, or high level – sacking, legal action. b) Communication of findings to the training department- if due to lack of skills, training should be provided. Staff members are encouraged to pursue professional accountancy courses and attend in-house training tailored to meet their work needs. c) Changes to the Quality Control procedures- if there is a weakness in the quality control procedure, appropriate changes to the operating procedures should be made.
18
QUALITY CONTROL PROCEDURES SECTION
RUMA CPA Audit Approach The audit approach is based on the risk based auditing model.
Client Acceptance and Continuance Audit Planning Internal Controls Testing
Strong Controls Controls
Non Existent/Weak
Substantive Procedures Predominantly Substantive
Predominantly
Anayltical Procedures
Substantive Tests of Details
Audit Completion
19
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
INTERNATIONAL STANDARDS ON AUDITING (ISAs) SECTION 1.0
ISA 200: Overall Objectives of the Independent Auditor and the Conduct of an Audit in accordance with International Standards on Auditing An audit in accordance with ISAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities. Management has responsibility: i. For the preparation of the financial statements in accordance with the applicable financial reporting framework, including where relevant their fair presentation; ii. For such internal control as management and, where appropriate, those charged with governance determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; and iii. To provide the auditor with: a) Access to all information of which management and, where appropriate, those charged with governance are aware that is relevant to the preparation of the financial statements such as records, documentation and other matters; b) Additional information that the auditor may request from management and, where appropriate, those charged with governance for the purpose of the audit; and c) Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. However, reasonable assurance is not an absolute level of assurance.
20
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements. In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements. The auditor’s opinion deals with the financial statements as a whole and therefore the auditor is not responsible for the detection of misstatements that are not material to the financial statements as a whole. The ISAs require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit and, among other things: • Identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity’s internal control. • Obtain sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks. • Form an opinion on the financial statements based on conclusions drawn from the audit evidence obtained. Professional skepticism includes being alert to, for example: • Audit evidence that contradicts other audit evidence obtained. • Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. • Conditions that may indicate possible fraud. • Circumstances that suggest the need for audit procedures in addition to those required by the ISAs Compliance with all relevant Standards The auditor shall comply with all ISAs relevant to the audit. An ISA is relevant to the audit when the ISA is in effect and the circumstances addressed by the ISA exist. In exceptional circumstances, the auditor may judge it necessary to depart from a relevant requirement in an ISA. In such circumstances, the auditor shall perform alternative audit procedures to achieve the aim of that requirement. The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement. Failure to achieve an objective If an objective in a relevant ISA cannot be achieved, the auditor shall evaluate whether this prevents the auditor from achieving the overall objectives of the auditor and thereby requires the auditor, in accordance with the ISAs, to modify the auditor’s opinion or withdraw from the engagement. Timeliness of financial reporting and the balance between benefit and cost The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive. Appropriate planning assists in making sufficient time and resources available for the conduct of the audit. Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and there is a balance to be struck between the reliability of information and its cost. It is necessary for the auditor to: • Plan the audit so that it will be performed in an effective manner;
21
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
• Direct audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas; and • Use testing and other means of examining populations for misstatements. Considerations Specific to Audits in the Public Sector The ISAs are relevant to engagements in the public sector. The public sector auditor’s responsibilities, however, may be affected by the audit mandate, or by obligations on public sector entities arising from law, regulation or other authority (such as ministerial directives, government policy requirements, or resolutions of the legislature), which may encompass a broader scope than an audit of financial statements in accordance with the ISAs. These additional responsibilities are not dealt with in the ISAs.
2.0
ISA 210: Agreeing the Terms of Audit Engagements Before accepting an audit engagement; a) The auditor should determine that the Financial Reporting Framework to be applied in the preparation of the financial statements is acceptable. (In Rwanda, the applicable framework for private sector entities is the IFRS formulated by the International Accounting Standards Board IASB. Other frameworks may be applicable e.g. IPSASs formulated by the International Public Sector Accounting Standards Board may be relevant for public sector entities. Without an applicable ramework, management has no basis for the preparation of the financial statements and the auditor doesn’t have a suitable criteria for auditing the financial statements) b) The auditor obtains agreement of management that it acknowledges and understands its responsibility for: i. The preparation and fair presentation of financial statements in accordance with the applicable Financial Reporting Framework. ii. Systems of internal control designed to mitigate risks of fraud and error. iii. The provision of any information and personnel that the auditor may deem necessary to enable him conduct the audit.
Limitation of scope prior to audit engagement acceptance If management or those charged with governance try to impose a limitation of scope of the auditor’s work, and the auditor is of the belief that the limitation of scope will result in his issuing a disclaimer of opinion, then he should not accept that assignment as an audit engagement, unless required by law or regulation to do so.
Agreement on audit engagement terms The auditor should agree the terms of the engagement with management or those charged with governance. The agreed terms should be documented in writing as an audit engagement letter, which should specify the following matters: i. The objective and scope of the audit ii. The responsibilities of the auditor iii. The responsibilities of management iv. Identification of the Financial Reporting Framework applicable in the preparation and presentation of the financial statements v. Reference to the expected form and content of any reports to be issued by the auditor
22
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Recurring Audits On recurring audits, the auditor needs to use his judgment in determining whether the client needs to be reminded of the existing terms of the audit engagement.
Acceptance of a change in the audit engagement The auditor shouldn’t agree to changes in the audit engagement terms unless there is a justifiable reason. In case the terms of engagement are changed, the auditor and management need to agree and document their agreement in a new engagement letter. If the auditor is unable to agree on the revised terms and the management doesn’t allow him to proceed on with the original terms, the auditor shall withdraw from the assignment and consider whether there is any obligation to report the matter to third parties such as owners, regulators etc. If the financial reporting standards established by an authorized or recognized standards setting organization are supplemented by law or regulation, the auditor shall determine whether there are any conflicts between the financial reporting standards and the additional requirements. If such conflicts exist, the auditor shall discuss with management the nature of the additional requirements and shall agree whether the additional requirements can be met through additional disclosures.
Auditor’s report prescribed by Law or Regulation If local legislation prescribes the form of the audit report in terms that are significantly different from the ISAs, the auditor shall evaluate whether users may misunderstand the assurance obtained from the audit and whether additional explanations in the auditor’s report can mitigate possible misunderstanding. If the auditor is of the opinion that additional explanations can’t mitigate possible misunderstanding, he should decline the audit engagement.
Agreement on Audit Engagement Terms Whether it is management or those charged with governance who should agree to the terms of engagement is determined by the governance structure of the entity and the relevant laws and regulations. It is in the interests of both the entity and the auditor that an engagement letter is signed before the commencement of the audit to help avoid misunderstandings.
Form and content of the Audit Engagement Letter In addition to the matters mentioned above, the engagement letter may also contain the following: • Elaboration of the scope of the audit, including reference to applicable legislation, regulations, ISAs, and ethical and other pronouncements of professional bodies to which the auditor adheres. • The form of any other communication of results of the audit engagement. • The fact that because of the inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with ISAs. • Arrangements regarding the planning and performance of the audit, including the composition of the audit team. • The expectation that management will provide written representations • The agreement of management to make available to the auditor draft financial statements and any accompanying other information in time to allow the auditor to complete the audit in accordance with the proposed timetable.
23
T H E
R U M A
C P A
• • • • • • • • •
A U D I T
G U I D E
M A N U A L
The agreement of management to inform the auditor of facts that may affect the financial statements, of which management may become aware during the period from the date of the auditor’s report to the date the financial statements are issued. The basis on which fees are computed and any billing arrangements. A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms of the engagement outlined therein. Where relevant, the following information may also be disclosed; Arrangements concerning the involvement of internal auditors and other staff of the entity. Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit. Any restriction of the auditor’s liability when such possibility exists. A reference to any further agreements between the auditor and the entity. Any obligations to provide audit working papers to other parties.
Recurring Audits The auditor may decide not to send a new audit engagement letter or other written agreement each period. However, the following factors may make it appropriate to revise the terms of the audit engagement or to remind the entity of existing terms • Any indication that the entity misunderstands the objective and scope of the audit. • Any revised or special terms of the audit engagement. • A recent change of senior management. • A significant change in ownership. • A significant change in nature or size of the entity’s business. • A change in legal or regulatory requirements. • A change in the financial reporting framework adopted in the preparation of the financial statements. • A change in other reporting requirements.
Considerations specific to public sector entities In the public sector, specific requirements may exist within the legislation governing the audit mandate; for example, the auditor may be required to report directly to a minister, the legislature or the public if the entity attempts to limit the scope of the audit.
3.0
ISA 220: Quality Control for an Audit of Financial Statements It should be read in conjunction with ISA 200 “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing.” Quality control systems, policies and procedures are the responsibility of the audit firm. Under ISQC 1, the firm has an obligation to establish and maintain a system of quality control to provide it with reasonable assurance that: (a) The firm and its personnel comply with professional standards and applicable legal and regulatory requirements; and (b) The reports issued by the firm or engagement partners are appropriate in the circumstances
24
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N This ISA is premised on the basis that the firm is subject to ISQC 1 or to national requirements that are at least as demanding. Engagement teams are entitled to rely on the firm’s system of quality control, unless information provided by the firm or other parties suggests otherwise. Examples of areas engagement teams rely on the firm’s quality control systems include: Competence of personnel through their recruitment and formal training, independence through the accumulation and communication of relevant independence information, maintenance of client relationships through acceptance and continuance systems and adherence to applicable legal and regulatory requirements through the monitoring process.
Relevant ethical requirements Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of non-compliance with relevant ethical requirements by members of the engagement team. If matters come to the engagement partner’s attention through the firm’s system of quality control or otherwise that indicate that members of the engagement team have not complied with relevant ethical requirements, the engagement partner, in consultation with others in the firm, shall determine the appropriate action.
Independence The engagement partner shall form a conclusion on compliance with independence requirements that apply to the audit engagement. In doing so, the engagement partner shall: a) Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence; b) Evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to determine whether they create a threat to independence for the audit engagement; and c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is possible under applicable law or regulation. The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action. If the engagement partner obtains information that would have caused the firm to decline the audit engagement had that information been available earlier, the engagement partner shall communicate that information promptly to the firm, so that the firm and the engagement partner can take the necessary action.
Assignment of Engagement Teams The engagement partner shall be satisfied that the engagement team, and any auditor’s experts who are not part of the engagement team, collectively have the appropriate competence and capabilities to: a) Perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements; and b) Enable an auditor’s report that is appropriate in the circumstances to be issued.
Engagement Performance The engagement partner shall take responsibility for: a) The direction, supervision and performance of the audit engagement in compliance with professional standards and applicable legal and regulatory requirements; and b) The auditor’s report being appropriate in the circumstances.
25
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The engagement partner shall take responsibility for reviews being performed in accordance with the firm’s review policies and procedures. On or before the date of the auditor’s report, the engagement partner shall, through a review of the audit documentation and discussion with the engagement team, be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. The engagement partner shall: a) Take responsibility for the engagement team undertaking appropriate consultation on difficult or contentious matters; b) Be satisfied that members of the engagement team have undertaken appropriate consultation during the course of the engagement, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm; c) Determine that conclusions resulting from such consultations have been implemented.
Engagement quality control reviews Engagement quality control reviewer refers to a partner, other person in the firm, suitably qualified external person, or a team made up of such individuals, none of whom is part of the engagement team, with sufficient and appropriate experience and authority to objectively evaluate the significant judgments the engagement team made and the conclusions it reached in formulating the auditor’s report. For audits of financial statements of listed entities, and those other audit engagements, if any, for which the firm has determined that an engagement quality control review is required, the engagement partner shall: a) Determine that an engagement quality control reviewer has been appointed; b) Discuss significant matters arising during the audit engagement, including those identified during the engagement quality control review, with the engagement quality control reviewer; and c) Not date the auditor’s report until the completion of the engagement quality control review. The engagement quality control reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. This evaluation shall involve: a) Discussion of significant matters with the engagement partner; b) Review of the financial statements and the proposed auditor’s report; c) Review of selected audit documentation relating to the significant judgments the engagement team made and the conclusions it reached; and d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of whether the proposed auditor’s report is appropriate. For audits of financial statements of listed entities, the engagement quality control reviewer, on performing an engagement quality control review, shall also consider the following: a) The engagement team’s evaluation of the firm’s independence in relation to the audit engagement; b) Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations; and c) Whether audit documentation selected for review reflects the work performed in relation to the significant judgments and supports the conclusions reached.
26
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N If differences of opinion arise within the engagement team, with those consulted or, where applicable, between the engagement partner and the engagement quality control reviewer, the engagement team shall follow the firm’s policies and procedures for dealing with and resolving differences of opinion.
Monitoring An effective system of quality control includes a monitoring process designed to provide the firm with reasonable assurance that its policies and procedures relating to the system of quality control are relevant, adequate, and operating effectively.
Documentation The auditor shall include in the audit documentation: a) Issues identified with respect to compliance with relevant ethical requirements and how they were resolved. b) Conclusions on compliance with independence requirements that apply to the audit engagement, and any relevant discussions with the firm that support these conclusions. c) Conclusions reached regarding the acceptance and continuance of client relationships and audit engagements. d) The nature and scope of, and conclusions resulting from, consultations undertaken during the course of the audit engagement. The engagement quality control reviewer shall document, for the audit engagement reviewed, that: a) The procedures required by the firm’s policies on engagement quality control review have been performed; b) The engagement quality control review has been completed on or before the date of the auditor’s report; and c) The reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the significant judgments the engagement team made and the conclusions it reached were not appropriate.
4.0
ISA 230: Audit Documentation The primary purpose of audit documentation is that it provides; a) Evidence of the auditor’s basis for a conclusion about the achievement of the overall objectives of the auditor; and b) Evidence that the audit was planned and performed in accordance with ISAs and applicable legal and regulatory requirements Other advantages of audit documentation are: • Assisting the engagement team to plan and perform the audit. • Assisting members of the engagement team responsible for supervision to direct and supervise the audit work, and to discharge their review responsibilities in accordance with ISA 220 (Quality Control for an Audit of Financial Statements) • Enabling the engagement team to be accountable for its work. • Retaining a record of matters of continuing significance to future audits. • Enabling the conduct of quality control reviews and inspections in accordance with ISQC 1 or national requirements that are at least as demanding. • Enabling the conduct of external inspections in accordance with applicable legal, regulatory or other requirements.
27
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Timely preparation of audit documentation The auditor shall prepare audit documentation on a timely basis. This enhances the quality of the audit and facilitates the effective review and evaluation of the audit evidence obtained and conclusions reached before the auditor’s report is finalized. Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at the time such work is performed. Form, content and extent of audit documentation The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand: a) The nature, timing and extent of the audit procedures performed to comply with the ISAs and applicable legal and regulatory requirements; b) The results of the audit procedures performed, and the audit evidence obtained; and c) Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions. Audit documentation may be recorded on paper or on electronic or other media. The auditor need not include in audit documentation superseded drafts of working papers and financial statements, notes that reflect incomplete or preliminary thinking, previous copies of documents corrected for typographical or other errors, and duplicates of documents Oral explanations by the auditor, on their own, do not represent adequate support for the work the auditor performed or conclusions the auditor reached, but may be used to explain or clarify information contained in the audit documentation. Hence the maxim “If it is not documented, then it has not been performed”. In documenting the nature, timing and extent of audit procedures performed, the auditor shall record: a) The identifying characteristics of the specific items or matters tested; b) Who performed the audit work and the date such work was completed; and c) Who reviewed the audit work performed and the date and extent of such review The auditor shall document discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place. If the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter, the auditor shall document how the auditor addressed the inconsistency. It is unnecessary for the auditor to document separately (as in a checklist, for example) compliance with matters for which compliance is demonstrated by documents included within the audit file e.g. The existence of a signed engagement letter in the audit file demonstrates that the auditor has agreed the terms of the audit engagement with management or, where appropriate, those charged with governance. Documentation of significant matters and related significant professional judgments Examples of significant matters include; • Matters that give rise to significant risks (as defined in ISA 315). • Results of audit procedures indicating (a) That the financial statements could be materially misstated, or
28
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N (b) A need to revise the auditor’s previous assessment of the risks of material misstatement and the auditor’s responses to those risks. • Circumstances that cause the auditor significant difficulty in applying necessary audit procedures. • Findings that could result in a modification to the audit opinion or the inclusion of an Emphasis of matter paragraph in the auditor’s report. Documentation of the professional judgments made, where significant, serves to explain the auditor’s conclusions and to reinforce the quality of the judgment. Such matters are of particular interest to those responsible for reviewing audit documentation, including those carrying out subsequent audits when reviewing matters of continuing significance (for example, when performing a retrospective review of accounting estimates). The documentation of a significant matter can take the form of the 7 step approach below. 1. Description of the matter 2. Background information 3. Technical references 4. Results of Consultation with others 5. Client response 6. Conclusion 7. Clearance by the engagement leader See Appendix 1: Form of Significant Matter documentation. Note that the Significant Matter document must be linked to a specific accounting area. Departure from a relevant requirement If, in exceptional circumstances, the auditor judges it necessary to depart from a relevant requirement in an ISA, the auditor shall document how the alternative audit procedures performed achieve the aim of that requirement, and the reasons for the departure. For instance, there are cases where an entire ISA is not relevant (for example, if an entity does not have an internal audit function, nothing in ISA 610 – Using the Work of Internal Auditors, is relevant. Matters arising after the date of the auditor’s report If, in exceptional circumstances, the auditor performs new or additional audit procedures or draws new conclusions after the date of the auditor’s report, the auditor shall document: a) The circumstances encountered; b) The new or additional audit procedures performed, audit evidence obtained, and conclusions reached, and their effect on the auditor’s report; and c) When and by whom the resulting changes to audit documentation were made and reviewed
Assembly of the Final Audit File The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report. An appropriate time limit within which to complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the auditor’s report. After the assembly of the final audit file has been completed, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period. The completion of the assembly of the final audit file after the date of the auditor’s report is an administrative process that does not involve the performance of new audit procedures or the drawing of new conclusions. Changes may, however, be made to the audit documentation during the final assembly process if they are administrative in nature e.g. sorting, collating and cross-referencing working papers.
29
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
ISQC 1 (or national requirements that are at least as demanding) requires firms to establish policies and procedures for the retention of engagement documentation. The retention period for audit engagements ordinarily is no shorter than five years from the date of the auditor’s report, or, if later, the date of the group auditor’s report. Appendix 1: Sample significant matter – 7 Step Approach 1. Description of the matter There is no provisioning policy for receivables. 2. Implication of the matter The accounts receivables balance of USD 2,000,000 may be overstated significantly 3. Background information The client is in the distribution business and approximately 80% of the business is on credit terms thus resulting in a significant accounts receivable balance. From prior experience, a certain percentage of receivables are uncollectible due to the customers facing financial difficulties. This has been estimated to be approximately 10%. However, the client doesn’t have any provisioning policy in place and thus the amounts stated in the accounts are gross of provisions for doubtful debts. 4. Technical references IAS 37 (Provisions, Contingent Liabilities and Contingent Assets) defines a provision as a liability of uncertain timing or amount. The liability is sure to occur, but the exact amount and/or timing may not be definite. The Standard prescribes that an estimate should be made of the amount of the provision, and that it should appear on the balance sheet. IAS 39 – Financial Instruments; Recognition and Measurement states that loans and receivables should be valued at their fair values, which is equivalent to the present value of the expected cash flows. Since the expected cash flows from the receivables will be the gross amount less 10%, then the valuation in the balance sheet should be at the net amounts. 5. Results of Consultation with others We consulted on the matter with the Technical Partner on 26 February 2010 and he agreed with our position. (If the engagement doesn’t have a concurring review partner, or the matter is not too technical to warrant the opinion of another partner, then it may suffice for the team to document that they have consulted with the engagement manager or engagement leader as appropriate.) 6. Client response We discussed with the Chief Accountant on 28 February 2010 and he agreed to restate the financials. 7. Conclusion We propose the following adjustments to the financial statements (see Summary of Adjusted Differences): Dr: Income statement (Bad debts provision) USD 200,000 Cr: Accounts receivables USD 200,000 8. Clearance by the engagement leader Discussed and agreed. Signed. Date.
30
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
5.0
ISA 240: The Auditor’s Responsibility to consider Fraud in the Audit of Financial Statements Characteristics of Fraud Misstatements in the financial statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. The auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements are relevant to the auditor – misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.
Responsibility for the prevention and detection of Fraud The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management.
Responsibilities of the Auditor An auditor conducting an audit in accordance with ISAs is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with the ISAs. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting from error. This is because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery, deliberate failure to record transactions, or intentional misrepresentations being made to the auditor. Such attempts at concealment may be even more difficult to detect when accompanied by collusion. Furthermore, the risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud, because management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information or override control procedures designed to prevent similar frauds by other employees. When obtaining reasonable assurance, the auditor is responsible for maintaining professional skepticism throughout the audit, considering the potential for management override of controls and recognizing the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud.
Requirements Professional skepticism The auditor shall maintain professional skepticism throughout the audit, recognizing the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.
31
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Unless the auditor has reason to believe the contrary, the auditor may accept records and documents as genuine. If conditions identified during the audit because the auditor to believe that a document may not be authentic or that terms in a document have been modified but not disclosed to the auditor, the auditor shall investigate further. Where responses to inquiries of management or those charged with governance are inconsistent, the auditor shall investigate the inconsistencies. Discussion among the engagement team During the kickoff meeting, the engagement team shall discuss fraud. This discussion shall place particular emphasis on how and where the entity’s financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur. The discussion shall occur setting aside beliefs that the engagement team members may have that management and those charged with governance are honest and have integrity. Risk Assessment Procedures and Related Activities The auditor shall make inquiries of management regarding: a) Management’s assessment of the risk that the financial statements may be materially misstated due to fraud, including the nature, extent and frequency of such assessments; b) Management’s process for identifying and responding to the risks of fraud in the entity, including any specific risks of fraud that management has identified or that have been brought to its attention, or classes of transactions, account balances, or disclosures for which a risk of fraud is likely to exist; c) Management’s communication, if any, to those charged with governance regarding its processes for identifying and responding to the risks of fraud in the entity; and d) Management’s communication, if any, to employees regarding its views on business practices and ethical behavior. The auditor shall make inquiries of management, and others within the entity as appropriate, to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. For those entities that have an internal audit function, the auditor shall make inquiries of internal audit to determine whether it has knowledge of any actual, suspected or alleged fraud affecting the entity, and to obtain its views about the risks of fraud. Those charged with governance The auditor shall obtain an understanding of how those charged with governance exercise oversight of management’s processes for identifying and responding to the risks of fraud in the entity and the internal control that management has established to mitigate these risks. The auditor shall make inquiries of those charged with governance to determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity. These inquiries are made in part to corroborate the responses to the inquiries of management. Evaluation of fraud risk factors The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. While fraud risk factors may not necessarily indicate the existence of fraud, they have often been present in circumstances where frauds have occurred and therefore may indicate risks of material misstatement due to fraud. There is a rebuttable presumption that there are risks of fraud in revenue recognition. The auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and accordingly, to
32
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N the extent not already done so, the auditor shall obtain an understanding of the entity’s related controls, including control activities, relevant to such risks.
Responses to the Assessed Risks of Material Misstatement Due to Fraud 1. Fraud at the Financial statement level a) Assign and supervise personnel taking account of the knowledge, skill and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement; b Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings; and c) Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures 2. Fraud at the assertion level The auditor shall design and perform further audit procedures whose nature, timing and extent are responsive to the assessed risks of material misstatement due to fraud at the assertion level. 3. Management override of controls Irrespective of the auditor’s assessment of the risks of management override of controls, the auditor shall design and perform audit procedures to: a) Test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements. In designing and performing audit procedures for such tests, the auditor shall: i) Make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments; ii) Select journal entries and other adjustments made at the end of a reporting period; and iii) Consider the need to test journal entries and other adjustments throughout the period. Inappropriate journal entries or other adjustments often have unique identifying characteristics. Such characteristics may include entries i) Made to unrelated, unusual, or seldom-used accounts, ii) Made by individuals who typically do not make journal entries, iii) Recorded at the end of the period or as post-closing entries that have little or no explanation or description, iv) Made either before or during the preparation of the financial statements that do not have account numbers, or v) Containing round numbers or consistent ending numbers. Inappropriate journal entries or adjustments may be applied to accounts that; i) Contain transactions that are complex or unusual in nature, ii) Contain significant estimates and period-end adjustments, iii) Have been prone to misstatements in the past, iv) Have not been reconciled on a timely basis or contain unreconciled differences, v) Contain inter-company transactions, or vi) Are otherwise associated with an identified risk of material misstatement due to fraud. In audits of entities that have several locations or components, consideration is given to the need to select journal entries from multiple locations.
33
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) Review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud. In performing this review, the auditor shall: i) Evaluate whether the judgments and decisions made by management in making the accounting estimates included in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entity’s management that may represent a risk of material misstatement due to fraud. If so, the auditor shall reevaluate the accounting estimates taken as a whole; and ii) Perform a retrospective review of management judgments and assumptions related to significant accounting estimates reflected in the financial statements of the prior year. The purpose of performing a retrospective review of management judgments and assumptions related to significant accounting estimates reflected in the financial statements of the prior year is to determine whether there is an indication of a possible bias on the part of management. It is not intended to call into question the auditor’s professional judgments made in the prior year that were based on information available at the time. c) For significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual given the auditor’s understanding of the entity and its environment and other information obtained during the audit, the auditor shall evaluate whether the business rationale (or the lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets. The auditor shall determine whether, in order to respond to the identified risks of management override of controls, the auditor needs to perform other audit procedures in addition to those specifically referred to above.
Evaluation of Audit Evidence If the auditor identifies a misstatement, the auditor shall evaluate whether such a misstatement is indicative of fraud. If there is such an indication, the auditor shall evaluate the implications of the misstatement in relation to other aspects of the audit, particularly the reliability of management representations, recognizing that an instance of fraud is unlikely to be an isolated occurrence. If the auditor identifies a misstatement, whether material or not, and the auditor has reason to believe that it is or may be the result of fraud and that management (in particular, senior management) is involved, the auditor shall reevaluate the assessment of the risks of material misstatement due to fraud and its resulting impact on the nature, timing and extent of audit procedures to respond to the assessed risks. The auditor shall also consider whether circumstances or conditions indicate possible collusion involving employees, management or third parties when reconsidering the reliability of evidence previously obtained. If the auditor confirms that, or is unable to conclude whether, the financial statements are materially misstated as a result of fraud the auditor shall evaluate the implications for the audit.
Auditor unable to continue the engagement If, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters exceptional circumstances that bring into question the auditor’s ability to continue performing the audit, the auditor shall: a) Determine the professional and legal responsibilities applicable in the circumstances, including whether there is a requirement for the auditor to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities; b) Consider whether it is appropriate to withdraw from the engagement, where withdrawal is possible under applicable law or regulation; and
34
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N c) If the auditor withdraws: i) Discuss with the appropriate level of management and those charged with governance the auditor’s withdrawal from the engagement and the reasons for the withdrawal; and ii) Determine whether there is a professional or legal requirement to report to the person or persons who made the audit appointment or, in some cases, to regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for the withdrawal.
Written Representations The auditor shall obtain written representations from management and, where appropriate, those charged with governance that: a) They acknowledge their responsibility for the design, implementation and maintenance of internal control to prevent and detect fraud; b) They have disclosed to the auditor the results of management’s assessment of the risk that the financial statements may be materially misstated as a result of fraud; c) They have disclosed to the auditor their knowledge of fraud or suspected fraud affecting the entity involving: i) Management; ii) Employees who have significant roles in internal control; or iii) Others where the fraud could have a material effect on the financial statements; and d) They have disclosed to the auditor their knowledge of any allegations of fraud, or suspected fraud, affecting the entity’s financial statements communicated by employees, former employees, analysts, regulators or others.
Communications to those charged with governance If the auditor suspects fraud involving management, the auditor shall communicate these suspicions to those charged with governance and discuss with them the nature, timing and extent of audit procedures necessary to complete the audit.
Communications to regulatory and enforcement authorities Although the auditor’s professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor’s legal responsibilities may override the duty of confidentiality in some circumstances.
Documentation The auditor shall include the following in the audit documentation of the auditor’s understanding of the entity and its environment and the assessment of the risks of material misstatement; a) The significant decisions reached during the discussion among the engagement team regarding the susceptibility of the entity’s financial statements to material misstatement due to fraud; and b) The identified and assessed risks of material misstatement due to fraud at the financial statement level and at the assertion level. The auditor shall include the following in the audit documentation of the auditor’s responses to the assessed risks of material misstatement; a) The overall responses to the assessed risks of material misstatement due to fraud at the financial statement level and the nature, timing and extent of audit procedures, and the linkage of those procedures with the assessed risks of material misstatement due to fraud at the assertion level; and b) The results of the audit procedures, including those designed to address the risk of management override of controls.
35
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The auditor shall include in the audit documentation communications about fraud made to management, those charged with governance, regulators and others. If the auditor has concluded that the presumption that there is a risk of material misstatement due to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the auditor shall include in the audit documentation the reasons for that conclusion.
Risk factors relating to misstatements arising from fraudulent financial reporting The following are examples of risk factors relating to misstatements arising from fraudulent financial reporting. They are categorized into incentives/pressures, opportunities, and rationalization/attitudes. Incentives/Pressures Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as (or as indicated by): • High degree of competition or market saturation, accompanied by declining margins. • High vulnerability to rapid changes, such as changes in technology, product obsolescence, or interest rates. • Significant declines in customer demand and increasing business failures in either the industry or overall economy. • Operating losses making the threat of bankruptcy, foreclosure, or hostile takeover imminent. • Recurring negative cash flows from operations or an inability to generate cash flows from operations while reporting earnings and earnings growth. • Rapid growth or unusual profitability especially compared to that of other companies in the same industry. • New accounting, statutory, or regulatory requirements. Excessive pressure exists for management to meet the requirements or expectations of third parties due to the following: • Profitability or trend level expectations of investment analysts, institutional investors, significant creditors, or other external parties (particularly expectations that are unduly aggressive or unrealistic), including expectations created by management in, for example, overly optimistic press releases or annual report messages. • Need to obtain additional debt or equity financing to stay competitive – including financing of major research and development or capital expenditures. • Marginal ability to meet exchange listing requirements or debt repayment or other debt covenant requirements. • Perceived or real adverse effects of reporting poor financial results on significant pending transactions, such as business combinations or contract awards. Information available indicates that the personal financial situation of management or those charged with governance is threatened by the entity’s financial performance arising from the following: • Significant financial interests in the entity. • Significant portions of their compensation (for example, bonuses, stock options, and earn-out arrangements) being contingent upon achieving aggressive targets for stock price, operating results, financial position, or cash flow. • Personal guarantees of debts of the entity. There is excessive pressure on management or operating personnel to meet financial targets established by those charged with governance, including sales or profitability incentive goals. Opportunities The nature of the industry or the entity’s operations provides opportunities to engage in fraudulent financial reporting that can arise from the following: • Significant related-party transactions not in the ordinary course of business or with related entities not audited or audited by another firm.
36
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N • • • • • •
A strong financial presence or ability to dominate a certain industry sector that allows the entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-arm’s-length transactions. Assets, liabilities, revenues, or expenses based on significant estimates that involve subjective judgments or uncertainties that are difficult to corroborate. Significant, unusual, or highly complex transactions, especially those close to period end that pose difficult “ substance over form” questions. Significant operations located or conducted across international borders in jurisdictions where differing business environments and cultures exist. Use of business intermediaries for which there appears to be no clear business justification. Significant bank accounts or subsidiary or branch operations in tax-haven jurisdictions for which there appears to be no clear business justification.
The monitoring of management is not effective as a result of the following: • Domination of management by a single person or small group (in a non owner managed business) without compensating controls. • Oversight by those charged with governance over the financial reporting process and internal control is not effective. There is a complex or unstable organizational structure, as evidenced by the following: • Difficulty in determining the organization or individuals that have controlling interest in the entity. • Overly complex organizational structure involving unusual legal entities or managerial lines of authority. • High turnover of senior management, legal counsel, or those charged with governance. Internal control components are deficient as a result of the following: • Inadequate monitoring of controls, including automated controls and controls over interim financial reporting (where external reporting is required). • High turnover rates or employment of accounting, internal audit, or information technology staff that are not effective. • Accounting and information systems that are not effective, including situations involving significant deficiencies in internal control. Attitudes/Rationalizations • Communication, implementation, support, or enforcement of the entity’s values or ethical standards by management, or the communication of inappropriate values or ethical standards, that is not effective. • Non financial management’s excessive participation in or preoccupation with the selection of accounting policies or the determination of significant estimates. • Known history of violations of securities laws or other laws and regulations, or claims against the entity, its senior management, or those charged with governance alleging fraud or violations of laws and regulations. • Excessive interest by management in maintaining or increasing the entity’s stock price or earnings trend. • The practice by management of committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts. • Management failing to remedy known significant deficiencies in internal control on a timely basis. • An interest by management in employing inappropriate means to minimize reported earnings for tax-motivated reasons. • Low morale among senior management. • The owner-manager makes no distinction between personal and business transactions.
37
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
• Dispute between shareholders in a closely held entity. • Recurring attempts by management to justify marginal or inappropriate accounting on the basis of materiality. • The relationship between management and the current or predecessor auditor is strained, as exhibited by the following: o Frequent disputes with the current or predecessor auditor on accounting, auditing, or reporting matters. o Unreasonable demands on the auditor, such as unrealistic time constraints regarding the completion of the audit or the issuance of the auditor’s report. o Restrictions on the auditor that inappropriately limit access to people or information or the ability to communicate effectively with those charged with governance. o Domineering management behavior in dealing with the auditor, especially involving attempts to influence the scope of the auditor’s work or the selection or continuance of personnel assigned to or consulted on the audit engagement.
APPENDIX: Examples of possible audit procedures to address the assessed risks of material misstatement due to fraud 1. Consideration at the assertion level Specific responses to the auditor’s assessment of the risks of material misstatement due to fraud will vary depending upon the types or combinations of fraud risk factors or conditions identified, and the classes of transactions, account balances, disclosures and assertions they may affect. The following are specific examples of responses: • Visiting locations or performing certain tests on a surprise or unannounced basis. For example, observing inventory at locations where auditor attendance has not been previously announced or counting cash at a particular date on a surprise basis. • Requesting that inventories be counted at the end of the reporting period or on a date closer to period end to minimize the risk of manipulation of balances in the period between the date of completion of the count and the end of the reporting period. • Altering the audit approach in the current year. For example, contacting major customers and suppliers orally in addition to sending written confirmation, sending confirmation requests to a specific party within an organization, or seeking more or different information. • Performing a detailed review of the entity’s quarter-end or year-end adjusting entries and investigating any that appear unusual as to nature or amount. • For significant and unusual transactions, particularly those occurring at or near year-end, investigating the possibility of related parties and the sources of financial resources supporting the transactions. • Performing substantive analytical procedures using disaggregated data. For example, comparing sales and cost of sales by location, line of business or month to expectations developed by the auditor. Conducting interviews of personnel involved in areas where a risk of material misstatement due to fraud has been identified, to obtain their insights about the risk and whether, or how, controls address the risk. • When other independent auditors are auditing the financial statements of one or more subsidiaries, divisions or branches, discussing with them the extent of work necessary to be performed to address the assessed risk of material misstatement due to fraud resulting from transactions and activities among these components. • If the work of an expert becomes particularly significant with respect to a financial statement item for which the assessed risk of misstatement due to fraud is high, performing additional procedures relating to some or all of the expert’s assumptions, methods or findings to determine that the findings are not unreasonable, or engaging another expert for that purpose. • Performing audit procedures to analyze selected opening balance sheet accounts of previously audited financial
38
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N • • • •
statements to assess how certain issues involving accounting estimates and judgments, for example, an allowance for sales returns, were resolved with the benefit of hindsight. Performing procedures on account or other reconciliations prepared by the entity, including considering reconciliations performed at interim periods. Performing computer-assisted techniques, such as data mining to test for anomalies in a population. Testing the integrity of computer-produced records and transactions. Seeking additional audit evidence from sources outside of the entity being audited.
6.0
ISA 250: Consideration of Laws and Regulations in an Audit of Financial Statements Effect of Laws and Regulations The provisions of some laws or regulations have a direct effect on the financial statements in that they determine the reported amounts and disclosures in an entity’s financial statements. Other laws or regulations are to be complied with by management or set the provisions under which the entity is allowed to conduct its business but do not have a direct effect on an entity’s financial statements.
Responsibility for compliance with Laws and Regulations It is the responsibility of management, with the oversight of those charged with governance, to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations, including compliance with the provisions of laws and regulations that determine the reported amounts and disclosures in an entity’s financial statements.
Responsibility of auditor It depends on the categorization of the laws and regulations: a) The provisions of those laws and regulations are generally recognized to have a direct effect on the determination of material amounts and disclosures in the financial statements such as tax and pension laws and regulations-the auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations. b) Other laws and regulations that do not have a direct effect on the determination of the amounts and disclosures in the financial statements, but compliance with which may be fundamental to the operating aspects of the business, to an entity’s ability to continue its business, or to avoid material penalties e.g. environmental laws - the auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements.
Requirements As part of obtaining an understanding of the entity and its environment the auditor shall obtain a general understanding of: a) The legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates; and b) How the entity is complying with that framework
39
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The auditor should Inquire of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and Inspect correspondence, if any, with the relevant licensing or regulatory authorities. The auditor shall request management and, where appropriate, those charged with governance to provide written representations that all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements have been disclosed to the auditor In the absence of identified or suspected non-compliance, the auditor is not required to perform audit procedures regarding the entity’s compliance with laws and regulations, other than those set out above.
Audit procedures when Non-Compliance is identified or suspected If the auditor suspects there may be non-compliance, the auditor shall discuss the matter with management and, where appropriate, those charged with governance. If the effect of the suspected non-compliance may be material to the financial statements, the auditor shall consider the need to obtain legal advice. If sufficient information about suspected non-compliance cannot be obtained, the auditor shall evaluate the effect of the lack of sufficient appropriate audit evidence on the auditor’s opinion. The auditor shall evaluate the implications of noncompliance in relation to other aspects of the audit, including the auditor’s risk assessment and the reliability of written representations, and take appropriate action.
Reporting of identified or suspected Non-Compliance If, in the auditor’s judgment, the non-compliance is believed to be intentional and material, the auditor shall communicate the matter to those charged with governance as soon as practicable. If the auditor suspects that management or those charged with governance are involved in non-compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it exists, such as an audit committee or supervisory board. Where no higher authority exists, or if the auditor believes that the communication may not be acted upon or is unsure as to the person to whom to report, the auditor shall consider the need to obtain legal advice. If the auditor has identified or suspects non-compliance with laws and regulations, the auditor shall determine whether the auditor has a responsibility to report the identified or suspected non-compliance to parties outside the entity.
7.0
ISA 260: Reporting to those charged with Governance Matters to be communicated The auditor’s responsibilities in relation to the financial statement audit That the auditor is responsible for forming and expressing an opinion on the financial statements that have been prepared by management with the oversight of those charged with governance; and the audit of the financial statements does not relieve management or those charged with governance of their responsibilities. Planned scope and timing of the audit The auditor shall communicate with those charged with governance an overview of the planned scope and timing of the audit.
40
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Significant findings from the audit • The auditor’s views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures. When applicable, the auditor shall explain to those charged with governance why the auditor considers a significant accounting practice that is acceptable under the applicable financial reporting framework, not to be most appropriate to the particular circumstances of the entity. • Significant difficulties, if any, encountered during the audit; • Significant matters, if any, arising from the audit that were discussed, or subject to correspondence with management • Written representations the auditor is requesting; • Other matters, if any, arising from the audit that, in the auditor’s professional judgment, is significant to the oversight of the financial reporting process. Auditor independence In the case of listed entities, the auditor shall communicate with those charged with governance; • A statement that the engagement team and others in the firm as appropriate, the firm and, when applicable, network firms have complied with relevant ethical requirements regarding independence • The related safeguards that have been applied to eliminate identified threats to independence or reduce them to an acceptable level.
The Communication Process The auditor shall communicate in writing with those charged with governance regarding significant findings from the audit if, in the auditor’s professional judgment, oral communication would not be adequate. Written communications need not include all matters that arose during the course of the audit. The auditor shall communicate in writing with those charged with governance regarding auditor independence when required as above. The auditor shall communicate with those charged with governance on a timely basis.
8.0
ISA 265: Communicating Deficiencies in Internal Control to
those charged with Governance and Management Requirements
If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. Indicators of significant deficiencies in internal control include, i. Evidence of ineffective aspects of the control environment, such as: • Indications that significant transactions in which management is financially interested are not being appropriately scrutinized by those charged with governance.
41
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
• Identification of management fraud, whether or not material, that was not prevented by the entity’s internal control. • Management’s failure to implement appropriate remedial action on significant deficiencies previously communicated ii. Absence of a risk assessment process within the entity where such a process would ordinarily be expected to have been established. iii. Evidence of an ineffective entity risk assessment process, such as management’s failure to identify a risk of material misstatement that the auditor would expect the entity’s risk assessment process to have identified. iv. Evidence of an ineffective response to identified significant risks (for example, absence of controls over such a risk). The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to management and those charged with governance on a timely basis. The auditor shall include in the written communication of significant deficiencies in internal control: • A description of the deficiencies and an explanation of their potential effects; and • Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that the audit included consideration of internal control relevant to the preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control and that the matters being reported are limited to those deficiencies that the auditor has identified during the audit
9.0
ISA 300: Planning Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan.
Involvement of key engagement team members The engagement partner and other key members of the engagement team shall be involved in planning the audit, including planning and participating in the discussion among engagement team members. In establishing the overall audit strategy, the auditor shall: a) Identify the characteristics of the engagement that define its scope; b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; c) Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts; d) Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and e) Ascertain the nature, timing and extent of resources necessary to perform the engagement.
42
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Documentation The auditor shall include in the audit documentation: a) The overall audit strategy; b) The audit plan; and c) Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes.
Additional considerations in initial audit engagements The auditor shall undertake the following activities prior to starting an initial audit: a) Performing procedures required by ISA 220 regarding the acceptance of the client relationship and the specific audit engagement; and b) Communicating with the predecessor auditor, where there has been a change of auditors, in compliance with relevant ethical requirements. Planning is not a discrete phase of an audit, but rather a continual and iterative process. It includes the need to consider, prior to the auditor’s identification and assessment of the risks of material misstatement, such matters as: • The analytical procedures to be applied as risk assessment procedures. • Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework. • The determination of materiality. • The involvement of experts. • The performance of other risk assessment procedures.
Planning activities The Overall Audit Strategy It is a high level approach to addressing the key risks in an audit. It can be presented as a memorandum showing how the various risks are to be approached. It is summarized by the Audit Comfort Matrix (ACM) and the Summary of Comfort (SoC) as illustrated below: AUDIT COMFORT MATRIX FINANCIAL KEY RISK REPORTING AREA
ACCOUNTING ASSERTIONS
AUDIT APPROACH
Revenues and Revenue leakages Completeness, receivables Accuracy
Test of controls, substantive analytics and tests of detail
Inventory Stock losses
Attend stock counting exercise
Existence, Accuracy, Completeness
43
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
SUMMARY OF COMFORT RECEIVABLES AREA
ASSERTIONS
Key Risks: Revenue leakages
C
A
E/O R&O
V
Internal Controls testing Review controls over account opening: X X Using sampling guidance, we shall pick a sample of new accounts opened during the period and verify that they were appropriately authorized.
Controls over credit limits Using sampling guidance, we shall pick a sample of X receivable accounts and ensure that there is proper authorization of credit balances.
X
X
CL
X
Substantive analytical procedures x Ratio analysis: compute debtor days, gross profit margins etc. Determine whether the analysis is reasonable. Substantive tests of detail
Debtor circularization Using sampling guidance, pick a sample of debtors and send debtor confirmations under our control. Document the results of the circularization and investigate any significant variances.
Provisioning: test the mathematical accuracy of the provisioning. Ensure that the estimates used are reasonable in light of prior year results.
x
x
x
X
x
x
x
Presentation and classification: Ensure that the receivables are presented in accordance with IAS 1 (Presentation of Financial Statements)
x
The audit plan It is a more detailed version of the overall audit strategy. It shows not only the procedures to be carried out, but also the timing of the procedures. It specifies whether there are interim audits, or just one visit. See excel worksheet below (double-click on the table to show the entire worksheet)
44
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
EL EM TS A1 A2 Client Acceptance and Continuance 3 4 Planning Letter of Engagement 1 Initial client meeting 1 1 1 Project budge 5 Business Analysis Framework 5 Analytics and Materiality 3 Fraud risk Questionnaire 2 SOC and ACM 4 8 Mobilisation Meeting 1 1 1 1 1 Reviews 5 5 Total Planning time 10 15 26 1 1
Total
53
Internal Controls review Revenues and Receivables Cycle 20 Purchases and Payables Cycle 20 Property,Plant and Equipment 20 Operating Expenses 20 IT General Controls 20 Reviews 2 10 20 Taking Stock Meeting 1 1 1 1 1 Total internal controls time 3 11 41 41 41
137
Substantive procedures Cash and bank 15 Receivables 15 Payables 15 Revenues 10 Cost of sales 15 Operating expenses 15 Financial assets 15 Reviews 2 5 10 0 0 Total substantive tests time 2 5 20 45 45
117
Completion activities Financial statements 5 20 Audit opinion 2 Summary of Adjusted Differences 8 Summary of Unadjusted Differences 8 File signoff and archiving 3 7 Reviews 1 5 0 Total time: Completion 1 13 45 0 0 Estimated Total Engagement time
16
44
132
87
87
366
Key: EL - Engagement Leader, EM - Engagement Manager, TS - Team Senior, A- Team members
45
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
10.0
ISA 315: Identifying and Assessing the Risks of Material Misstatement through understanding the Entity and its Environment Risk assessment procedures and related activities The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion The risk assessment procedures shall include the following: a) Inquiries of management and of others within the entity who in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error. b) Analytical procedures. c) Observation and inspection. If the engagement partner has performed other engagements for the entity, the engagement partner shall consider whether information obtained is relevant to identifying risks of material misstatement.
The required understanding of the entity and its environment, including the entity’s internal control The entity and its environment The auditor shall obtain an understanding of the following: a) Relevant industry, regulatory, and other external factors including the applicable financial reporting framework b) The nature of the entity, including: its operations; its ownership and governance structures; the types of investments that the entity is making and plans to make, including investments in special-purpose entities; and the way that the entity is structured and how it is financed to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. c) The entity’s selection and application of accounting policies, including the reasons for changes thereto. d) The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement e) The measurement and review of the entity’s financial performance. The auditor shall obtain an understanding of internal control relevant to the audit. When obtaining an understanding of controls that are relevant to the audit, the auditor shall evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity’s personnel. The auditor shall obtain an understanding of whether the entity has a risk assessment process for: a) Identifying business risks relevant to financial reporting objectives; b) Estimating the significance of the risks; c) Assessing the likelihood of their occurrence; and d) Deciding about actions to address those risks.
46
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N If the entity has not established such a process or has an ad hoc process, the auditor shall discuss with management whether business risks relevant to financial reporting objectives have been identified and how they have been addressed. The auditor shall evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or determine whether it represents a significant deficiency in internal control. The auditor shall obtain an understanding of the information system, including the related business processes, relevant to financial reporting. In exercising judgment as to which risks are significant risks, the auditor shall consider at least the following: a) Whether the risk is a risk of fraud; b) Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention; c) The complexity of transactions; d) Whether the risk involves significant transactions with related parties; e) The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and f) Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual. If the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk. In respect of some risks, the auditor may judge that it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures e.g. those involving highly automated processing (interest computation by banks etc) In such cases, the entity’s controls over such risks are relevant to the audit and the auditor shall obtain an understanding of them. The auditor’s assessment of the risks of material misstatement at the assertion level may change during the course of the audit as additional audit evidence is obtained. In such cases, the auditor shall revise the assessment and modify the further planned audit procedures accordingly
Limitations of internal control Internal control, no matter how effective, can provide an entity with only reasonable assurance about achieving the entity’s financial reporting objectives. The likelihood of their achievement is affected by the inherent limitations of internal control; • there may be an error in the design of, or in the change to, a control • Controls can be circumvented by the collusion of two or more people or inappropriate management override of internal control. • in designing and implementing controls, management may make judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume
Division of internal control into components The division of internal control into the following five components, for purposes of the ISAs, provides a useful framework for auditors to consider how different aspects of an entity’s internal control may affect the audit: a) The control environment; b) The entity’s risk assessment process; c) The information system, including the related business processes, relevant to financial reporting, and communication; d) Control activities; and e) Monitoring of controls.
47
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The division does not necessarily reflect how an entity designs, implements and maintains internal control, or how it may classify any particular component. Auditors may use different terminology or frameworks to describe the various aspects of internal control, provided they cover all the components. Components of internal control - control environment Elements of the control environment that may be relevant when obtaining an understanding of the control environment include the following: a) Communication and enforcement of integrity and ethical values – These are essential elements that influence the effectiveness of the design, administration and monitoring of controls. b) Commitment to competence – Matters such as management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge. c) Participation by those charged with governance – Attributes of those charged with governance such as: • Their independence from management. • Their experience and stature. • The extent of their involvement and the information they receive, and the scrutiny of activities. • The appropriateness of their actions, including the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors. d) Management’s philosophy and operating style – Characteristics such as management’s: • Approach to taking and managing business risks. • Attitudes and actions toward financial reporting. • Attitudes toward information processing and accounting functions and personnel. e) Organizational structure – The framework, within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed. f) Assignment of authority and responsibility – Matters such as how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. Components of Internal Control – the entity’s risk assessment process The entity’s risk assessment process forms the basis for how management determines the risks to be managed. Whether the entity’s risk assessment process is appropriate to the circumstances is a matter of judgment. Components of Internal Control – the information system, including the related business processes, relevant to financial reporting, and communication The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to Ensure information required to be disclosed by the applicable financial reporting framework is accumulated, recorded, processed, summarized and appropriately reported in the financial statements. An entity’s business processes are the activities designed to: • Develop, purchase, produce, sell and distribute an entity’s products and services; • Ensure compliance with laws and regulations; and • Record information, including accounting and financial reporting information. Components of Internal Control – control activities Control activities are the policies and procedures that help ensure that management directives are carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various organizational and functional levels. Examples of specific control activities include those relating to the following: • Authorization. • Performance reviews.
48
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N • Information processing. • Physical controls. • Segregation of duties. Components of Internal Control – Monitoring of controls Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves assessing the effectiveness of controls on a timely basis and taking necessary remedial actions.
Assertions Assertions used by the auditor to consider the different types of potential misstatements that may occur fall into the following three categories and may take the following forms: a) Assertions about classes of transactions and events for the period under audit: i) Occurrence – transactions and events that have been recorded have occurred and pertain to the entity. ii) Completeness – all transactions and events that should have been recorded have been recorded. iii) Accuracy – amounts and other data relating to recorded transactions and events have been recorded appropriately. iv) Cutoff – transactions and events have been recorded in the correct accounting period. v) Classification – transactions and events have been recorded in the proper accounts. b) Assertions about account balances at the period end: i) Existence – assets, liabilities, and equity interests exist. ii) Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. iii) Completeness – all assets, liabilities and equity interests that should have been recorded have been recorded. iv) Valuation and allocation – assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. c) Assertions about presentation and disclosure: i) Occurrence and rights and obligations – disclosed events, transactions, and other matters have occurred and pertain to the entity. ii) Completeness – all disclosures that should have been included in the financial statements have been included. iii) Classification and understandability – financial information is appropriately presented and described, and disclosures are clearly expressed. iv) Accuracy and valuation – financial and other information are disclosed fairly and at appropriate amounts. The auditor may use the assertions as described above or may express them differently provided all aspects described above have been covered. For example, the auditor may choose to combine the assertions about transactions and events with the assertions about account balances.
Risks for which substantive procedures alone do not provide sufficient appropriate audit evidence Risks of material misstatement may relate directly to the recording of routine classes of transactions or account balances, and the preparation of reliable financial statements. Such risks may include risks of inaccurate or incomplete processing for routine and significant classes of transactions such as an entity’s revenue, purchases, and cash receipts or cash payments. Where such routine business transactions are subject to highly automated processing with little or no manual intervention, it may not be possible to perform only substantive procedures in relation to the risk.
49
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Documentation The auditor shall include in the audit documentation; a) The discussion among the engagement team where required, and the significant decisions reached; b) Key elements of the understanding obtained regarding each of the aspects of the entity and its environment and of each of the internal control components, the sources of information from which the understanding was obtained; and the risk assessment procedures performed; c) The identified and assessed risks of material misstatement at the financial statement level and at the assertion l level; and d) The risks identified, and related controls about which the auditor has obtained an understanding. For recurring audits, certain documentation may be carried forward, updated as necessary to reflect changes in the entity’s business or processes. Appendix: Conditions and events that may indicate risks of material misstatement • Operations in regions that are economically unstable, for example, countries with significant currency devaluation or highly inflationary economies. • Operations exposed to volatile markets, for example, futures trading. • Operations that are subject to a high degree of complex regulation. • Going concern and liquidity issues including loss of significant customers. • Constraints on the availability of capital and credit. • Changes in the industry in which the entity operates. • Changes in the supply chain. • Developing or offering new products or services, or moving into new lines of business. • Expanding into new locations. • Changes in the entity such as large acquisitions or reorganizations or other unusual events. • Entities or business segments likely to be sold. • The existence of complex alliances and joint ventures. • Use of off-balance-sheet finance, special-purpose entities, and other complex financing arrangements. • Significant transactions with related parties. • Lack of personnel with appropriate accounting and financial reporting skills. • Changes in key personnel including departure of key executives. • Deficiencies in internal control, especially those not addressed by management. • Inconsistencies between the entity’s IT strategy and its business strategies. • Changes in the IT environment.
11.0
ISA 320: Materiality in Planning and Performing an Audit Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements; Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group. The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.
50
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N The auditor’s determination of materiality is a matter of professional judgment, and is affected by the auditor’s perception of the financial information needs of users of the financial statements. In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material. These judgments provide a basis for: a) Determining the nature, timing and extent of risk assessment procedures; b) Identifying and assessing the risks of material misstatement; and c) Determining the nature, timing and extent of further audit procedures. The materiality determined when planning the audit does not necessarily establish an amount below which uncorrected misstatements, individually or in the aggregate, will always be evaluated as immaterial. The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below materiality e.g. taxation. When establishing the overall audit strategy, the auditor shall determine materiality for the financial statements as a whole (Overall Materiality). If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor shall also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures (Summary of Unadjusted Differences Materiality/SUD materiality/de minimis materiality). This is normally given as 5% of overall materiality. The auditor shall determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing and extent of further audit procedures (Planning materiality). In determining planning materiality, the auditor shall apply a haircut to the overall materiality. This shall be between 25% to 50% of the overall materiality. For example, if overall materiality is $100, and the haircut is taken to 25%, then planning materiality is $75 (100-25%*100)
Revision as the audit progresses The auditor shall revise materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) in the event of becoming aware of information during the audit that would have caused the auditor to have determined a different amount (or amounts) initially.
Documentation The auditor shall include in the audit documentation the following amounts and the factors considered in their determination: a) Materiality for the financial statements as a whole; b) If applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures; c) Performance materiality; and d) Any revision of (a)-(c) as the audit progressed
Use of benchmarks in determining materiality for the financial statements as a whole A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole. Factors that may affect the identification of an appropriate benchmark include the following: • The elements of the financial statements (for example, assets, liabilities, equity, revenue, expenses);
51
T H E
R U M A • •
C P A
A U D I T
G U I D E
M A N U A L
Whether there are items on which the attention of the users of the particular entity’s financial statements tends to be focused (for example, for the purpose of evaluating financial performance users may tend to focus on profit, revenue or net assets) Profit before tax from continuing operations is often used for profit-oriented entities; The relative volatility of the benchmark.
There is a relationship between the percentage and the chosen benchmark, such that a percentage applied to profit before tax from continuing operations will normally be higher than a percentage applied to total revenue. For example, the auditor may consider five percent of profit before tax from continuing operations to be appropriate for a profitoriented entity in a manufacturing industry, while the auditor may consider one percent of total revenue or total expenses to be appropriate for a not-for-profit entity. Higher or lower percentages, however, may be deemed appropriate in the circumstances
Performance materiality Performance materiality is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole.
12.0
ISA 330: The Auditor’s Responses to Assessed Risks The auditor shall design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. In designing the further audit procedures to be performed, the auditor shall: a) Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including: i) The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and ii) Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures) b) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk. Tests of controls The auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if: a) The auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); or b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level. In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control.
52
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Timing of tests of controls The auditor shall test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls. Testing at the interim period If the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor shall: a) Obtain audit evidence about significant changes to those controls subsequent to the interim period; and b) Determine the additional audit evidence to be obtained for the remaining period. If the auditor had tested the controls at the interim audit stage and he confirms through inquiry of management that there has been no change in the controls, then there is no need to test the control for the remaining period. Reliance on prior year’s testing of controls If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor shall establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to the previous audit. The auditor shall obtain this evidence by performing inquiry combined with observation or inspection, to confirm the understanding of those specific controls, and: a) If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor shall test the controls in the current audit. b) If there have not been such changes, the auditor shall test the controls at least once in every third audit, and shall test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods Controls over significant risks If the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor shall test those controls in the current period. Nature and extent of tests of controls Inquiry alone is not sufficient to test the operating effectiveness of controls. Accordingly, other audit procedures are performed in combination with inquiry. In this regard, inquiry combined with inspection or reperformance may provide more assurance than inquiry and observation, since an observation is pertinent only at the point in time at which it is made. When more persuasive audit evidence is needed regarding the effectiveness of a control, it may be appropriate to increase the extent of testing of the control. As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following: • The frequency of the performance of the control by the entity during the period. • The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. • The expected rate of deviation from a control. • The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level. • The extent to which audit evidence is obtained from tests of other controls related to the assertion.
53
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Evaluating the operating effectiveness of controls If deviations from controls upon which the auditor intends to rely are detected, the auditor shall make specific inquiries to understand these matters and their potential consequences, and shall determine whether: a) The tests of controls that have been performed provide an appropriate basis for reliance on the controls; b) Additional tests of controls are necessary; or c) The potential risks of misstatement need to be addressed using substantive procedures. A material misstatement detected by the auditor’s procedures is a strong indicator of the existence of a significant deficiency in internal control. The concept of effectiveness of the operation of controls recognizes that some deviations in the way controls are applied by the entity may occur.
Substantive procedures Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure. Substantive procedures can be either substantive analytical procedures or substantive tests of detail. Substantive procedures related to the financial statement closing process The auditor’s substantive procedures shall include the following audit procedures related to the financial statement closing process: a) Agreeing or reconciling the financial statements with the underlying accounting records; and b) Examining material journal entries and other adjustments made during the course of preparing the financial statements. The auditor shall perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework. Substantive procedures responsive to significant risks If the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor shall perform substantive procedures that are specifically responsive to that risk. When the approach to a significant risk consists only of substantive procedures (i.e. there are no tests of control), those procedures shall include tests of details. Timing of substantive procedures If substantive procedures are performed at an interim date, the auditor shall cover the remaining period by performing: a) Substantive procedures, combined with tests of controls for the intervening period; or b) if the auditor determines that it is sufficient, further substantive procedures only, that provide a reasonable basis for extending the audit conclusions from the interim date to the period end.
Evaluating the sufficiency and appropriateness of audit evidence Based on the audit procedures performed and the audit evidence obtained, the auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements.
54
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Documentation The auditor shall include in the audit documentation: a) The overall responses to address the assessed risks of material misstatement at the financial statement level, and the nature, timing, and extent of the further audit procedures performed; b) The linkage of those procedures with the assessed risks at the assertion level; and c) The results of the audit procedures, including the conclusions where these are not otherwise clear. The auditor’s documentation shall demonstrate that the financial statements agree or reconcile with the underlying accounting records.
13.0 ISA 402: Audit Considerations relating to an Entity using a Service Organization This International Standard on Auditing (ISA) deals with the user auditor’s responsibility to obtain sufficient appropriate audit evidence when a user entity uses the services of one or more service organizations. Many entities outsource aspects of their business to organizations that provide services ranging from performing a specific task under the direction of an entity to replacing an entity’s entire business units or functions, such as the tax compliance function. Many of the services provided by such organizations are integral to the entity’s business operations; however, not all those services are relevant to the audit. Services provided by a service organization are relevant to the audit of a user entity’s financial statements when those services, and the controls over them, are part of the user entity’s information system, including related business processes, relevant to financial reporting. Service auditor refers to an auditor who, at the request of the service organization, provides an assurance report on the controls of a service organization. User auditor refers to an auditor who audits and reports on the financial statements of a user entity. User entity refers to an entity that uses a service organization and whose financial statements are being audited. A service organization’s services are part of a user entity’s information system, including related business processes, relevant to financial reporting if these services affect any of the following: a) The classes of transactions in the user entity’s operations that are significant to the user entity’s financial statements; b) The procedures, within both information technology (IT) and manual systems, by which the user entity’s transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements; c) The related accounting records, either in electronic or manual form, supporting information and specific accounts in the user entity’s financial statements that are used to initiate, record, process and report the user entity’s transactions; this includes the correction of incorrect information and how information is transferred to the general ledger;
55
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
d) How the user entity’s information system captures events and conditions, other than transactions, that are significant to the financial statements; e) The financial reporting process used to prepare the user entity’s financial statements, including significant accounting estimates and disclosures; and f) Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments. The nature and extent of work to be performed by the user auditor regarding the services provided by a service organization depend on the nature and significance of those services to the user entity and the relevance of those services to the audit. When obtaining an understanding of internal control relevant to the audit in accordance with ISA 315, the user auditor shall evaluate the design and implementation of relevant controls at the user entity that relate to the services provided by the service organization, including those that are applied to the transactions processed by the service organization. The user auditor shall determine whether a sufficient understanding of the nature and significance of the services provided by the service organization and their effect on the user entity’s internal control relevant to the audit has been obtained to provide a basis for the identification and assessment of risks of material misstatement There are two types of reports: A. Report on the description and design of controls at a service organization (referred to in this ISA as a type 1 report) – A report that comprises: • A description, prepared by management of the service organization, of the service organization’s system, control objectives and related controls that have been designed and implemented as at a specified date; and • A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s opinion on the description of the service organization’s system, control objectives and related controls and the suitability of the design of the controls to achieve the specified control objectives. B. Report on the description, design, and operating effectiveness of controls at a service organization (referred to in this ISA as a type 2 report) – A report that comprises: • A description, prepared by management of the service organization, of the service organization’s system, control objectives and related controls, their design and implementation as at a specified date or throughout a specified period and, in some cases, their operating effectiveness throughout a specified period; and • A report by the service auditor with the objective of conveying reasonable assurance that includes the service auditor’s opinion on the description of the service organization’s system, control objectives and related controls, the suitability of the design of the controls to achieve the specified control objectives, and the operating effectiveness of the controls; and a description of the service auditor’s tests of the controls and the results thereof. If the user auditor is unable to obtain a sufficient understanding from the user entity, the user auditor shall obtain that understanding from one or more of the following procedures: a) Obtaining a type 1 or type 2 report, if available; b) Contacting the service organization, through the user entity, to obtain specific information; c) Visiting the service organization and performing procedures that will provide the necessary information about the relevant controls at the service organization; or d) Using another auditor to perform procedures that will provide the necessary information about the relevant controls at the service organization.
56
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N In determining the sufficiency and appropriateness of the audit evidence provided by a type 1 or type 2 report, the user auditor shall be satisfied as to the service auditor’s professional competence and independence from the service organization; and the adequacy of the standards under which the type 1 or type 2 report was issued. If the user auditor plans to use a type 1 or type 2 report as audit evidence to support the user auditor’s understanding about the design and implementation of controls at the service organization, the user auditor shall: a) Evaluate whether the description and design of controls at the service organization is at a date or for a period that is appropriate for the user auditor’s purposes; b) Evaluate the sufficiency and appropriateness of the evidence provided by the report for the understanding of the user entity’s internal control relevant to the audit; and c) Determine whether complementary user entity controls identified by the service organization are relevant to the user entity and, if so, obtain an understanding of whether the user entity has designed and implemented such controls. Tests of controls When the user auditor’s risk assessment includes an expectation that controls at the service organization are operating effectively, the user auditor shall obtain audit evidence about the operating effectiveness of those controls from one or more of the following procedures: a) Obtaining a type 2 report, if available; b) Performing appropriate tests of controls at the service organization; or c) Using another auditor to perform tests of controls at the service organization on behalf of the user auditor. Fraud, non-compliance with laws and regulations and uncorrected misstatements in relation to activities at the service organization The user auditor shall inquire of management of the user entity whether the service organization has reported to the user entity, or whether the user entity is otherwise aware of, any fraud, non-compliance with laws and regulations or uncorrected misstatements affecting the financial statements of the user entity. The user auditor shall evaluate how such matters affect the nature, timing and extent of the user auditor’s further audit procedures, including the effect on the user auditor’s conclusions and user auditor’s report. Reporting by the user auditor The user auditor shall modify the opinion in the user auditor’s report in accordance with ISA 705 if the user auditor is unable to obtain sufficient appropriate audit evidence regarding the services provided by the service organization relevant to the audit of the user entity’s financial statements. The user auditor shall not refer to the work of a service auditor in the user auditor’s report containing an unmodified opinion unless required by law or regulation to do so. If such reference is required by law or regulation, the user auditor’s report shall indicate that the reference does not diminish the user auditor’s responsibility for the audit opinion. If reference to the work of a service auditor is relevant to an understanding of a modification to the user auditor’s opinion, the user auditor’s report shall indicate that such reference does not diminish the user auditor’s responsibility for that opinion.
57
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
14.0
ISA 450: Evaluation of Misstatements Identified during the Audit Accumulation of identified misstatements The auditor shall accumulate misstatements identified during the audit, other than those that are clearly trivial.
Communication and correction of misstatements The auditor shall communicate on a timely basis all misstatements accumulated during the audit with the appropriate level of management, unless prohibited by law or regulation. The auditor shall request management to correct those misstatements. If management refuses to correct some or all of the misstatements communicated by the auditor, the auditor shall obtain an understanding of management’s reasons for not making the corrections and shall take that understanding into account when evaluating whether the financial statements as a whole are free from material misstatement.
Evaluating the effect of uncorrected misstatements The auditor shall determine whether uncorrected misstatements are material, individually or in aggregate. This is in the Summary of Unadjusted Differences. Communication with those charged with governance The auditor shall communicate with those charged with governance uncorrected misstatements and the effect that they, individually or in aggregate, may have on the opinion in the auditor’s report, unless prohibited by law or regulation. The auditor’s communication shall identify material uncorrected misstatements individually. The auditor shall request that uncorrected misstatements be corrected.
Written representation The auditor shall request a written representation from management and, where appropriate, those charged with governance whether they believe the effects of uncorrected misstatements are immaterial, individually and in aggregate, to the financial statements as a whole. A summary of such items shall be included in or attached to the written representation.
Documentation The auditor shall include in the audit documentation: a) The amount below which misstatements would be regarded as clearly trivial; b) All misstatements accumulated during the audit and whether they have been corrected; and c) The auditor’s conclusion as to whether uncorrected misstatements are material, individually or in aggregate, and the basis for that conclusion.
Summary Any differences above planning materiality (material items) need to adjust immediately in the Summary of Adjusted Differences. Any differences above SUD materiality but below planning materiality (non material items) need to be accumulated in the Summary of Unadjusted Differences. Any differences below SUD materiality (trivial items) are ignored.
58
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
15.0
ISA 500: Audit Evidence When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence. If information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes: a) Evaluate the competence, capabilities and objectivity of that expert - Knowledge of that expert’s qualifications, membership of a professional body or industry association, license to practice, or other forms of external recognition b) Obtain an understanding of the work of that expert; and c) Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.
Selecting items for testing to obtain audit evidence When designing tests of controls and tests of details, the auditor shall determine means of selecting items for testing that are effective in meeting the purpose of the audit procedure.
Inconsistency in, or doubts over reliability of, audit evidence If: a) audit evidence obtained from one source is inconsistent with that obtained from another; or b) the auditor has doubts over the reliability of information to be used as audit evidence, the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. Methods of obtaining audit evidence include: • Inspection: involves examining records or documents • Observation: consists of looking at a process or procedure being performed by others • External Confirmation: represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party • Recalculation: consists of checking the mathematical accuracy of documents or records. • Reperformance: involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. • Analytical procedures: consist of evaluations of financial information through analysis of plausible relationships among both financial and non-financial data • Inquiry: consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity
59
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Selecting items for testing to obtain audit evidence The means available to the auditor for selecting items for testing are: a) Selecting all items (100% examination); b) Selecting specific items; and c) Audit sampling. The application of any one or combination of these means may be appropriate depending on the particular circumstances. Selecting all items 100% examination is unlikely in the case of tests of controls; however, it is more common for tests of details. 100% examination may be appropriate when, for example: • The population constitutes a small number of large value items; • There is a significant risk and other means do not provide sufficient appropriate audit evidence; or • The repetitive nature of a calculation or other process performed automatically by an information system makes a 100% examination cost effective. Selecting specific items The auditor may decide to select specific items from a population. In making this decision, factors that may be relevant include the auditor’s understanding of the entity, the assessed risks of material misstatement, and the characteristics of the population being tested. Specific items selected may include: • High value or key items. The auditor may decide to select specific items within a population because they are of high value, or exhibit some other characteristic, for example, items that are suspicious, unusual, particularly risk- prone or that have a history of error. • All items over a certain amount. The auditor may decide to examine items whose recorded values exceed a certain amount so as to verify a large proportion of the total amount of a class of transactions or account balance. • Items to obtain information. The auditor may examine items to obtain information about matters such as the nature of the entity or the nature of transactions. While selective examination of specific items from a class of transactions or account balance will often be an efficient means of obtaining audit evidence, it does not constitute audit sampling. The results of audit procedures applied to items selected in this way cannot be projected to the entire population; accordingly, selective examination of specific items does not provide audit evidence concerning the remainder of the population. Audit sampling Audit sampling is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it.
60
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
16.0
ISA 501: Audit Evidence — Specific Considerations for Selected Items Inventory If inventory is material to the financial statements, the auditor shall obtain sufficient appropriate audit evidence regarding the existence and condition of inventory by: a) Attendance at physical inventory counting, unless impracticable, to: i) Evaluate management’s instructions and procedures for recording and controlling the results of the entity’s physical inventory counting; ii) Observe the performance of management’s count procedures; iii) Inspect the inventory; and iv) Perform test counts; and b) Performing audit procedures over the entity’s final inventory records to determine whether they accurately reflect actual inventory count results. If physical inventory counting is conducted at a date other than the date of the financial statements, the auditor shall, in addition to the procedures required by , perform audit procedures to obtain audit evidence about whether changes in inventory between the count date and the date of the financial statements are properly recorded. If the auditor is unable to attend physical inventory counting due to unforeseen circumstances, the auditor shall make or observe some physical counts on an alternative date, and perform audit procedures on intervening transactions. If it is not possible to do so, the auditor shall modify the opinion in the auditor’s report. If inventory under the custody and control of a third party is material to the financial statements, the auditor shall obtain sufficient appropriate audit evidence regarding the existence and condition of that inventory by performing one or both of the following: a) Request confirmation from the third party as to the quantities and condition of inventory held on behalf of the entity. b) Perform inspection or other audit procedures appropriate in the circumstances.
Litigation and Claims The auditor shall design and perform audit procedures in order to identify litigation and claims involving the entity which may give rise to a risk of material misstatement, including: a) Inquiry of management and, where applicable, others within the entity, including in-house legal counsel; b) Reviewing minutes of meetings of those charged with governance and correspondence between the entity and its external legal counsel; and c) Reviewing legal expense accounts If the auditor assesses a risk of material misstatement regarding litigation or claims that have been identified, or when audit procedures performed indicate that other material litigation or claims may exist, the auditor shall, in addition to the procedures required by other ISAs, seek direct communication with the entity’s external legal counsel. If: a) management refuses to give the auditor permission to communicate or meet with the entity’s external legal counsel, or the entity’s external legal counsel refuses to respond appropriately to the letter of inquiry, or is prohibited from responding; and
61
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) the auditor is unable to obtain sufficient appropriate audit evidence by performing alternative audit procedures, the auditor shall modify the opinion in the auditor’s report Written representations The auditor shall request management and, where appropriate, those charged with governance to provide written representations that all known actual or possible litigation and claims whose effects should be considered when preparing the financial statements have been disclosed to the auditor and accounted for and disclosed in accordance with the applicable financial reporting framework.
Segment information The auditor shall obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment information in accordance with the applicable financial reporting framework by: a) Obtaining an understanding of the methods used by management in determining segment information, and: i) Evaluating whether such methods are likely to result in disclosure in accordance with the applicable financial reporting framework; and ii) Where appropriate, testing the application of such methods; and b) Performing analytical procedures or other audit procedures appropriate in the circumstances.
17.0
ISA 505: External Confirmations External confirmation procedures to obtain audit evidence Audit evidence in the form of external confirmations received directly by the auditor from confirming parties may be more reliable than evidence generated internally by the entity. This is because: • Audit evidence is more reliable when it is obtained from independent sources outside the entity. • Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference. • Audit evidence is more reliable when it exists in documentary form, whether paper, electronic or other medium.
External confirmation procedures When using external confirmation procedures, the auditor shall maintain control over external confirmation requests, including: a) Determining the information to be confirmed or requested; b) Selecting the appropriate confirming party; c) Designing the confirmation requests, including determining that requests are properly addressed and contain return information for responses to be sent directly to the auditor; and d) Sending the requests, including follow-up requests when applicable, to the confirming party.
Management’s refusal to allow the auditor to send a confirmation request If management refuses to allow the auditor to send a confirmation request, the auditor shall: a) Inquire as to management’s reasons for the refusal, and seek audit evidence as to their validity and reasonableness;
62
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N b) Evaluate the implications of management’s refusal on the auditor’s assessment of the relevant risks of material misstatement, including the risk of fraud, and on the nature, timing and extent of other audit procedures; and c) Perform alternative audit procedures designed to obtain relevant and reliable audit evidence If the auditor concludes that management’s refusal to allow the auditor to send a confirmation request is unreasonable, or the auditor is unable to obtain relevant and reliable audit evidence from alternative audit procedures, the auditor shall communicate with those charged with governance.
Results of the external confirmation procedures Reliability of responses to confirmation requests If the auditor identifies factors that give rise to doubts about the reliability of the response to a confirmation request, the auditor shall obtain further audit evidence to resolve those doubts. If the auditor determines that a response to a confirmation request is not reliable, the auditor shall evaluate the implications on the assessment of the relevant risks of material misstatement, including the risk of fraud, and on the related nature, timing and extent of other audit procedures. Non-Responses In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. When a response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence If the auditor has determined that a response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence, alternative audit procedures will not provide the audit evidence the auditor requires. If the auditor does not obtain such confirmation, the auditor shall determine the implications for the audit and the auditor’s opinion. Exceptions The auditor shall investigate exceptions to determine whether or not they are indicative of misstatements.
Negative confirmations Negative confirmations provide less persuasive audit evidence than positive confirmations. Accordingly, the auditor shall not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: a) The auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion; b) The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous, account balances, transactions or conditions; c) A very low exception rate is expected; and d) The auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests.
Evaluating the evidence obtained The auditor shall evaluate whether the results of the external confirmation procedures provide relevant and reliable audit evidence, or whether further audit evidence is necessary.
63
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
18.0
ISA 510: Initial Audit Engagements — Opening Balances Initial audit engagement – An engagement in which either: i) The financial statements for the prior period were not audited; or ii) The financial statements for the prior period were audited by a predecessor auditor The auditor shall read the most recent financial statements, if any and the predecessor auditor’s report thereon, if any, for information relevant to opening balances, including disclosures. The auditor shall obtain sufficient appropriate audit evidence about whether the opening balances contain misstatements that materially affect the current period’s financial statements by: a) Determining whether the prior period’s closing balances have been correctly brought forward to the current period or, when appropriate, have been restated; b) Determining whether the opening balances reflect the application of appropriate accounting policies; and c) Performing one or more of the following: i) Where the prior year financial statements were audited, reviewing the predecessor auditor’s working papers to obtain evidence regarding the opening balances; ii) Evaluating whether audit procedures performed in the current period provide evidence relevant to the opening balances; or iii) Performing specific audit procedures to obtain evidence regarding the opening balances. If the auditor obtains audit evidence that the opening balances contain misstatements that could materially affect the current period’s financial statements, the auditor shall perform such additional audit procedures as are appropriate in the circumstances to determine the effect on the current period’s financial statements. If the auditor concludes that such misstatements exist in the current period’s financial statements, the auditor shall communicate the misstatements with the appropriate level of management and those charged with governance. Consistency of accounting policies The auditor shall obtain sufficient appropriate audit evidence about whether the accounting policies reflected in the opening balances have been consistently applied in the current period’s financial statements, and whether changes in the accounting policies have been appropriately accounted for and adequately presented and disclosed in accordance with the applicable financial reporting framework. Relevant information in the predecessor auditor’s report If the prior period’s financial statements were audited by a predecessor auditor and there was a modification to the opinion, the auditor shall evaluate the effect of the matter giving rise to the modification in assessing the risks of material misstatement in the current period’s financial statements.
Audit Conclusions and Reporting Opening balances If the auditor is unable to obtain sufficient appropriate audit evidence regarding the opening balances, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements, as appropriate.
64
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N If the auditor concludes that the opening balances contain a misstatement that materially affects the current period’s financial statements, and the effect of the misstatement is not appropriately accounted for or not adequately presented or disclosed, the auditor shall express a qualified opinion or an adverse opinion, as appropriate. Consistency of accounting policies If the auditor concludes that: a) the current period’s accounting policies are not consistently applied in relation to opening balances in accordance with the applicable financial reporting framework; or b) a change in accounting policies is not appropriately accounted for or not adequately presented or disclosed in accordance with the applicable financial reporting framework, the auditor shall express a qualified opinion or an adverse opinion as appropriate.
19.0
ISA 520: Analytical Procedures Substantive analytical procedures When designing and performing substantive analytical procedures, either alone or in combination with tests of details, as substantive procedures in accordance with ISA 330, 3 the auditor shall: a) Determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions; b) Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation; c) Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and d) Determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation. This is codified in the 4 step approach to analytical procedures: Step 1: Develop an Expectation Step 2: Define a threshold – the maximum error tolerable (linked to materiality) Step 3: Determine the variance from expectation Step 4: Conclusion
Analytical procedures that assist when forming an overall conclusion – final analytics The auditor shall design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity. The final analytics are conducted on the financial statement level, just like the planning analytics. Investigating Results of Analytical Procedures
65
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
If analytical procedures performed in accordance with this ISA identify fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount, the auditor shall investigate such differences by: a) Inquiring of management and obtaining appropriate audit evidence relevant to management’s responses; and b) Performing other audit procedures as necessary in the circumstances Note: Planning analytics and final analytics are compulsory tests. However, substantive analytics are not compulsory. As per the RUMA audit model, since it’s a substantive procedure, it can be replaced by substantive tests of detail.
20.0
ISA 530: Audit Sampling Audit sampling (sampling) – The application of audit procedures to less than 100% of items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on which to draw conclusions about the entire population. Sampling risk – The risk that the auditor’s conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure. Sampling risk can lead to two types of erroneous conclusions: a) In the case of a test of controls, that controls are more effective than they actually are, or in the case of a test of details, that a material misstatement does not exist when in fact it does. The auditor is primarily concerned with this type of erroneous conclusion because it affects audit effectiveness and is more likely to lead to an inappropriate audit opinion. b) In the case of a test of controls, that controls are less effective than they actually are, or in the case of a test of details, that a material misstatement exists when in fact it does not. This type of erroneous conclusion affects audit efficiency as it would usually lead to additional work to establish that initial conclusions were incorrect Non-sampling risk – The risk that the auditor reaches an erroneous conclusion for any reason not related to sampling risk. Statistical sampling – An approach to sampling that has the following characteristics: i) Random selection of the sample items; and ii) The use of probability theory to evaluate sample results, including measurement of sampling risk. A sampling approach that does not have characteristics (i) and (ii) is considered non-statistical sampling.
Sample design, size and selection of items for testing When designing an audit sample, the auditor shall consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn. The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level. The sample size can be determined by the application of a statistically-based formula or through the exercise of professional judgment.
66
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N The auditor shall select items for the sample in such a way that each sampling unit in the population has a chance of selection. The principal methods of selecting samples are the use of random selection, systematic selection and haphazard selection. Random selection (applied through random number generators, for example, random number tables). Systematic selection, in which the number of sampling units in the population is divided by the sample size to give a sampling interval, for example 50, and having determined a starting point within the first 50, each 50th sampling unit thereafter is selected. Haphazard selection, in which the auditor selects the sample without following a structured technique. Although no structured technique is used, the auditor would nonetheless avoid any conscious bias or predictability (for example, avoiding difficult to locate items, or always choosing or avoiding the first or last entries on a page) and thus attempt to ensure that all items in the population have a chance of selection. Haphazard selection is not appropriate when using statistical sampling. Stratification Audit efficiency may be improved if the auditor stratifies a population by dividing it into discrete sub-populations which have an identifying characteristic. When performing tests of details, the population is often stratified by monetary value. This allows greater audit effort to be directed to the larger value items, as these items may contain the greatest potential misstatement in terms of overstatement. Similarly, a population may be stratified according to a particular characteristic that indicates a higher risk of misstatement, for example, when testing the allowance for doubtful accounts in the valuation of accounts receivable, balances may be stratified by age. The results of audit procedures applied to a sample of items within a stratum can only be projected to the items that make up that stratum. Examples of factors influencing sample size for tests of controls FACTOR SAMPLE SIZE
EFFECT ON
RATIONALE
An increase in the extent to which Increase the auditor’s risk assessment takes into account relevant controls
The more assurance the auditor intends to obtain from the operating effectiveness of controls, the lower the auditor’s assessment of the risk of materialmisstatement will be, and the larger the sample size will need to be.
An increase in the tolerable Decrease rate of deviation
The lower the tolerable rate of deviation, the larger the sample size needs to be.
An increase in the expected rate Increase of deviation of the population to be tested
The higher the expected rate of deviation, the larger the sample size needs to be so that the auditor is in a position to make a reasonable estimate of the actual rate of deviation
67
T H E
R U M A
C P A
A U D I T
FACTOR SAMPLE SIZE
G U I D E
M A N U A L
EFFECT ON
An increase in the auditor’s desired Increase level of assurance that the tolerable rate of deviation is not exceeded by the actual rate of deviation in the population
An increase in the number of Negligible effect sampling units in the population
RATIONALE The greater the level of assurance that the auditor desires that the results of the sample are in fact indicative of the actual incidence of deviation in the population, the larger the sample size needs to be. For large populations, the actual size of the population has little, if any, effect on sample size. For small populations however, audit sampling may not be as efficient as alternative means of obtaining sufficient appropriate audit evidence.
Examples of factors influencing sample size for tests of details FACTOR
68
EFFECT ON SAMPLE SIZE
An increase in the auditor’s Increase assessment of the risk of material misstatement
The higher the auditor’s assessment of the risk of material misstatement, the larger the sample size needs to be.
An increase in the use of other Decrease substantive procedures directed at the same assertion
The more the auditor is relying on other substantive procedures (tests of details or substantive analytical procedures) to reduce to an acceptable level the detection risk regarding a particular population, the less assurance the auditor will require from sampling and, therefore, the smaller the sample size can be.
The greater the level of assurance that the auditor requires that the results of the sample are in fact indicative of the actual amount of misstatement in the population, the larger the sample size needs to be.
An increase in the auditor’s Increase desired level of assurance that tolerable misstatement is not exceeded by actual misstatement in the population
An increase in tolerable Decrease misstatement
The lower the tolerable misstatement, the larger the sample size needs to be.
An increase in the amount of Increase misstatement the auditor expects to find in the population
The greater the amount of misstatement the auditor expects to find in the population, the larger the sample size needs to be in order to make a reasonable estimate of the actual amount of misstatement in the population.
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
FACTOR
EFFECT ON SAMPLE SIZE
Stratification of the population Decrease when appropriate
When there is a wide range (variability) in the monetary size of items in the population, it may be useful to stratify the population. When a population can be appropriately stratified, the aggregate of the sample sizes from the strata generally will be less than the sample size that would have been required to attain a given level of sampling risk, had one sample been drawn from the whole population.
The number of sampling units Negligible effect in the population
For large populations, the ctual size of the population has little, if any, effect on sample size. Thus, for small populations, audit sampling is often not as efficient as alternative means of obtaining sufficient appropriate audit evidence.
Performing Audit Procedures The auditor shall perform audit procedures, appropriate to the purpose, on each item selected. If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a selected item, the auditor shall treat that item as a deviation from the prescribed control, in the case of tests of controls, or a misstatement, in the case of tests of details.
Nature and cause of deviations and misstatements The auditor shall investigate the nature and cause of any deviations or misstatements identified, and evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit. Tolerable misstatement When designing a sample, the auditor determines tolerable misstatement in order to address the risk that the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated and provide a margin for possible undetected misstatements. Tolerable misstatement may be the same amount or an amount lower than performance materiality.
Projecting Misstatements For tests of details, the auditor shall project misstatements found in the sample to the population. For tests of controls, no explicit projection of deviations is necessary since the sample deviation rate is also the projected deviation rate for the population as a whole.
Evaluating results of audit sampling The auditor shall evaluate: a) The results of the sample; and b) Whether the use of audit sampling has provided a reasonable basis for conclusions about the population that has been tested.
69
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
For tests of controls, an unexpectedly high sample deviation rate may lead to an increase in the assessed risk of material misstatement, unless further audit evidence substantiating the initial assessment is obtained. For tests of details, an unexpectedly high misstatement amount in a sample may cause the auditor to believe that a class of transactions or account balance is materially misstated, in the absence of further audit evidence that no material misstatement exists. If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions about the population that has been tested, the auditor may: • Request management to investigate misstatements that have been identified and the potential for further misstatements and to make any necessary adjustments; or • Tailor the nature, timing and extent of those further audit procedures to best achieve the required assurance. For example, in the case of tests of controls, the auditor might extend the sample size, test an alternative control or modify related substantive procedures.
21.0
ISA 540: Auditing Accounting Estimates, including Fair Value Accounting Estimates, and Related Disclosures Some financial statement items cannot be measured precisely, but can only be estimated. For purposes of this ISA, such financial statement items are referred to as accounting estimates. Accounting estimates, other than fair value accounting estimates, include; • Allowance for doubtful accounts. • Inventory obsolescence. • Warranty obligations. • Depreciation method or asset useful life. • Provision against the carrying amount of an investment where there is uncertainty regarding its recoverability. • Outcome of long term contracts. • Costs arising from litigation settlements and judgments Fair value accounting estimates include; • Complex financial instruments, which are not traded in an active and open market. • Share-based payments. • Property or equipment held for disposal. • Certain assets or liabilities acquired in a business combination, including goodwill and intangible assets. • Transactions involving the exchange of assets or liabilities between independent parties without monetary consideration,
The objective of the auditor is to obtain sufficient appropriate audit evidence about whether: a) accounting estimates, including fair value accounting estimates, in the financial statements, whether recognized or disclosed, are reasonable; and b) related disclosures in the financial statements are adequate, A difference between the outcome of an accounting estimate and the amount originally recognized or disclosed in the financial statements does not necessarily represent a misstatement of the financial statements.
70
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Risk assessment procedures and related activities When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, as required by ISA 315, the auditor shall obtain an understanding of the following in order to provide a basis for the identification and assessment of the risks of material misstatement for accounting estimates: a) The requirements of the applicable financial reporting framework relevant to accounting estimates, including related disclosures b) How management identifies those transactions, events and conditions that may give rise to the need for accounting estimates to be recognized or disclosed in the financial statements c) How management makes the accounting estimates, and an understanding of the data on which they are based, including: i) The method, including where applicable the model, used in making the accounting estimate; ii) Relevant controls; iii) Whether management has used an expert; iv) The assumptions underlying the accounting estimates; v) Whether there has been or ought to have been a change from the prior period in the methods for making the accounting estimates, and if so, why; and vi) Whether and, if so, how management has assessed the effect of estimation uncertainty. The auditor shall review the outcome of accounting estimates included in the prior period financial statements, or, where applicable, their subsequent re-estimation for the purpose of the current period.
Identifying and assessing the risks of material misstatement The auditor shall evaluate the degree of estimation uncertainty associated with an accounting estimate. The auditor shall determine whether, in the auditor’s judgment, any of those accounting estimates that have been identified as having high estimation uncertainty give rise to significant risks.
Responses to the assessed risks of material misstatement Based on the assessed risks of material misstatement, the auditor shall determine: a) Whether management has appropriately applied the requirements of the applicable financial reporting framework relevant to the accounting estimate; and b) Whether the methods for making the accounting estimates are appropriate and have been applied consistently, and whether changes, if any, in accounting estimates or in the method for making them from the prior period are appropriate in the circumstances the auditor shall undertake one or more of the following, taking account of the nature of the accounting estimate: Determine whether events occurring up to the date of the auditor’s report provide audit evidence regarding the accounting estimate. Test how management made the accounting estimate and the data on which it is based. Test the operating effectiveness of the controls over how management made the accounting estimate, together with appropriate substantive procedures.
71
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Further substantive procedures to respond to significant risks Estimation uncertainty a) How management has considered alternative assumptions or outcomes, and why it has rejected them, or how management has otherwise addressed estimation uncertainty in making the accounting estimate. b) Whether the significant assumptions used by management are reasonable. c) Where relevant to the reasonableness of the significant assumptions used by management or the appropriate application of the applicable financial reporting framework, management’s intent to carry out specific courses of action and its ability to do so. If, in the auditor’s judgment, management has not adequately addressed the effects of estimation uncertainty on the accounting estimates that give rise to significant risks, the auditor shall, if considered necessary, develop a range with which to evaluate the reasonableness of the accounting estimate. Recognition and measurement criteria For accounting estimates that give rise to significant risks, the auditor shall obtain sufficient appropriate audit evidence about whether: a) Management’s decision to recognize, or to not recognize, the accounting estimates in the financial statements; and b) The selected measurement basis for the accounting estimates, are in accordance with the requirements of the applicable financial reporting framework
Indicators of possible management bias The auditor shall review the judgments and decisions made by management in the making of accounting estimates to identify whether there are indicators of possible management bias. Indicators of possible management bias do not themselves constitute misstatements for the purposes of drawing conclusions on the reasonableness of individual accounting estimates
Written Representations The auditor shall obtain written representations from management and, where appropriate, those charged with governance whether they believe significant assumptions used in making accounting estimates are reasonable
Documentation The auditor shall include in the audit documentation: a) The basis for the auditor’s conclusions about the reasonableness of accounting estimates and their disclosure that give rise to significant risks; and b) Indicators of possible management bias, if any.
72
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
22.0
ISA 550: Related Parties Related party – A party that is either: a) A person or other entity that has control or significant influence, directly or indirectly through one or more intermediaries, over the reporting entity; b) Another entity over which the reporting entity has control or significant influence, directly or indirectly through one or more intermediaries; or c) Another entity that is under common control with the reporting entity through having: i. Common controlling ownership; ii. Owners who are close family members; or iii. Common key management. The nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial statements than transactions with unrelated parties. For example: • Related parties may operate through an extensive and complex range of relationships and structures, with a corresponding increase in the complexity of related party transactions. • Information systems may be ineffective at identifying or summarizing transactions and outstanding balances between an entity and its related parties. • Related party transactions may not be conducted under normal market terms and conditions; for example, some related party transactions may be conducted with no exchange of consideration.
Responsibilities of the Auditor The auditor has a responsibility to perform audit procedures to identify, assess and respond to the risks of material misstatement arising from the entity’s failure to appropriately account for or disclose related party relationships, transactions or balances in accordance with the requirements of the framework. In addition, an understanding of the entity’s related party relationships and transactions is relevant to the auditor’s evaluation of whether one or more fraud risk factors are present, because fraud may be more easily committed through related parties. In the context of related parties, the potential effects of inherent limitations on the auditor’s ability to detect material misstatements are greater for such reasons as the following: • Management may be unaware of the existence of all related party relationships and transactions, particularly if the applicable financial reporting framework does not establish related party requirements. • Related party relationships may present a greater opportunity for collusion, concealment or manipulation by management.
Risk assessment procedures and related activities Understanding the entity’s related party relationships and transactions The auditor shall inquire of management regarding: a) The identity of the entity’s related parties, including changes from the prior period; b The nature of the relationships between the entity and these related parties; and c) Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions.
73
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
The auditor shall inquire of management and others within the entity, and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established to: a) Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework; b) Authorize and approve significant transactions and arrangements with related parties; and c) Authorize and approve significant transactions and arrangements outside the normal course of business. Maintaining alertness for related party information when reviewing records or documents During the audit, the auditor shall remain alert, when inspecting records or documents, for arrangements or other information that may indicate the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor. In particular, the auditor shall inspect the following for indications of the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor: a) Bank and legal confirmations obtained as part of the auditor’s procedures; b) Minutes of meetings of shareholders and of those charged with governance; and c) Such other records or documents as the auditor considers necessary in the circumstances of the entity. If the auditor identifies significant transactions outside the entity’s normal course of business when performing the audit procedures, the auditor shall inquire of management about the nature of these transactions; and whether related parties could be involved. Identification of previously unidentified or undisclosed related parties or significant related party transactions If the auditor identifies related parties or significant related party transactions that management has not previously identified or disclosed to the auditor, the auditor shall: a) Promptly communicate the relevant information to the other members of the engagement team; b) Where the applicable financial reporting framework establishes related party requirements: i) Request management to identify all transactions with the newly identified related parties for the auditor’s further evaluation; and ii) Inquire as to why the entity’s controls over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions; c) Perform appropriate substantive audit procedures relating to such newly identified related parties or significant related party transactions; d) Reconsider the risk that other related parties or significant related party transactions may exist that management has not previously identified or disclosed to the auditor, and perform additional audit procedures as necessary; and e) If the non-disclosure by management appears intentional (and therefore indicative of a risk of material misstatement due to fraud), evaluate the implications for the audit. Identified significant related party transactions outside the entity’s normal course of business The auditor shall: a) Inspect the underlying contracts or agreements, if any, and evaluate whether: i) The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets; ii) The terms of the transactions are consistent with management’s explanations; and iii) The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and b) Obtain audit evidence that the transactions have been appropriately authorized and approved.
74
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Evaluation of the accounting for and disclosure of identified related party relationships and transactions The auditor shall evaluate whether the identified related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and whether the effects of the related party relationships and transactions prevent the financial statements from achieving fair presentation.
Written Representations The auditor shall obtain written representations from management and, where appropriate, those charged with governance that: a) They have disclosed to the auditor the identity of the entity’s related parties and all the related party relationships and transactions of which they are aware; and b) They have appropriately accounted for and disclosed such relationships and transactions in accordance with the requirements of the framework.
Communication with those charged with governance The auditor shall communicate with those charged with governance significant matters arising during the audit in connection with the entity’s related parties.
Documentation The auditor shall include in the audit documentation the names of the identified related parties and the nature of the related party relationships.
23.0
ISA 560: Subsequent Events The objectives of the auditor are: a) To obtain sufficient appropriate audit evidence about whether events occurring between the date of the financial statements and the date of the auditor’s report that require adjustment of, or disclosure in, the financial statements are appropriately reflected in those financial statements in accordance with the applicable financial reporting framework b) To respond appropriately to facts that become known to the auditor after the date of the auditor’s report, that, had they been known to the auditor at that date, may have caused the auditor to amend the auditor’s report.
Events occurring between the date of the financial statements and the date of the Auditor’s Report The auditor shall perform audit procedures designed to obtain sufficient appropriate audit evidence that all events occurring between the date of the financial statements and the date of the auditor’s report that require adjustment of, or disclosure in, the financial statements have been identified. The auditor is not, however, expected to perform additional audit procedures on matters to which previously applied audit procedures have provided satisfactory conclusions. The auditor shall take into account the auditor’s risk assessment in determining the nature and extent of such audit procedures, which shall include the following a) Obtaining an understanding of any procedures management has established to ensure that subsequent events are identified.
75
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) Inquiring of management and, where appropriate, those charged with governance as to whether any subsequent events have occurred which might affect the financial statements. c) Reading minutes, if any, of the meetings, of the entity’s owners, management and those charged with governance, that have been held after the date of the financial statements and inquiring about matters discussed at any such meetings for which minutes are not yet available. d) Reading the entity’s latest subsequent interim financial statements, if any. If, as a result of the procedures performed above, the auditor identifies events that require adjustment of, or disclosure in, the financial statements, the auditor shall determine whether each such event is appropriately reflected in those financial statements in accordance with the applicable financial reporting framework.
Written Representations The auditor shall request management and, where appropriate, those charged with governance, to provide a written representation that all events occurring subsequent to the date of the financial statements and for which the applicable financial reporting framework requires adjustment or disclosure have been adjusted or disclosed.
Facts which become known to the auditor after the date of the Auditor’s Report but before the date the financial statements are issued The auditor has no obligation to perform any audit procedures regarding the financial statements after the date of the auditor’s report. However, if, after the date of the auditor’s report but before the date the financial statements are issued, a fact becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may have caused the auditor to amend the auditor’s report, the auditor shall: a) Discuss the matter with management and, where appropriate, those charged with governance. b) Determine whether the financial statements need amendment and, if so, c) Inquire how management intends to address the matter in the financial statements. If management amends the financial statements, the auditor shall carry out the audit procedures necessary in the circumstances on the amendment and provide a new auditor’s report on the amended financial statements. The new auditor’s report shall not be dated earlier than the date of approval of the amended financial statements. if management does not amend the financial statements in circumstances where the auditor believes they need to be amended, then: a) If the auditor’s report has not yet been provided to the entity, the auditor shall modify the opinion and then provide the auditor’s report; or b) If the auditor’s report has already been provided to the entity, the auditor shall notify management and, unless all of those charged with governance are involved in managing the entity, those charged with governance, not to issue the financial statements to third parties before the necessary amendments have been made. If the financial statements are nevertheless subsequently issued without the necessary amendments, the auditor shall take appropriate action, to seek to prevent reliance on the auditor’s report.
76
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Facts which become known to the auditor after the financial statements have been issued After the financial statements have been issued, the auditor has no obligation to perform any audit procedures regarding such financial statements. However, if, after the financial statements have been issued, a fact becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may have caused the auditor to amend the auditor’s report, the auditor shall: a) Discuss the matter with management and, where appropriate, those charged with governance; b) Determine whether the financial statements need amendment; and, if so, c) Inquire how management intends to address the matter in the financial statements. If management amends the financial statements, the auditor shall: a) Carry out the audit procedures necessary in the circumstances on the amendment. b) Review the steps taken by management to ensure that anyone in receipt of the previously issued financial statements together with the auditor’s report thereon is informed of the situation. If management does not amend the financial statements in circumstances where the auditor believes they need to be amended, the auditor shall notify management and, unless all of those charged with governance are involved in managing the entity, those charged with governance, that the auditor will seek to prevent future reliance on the auditor’s report.
24.0
ISA 570: Going Concern Under the going concern assumption, an entity is viewed as continuing in business for the foreseeable future. General purpose financial statements are prepared on a going concern basis, unless management either intends to liquidate the entity or to cease operations, or has no realistic alternative but to do so. Management’s assessment of the entity’s ability to continue as a going concern involves making a judgment, at a particular point in time, about inherently uncertain future outcomes of events or conditions. The auditor’s responsibility is to obtain sufficient appropriate audit evidence about the appropriateness of management’s use of the going concern assumption in the preparation and presentation of the financial statements and to conclude whether there is a material uncertainty about the entity’s ability to continue as a going concern.
Events or conditions that may cast doubt about going concern assumption Financial • Net liability or net current liability position. • Fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment; or excessive reliance on short-term borrowings to finance long-term assets. • Indications of withdrawal of financial support by creditors. • Negative operating cash flows indicated by historical or prospective financial statements. • Adverse key financial ratios. • Substantial operating losses or significant deterioration in the value of assets used to generate cash flows.
77
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
• Arrears or discontinuance of dividends. • Inability to pay creditors on due dates. • Inability to comply with the terms of loan agreements. • Change from credit to cash-on-delivery transactions with suppliers. • Inability to obtain financing for essential new product development or other essential investments.
Operating • Management intentions to liquidate the entity or to cease operations. • Loss of key management without replacement. • Loss of a major market, key customer(s), franchise, license, or principal supplier(s). • Labor difficulties. • Shortages of important supplies. • Emergence of a highly successful competitor. Other • Non-compliance with capital or other statutory requirements. • Pending legal or regulatory proceedings against the entity that may, if successful, result in claims that the entity is unlikely to be able to satisfy. • Changes in law or regulation or government policy expected to adversely affect the entity. • Uninsured or underinsured catastrophes when they occur.
Additional audit procedures when events or conditions are identified If events or conditions have been identified that may cast significant doubt on the entity’s ability to continue as a going concern, the auditor shall obtain sufficient appropriate audit evidence to determine whether or not a material uncertainty exists through performing additional audit procedures, including consideration of mitigating factors. These procedures shall include: a) Where management has not yet performed an assessment of the entity’s ability to continue as a going concern, requesting management to make its assessment. b) Evaluating management’s plans for future actions in relation to its going concern assessment, whether the outcome of these plans is likely to improve the situation and whether management’s plans are feasible in the circumstances. c) Where the entity has prepared a cash flow forecast, and analysis of the forecast is a significant factor in considering the future outcome of events or conditions in the evaluation of management’s plans for future action: i) Evaluating the reliability of the underlying data generated to prepare the forecast; and ii) Determining whether there is adequate support for the assumptions underlying the forecast. d) Considering whether any additional facts or information have become available since the date on which management made its assessment. e) Requesting written representations from management and, where appropriate, those charged with governance, regarding their plans for future action and the feasibility of these plans.
Use of going concern assumption appropriate but a material uncertainty exists If the auditor concludes that the use of the going concern assumption is appropriate in the circumstances but a material uncertainty exists, the auditor shall determine whether the financial statements: a) Adequately describe the principal events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern and management’s plans to deal with these events or conditions; and
78
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N b) Disclose clearly that there is a material uncertainty related to events or conditions that may cast significant doubt on the entity’s ability to continue as a going concern and, therefore, that it may be unable to realize its assets and discharge its liabilities in the normal course of business. If adequate disclosure is made in the financial statements, the auditor shall express an unmodified opinion and include an Emphasis of Matter paragraph in the auditor’s report. If adequate disclosure is not made in the financial statements, the auditor shall express a qualified opinion or adverse opinion, as appropriate.
Use of going concern assumption inappropriate If the financial statements have been prepared on a going concern basis but, in the auditor’s judgment, management’s use of the going concern assumption in the financial statements is inappropriate, the auditor shall express an adverse opinion.
Communication with those charged with governance Such communication with those charged with governance shall include the following: a) Whether the events or conditions constitute a material uncertainty; b) Whether the use of the going concern assumption is appropriate in the preparation and presentation of the financial statements; and c) The adequacy of related disclosures in the financial statements.
25.0
ISA 580: Written Representations Written representation – A written statement by management provided to the auditor to confirm certain matters or to support other audit evidence. Although written representations provide necessary audit evidence, they do not provide sufficient appropriate audit evidence on their own about any of the matters with which they deal. Furthermore, the fact that management has provided reliable written representations does not affect the nature or extent of other audit evidence that the auditor obtains about the fulfillment of management’s responsibilities, or about specific assertions. The auditor shall request written representations from management with appropriate responsibilities for the financial statements and knowledge of the matters concerned.
Written representations about management’s responsibilities The auditor shall request management to provide a written representation that it has fulfilled its responsibility for the preparation of the financial statements in accordance with the applicable financial reporting framework, including where relevant their fair presentation, as set out in the terms of the audit engagement. The auditor shall request management to provide a written representation that: a) It has provided the auditor with all relevant information and access as agreed in the terms of the audit engagement, and
79
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) All transactions have been recorded and are reflected in the financial statements. These responsibilities are described in the terms of the audit engagement.
Other written representations Other ISAs require the auditor to request written representations. If, in addition to such required representations, the auditor determines that it is necessary to obtain one or more written representations to support other audit evidence relevant to the financial statements or one or more specific assertions in the financial statements, the auditor shall request such other written representations.
Date of and period(s) covered by written representations The date of the written representations shall be as near as practicable to, but not after, the date of the auditor’s report on the financial statements. The written representations shall be for all financial statements and period(s) referred to in the auditor’s report.
Form of written representations The written representations shall be in the form of a representation letter addressed to the auditor. Doubt as to the reliability of written representations If the auditor has concerns about the competence, integrity, ethical values or diligence of management, or about its commitment to or enforcement of these, the auditor shall determine the effect that such concerns may have on the reliability of representations (oral or written) and audit evidence in general. In particular, if written representations are inconsistent with other audit evidence, the auditor shall perform audit procedures to attempt to resolve the matter. If the matter remains unresolved, the auditor shall reconsider the assessment of the competence, integrity, ethical values or diligence of management. If the auditor concludes that the written representations are not reliable, the auditor shall take appropriate actions, including determining the possible effect on the opinion in the auditor’s report. Requested written representations not provided If management does not provide one or more of the requested written representations, the auditor shall: a) Discuss the matter with management; b) Reevaluate the integrity of management and evaluate the effect that this may have on the reliability of representations (oral or written) and audit evidence in general; and c) Take appropriate actions, including determining the possible effect on the opinion in the auditor’s report See template manager for sample formats.
80
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
26.0
ISA 600: Special Considerations — Audits of Group Financial Statements (including the Work of Component Auditors) This ISA deals with special considerations that apply to group audits, in particular those that involve component auditors. An auditor may find this ISA, adapted as necessary in the circumstances, useful when that auditor involves other auditors in the audit of financial statements that are not group financial statements. For example, an auditor may involve another auditor to observe the inventory count or inspect physical fixed assets at a remote location. The group engagement partner is required to be satisfied that those performing the group audit engagement, including component auditors, collectively have the appropriate competence and capabilities. The group engagement partner is also responsible for the direction, supervision and performance of the group audit engagement.
Responsibility The group engagement partner is responsible for the direction, supervision and performance of the group audit engagement in compliance with professional standards and applicable legal and regulatory requirements, and whether the auditor’s report that is issued is appropriate in the circumstances.
Acceptance and Continuance The group engagement partner shall determine whether sufficient appropriate audit evidence can reasonably be expected to be obtained in relation to the consolidation process and the financial information of the components on which to base the group audit opinion. For this purpose, the group engagement team shall obtain an understanding of the group, its components, and their environments that is sufficient to identify components that are likely to be significant components. If the group engagement partner concludes that: a) it will not be possible for the group engagement team to obtain sufficient appropriate audit evidence due to restrictions imposed by group management; and b) the possible effect of this inability will result in a disclaimer of opinion on the group financial statements, the group engagement partner shall either: • in the case of a new engagement, not accept the engagement, or, in the case of a continuing engagement, withdraw from the engagement, where withdrawal is possible under applicable law or regulation; or • Where law or regulation prohibits an auditor from declining an engagement or where withdrawal from an engagement is not otherwise possible, having performed the audit of the group financial statements to the extent possible, disclaim an opinion on the group financial statements.
Overall Audit Strategy and Audit Plan The group engagement team shall establish an overall group audit strategy and shall develop a group audit plan. The group engagement partner shall review the overall group audit strategy and group audit plan.
81
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Understanding the group, its components and their environments The auditor is required to identify and assess the risks of material misstatement through obtaining an understanding of the entity and its environment. The group engagement team shall: a) Enhance its understanding of the group, its components, and their environments, including group-wide controls, obtained during the acceptance or continuance stage; and b) Obtain an understanding of the consolidation process, including the instructions issued by group management to components. The group engagement team shall obtain an understanding that is sufficient to: a) Confirm or revise its initial identification of components that are likely to be significant; and b) Assess the risks of material misstatement of the group financial statements, whether due to fraud or error
Understanding the Component Auditor If the group engagement team plans to request a component auditor to perform work on the financial information of a component, the group engagement team shall obtain an understanding of the following: a) Whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent. b) The component auditor’s professional competence. c) Whether the group engagement team will be able to be involved in the work of the component auditor to the extent necessary to obtain sufficient appropriate audit evidence. d) Whether the component auditor operates in a regulatory environment that actively oversees auditors. If a component auditor does not meet the independence requirements that are relevant to the group audit, or any of the above requirements, the group engagement team shall obtain sufficient appropriate audit evidence relating to the financial information of the component without requesting that component auditor to perform work on the financial information of that component.
Materiality The group engagement team shall determine the following: a) Materiality for the group financial statements as a whole when establishing the overall group audit strategy. b) If, in the specific circumstances of the group, there are particular classes of transactions, account balances or disclosures in the group financial statements for which misstatements of lesser amounts than materiality for the group financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the group financial statements, the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures. c) Component materiality for those components where component auditors will perform an audit or a review for purposes of the group audit. To reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the group financial statements exceeds materiality for the group financial statements as a whole, component materiality shall be lower than materiality for the group financial statements as a whole.
Responding to Assessed Risks The auditor is required to design and implement appropriate responses to address the assessed risks of material misstatement of the financial statements. The group engagement team shall determine the type of work to be performed by the group engagement team, or the component auditors on its behalf, on the financial information of the components.
82
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N If the nature, timing and extent of the work to be performed on the consolidation process or the financial information of the components are based on an expectation that group-wide controls are operating effectively, or if substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level, the group engagement team shall test, or request a component auditor to test, the operating effectiveness of those controls.
Indicators of risk of material misstatement of the group financial statements A complex group structure, especially where there are frequent acquisitions, disposals or reorganizations. • Poor corporate governance structures, including decision-making processes that are not transparent. • Non-existent or ineffective group-wide controls, including inadequate group management information on monitoring of components’ operations and their results. • Components operating in foreign jurisdictions that may be exposed to factors such as unusual government intervention in areas such as trade and fiscal policy, and restrictions on currency and dividend movements; and fluctuations in exchange rates. • Business activities of components that involve high risk, such as long-term contracts or trading in innovative or complex financial instruments. • Uncertainties regarding which components’ financial information require incorporation in the group financial statements in accordance with the applicable financial reporting framework, for example, whether any special- purpose entities or non-trading entities exist and require incorporation. • Unusual related party relationships and transactions. • Prior occurrences of intra-group account balances that did not balance or reconcile on consolidation. • The existence of complex transactions that are accounted for in more than one component. • Components’ application of accounting policies that differ from those applied to the group financial statements. • Components with different financial year-ends, which may be utilized to manipulate the timing of transactions. • Prior occurrences of unauthorized or incomplete consolidation adjustments. Aggressive tax planning within the group, or large cash transactions with entities in tax havens. • Frequent changes of auditors engaged to audit the financial statements of components. Significant components For a component that is significant due to its individual financial significance to the group, the group engagement team, or a component auditor on its behalf, shall perform an audit of the financial information of the component using component materiality. Components that are not significant components For components that are not significant components, the group engagement team shall perform analytical procedures at group level.
Significant Components – Risk Assessment If a component auditor performs an audit of the financial information of a significant component, the group engagement team shall be involved in the component auditor’s risk assessment to identify significant risks of material misstatement of the group financial statements. The nature, timing and extent of this involvement are affected by the group engagement team’s understanding of the component auditor, but at a minimum shall include: a) Discussing with the component auditor or component management those of the component’s business activities that are significant to the group; b) Discussing with the component auditor the susceptibility of the component to material misstatement of the financial information due to fraud or error; and
83
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
c) Reviewing the component auditor’s documentation of identified significant risks of material misstatement of the group financial statements. Such documentation may take the form of a memorandum that reflects the component auditor’s conclusion with regard to the identified significant risks.
Consolidation Process The group engagement team shall design and perform further audit procedures on the consolidation process to respond to the assessed risks of material misstatement of the group financial statements arising from the consolidation process. This shall include evaluating whether all components have been included in the group financial statements. If the financial information of a component has not been prepared in accordance with the same accounting policies applied to the group financial statements, the group engagement team shall evaluate whether the financial information of that component has been appropriately adjusted for purposes of preparing and presenting the group financial statements. If the group financial statements include the financial statements of a component with a financial reporting period-end that differs from that of the group, the group engagement team shall evaluate whether appropriate adjustments have been made to those financial statements in accordance with the applicable financial reporting framework.
Subsequent Events Where the group engagement team or component auditors perform audits on the financial information of components, the group engagement team or the component auditors shall perform procedures designed to identify events at those components that occur between the dates of the financial information of the components and the date of the auditor’s report on the group financial statements, and that may require adjustment to or disclosure in the group financial statements.
Communication with the Component Auditor The group engagement team shall communicate its requirements to the component auditor on a timely basis. This communication shall set out the work to be performed, the use to be made of that work, and the form and content of the component auditor’s communication with the group engagement team. It shall also include the following: a) A request that the component auditor, knowing the context in which the group engagement team will use the work of the component auditor, confirms that the component auditor will cooperate with the group engagement team. b) The ethical requirements that are relevant to the group audit and, in particular, the independence requirements. c) In the case of an audit or review of the financial information of the component, component materiality (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) and the threshold above which misstatements cannot be regarded as clearly trivial to the group financial statements. d) Identified significant risks of material misstatement of the group financial statements, due to fraud or error, that are relevant to the work of the component auditor. The group engagement team shall request the component auditor to communicate on a timely basis any other identified significant risks of material misstatement of the group financial statements, due to fraud or error, in the component, and the component auditor’s responses to such risks. e) A list of related parties prepared by group management, and any other related parties of which the group engagement team is aware. The group engagement team shall request the component auditor to communicate on a timely basis related parties not previously identified by group management or the group engagement team. The group engagement team shall determine whether to identify such additional related parties to other component auditors.
84
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N The group engagement team shall request the component auditor to communicate matters relevant to the group engagement team’s conclusion with regard to the group audit. Such communication shall include: a) Whether the component auditor has complied with ethical requirements that are relevant to the group audit, including independence and professional competence; b) Whether the component auditor has complied with the group engagement team’s requirements; c) Identification of the financial information of the component on which the component auditor is reporting; d) Information on instances of non-compliance with laws or regulations that could give rise to a material misstatement of the group financial statements; e) A list of uncorrected misstatements of the financial information of the component (the list need not include misstatements that are below the threshold for clearly trivial misstatements communicated by the group engagement team; f) Indicators of possible management bias; g) Description of any identified significant deficiencies in internal control at the component level; h) Other significant matters that the component auditor communicated or expects to communicate to those charged with governance of the component, including fraud or suspected fraud involving component management, employees who have significant roles in internal control at the component level or others where the fraud resulted in a material misstatement of the financial information of the component; i) Any other matters that may be relevant to the group audit, or that the component auditor wishes to draw to the attention of the group engagement team, including exceptions noted in the written representations that the component auditor requested from component management; and j) The component auditor’s overall findings, conclusions or opinion.
Evaluating the sufficiency and appropriateness of audit evidence obtained Evaluating the component auditor’s communication and adequacy of their work The group engagement team shall evaluate the component auditor’s communication. The group engagement team shall: a) Discuss significant matters arising from that evaluation with the component auditor, component management or group management, as appropriate; and b) Determine whether it is necessary to review other relevant parts of the component auditor’s audit documentation. If the group engagement team concludes that the work of the component auditor is insufficient, the group engagement team shall determine what additional procedures are to be performed, and whether they are to be performed by the component auditor or by the group engagement team.
Communication with group management and those charged with governance of the group Communication with group management The group engagement team shall determine which identified deficiencies in internal control to communicate to those charged with governance and group management. In making this determination, the group engagement team shall consider: a) Deficiencies in group-wide internal control that the group engagement team has identified; b) Deficiencies in internal control that the group engagement team has identified in internal controls at components; and c) Deficiencies in internal control that component auditors have brought to the attention of the group engagement team.
85
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
If fraud has been identified by the group engagement team or brought to its attention by a component auditor, or information indicates that a fraud may exist, the group engagement team shall communicate this on a timely basis to the appropriate level of group management A component auditor may be required by statute, regulation or for another reason, to express an audit opinion on the financial statements of a component. In that case, the group engagement team shall request group management to inform component management of any matter of which the group engagement team becomes aware that may be significant to the financial statements of the component, but of which component management may be unaware. If group management refuses, the group engagement team, subject to legal and professional confidentiality considerations, shall consider whether to advise the component auditor not to issue the auditor’s report on the financial statements of the component. Communication with those charged with governance of the group The group engagement team shall communicate the following matters with those charged with governance of the group; a) An overview of the type of work to be performed on the financial information of the components. b) An overview of the nature of the group engagement team’s planned involvement in the work to be performed by the component auditors on the financial information of significant components. c) Instances where the group engagement team’s evaluation of the work of a component auditor gave rise to a concern about the quality of that auditor’s work. d) Any limitations on the group audit, for example, where the group engagement team’s access to information may have been restricted. e) Fraud or suspected fraud involving group management, component management, employees who have significant roles in group-wide controls or others where the fraud resulted in a material misstatement of the group financial statements.
Documentation The group engagement team shall include in the audit documentation the following matters: a) An analysis of components, indicating those that are significant, and the type of work performed on the financial information of the components b) The nature, timing and extent of the group engagement team’s involvement in the work performed by the component auditors on significant components including, where applicable, the group engagement team’s review of relevant parts of the component auditors’ audit documentation and conclusions thereon. c) Written communications between the group engagement team and the component auditors about the group engagement team’s requirements.
27.0
ISA 610: Using the Work of Internal Auditors This International Standard on Auditing (ISA) deals with the external auditor’s responsibilities relating to the work of internal auditors when the external auditor has determined, that the internal audit function is likely to be relevant to the audit.
86
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Irrespective of the degree of autonomy and objectivity of the internal audit function, such function is not independent of the entity as is required of the external auditor when expressing an opinion on financial statements. The external auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the external auditor’s use of the work of the internal auditors The external auditor shall determine: a) Whether the work of the internal auditors is likely to be adequate for purposes of the audit; and b) If so, the planned effect of the work of the internal auditors on the nature, timing or extent of the external auditor’s procedures. In determining whether the work of the internal auditors is likely to be adequate for purposes of the audit, the external auditor shall evaluate: a) The objectivity of the internal audit function; b) The technical competence of the internal auditors; c) Whether the work of the internal auditors is likely to be carried out with due professional care; and d) Whether there is likely to be effective communication between the internal auditors and the external auditor. In determining the planned effect of the work of the internal auditors on the nature, timing or extent of the external auditor’s procedures, the external auditor shall consider: a) The nature and scope of specific work performed, or to be performed, by the internal auditors; b) The assessed risks of material misstatement at the assertion level for particular classes of transactions, account balances, and disclosures; and c) The degree of subjectivity involved in the evaluation of the audit evidence gathered by the internal auditors in support of the relevant assertions.
Using specific work of the internal auditors To determine the adequacy of specific work performed by the internal auditors for the external auditor’s purposes, the external auditor shall evaluate whether: a) The work was performed by internal auditors having adequate technical training and proficiency; b) The work was properly supervised, reviewed and documented; c) Adequate audit evidence has been obtained to enable the internal auditors to draw reasonable conclusions; d) Conclusions reached are appropriate in the circumstances and any reports prepared by the internal auditors are consistent with the results of the work performed; and e) Any exceptions or unusual matters disclosed by the internal auditors are properly resolved.
Documentation If the external auditor uses specific work of the internal auditors, the external auditor shall include in the audit documentation the conclusions reached regarding the evaluation of the adequacy of the work of the internal auditors, and the audit procedures performed by the external auditor on that work.
87
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
28.0
ISA 620: Using the work of an auditor’s expert Determining the need for an auditor’s expert If expertise in a field other than accounting or auditing is necessary to obtain sufficient appropriate audit evidence, the auditor shall determine whether to use the work of an auditor’s expert. An auditor’s expert may be needed to assist the auditor in one or more of the following: • Obtaining an understanding of the entity and its environment, including its internal control. • Identifying and assessing the risks of material misstatement. • Determining and implementing overall responses to assessed risks at the financial statement level. • Designing and performing further audit procedures to respond to assessed risks at the assertion level, comprising tests of controls or substantive procedures. • Evaluating the sufficiency and appropriateness of audit evidence obtained in forming an opinion on the financial statements.
Definition of an auditor’s expert Expertise in a field other than accounting or auditing may include expertise in relation to such matters as: • The valuation of complex financial instruments, land and buildings, plant and machinery, jewelry, works of art, antiques, intangible assets, assets acquired and liabilities assumed in business combinations and assets that may have been impaired. • The actuarial calculation of liabilities associated with insurance contracts or employee benefit plans. • The estimation of oil and gas reserves. • The valuation of environmental liabilities, and site clean-up costs. • The interpretation of contracts, laws and regulations. • The analysis of complex or unusual tax compliance issues.
Nature, timing and extent of audit procedures The auditor shall consider matters including: a) The nature of the matter to which that expert’s work relates; b) The risks of material misstatement in the matter to which that expert’s work relates; c) The significance of that expert’s work in the context of the audit; d) The auditor’s knowledge of and experience with previous work performed by that expert; and e) Whether that expert is subject to the auditor’s firm’s quality control policies and procedures.
The competence, capabilities and objectivity of the auditor’s expert The auditor shall evaluate whether the auditor’s expert has the necessary competence, capabilities and objectivity for the auditor’s purposes. In the case of an auditor’s external expert, the evaluation of objectivity shall include inquiry regarding interests and relationships that may create a threat to that expert’s objectivity.
Agreement with the auditor’s expert The auditor shall agree, in writing when appropriate, on the following matters with the auditor’s expert: a) The nature, scope and objectives of that expert’s work; b) The respective roles and responsibilities of the auditor and that expert;
88
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N c) The nature, timing and extent of communication between the auditor and that expert, including the form of any report to be provided by that expert; and d) The need for the auditor’s expert to observe confidentiality requirements
Evaluating the adequacy of the auditor’s expert’s work The auditor shall evaluate the adequacy of the auditor’s expert’s work for the auditor’s purposes, including: a) The relevance and reasonableness of that expert’s findings or conclusions, and their consistency with other audit evidence; b) If that expert’s work involves use of significant assumptions and methods, the relevance and reasonableness of those assumptions and methods in the circumstances; and c) If that expert’s work involves the use of source data that is significant to that expert’s work, the relevance, completeness, and accuracy of that source data If the auditor determines that the work of the auditor’s expert is not adequate for the auditor’s purposes, the auditor shall: i) Agree with that expert on the nature and extent of further work to be performed by that expert; or ii) Perform additional audit procedures appropriate to the circumstances.
Reference to the auditor’s expert in the auditor’s report The auditor shall not refer to the work of an auditor’s expert in an auditor’s report containing an unmodified opinion unless required by law or regulation to do so. If the auditor makes reference to the work of an auditor’s expert in the auditor’s report because such reference is relevant to an understanding of a modification to the auditor’s opinion, the auditor shall indicate in the auditor’s report that such reference does not reduce the auditor’s responsibility for that opinion.
29.0
ISA 700: Forming an Opinion and Reporting on Financial Statements The auditor’s conclusion shall consider whether uncorrected misstatements are material, individually or in aggregate; and whether sufficient appropriate audit evidence has been obtained. The auditor shall evaluate whether the financial statements are prepared, in all material respects, in accordance with the requirements of the applicable financial reporting framework. This evaluation shall include consideration of the qualitative aspects of the entity’s accounting practices, including indicators of possible bias in management’s judgments. In particular, the auditor shall evaluate whether, in view of the requirements of the applicable financial reporting framework: a) The financial statements adequately disclose the significant accounting policies selected and applied; b) The accounting policies selected and applied are consistent with the applicable financial reporting framework and are appropriate c) The accounting estimates made by management are reasonable; d) The information presented in the financial statements is relevant, reliable, comparable and understandable; e) The financial statements provide adequate disclosures to enable the intended users to understand the effect of material transactions and events on the information conveyed in the financial statements; and f) The terminology used in the financial statements, including the title of each financial statement, is appropriate.
89
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Form of Opinion The auditor shall express an unmodified opinion when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. If the auditor: a) concludes that, based on the audit evidence obtained, the financial statements as a whole are not free from material misstatement; or b) is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement, the auditor shall modify the opinion.
Auditor’s Report The auditor’s report shall be in writing. Auditor’s Report for Audits Conducted in Accordance with International Standards on Auditing Title The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor. Addressee The auditor’s report shall be addressed as required by the circumstances of the engagement. Introductory paragraph The introductory paragraph in the auditor’s report shall: a) Identify the entity whose financial statements have been audited; b) State that the financial statements have been audited; c) Identify the title of each statement that comprises the financial statements; d) Refer to the summary of significant accounting policies and other explanatory information; and e) Specify the date or period covered by each financial statement comprising the financial statements. Management’s responsibility for the financial statements This section of the auditor’s report describes the responsibilities of those in the organization that are responsible for the preparation of the financial statements. The auditor’s report need not refer specifically to “management,” but shall use the term that is appropriate in the context of the legal framework in the particular jurisdiction. In some jurisdictions, the appropriate reference may be to those charged with governance. The auditor’s report shall include a section with the heading “Management’s [or other appropriate term] Responsibility for the Financial Statements.” The auditor’s report shall describe management’s responsibility for the preparation of the financial statements. The description shall include an explanation that management is responsible for the preparation of the financial statements in accordance with the applicable financial reporting framework, and for such internal control as it determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Where the financial statements are prepared in accordance with a fair presentation framework, the explanation of management’s responsibility for the financial statements in the auditor’s report shall refer to “the preparation and fair presentation of these financial statements” or “the preparation of financial statements that give a true and fair view,” as appropriate in the circumstances.
90
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Auditor’s responsibility The auditor’s report shall include a section with the heading “Auditor’s Responsibility.” The auditor’s report shall state that the responsibility of the auditor is to express an opinion on the financial statements based on the audit. The auditor’s report shall state that the audit was conducted in accordance with International Standards on Auditing. The auditor’s report shall also explain that those standards require that the auditor comply with ethical requirements and that the auditor plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. The auditor’s report shall describe an audit by stating that: a) An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements; b) The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. In circumstances when the auditor also has a responsibility to express an opinion on the effectiveness of internal control in conjunction with the audit of the financial statements, the auditor shall omit the phrase that the auditor’s consideration of internal control is not for the purpose of expressing an opinion on the effectiveness of internal control; and c) An audit also includes evaluating the appropriateness of the accounting policies used and the reasonableness of accounting estimates made by management, as well as the overall presentation of the financial statements. The auditor’s report shall state whether the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s opinion. Auditor’s opinion The auditor’s report shall include a section with the heading “Opinion.” When expressing an unmodified opinion on financial statements prepared in accordance with a fair presentation framework, the auditor’s opinion shall, unless otherwise required by law or regulation, use one of the following phrases, which are regarded as being equivalent: a) The financial statements present fairly, in all material respects, in accordance with [the applicable financial reporting framework]; or b) The financial statements give a true and fair view of … in accordance with [the applicable financial reporting framework]. If the reference to the applicable financial reporting framework in the auditor’s opinion is not to International Financial Reporting Standards issued by the International Accounting Standards Board or International Public Sector Accounting Standards issued by the International Public Sector Accounting Standards Board, the auditor’s opinion shall identify the jurisdiction of origin of the framework. If the auditor addresses other reporting responsibilities in the auditor’s report on the financial statements that are in addition to the auditor’s responsibility under the ISAs to report on the financial statements, these other reporting responsibilities shall be addressed in a separate section in the auditor’s report that shall be sub-titled “Report on Other Legal and Regulatory Requirements,” or otherwise as appropriate to the content of the section.
91
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Signature of the Auditor The auditor’s report shall be signed. Date of the Auditor’s report The auditor’s report shall be dated no earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements, including evidence that: a) All the statements that comprise the financial statements, including the related notes, have been prepared; and b) Those with the recognized authority have asserted that they have taken responsibility for those financial statements. Auditor’s address The auditor’s report shall name the location in the jurisdiction where the auditor practices. See template manager for illustrations.
30.0
ISA 705: Modifications to the Opinion in the Independent Auditor’s Report This ISA establishes three types of modified opinions, namely, a qualified opinion, an adverse opinion, and a disclaimer of opinion. The decision regarding which type of modified opinion is appropriate depends upon: a) The nature of the matter giving rise to the modification, that is, whether the financial statements are materially misstated or, in the case of an inability to obtain sufficient appropriate audit evidence, may be materially misstated; and b) The auditor’s judgment about the pervasiveness of the effects or possible effects of the matter on the financial statements. Pervasive effects are those which in the auditor’s judgment; i. Are not confined to specific elements, accounts or items of the financial statements ii. If so confined, represent or could represent a substantial proportion of the financial statements or; iii. Are related to disclosures which are fundamental to the users understanding of the financial statements e.g. going concern. Qualified opinion The auditor shall express a qualified opinion when: a) The auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are material, but not pervasive, to the financial statements; or b) The auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, but the auditor concludes that the possible effects on the financial statements of undetected misstatements, if any, could be material but not pervasive. Adverse opinion The auditor shall express an adverse opinion when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are both material and pervasive to the financial statements.
92
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N Disclaimer of opinion The auditor shall disclaim an opinion when the auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, and the auditor concludes that the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive. The auditor shall disclaim an opinion when, in extremely rare circumstances involving multiple uncertainties, the auditor concludes that, notwithstanding having obtained sufficient appropriate audit evidence regarding each of the individual uncertainties, it is not possible to form an opinion on the financial statements due to the potential interaction of the uncertainties and their possible cumulative effect on the financial statements.
Form and content of the auditor’s report when the opinion is modified Basis for modification paragraph When the auditor modifies the opinion on the financial statements, the auditor shall, in addition to the specific elements required by ISA 700, include a paragraph in the auditor’s report that provides a description of the matter giving rise to the modification. The auditor shall place this paragraph immediately before the opinion paragraph in the auditor’s report and use the heading “Basis for Qualified Opinion,” “Basis for Adverse Opinion,” or “Basis for Disclaimer of Opinion,” as appropriate. If there is a material misstatement of the financial statements that relates to specific amounts in the financial statements (including quantitative disclosures), the auditor shall include in the basis for modification paragraph a description and quantification of the financial effects of the misstatement, unless impracticable. If it is not practicable to quantify the financial effects, the auditor shall so state in the basis for modification paragraph. If there is a material misstatement of the financial statements that relates to narrative disclosures, the auditor shall include in the basis for modification paragraph an explanation of how the disclosures are misstated. If there is a material misstatement of the financial statements that relates to the non-disclosure of information required to be disclosed, the auditor shall describe in the basis for modification paragraph the nature of the omitted information. If the modification results from an inability to obtain sufficient appropriate audit evidence, the auditor shall include in the basis for modification paragraph the reasons for that inability. Even if the auditor has expressed an adverse opinion or disclaimed an opinion on the financial statements, the auditor shall describe in the basis for modification paragraph the reasons for any other matters of which the auditor is aware that would have required a modification to the opinion, and the effects thereof. Opinion paragraph When the auditor modifies the audit opinion, the auditor shall use the heading “Qualified Opinion,” “Adverse Opinion,” or “Disclaimer of Opinion,” as appropriate, for the opinion paragraph. When the auditor expresses a qualified opinion due to a material misstatement in the financial statements, the auditor shall state in the opinion paragraph that, in the auditor’s opinion, except for the effects of the matter(s) described in the Basis for Qualified Opinion paragraph: a) The financial statements present fairly, in all material respects (or give a true and fair view) in accordance with the applicable financial reporting framework when reporting in accordance with a fair presentation framework; or b) The financial statements have been prepared, in all material respects, in accordance with the applicable financial reporting framework when reporting in accordance with a compliance framework.
93
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
When the modification arises from an inability to obtain sufficient appropriate audit evidence, the auditor shall use the corresponding phrase “except for the possible effects of the matter(s) ...” for the modified opinion. When the auditor expresses an adverse opinion, the auditor shall state in the opinion paragraph that, in the auditor’s opinion, because of the significance of the matter(s) described in the Basis for Adverse Opinion paragraph: The financial statements do not present fairly (or give a true and fair view) in accordance with the applicable financial reporting framework when reporting in accordance with a fair presentation framework. When the auditor disclaims an opinion due to an inability to obtain sufficient appropriate audit evidence, the auditor shall state in the opinion paragraph that: a) Because of the significance of the matter(s) described in the Basis for Disclaimer of Opinion paragraph, the auditor has not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion; and, accordingly, b) The auditor does not express an opinion on the financial statements. Description of auditor’s responsibility when the auditor expresses a qualified or adverse opinion When the auditor expresses a qualified or adverse opinion, the auditor shall amend the description of the auditor’s responsibility to state that the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s modified audit opinion. Description of auditor’s responsibility when the auditor disclaims an opinion When the auditor disclaims an opinion due to an inability to obtain sufficient appropriate audit evidence, the auditor shall amend the introductory paragraph of the auditor’s report to state that the auditor was engaged to audit the financial statements. The auditor shall also amend the description of the auditor’s responsibility and the description of the scope of the audit to state only the following: “Our responsibility is to express an opinion on the financial statements based on conducting the audit in accordance with International Standards on Auditing. Because of the matter(s) described in the Basis for Disclaimer of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.”
Communication with those charged with governance When the auditor expects to modify the opinion in the auditor’s report, the auditor shall communicate with those charged with governance the circumstances that led to the expected modification and the proposed wording of the modification. Appendix: Determining the applicable audit opinion UNMODIFIED OPINION
No
Are Mistatements Pervasive?
Is there inability to obtain audit evidence and is the effect material?
No
Yes
Are Mistatements Material? Yes
Yes No
QUALIFIED OPINION Except for
ADVERSE OPINION
See template manager for illustrative examples.
94
QUALIFIED OPINION Limitation of scope
No
Is the effect pervasive? Yes
DISCLAIMER OF OPINION
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
31.0
ISA 706: Emphasis of Matter Paragraphs and other Matter Paragraphs in the Independent Auditor’s Report This International Standard on Auditing (ISA) deals with additional communication in the auditor’s report when the auditor considers it necessary to: a) Draw users’ attention to a matter or matters presented or disclosed in the financial statements that are of such importance that they are fundamental to users’ understanding of the financial statements (emphasis of matter); or b) Draw users’ attention to any matter or matters other than those presented or disclosed in the financial statements that are relevant to users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report (other matter). Emphasis of Matter Paragraphs in the Auditor’s Report When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall: a) Include it immediately after the Opinion paragraph in the auditor’s report; b) Use the heading “Emphasis of Matter,” or other appropriate heading; c) Include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures that fully describe the matter can be found in the financial statements; and d) Indicate that the auditor’s opinion is not modified in respect of the matter emphasized. Examples of circumstances where the auditor may consider it necessary to include an Emphasis of Matter paragraph are: • An uncertainty relating to the future outcome of exceptional litigation or regulatory action. • Early application (where permitted) of a new accounting standard (for example, a new International Financial Reporting Standard) that has a pervasive effect on the financial statements in advance of its effective date. • A major catastrophe that has had, or continues to have, a significant effect on the entity’s financial position.
Other matter paragraphs in the auditor’s report If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report and this is not prohibited by law or regulation, the auditor shall do so in a paragraph in the auditor’s report, with the heading “Other Matter,” or other appropriate heading. The auditor shall include this paragraph immediately after the Opinion paragraph and any Emphasis of Matter paragraph, or elsewhere in the auditor’s report if the content of the Other Matter paragraph is relevant to the Other Reporting Responsibilities section.
Communication with those charged with governance If the auditor expects to include an Emphasis of Matter or an Other Matter paragraph in the auditor’s report, the auditor shall communicate with those charged with governance regarding this expectation and the proposed wording of this paragraph. See template manager for illustrative examples.
95
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
32.0
ISA 710: Comparative Information — Corresponding Figures and Comparative Financial Statements Comparative information – The amounts and disclosures included in the financial statements in respect of one or more prior periods in accordance with the applicable financial reporting framework. (b) Corresponding figures – Comparative information where amounts and other disclosures for the prior period are included as an integral part of the current period financial statements, and are intended to be read only in relation to the amounts and other disclosures relating to the current period (referred to as “current period figures”). The level of detail presented in the corresponding amounts and disclosures is dictated primarily by its relevance to the current period figures. (c) Comparative financial statements – Comparative information where amounts and other disclosures for the prior period are included for comparison with the financial statements of the current period but, if audited, are referred to in the auditor’s opinion. The level of information included in those comparative financial statements is comparable with that of the financial statements of the current period. The auditor shall determine whether the financial statements include the comparative information required by the applicable financial reporting framework and whether such information is appropriately classified. For this purpose, the auditor shall evaluate whether: a) The comparative information agrees with the amounts and other disclosures presented in the prior period or, when appropriate, have been restated; and b) The accounting policies reflected in the comparative information are consistent with those applied in the current period or, if there have been changes in accounting policies, whether those changes have been properly accounted for and adequately presented and disclosed. If the auditor becomes aware of a possible material misstatement in the comparative information while performing the current period audit, the auditor shall perform such additional audit procedures as are necessary in the circumstances to obtain sufficient appropriate audit evidence to determine whether a material misstatement exists If the prior period financial statements are amended, the auditor shall determine that the comparative information agrees with the amended financial statements. The auditor shall request written representations for all periods referred to in the auditor’s opinion. The auditor shall also obtain a specific written representation regarding any restatement made to correct a material misstatement in prior period financial statements that affect the comparative information.
Corresponding Figures If the auditor’s report on the prior period, as previously issued, included a qualified opinion, a disclaimer of opinion, or an adverse opinion and the matter which gave rise to the modification is unresolved, the auditor shall modify the auditor’s opinion on the current period’s financial statements. In the Basis for Modification paragraph in the auditor’s report, the auditor shall either: a) Refer to both the current period’s figures and the corresponding figures in the description of the matter giving rise to the modification when the effects or possible effects of the matter on the current period’s figures are material; or
96
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N b) In other cases, explain that the audit opinion has been modified because of the effects or possible effects of the unresolved matter on the comparability of the current period’s figures and the corresponding figures If the auditor obtains audit evidence that a material misstatement exists in the prior period financial statements on which an unmodified opinion has been previously issued, and the corresponding figures have not been properly restated or appropriate disclosures have not been made, the auditor shall express a qualified opinion or an adverse opinion in the auditor’s report on the current period financial statements, modified with respect to the corresponding figures included therein.
Prior period financial statements audited by a predecessor auditor If the financial statements of the prior period were audited by a predecessor auditor and the auditor is not prohibited by law or regulation from referring to the predecessor auditor’s report on the corresponding figures and decides to do so, the auditor shall state in an Other Matter paragraph in the auditor’s report: a) That the financial statements of the prior period were audited by the predecessor auditor; b) The type of opinion expressed by the predecessor auditor and, if the opinion was modified, the reasons therefore; and c) The date of that report Prior period financial statements not audited If the prior period financial statements were not audited, the auditor shall state in an Other Matter paragraph in the auditor’s report that the corresponding figures are unaudited. Such a statement does not, however, relieve the auditor of the requirement to obtain sufficient appropriate audit evidence that the opening balances do not contain misstatements that materially affect the current period’s financial statements
Comparative Financial Statements When comparative financial statements are presented, the auditor’s opinion shall refer to each period for which financial statements are presented and on which an audit opinion is expressed. When reporting on prior period financial statements in connection with the current period’s audit, if the auditor’s opinion on such prior period financial statements differs from the opinion the auditor previously expressed, the auditor shall disclose the substantive reasons for the different opinion in an Other Matter paragraph. Prior period financial statements audited by a predecessor auditor If the financial statements of the prior period were audited by a predecessor auditor, in addition to expressing an opinion on the current period’s financial statements, the auditor shall state in an Other Matter paragraph: a) that the financial statements of the prior period were audited by a predecessor auditor; b) the type of opinion expressed by the predecessor auditor and, if the opinion was modified, the reasons therefore; and c) the date of that report, unless the predecessor auditor’s report on the prior period’s financial statements is reissued with the financial statements. If the auditor concludes that a material misstatement exists that affects the prior period financial statements on which the predecessor auditor had previously reported without modification, the auditor shall communicate the misstatement with the appropriate level of management and those charged with governance and request that the predecessor auditor
97
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
be informed. If the prior period financial statements are amended, and the predecessor auditor agrees to issue a new auditor’s report on the amended financial statements of the prior period, the auditor shall report only on the current period. Prior period financial statements not audited If the prior period financial statements were not audited, the auditor shall state in an Other Matter paragraph that the comparative financial statements are unaudited. Such a statement does not, however, relieve the auditor of the requirement to obtain sufficient appropriate audit evidence that the opening balances do not contain misstatements that materially affect the current period’s financial statements. See template manager.
33.0
ISA 720: The Auditor’s Responsibilities Relating to other Information in Documents containing Audited Financial Statements Reading other information The auditor shall read the other information to identify material inconsistencies, if any, with the audited financial statements. The auditor shall make appropriate arrangements with management or those charged with governance to obtain the other information prior to the date of the auditor’s report. If it is not possible to obtain all the other information prior to the date of the auditor’s report, the auditor shall read such other information as soon as practicable.
Material Inconsistencies If, on reading the other information, the auditor identifies a material inconsistency, the auditor shall determine whether the audited financial statements or the other information needs to be revised. Material inconsistencies identified in other information obtained prior to the date of the auditor’s report If revision of the audited financial statements is necessary and management refuses to make the revision, the auditor shall modify the opinion in the auditor’s report If revision of the other information is necessary and management refuses to make the revision, the auditor shall communicate this matter to those charged with governance, and a) Include in the auditor’s report an Other Matter(s) paragraph describing the material inconsistency, or b) (b) Withhold the auditor’s report; or c) Withdraw from the engagements, where withdrawal is possible under applicable law or regulation. Material inconsistencies identified in other information obtained subsequent to the date of the auditor’s report If revision of the other information is necessary and management agrees to make the revision, the auditor shall carry out the procedures necessary under the circumstances. If revision of the other information is necessary, but management refuses to make the revision, the auditor shall notify those charged with governance, of the auditor’s concern regarding the other information and take any further appropriate action.
98
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N
Material misstatements of fact If, on reading the other information for the purpose of identifying material inconsistencies, the auditor becomes aware of an apparent material misstatement of fact, the auditor shall discuss the matter with management. If, following such discussions, the auditor still considers that there is an apparent material misstatement of fact, the auditor shall request management to consult with a qualified third party, such as the entity’s legal counsel, and the auditor shall consider the advice received. If the auditor concludes that there is a material misstatement of fact in the other information which management refuses to correct, the auditor shall notify those charged with governance, unless all of those charged with governance are involved in managing the entity, of the auditor’s concern regarding the other information and take any further appropriate action.
34.0
ISA 800: Special Considerations – Audits of Financial Statements prepared in Accordance with Special Purpose Frameworks This ISA deals with special considerations in the application of those ISAs to an audit of financial statements prepared in accordance with a special purpose framework. It is written in the context of a complete set of financial statements (including related notes) prepared in accordance with a special purpose framework while ISA 805 deals with special considerations relevant to an audit of a single financial statement or of a specific element, account or item of a financial statement. Special purpose framework refers to a financial reporting framework designed to meet the financial information needs of specific users. The financial reporting framework may be a fair presentation framework or a compliance framework. Examples of special purpose frameworks are: • A tax basis of accounting for a set of financial statements that accompany an entity’s tax return; • The cash receipts and disbursements basis of accounting for cash flow information that an entity may be requested to prepare for creditors; • The financial reporting provisions established by a regulator to meet the requirements of that regulator; or • The financial reporting provisions of a contract, such as a bond indenture, a loan agreement, or a project grant.
Considerations when accepting the engagement The auditor has to determine the acceptability of the financial reporting framework applied in the preparation of the financial statements. In an audit of special purpose financial statements, the auditor shall obtain an understanding of the purpose for which the financial statements are prepared; the intended users; and the steps taken by management to determine that the applicable financial reporting framework is acceptable in the circumstances.
99
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Considerations when planning and performing the audit ISA 200 requires the auditor to comply with all ISAs relevant to the audit. ISA 315 requires the auditor to obtain an understanding of the entity’s selection and application of accounting policies.
Forming an opinion and reporting considerations When forming an opinion and reporting on special purpose financial statements, the auditor shall apply the requirements in ISA 700. ISA 700 requires the auditor to evaluate whether the financial statements adequately refer to or describe the applicable financial reporting framework. In the case of an auditor’s report on special purpose financial statements: a) The auditor’s report shall also describe the purpose for which the financial statements are prepared and, if necessary, the intended users, or refer to a note in the special purpose financial statements that contains that information; and b) If management has a choice of financial reporting frameworks in the preparation of such financial statements, the explanation of management’s8 responsibility for the financial statements shall also make reference to its responsibility for determining that the applicable financial reporting framework is acceptable in the circumstances. Alerting readers that the financial statements are prepared in accordance with a special purpose framework The auditor’s report on special purpose financial statements shall include an Emphasis of Matter paragraph alerting users of the auditor’s report that the financial statements are prepared in accordance with a special purpose framework and that, as a result, the financial statements may not be suitable for another purpose. The auditor shall include this paragraph under an appropriate heading. In addition to the alert required above, the auditor may consider it appropriate to indicate that the auditor’s report is intended solely for the specific users. Depending on the law or regulation of the particular jurisdiction, this may be achieved by restricting the distribution or use of the auditor’s report. In these circumstances, the paragraph referred to in the emphasis of matter paragraph above may be expanded to include these other matters, and the heading modified accordingly. See template manager for illustrations.
35.0
ISA 805: Special Considerations-audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement This ISA does not override the requirements of the other ISAs; nor does it purport to deal with all special considerations that may be relevant in the circumstances of the engagement. The objective of the auditor, when applying ISAs in an audit of a single financial statement or of a specific element, account or item of a financial statement, is to address appropriately the special considerations that are relevant to: a) The acceptance of the engagement; b) The planning and performance of that engagement; and
100
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N c) Forming an opinion and reporting on the single financial statement or on the specific element, account or item of a financial statement.
Considerations when accepting the engagement ISA 200 requires the auditor to comply with all ISAs relevant to the audit. In the case of an audit of a single financial statement or of a specific element of a financial statement, this requirement applies irrespective of whether the auditor is also engaged to audit the entity’s complete set of financial statements. If the auditor is not also engaged to audit the entity’s complete set of financial statements, the auditor shall determine whether the audit of a single financial statement or of a specific element of those financial statements in accordance with ISAs is practicable. ISA 210 requires the auditor to determine the acceptability of the financial reporting framework applied in the preparation of the financial statements. ISA 210 requires that the agreed terms of the audit engagement include the expected form of any reports to be issued by the auditor.
Considerations when planning and performing the audit In planning and performing the audit of a single financial statement or of a specific element of a financial statement, the auditor shall adapt all ISAs relevant to the audit as necessary in the circumstances of the engagement. ISAs such as ISA 240, ISA 550 and ISA 570 are, in principle, relevant. This is because the element could be misstated as a result of fraud, the effect of related party transactions, or the incorrect application of the going concern assumption under the applicable financial reporting framework.
Forming an opinion and reporting considerations When forming an opinion and reporting on a single financial statement or on a specific element of a financial statement, the auditor shall apply the requirements in ISA 700, adapted as necessary in the circumstances of the engagement. If the auditor undertakes an engagement to report on a single financial statement or on a specific element of a financial statement in conjunction with an engagement to audit the entity’s complete set of financial statements, the auditor shall express a separate opinion for each engagement. An audited single financial statement or an audited specific element of a financial statement may be published together with the entity’s audited complete set of financial statements. If the auditor concludes that the presentation of the single financial statement or of the specific element of a financial statement does not differentiate it sufficiently from the complete set of financial statements, the auditor shall ask management to rectify the situation. The auditor shall also differentiate the opinion on the single financial statement or on the specific element of a financial statement from the opinion on the complete set of financial statements. The auditor shall not issue the auditor’s report containing the opinion on the single financial statement or on the specific element of a financial statement until satisfied with the differentiation. If the opinion in the auditor’s report on an entity’s complete set of financial statements is modified, or that report includes an Emphasis of Matter paragraph or an Other Matter paragraph, the auditor shall determine the effect that this may have on the auditor’s report on a single financial statement or on a specific element of those financial statements. When deemed appropriate, the auditor shall modify the opinion on the single financial statement or on the specific element of a financial statement, or include an Emphasis of Matter paragraph or an Other Matter paragraph in the auditor’s report, accordingly.
101
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the entity’s complete set of financial statements as a whole, ISA 705 does not permit the auditor to include in the same auditor’s report an unmodified opinion on a single financial statement that forms part of those financial statements or on a specific element that forms part of those financial statements. If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the entity’s complete set of financial statements as a whole but, in the context of a separate audit of a specific element that is included in those financial statements, the auditor nevertheless considers it appropriate to express an unmodified opinion on that element, the auditor shall only do so if: a) The auditor is not prohibited by law or regulation from doing so; b) That opinion is expressed in an auditor’s report that is not published together with the auditor’s report containing the adverse opinion or disclaimer of opinion; and c) The specific element does not constitute a major portion of the entity’s complete set of financial statements. The auditor shall not express an unmodified opinion on a single financial statement of a complete set of financial statements if the auditor has expressed an adverse opinion or disclaimed an opinion on the complete set of financial statements as a whole even if the auditor’s report on the single financial statement is not published together with the auditor’s report containing the adverse opinion or disclaimer of opinion. See template manager for illustrative reports.
36.0
ISA 810: Engagements to Report on Summary Financial Statements Summary financial statements – Historical financial information that is derived from financial statements but that contains less detail than the financial statements, while still providing a structured representation consistent with that provided by the financial statements of the entity’s economic resources or obligations at a point in time or the changes therein for a period of time.
Engagement Acceptance The auditor shall accept an engagement to report on summary financial statements in accordance with this ISA only when the auditor has been engaged to conduct an audit in accordance with ISAs of the financial statements from which the summary financial statements are derived. Before accepting an engagement to report on summary financial statements, the auditor shall: a) Determine whether the applied criteria are acceptable. b) Obtain the agreement of management that it acknowledges and understands its responsibility: i. For the preparation of the summary financial statements in accordance with the applied criteria; ii. To make the audited financial statements available to the intended users of the summary financial statements without undue difficulty; and iii. To include the auditor’s report on the summary financial statements in any document that contains the summary financial statements and that indicates that the auditor has reported on them. c) Agree with management the form of opinion to be expressed on the summary financial statements
102
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N If the auditor concludes that the applied criteria are unacceptable or is unable to obtain the agreement of management set out above in (b), the auditor shall not accept the engagement to report on the summary financial statements, unless required by law or regulation to do so. An engagement conducted in accordance with such law or regulation does not comply with this ISA. Accordingly, the auditor’s report on the summary financial statements shall not indicate that the engagement was conducted in accordance with this ISA. The auditor shall include appropriate reference to this fact in the terms of the engagement.
Nature of Procedures The auditor shall perform the following procedures, and any other procedures that the auditor may consider necessary, as the basis for the auditor’s opinion on the summary financial statements: a) Evaluate whether the summary financial statements adequately disclose their summarized nature and identify the audited financial statements. b) When summary financial statements are not accompanied by the audited financial statements, evaluate whether they describe clearly: i. From whom or where the audited financial statements are available; or ii. The law or regulation that specifies that the audited financial statements need not be made available to the intended users of the summary financial statements and establishes the criteria for the preparation of the summary financial statements. c) Evaluate whether the summary financial statements adequately disclose the applied criteria. d) Compare the summary financial statements with the related information in the audited financial statements to determine whether the summary financial statements agree with or can be recalculated from the related information in the audited financial statements. e) Evaluate whether the summary financial statements are prepared in accordance with the applied criteria. f) Evaluate, in view of the purpose of the summary financial statements, whether the summary financial statements contain the information necessary, and are at an appropriate level of aggregation, so as not to be misleading in the circumstances. g) Evaluate whether the audited financial statements are available to the intended users of the summary financial statements without undue difficulty, unless law or regulation provides that they need not be made available and establishes the criteria for the preparation of the summary financial statements.
Form of Opinion When the auditor has concluded that an unmodified opinion on the summary financial statements is appropriate, the auditor’s opinion shall, unless otherwise required by law or regulation, use one of the following phrases: a) The summary financial statements are consistent, in all material respects, with the audited financial statements, in accordance with [the applied criteria]; or b) The summary financial statements are a fair summary of the audited financial statements, in accordance with [the applied criteria]. If law or regulation prescribes the wording of the opinion on summary financial statements in terms that are different from those described above, the auditor shall evaluate whether users of the summary financial statements might misunderstand the auditor’s opinion on the summary financial statements and, if so, whether additional explanation in the auditor’s report on the summary financial statements can mitigate possible misunderstanding. If the auditor concludes that additional explanation in the auditor’s report on the summary financial statements cannot mitigate possible misunderstanding, the auditor shall not accept the engagement, unless required by law or regulation to do so. An engagement conducted in accordance with such law or regulation does not comply with this ISA. Accordingly,
103
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
the auditor’s report on the summary financial statements shall not indicate that the engagement was conducted in accordance with this ISA.
Timing of work and events subsequent to the date of the auditor’s report on the audited financial statements The auditor’s report on the summary financial statements may be dated later than the date of the auditor’s report on the audited financial statements. In such cases, the auditor’s report on the summary financial statements shall state that the summary financial statements and audited financial statements do not reflect the effects of events that occurred subsequent to the date of the auditor’s report on the audited financial statements that may require adjustment of, or disclosure in, the audited financial statements. The auditor may become aware of facts that existed at the date of the auditor’s report on the audited financial statements, but of which the auditor previously was unaware. In such cases, the auditor shall not issue the auditor’s report on the summary financial statements until the auditor’s consideration of such facts in relation to the audited financial statements in accordance with ISA 560 has been completed.
Auditor’s Report on Summary Financial Statements Elements of the auditor’s report The auditor’s report on summary financial statements shall include the following elements: a) A title clearly indicating it as the report of an independent auditor. b) An addressee. c) An introductory paragraph that: i. Identifies the summary financial statements on which the auditor is reporting, including the title of each statement included in the summary financial statements; ii. Identifies the audited financial statements; iii. Refers to the auditor’s report on the audited financial statements, the date of that report, and the fact that an unmodified opinion is expressed on the audited financial statements; iv. If the date of the auditor’s report on the summary financial statements is later than the date of the auditor’s report on the audited financial statements, states that the summary financial statements and the audited financial statements do not reflect the effects of events that occurred subsequent to the date of the auditor’s report on the audited financial statements; and v. A statement indicating that the summary financial statements do not contain all the disclosures required by the financial reporting framework applied in the preparation of the audited financial statements, and that reading the summary financial statements is not a substitute for reading the audited financial statements. d) A description of management’s responsibility for the summary financial statements, explaining that management is responsible for the preparation of the summary financial statements in accordance with the applied criteria. e) A statement that the auditor is responsible for expressing an opinion on the summary financial statements based on the procedures required by this ISA. f) A paragraph clearly expressing an opinion. g) The auditor’s signature. h) The date of the auditor’s report. i) The auditor’s address. If the addressee of the summary financial statements is not the same as the addressee of the auditor’s report on the audited financial statements, the auditor shall evaluate the appropriateness of using a different addressee.
104
I N T E R N AT I O N A L S TA N D A R D S O N A U D I T I N G ( I S A s ) S E C T I O N The auditor shall date the auditor’s report on the summary financial statements no earlier than: a) The date on which the auditor has obtained sufficient appropriate evidence on which to base the opinion, including evidence that the summary financial statements have been prepared and those with the recognized authority have asserted that they have taken responsibility for them; and b) The date of the auditor’s report on the audited financial statements. Modifications to the opinion, emphasis of matter paragraph or other matter paragraph in the auditor’s report on the audited financial statements When the auditor’s report on the audited financial statements contains a qualified opinion, an Emphasis of Matter paragraph, or an Other Matter paragraph, but the auditor is satisfied that the summary financial statements are consistent, in all material respects, with or are a fair summary of the audited financial statements, in accordance with the applied criteria, the auditor’s report on the summary financial statements shall, in addition to the elements described above; a) State that the auditor’s report on the audited financial statements contains a qualified opinion, an Emphasis of Matter paragraph, or an Other Matter paragraph; and b) Describe: i) The basis for the qualified opinion on the audited financial statements, and that qualified opinion; or the Emphasis of Matter or the Other Matter paragraph in the auditor’s report on the audited financial statements; and ii) The effect thereof on the summary financial statements, if any. When the auditor’s report on the audited financial statements contains an adverse opinion or a disclaimer of opinion, the auditor’s report on the summary financial statements shall, in addition to the elements described above; a) State that the auditor’s report on the audited financial statements contains an adverse opinion or disclaimer of opinion; b) Describe the basis for that adverse opinion or disclaimer of opinion; and c) State that, as a result of the adverse opinion or disclaimer of opinion, it is inappropriate to express an opinion on the summary financial statements. Modified opinion on the summary financial statements If the summary financial statements are not consistent, in all material respects, with or are not a fair summary of the audited financial statements, in accordance with the applied criteria, and management does not agree to make the necessary changes, the auditor shall express an adverse opinion on the summary financial statements.
Restriction on distribution or use or alerting readers to the basis of accounting When distribution or use of the auditor’s report on the audited financial statements is restricted, or the auditor’s report on the audited financial statements alerts readers that the audited financial statements are prepared in accordance with a special purpose framework, the auditor shall include a similar restriction or alert in the auditor’s report on the summary financial statements.
Comparatives If the audited financial statements contain comparatives, but the summary financial statements do not, the auditor shall determine whether such omission is reasonable in the circumstances of the engagement. If the summary financial statements contain comparatives that were reported on by another auditor, the auditor’s report on the summary financial statements shall also contain the matters that ISA 710) requires the auditor to include in the auditor’s report on the audited financial statements.
105
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Unaudited supplementary information presented with summary financial statements The auditor shall evaluate whether any unaudited supplementary information presented with the summary financial statements is clearly differentiated from the summary financial statements. If the auditor concludes that the entity’s presentation of the unaudited supplementary information is not clearly differentiated from the summary financial statements, the auditor shall ask management to change the presentation of the unaudited supplementary information. If management refuses to do so, the auditor shall explain in the auditor’s report on the summary financial statements that such information is not covered by that report.
Other information in documents containing summary financial statements The auditor shall read other information included in a document containing the summary financial statements and related auditor’s report to identify material inconsistencies, if any, with the summary financial statements. If, on reading the other information, the auditor identifies a material inconsistency, the auditor shall determine whether the summary financial statements or the other information needs to be revised. If, on reading the other information, the auditor becomes aware of an apparent material misstatement of fact, the auditor shall discuss the matter with management.
Auditor Association If the auditor becomes aware that the entity plans to state that the auditor has reported on summary financial statements in a document containing the summary financial statements, but does not plan to include the related auditor’s report, the auditor shall request management to include the auditor’s report in the document. If management does not do so, the auditor shall determine and carry out other appropriate actions designed to prevent management from inappropriately associating the auditor with the summary financial statements in that document. The auditor may be engaged to report on the financial statements of an entity, while not engaged to report on the summary financial statements. If, in this case, the auditor becomes aware that the entity plans to make a statement in a document that refers to the auditor and the fact that summary financial statements are derived from the financial statements audited by the auditor, the auditor shall be satisfied that: a) The reference to the auditor is made in the context of the auditor’s report on the audited financial statements; and b) The statement does not give the impression that the auditor has reported on the summary financial statements. If (a) or (b) are not met, the auditor shall request management to change the statement to meet them, or not to refer to the auditor in the document. See Template manager for illustrations.
106
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION ISRE 2400: Engagements to Review Financial Statements
(This Standard is effective. The Appendix contains conforming amendments to the Standard that become effective at a future date)* * ISRE 2410, “Review of Interim Financial Information Performed by the Independent Auditor of the Entity” gave rise to conforming amendments to ISRE 2400. These amendments are effective for reviews of financial statements for periods beginning on or after December 15, 2006. The conforming amendments are set out in the Appendix to this ISRE. Contents Paragraph Introduction 1-2 Objective of a Review Engagement 3 General Principles of a Review Engagement 4-7 Scope of a Review 8 Moderate Assurance 9 Terms of Engagement 10-12 Planning 13-15 Work Performed by Others 16 Documentation 17 Procedures and Evidence 18-22 Conclusions and Reporting 23-28 Appendix 1: Example of an Engagement Letter for a Review of Financial Statements Appendix 2: Illustrative Detailed Procedures That May be Performed in an Engagement to Review Financial Statements Appendix 3: Form of Unqualified Review Report Appendix 4: Examples of Review Reports Other Than Unqualified Appendix 5: Conforming Amendments to ISRE 2400 as a Result of ISRE 2410—Effective for Reviews of Financial Statements for Periods Beginning On or After December 15, 2006 International Standard on Review Engagements (ISRE) 2400, “Engagements to Review Financial Statements” should be read in the context of the “Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services,” which sets out the application and authority of ISREs.
107
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Introduction 1. The purpose of this International Standard on Review Engagements (ISRE) is to establish standards and provide guidance on the auditor’s1 professional responsibilities when an engagement to review financial statements is undertaken and on the form and content of the report that the auditor issues in connection with such a review. 1 The term “auditor” is used throughout the pronouncements of the International Auditing and Assurance Standards Board when describing both audit, review, other assurance and related services that may be performed. Such reference is not intended to imply that a person performing review, other assurance or related services need be the auditor of the entity’s financial statements. 2. This ISRE is directed towards the review of financial statements. However, it is to be applied to the extent practicable to engagements to review financial or other information. Guidance in other ISAs may be useful to the auditor in applying this ISRE.
Objective of a review engagement 3. The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which do not provide all the evidence that would be required in an audit, anything has come to the auditor’s attention that causes the auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an identified financial reporting framework (negative assurance).
General principles of a review engagement 4. The auditor should comply with the Code of Ethics for Professional Accountants issued by the International Federation of Accountants. Ethical principles governing the auditor’s professional responsibilities are: 1. Independence; 2. Integrity; 3. Objectivity; 4. Professional competence and due care; 5. Confidentiality; 6. Professional behavior; and 7. Technical standards. 5. The auditor should conduct a review in accordance with this ISRE. 6. The auditor should plan and perform the review with an attitude of professional skepticism recognizing that circumstances may exist which cause the financial statements to be materially misstated. 7. For the purpose of expressing negative assurance in the review report, the auditor should obtain sufficient appropriate evidence primarily through inquiry and analytical procedures to be able to draw conclusions.
Scope of a Review 8. The term “scope of a review” refers to the review procedures deemed necessary in the circumstances to achieve the objective of the review. The procedures required to conduct a review of financial statements should be determined by the auditor having regard to the requirements of this ISRE, relevant professional bodies, legislation, regulation and, where appropriate, the terms of the review engagement and reporting requirements.
108
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION
Moderate Assurance 9. A review engagement provides a moderate level of assurance that the information subject to review is free of material misstatement; this is expressed in the form of negative assurance.
Terms of Engagement 10. The auditor and the client should agree on the terms of the engagement. The agreed terms would be recorded in an engagement letter or other suitable form such as a contract. 11. An engagement letter will be of assistance in planning the review work. It is in the interests of both the auditor and the client that the auditor sends an engagement letter documenting the key terms of the appointment. An engagement letter confirms the auditor’s acceptance of the appointment and helps avoid misunderstanding regarding such matters as the objectives and scope of the engagement, the extent of the auditor’s responsibilities and the form of reports to be issued. 12. Matters that would be included in the engagement letter include the following: • The objective of the service being performed. • Management’s responsibility for the financial statements. • The scope of the review, including reference to this ISRE (or relevant national standards or practices). • Unrestricted access to whatever records, documentation and other information requested in connection with the review. • A sample of the report expected to be rendered. • The fact that the engagement cannot be relied upon to disclose errors, illegal acts or other irregularities, for example, fraud or defalcations that may exist. • A statement that an audit is not being performed and that an audit opinion will not be expressed. To emphasize this point and to avoid confusion, the auditor may also consider pointing out that a review engagement will not satisfy any statutory or third party requirements for an audit. An example of an engagement letter for a review of financial statements appears in Appendix 1 to this ISRE. Planning 13. The auditor should plan the work so that an effective engagement will be performed. 14. In planning a review of financial statements, the auditor should obtain or update the knowledge of the business including consideration of the entity’s organization, accounting systems, operating characteristics and the nature of its assets, liabilities, revenues and expenses. 15. The auditor needs to possess an understanding of such matters and other matters relevant to the financial statements, for example, knowledge of the entity’s production and distribution methods, product lines, operating locations and related parties. The auditor requires this understanding to be able to make relevant inquiries and to design appropriate procedures, as well as to assess the responses and other information obtained.
Work performed by others 16. When using work performed by another auditor or an expert, the auditor should be satisfied that such work is adequate for the purposes of the review.
109
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Documentation 17. The auditor should document matters which are important in providing evidence to support the review report, and evidence that the review was carried out in accordance with this ISRE.
Procedures and Evidence 18. The auditor should apply judgment in determining the specific nature, timing and extent of review procedures. The auditor will be guided by such matters as the following: • Any knowledge acquired by carrying out audits or reviews of the financial statements for prior periods. • The auditor’s knowledge of the business including knowledge of the accounting principles and practices of the industry in which the entity operates. • The entity’s accounting systems. • The extent to which a particular item is affected by management judgment. • The materiality of transactions and account balances. 19. The auditor should apply the same materiality considerations as would be applied if an audit opinion on the financial statements were being given. Although there is a greater risk that misstatements will not be detected in a review than in an audit, the judgment as to what is material is made by reference to the information on which the auditor is reporting and the needs of those relying on that information, not to the level of assurance provided. 20. Procedures for the review of financial statements will ordinarily include the following: • Obtaining an understanding of the entity’s business and the industry in which it operates. • Inquiries concerning the entity’s accounting principles and practices. • Inquiries concerning the entity’s procedures for recording, classifying and summarizing transactions, accumulating information for disclosure in the financial statements and preparing financial statements. • Inquiries concerning all material assertions in the financial statements. • Analytical procedures designed to identify relationships and individual items that appear unusual. • Such procedures would include: o Comparison of the financial statements with statements for prior periods. o Comparison of the financial statements with anticipated results and financial position. o Study of the relationships of the elements of the financial statements that would be expected to conform to a predictable pattern based on the entity’s experience or industry norm. In applying these procedures, the auditor would consider the types of matters that required accounting adjustments in prior periods. • Inquiries concerning actions taken at meetings of shareholders, the board of directors, committees of the board of directors and other meetings that may affect the financial statements. • Reading the financial statements to consider, on the basis of information coming to the auditor’s attention, whether the financial statements appear to conform with the basis of accounting indicated. • Obtaining reports from other auditors, if any and if considered necessary, who have been engaged to audit or review the financial statements of components of the entity. • Inquiries of persons having responsibility for financial and accounting matters concerning, for example: o Whether all transactions have been recorded. o Whether the financial statements have been prepared in accordance with the basis of accounting indicated. o Changes in the entity’s business activities and accounting principles and practices. o Matters as to which questions have arisen in the course of applying the foregoing procedures. o Obtaining written representations from management when considered appropriate.
110
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION Appendix 2 to this ISRE provides an illustrative list of procedures which are often used. The list is not exhaustive, nor is it intended that all the procedures suggested apply to every review engagement. 21. The auditor should inquire about events subsequent to the date of the financial statements that may require adjustment of or disclosure in the financial statements. The auditor does not have any responsibility to perform procedures to identify events occurring after the date of the review report. 22. If the auditor has reason to believe that the information subject to review may be materially misstated, the auditor should carry out additional or more extensive procedures as are necessary to be able to express negative assurance or to confirm that a modified report is required.
Conclusions and Reporting 23. The review report should contain a clear written expression of negative assurance. The auditor should review and assess the conclusions drawn from the evidence obtained as the basis for the expression of negative assurance. 24. Based on the work performed, the auditor should assess whether any information obtained during the review indicates that the financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with the identified financial reporting framework. 25. The report on a review of financial statements describes the scope of the engagement to enable the reader to understand the nature of the work performed and make it clear that an audit was not performed and, therefore, that an audit opinion is not expressed. 26. The report on a review of financial statements should contain the following basic elements, ordinarily in the following layout: 1. Title;2 2 It may be appropriate to use the term “Independent” in the title to distinguish the auditor’s report from reports that might be issued by others, such as officers of the entity, or from the reports of other auditors who may not have to abide by the same ethical requirements as an independent auditor. 2. Addressee; 3. Opening or introductory paragraph including: 1. Identification of the financial statements on which the review has been performed; and 2. A statement of the responsibility of the entity’s management and the responsibility of the auditor; 4. Scope paragraph, describing the nature of a review, including: 1. A reference to this ISRE applicable to review engagements, or to relevant national standards or practices; 2. A statement that a review is limited primarily to inquiries and analytical procedures; and 3. A statement that an audit has not been performed, that the procedures undertaken provide less assurance than an audit and that an audit opinion is not expressed; 5. Statement of negative assurance; 6. Date of the report; g) Auditor’s address; and h) Auditor’s signature. Appendices 3 and 4 to this ISRE contain illustrations of review reports.
111
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
27. The review report should: 1. State that nothing has come to the auditor’s attention based on the review that causes the auditor to believe the financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with the identified financial reporting framework (negative assurance); or 2. If matters have come to the auditor’s attention, describe those matters that impair a true and fair view (or a fair presentation, in all material respects) in accordance with the identified financial reporting framework, including, unless impracticable, a quantification of the possible effect(s) on the financial statements, and either: 1. Express a qualification of the negative assurance provided; or 2. When the effect of the matter is so material and pervasive to the financial statements that the auditor concludes that a qualification is not adequate to disclose the misleading or incomplete nature of the financial statements, give an adverse statement that the financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with the identified financial reporting framework; or 3. If there has been a material scope limitation, describe the limitation and either: 1. Express a qualification of the negative assurance provided regarding the possible adjustments to the financial statements that might have been determined to be necessary had the limitation not existed; or 2. When the possible effect of the limitation is so significant and pervasive that the auditor concludes that no l evel of assurance can be provided, not provide any assurance. 28. The auditor should date the review report as of the date the review is completed, which includes performing procedures relating to events occurring up to the date of the report. However, since the auditor’s responsibility is to report on the financial statements as prepared and presented by management, the auditor should not date the review report earlier than the date on which the financial statements were approved by management.
Appendix 1
Example of an Engagement Letter for a Review of Financial Statements The following letter is for use as a guide in conjunction with the consideration outlined in paragraph 10 of this ISRE and will need to be varied according to individual requirements and circumstances. To the Board of Directors (or the appropriate representative of senior management): This letter is to confirm our understanding of the terms and objectives of our engagement and the nature and limitations of the services we will provide. We will perform the following services: We will review the balance sheet of ABC Company as of December 31, 19XX, and the related statements of income and cash flows for the year then ended, in accordance with the International Standard on Review Engagements (ISRE) 2400 (or refer to relevant national standards or practices applicable to reviews). We will not perform an audit of such financial statements and, accordingly, we will not express an audit opinion on them. Accordingly, we expect to report on the financial statements as follows: (see Appendix 3 to this ISRE) Responsibility for the financial statements, including adequate disclosure, is that of the management of the company. This includes the maintenance of adequate accounting records and internal controls and the selection and application
112
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION of accounting policies. (As part of our review process, we will request written representations from management concerning assertions made in connection with the review3). 3
This sentence should be used at the discretion of the auditor.
This letter will be effective for future years unless it is terminated, amended or superseded (if applicable). Our engagement cannot be relied upon to disclose whether fraud or errors, or illegal acts exist. However, we will inform you of any material matters that come to our attention. Please sign and return the attached copy of this letter to indicate that it is in accordance with your understanding of the arrangements for our review of the financial statements. XYZ & Co Acknowledged on behalf of ABC Company by (signed) .................... Name and Title Date
Appendix 2
Illustrative Detailed Procedures That May be Performed in an Engagement to Review Financial Statements 1. The inquiry and analytical review procedures carried out in a review of financial statements are determined by the auditor’s judgment. The procedures listed below are for illustrative purposes only. It is not intended that all the procedures suggested apply to every review engagement. This Appendix is not intended to serve as a program or checklist in the conduct of a review.
General
2. Discuss terms and scope of the engagement with the client and the engagement team. 3. Prepare an engagement letter setting forth the terms and scope of the engagement. 4. Obtain an understanding of the entity’s business activities and the system for recording financial information and preparing financial statements.
5. Inquire whether all financial information is recorded: • Completely; • Promptly; and • After the necessary authorization.
6. Obtain the trial balance and determine whether it agrees with the general ledger and the financial statements. 7. Consider the results of previous audits and review engagements, including accounting adjustments required. 8. Inquire whether there have been any significant changes in the entity from the previous year (e.g., changes in ownership or changes in capital structure).
113
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
9. Inquire about the accounting policies and consider whether: • They comply with local or international standards; • They have been applied appropriately; and • They have been applied consistently and, if not, consider whether disclosure has been made of any changes in the accounting policies. 10. Read the minutes of meetings of shareholders, the board of directors and other appropriate committees in order to identify matters that could be important to the review. 11. Inquire if actions taken at shareholder, board of directors or comparable meetings that affect the financial statements have been appropriately reflected therein. 12. Inquire about the existence of transactions with related parties, how such transactions have been accounted for and whether related parties have been properly disclosed. 13. Inquire about contingencies and commitments. 14. Inquire about plans to dispose of major assets or business segments. 15. Obtain the financial statements and discuss them with management. 16. Consider the adequacy of disclosure in the financial statements and their suitability as to classification and presentation. 17. Compare the results shown in the current period financial statements with those shown in financial statements for comparable prior periods and, if available, with budgets and forecasts. 18. Obtain explanations from management for any unusual fluctuations or inconsistencies in the financial statements. 19. Consider the effect of any unadjusted errors - individually and in aggregate. Bring the errors to the attention of management and determine how the unadjusted errors will influence the report on the review. 20. Consider obtaining a representation letter from management.
Cash 21. Obtain the bank reconciliations. Inquire about any old or unusual reconciling items with client personnel. 22. Inquire about transfers between cash accounts for the period before and after the review date. 23. Inquire whether there are any restrictions on cash accounts.
Receivables 24. Inquire about the accounting policies for initially recording trade receivables and determine whether any allowances are given on such transactions. 25. Obtain a schedule of receivables and determine whether the total agrees with the trial balance.
114
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 26. Obtain and consider explanations of significant variations in account balances from previous periods or from those anticipated. 27. Obtain an aged analysis of the trade receivables. Inquire about the reason for unusually large accounts, credit balances on accounts or any other unusual balances and inquire about the collectibility of receivables. 28. Discuss with management the classification of receivables, including noncurrent balances, net credit balances and amounts due from shareholders, directors and other related parties in the financial statements. 29. Inquire about the method for identifying “slow payment” accounts and setting allowances for doubtful accounts and consider it for reasonableness. 30. Inquire whether receivables have been pledged, factored or discounted. 31. Inquire about procedures applied to ensure that a proper cutoff of sales transactions and sales returns has been achieved. 32. Inquire whether accounts represent goods shipped on consignment and, if so, whether adjustments have been made to reverse these transactions and include the goods in inventory. 33. Inquire whether any large credits relating to revenue recorded have been issued after the balance sheet date and whether provision has been made for such amounts.
Inventories 34. Obtain the inventory list and determine whether: • The total agrees with the balance in the trial balance; and • The list is based on a physical count of inventory. 35. Inquire about the method for counting inventory. 36. Where a physical count was not carried out on the balance sheet date, inquire whether: • A perpetual inventory system is used and whether periodic comparisons are made with actual quantities on hand; and • An integrated cost system is used and whether it has produced reliable information in the past. 37. Discuss adjustments made resulting from the last physical inventory count. 38. Inquire about procedures applied to control cutoff and any inventory movements. 39. Inquire about the basis used in valuing each category of the inventory and, in particular, regarding the elimination of inter-branch profits. Inquire whether inventory is valued at the lower of cost and net realizable value. 40. Consider the consistency with which inventory valuation methods have been applied, including factors such as material, labor and overhead. 41. Compare amounts of major inventory categories with those of prior periods and with those anticipated for the current period. Inquire about major fluctuations and differences.
115
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
42. Compare inventory turnover with that in previous periods. 43. Inquire about the method used for identifying slow moving and obsolete inventory and whether such inventory has been accounted for at net realizable value. 44. Inquire whether any of the inventory has been consigned to the entity and, if so, whether adjustments have been made to exclude such goods from inventory. 45. Inquire whether any inventory is pledged, stored at other locations or on consignment to others and consider whether such transactions have been accounted for appropriately.
Investments (including associated companies and marketable securities) 46. Obtain a schedule of the investments at the balance sheet date and determine whether it agrees with the trial balance. 47. Inquire about the accounting policy applied to investments. 48. Inquire from management about the carrying values of investments. Consider whether there are any realization problems. 49. Consider whether there has been proper accounting for gains and losses and investment income. 50. Inquire about the classification of long-term and short-term investments.
Property and Depreciation 51. Obtain a schedule of the property indicating the cost and accumulated depreciation and determine whether it agrees with the trial balance. 52. Inquire about the accounting policy applied regarding the provision for depreciation and distinguishing between capital and maintenance items. Consider whether the property has suffered a material, permanent impairment in value. 53. Discuss with management the additions and deletions to property accounts and accounting for gains and losses on sales or retirements. Inquire whether all such transactions have been accounted for. 54. Inquire about the consistency with which the depreciation method and rates have been applied and compare depreciation provisions with prior years. 55. Inquire whether there are any liens on the property. 56. Discuss whether lease agreements have been properly reflected in the financial statements in conformity with current accounting pronouncements.
Prepaid expenses, intangibles and other assets 57. Obtain schedules identifying the nature of these accounts and discuss with management the recoverability thereof.
116
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 58. Inquire about the basis for recording these accounts and the amortization methods used. 59. Compare balances of related expense accounts with those of prior periods and discuss significant variations with management. 60. Discuss the classification between long-term and short-term accounts with management.
Loans Payable 61. Obtain from management a schedule of loans payable and determine whether the total agrees with the trial balance. 62. Inquire whether there are any loans where management has not complied with the provisions of the loan agreement and, if so, inquire as to management’s actions and whether appropriate adjustments have been made in the financial statements. 63. Consider the reasonableness of interest expense in relation to loan balances. 64. Inquire whether loans payable are secured. 65. Inquire whether loans payable have been classified between noncurrent and current.
Trade Payables 66. Inquire about the accounting policies for initially recording trade payables and whether the entity is entitled to any allowances given on such transactions. 67. Obtain and consider explanations of significant variations in account balances from previous periods or from those anticipated. 68. Obtain a schedule of trade payables and determine whether the total agrees with the trial balance. 69. Inquire whether balances are reconciled with the creditors’ statements and compare with prior period balances. Compare turnover with prior periods. 70. Consider whether there could be material unrecorded liabilities. 71. Inquire whether payables to shareholders, directors and other related parties are separately disclosed.
Accrued and Contingent Liabilities 72. Obtain a schedule of the accrued liabilities and determine whether the total agrees with the trial balance. 73. Compare major balances of related expense accounts with similar accounts for prior periods. 74. Inquire about approvals for such accruals, terms of payment, compliance with terms, collateral and classification. 75. Inquire about the method for determining accrued liabilities.
117
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
76. Inquire as to the nature of amounts included in contingent liabilities and commitments. 77. Inquire whether any actual or contingent liabilities exist which have not been recorded in the accounts. If so, discuss with management whether provisions need to be made in the accounts or whether disclosure should be made in the notes to the financial statements.
Income and other Taxes 78. Inquire from management if there were any events, including disputes with taxation authorities, which could have a significant effect on the taxes payable by the entity. 79. Consider the tax expense in relation to the entity’s income for the period. 80. Inquire from management as to the adequacy of the recorded deferred and current tax liabilities including provisions in respect of prior periods.
Subsequent Events 81. Obtain from management the latest interim financial statements and compare them with the financial statements being reviewed or with those for comparable periods from the preceding year. 82. Inquire about events after the balance sheet date that would have a material effect on the financial statements under review and, in particular, inquire whether: Any substantial commitments or uncertainties have arisen subsequent to the balance sheet date; Any significant changes in the share capital, long-term debt or working capital have occurred up to the date of inquiry; and Any unusual adjustments have been made during the period between the balance sheet date and the date of inquiry. Consider the need for adjustments or disclosure in the financial statements. 83. Obtain and read the minutes of meetings of shareholders, directors and appropriate committees subsequent to the balance sheet date.
Litigation 84. Inquire from management whether the entity is the subject of any legal actions-threatened, pending or in process. Consider the effect thereof on the financial statements.
Equity 85. Obtain and consider a schedule of the transactions in the equity accounts, including new issues, retirements and dividends. 86. Inquire whether there are any restrictions on retained earnings or other equity accounts.
Operations 87. Compare results with those of prior periods and those expected for the current period. Discuss significant variations with management.
118
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 88. Discuss whether the recognition of major sales and expenses have taken place in the appropriate periods. 89. Consider extraordinary and unusual items. 90. Consider and discuss with management the relationship between related items in the revenue account and assess the reasonableness thereof in the context of similar relationships for prior periods and other information available to the auditor.
Appendix 3
Form of unqualified review report REVIEW REPORT TO. We have reviewed the accompanying balance sheet of ABC Company at December 31, 19XX, and the related statements of income and cash flows for the year then ended. These financial statements are the responsibility of the Company’s management. Our responsibility is to issue a report on these financial statements based on our review. We conducted our review in accordance with the International Standard on Review Engagements 2400 (or refer to relevant national standards or practices applicable to review engagements). This Standard requires that we plan and perform the review to obtain moderate assurance as to whether the financial statements are free of material misstatement. A review is limited primarily to inquiries of company personnel and analytical procedures applied to financial data and thus provide less assurance than an audit. We have not performed an audit and, accordingly, we do not express an audit opinion. Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with International Accounting Standards.4 AUDITOR Date Address 4 Or indicate the relevant national accounting standards.
Appendix 4
Examples of Review Reports Other Than Unqualified Qualification for a Departure from International Accounting Standards
Qualification for a departure from international accounting standards REVIEW REPORT TO. We have reviewed the accompanying balance sheet of ABC Company at December 31, 19XX, and the related statements of income and cash flows for the year then ended. These financial statements are the responsibility of the Company’s management. Our responsibility is to issue a report on these financial statements based on our review. We conducted our review in accordance with the International Standard on Review Engagements 2400 (or refer to relevant national standards or practices applicable to review engagements). This Standard requires that we plan and perform the review to obtain moderate assurance as to whether the financial statements are free of material
119
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
misstatement. A review is limited primarily to inquiries of company personnel and analytical procedures applied to financial data and thus provide less assurance than an audit. We have not performed an audit, and, accordingly, we do not express an audit opinion. Management has informed us that inventory has been stated at its cost which is in excess of its net realizable value. Management’s computation, which we have reviewed, shows that inventory, if valued at the lower of cost and net realizable value as required by International Accounting Standards,5 would have been decreased by $X, and net income and shareholders’ equity would have been decreased by $Y. Based on our review, except for the effects of the overstatement of inventory described in the previous paragraph, nothing has come to our attention that causes us to believe that the accompanying financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with International Accounting Standards.5 AUDITOR Date Address 5 See footnote 4.
Adverse report for a departure from international accounting standards REVIEW REPORT TO ... We have reviewed the balance sheet of ABC Company at December 31, 19XX, and the related statements of income and cash flows for the year then ended. These financial statements are the responsibility of the Company’s management. Our responsibility is to issue a report on these financial statements based on our review. We conducted our review in accordance with the International Standard on Review Engagements 2400 (or refer to relevant national standards or practices applicable to review engagements). This Standard requires that we plan and perform the review to obtain moderate assurance as to whether the financial statements are free of material misstatement. A review is limited primarily to inquiries of company personnel and analytical procedures applied to financial data and thus provide less assurance than an audit. We have not performed an audit and, accordingly, we do not express an audit opinion. As noted in footnote X, these financial statements do not reflect the consolidation of the financial statements of subsidiary companies, the investment in which is accounted for on a cost basis. Under International Accounting Standards,6 the financial statements of the subsidiaries are required to be consolidated. Based on our review, because of the pervasive effect on the financial statements of the matter discussed in the preceeding paragraph, the accompanying financial statements do not give a true and fair view (or are not presented fairly, in all material respects) in accordance with International Accounting Standards.6 AUDITOR Date Address 6 See foot note 4.
120
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION
Appendix 5
Conforming amendments to ISRE 2400 as a result of ISRE 2410 - effective for reviews of financial statements for periods beginning on or after December 15, 2006. ISRE 2410, “Review of Interim Financial Information Performed by the Independent Auditor of the Entity” issued in July 2005 gave rise to conforming amendments to ISRE 2400. The conforming amendments to ISRE 2400 are effective for reviews of financial statements for periods beginning on or after December 15, 2006. Once effective, the conforming amendments set out below will be incorporated in the text of ISRE 2400 and this appendix will be deleted. 1.
The purpose of this International Standard on Review Engagements (ISRE) is to establish standards and provide guidance on the auditor’s practitioner’s professional responsibilities when a practitioner, who is not the auditor of an entity, undertakes an engagement to review financial statements is undertaken, and on the form and content of the report that the auditor practitioner issues in connection with such a review. A practitioner, who is the auditor of the entity, engaged to perform a review of interim financial information performs such a review in accordance with ISRE 2410, “Review of Interim Financial Information Performed by the Independent Auditor of the Entity.”
All references to “auditor” in ISRE 2400 will be replaced by the term “practitioner.”
2.0
ISAE 3000: Assurance Engagements other than Audits or Reviews of Historical Financial Information (Effective for assurance reports dated on or after January 1, 2005)
Contents Introduction Ethical Requirements Quality Control Engagement Acceptance and Continuance Agreeing on the Terms of the Engagement Planning and Performing the Engagement Using the Work of an Expert Obtaining Evidence Considering Subsequent Events Documentation Preparing the Assurance Report
Paragraph 1-3 4-5 6 7-9 10-11 12-25 26-32 33-40 41 42-44 45-53
121
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Contents Paragraph Other Reporting Responsibilities 54-56 Effective Date 57 International Standard on Assurance Engagements (ISAE) 3000, “Assurance Engagements Other than Audits or Reviews of Historical Financial Information” should be read in the context of the “Preface to the International Standards on Quality Control, Auditing, Review, Other Assurance and Related Services,” which sets out the application and authority of ISAEs.
Introduction 1. The purpose of this International Standard on Assurance Engagements (ISAE) is to establish basic principles and essential procedures for, and to provide guidance to, professional accountants in public practice (for purposes of this ISAE referred to as “practitioners”) for the performance of assurance engagements other than audits or reviews of historical financial information covered by International Standards on Auditing (ISAs) or International Standards on Review Engagements (ISREs). 2. This ISAE uses the terms “reasonable assurance engagement” and “limited assurance engagement” to distinguish between the two types of assurance engagement a practitioner is permitted to perform. The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement 1 as the basis for a positive form of expression of the practitioner’s conclusion. The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
1
Engagement circumstances include the terms of the engagement, including whether it is a reasonable assurance engagement or a limited assurance engagement, the characteristics of the subject matter, the criteria to be used, the needs of the intended users, relevant characteristics of the responsible party and its environment, and other matters, for example events, transactions, conditions and practices, that may have a significant effect on the engagement.
Relationship with the framework, other ISAEs, ISAs and ISREs 3. The practitioner should comply with this ISAE and other relevant ISAEs when performing an assurance engagement other than an audit or review of historical financial information covered by ISAs or ISREs. This ISAE is to be read in the context of the “International Framework for Assurance Engagements” (the Framework), which defines and describes the elements and objectives of an assurance engagement, and identifies those engagements to which ISAEs apply. This ISAE has been written for general application to assurance engagements other than audits or reviews of historical financial information covered by ISAs or ISREs. Other ISAEs may relate to topics that apply to all subject matters or be subject matter specific. Although ISAs and ISREs do not apply to engagements covered by ISAEs, they may nevertheless provide guidance to practitioners.
Ethical Requirements 4. The practitioner should comply with the requirements of Parts A and B of the IFAC Code of Ethics for Professional Accountants (the Code).
122
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 5. The Code provides a framework of principles that members of assurance teams, firms and network firms use to identify threats to independence,2 evaluate the significance of those threats and, if the threats are other than clearly insignificant, identify and apply safeguards to eliminate the threats or reduce them to an acceptable level, such that independence of mind and independence in appearance are not compromised.
2
If a professional accountant not in public practice, for example an internal auditor, applies ISAEs, and (a) the Framework or ISAEs are referred to in the professional accountant’s report; and (b) the professional accountant or other members of the assurance team and, when applicable, the professional accountant’s employer, are not independent of the entity in respect of which the assurance engagement is being performed, the lack of independence and the nature of the relationship(s) with the assurance client are prominently disclosed in the professional accountant’s report. Also, that report does not include the word “independent” in its title, and the purpose and users of the report are restricted.
Quality Control 6. The practitioner should implement quality control procedures that are applicable to the individual engagement. Under International Standard on Quality Control (ISQC) 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements,”3 a firm of professional accountants has an obligation to establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements, and that the assurance reports issued by the firm or engagement partners are appropriate in the circumstances. In addition, elements of quality control that are relevant to an individual engagement include leadership responsibilities for quality on the engagement, ethical requirements, acceptance and continuance of client relationships and specific engagements, assignment of engagement teams, engagement performance, and monitoring. 3 ISQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements” was issued in February 2004. Systems of quality control in compliance with ISQC 1 are required to be established by June 15, 2005.
Engagement acceptance and Continuance 7. The practitioner should accept (or continue where applicable) an assurance engagement only if the subject matter is the responsibility of a party other than the intended users or the practitioner. As indicated in paragraph 27 of the Framework, the responsible party can be one of the intended users, but not the only one. Acknowledgement by the responsible party provides evidence that the appropriate relationship exists, and also establishes a basis for a common understanding of the responsibility of each party. A written acknowledgement is the most appropriate form of documenting the responsible party’s understanding. In the absence of an acknowledgement of responsibility, the practitioner considers: 1. Whether it is appropriate to accept the engagement. Accepting it may be appropriate when, for example, other sources, such as legislation or a contract, indicate responsibility; and 2. If the engagement is accepted, whether to disclose these circumstances in the assurance report. 8. The practitioner should accept (or continue where applicable) an assurance engagement only if, on the basis of a preliminary knowledge of the engagement circumstances, nothing comes to the attention of the practitioner to indicate that the requirements of the Code or of the ISAEs will not be satisfied. The practitioner considers the matters in paragraph 17 of the Framework and does not accept the engagement unless it exhibits all the characteristics required in that paragraph. Also, if the party engaging the practitioner (the “engaging party”) is not the responsible party, the practitioner considers the effect of this on access to records, documentation and other information the practitioner may require to complete the engagement.
123
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
9. The practitioner should accept (or continue where applicable) an assurance engagement only if the practitioner is satisfied that those persons who are to perform the engagement collectively possess the necessary professional competencies. A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialized skills and knowledge beyond those ordinarily possessed by an individual practitioner (see paragraphs 26-32).
Agreeing on the terms of the engagement 10. The practitioner should agree on the terms of the engagement with the engaging party. To avoid misunderstandings, the agreed terms are recorded in an engagement letter or other suitable form of contract. If the engaging party is not the responsible party, the nature and content of an engagement letter or contract may vary. The existence of a legislative mandate may satisfy the requirement to agree on the terms of the engagement. Even in those situations an engagement letter may be useful for both the practitioner and engaging party. 11. A practitioner should consider the appropriateness of a request, made before the completion of an assurance engagement, to change the engagement to a non-assurance engagement or from a reasonable assurance engagement to a limited assurance engagement, and should not agree to a change without reasonable justification. A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not disregard evidence that was obtained prior to the change.
Planning and Performing the engagement 12. The practitioner should plan the engagement so that it will be performed effectively. Planning involves developing an overall strategy for the scope, emphasis, timing and conduct of the engagement, and an engagement plan, consisting of a detailed approach for the nature, timing and extent of evidence-gathering procedures to be performed and the reasons for selecting them. Adequate planning helps to devote appropriate attention to important areas of the engagement, identify potential problems on a timely basis and properly organize and manage the engagement in order for it to be performed in an effective and efficient manner. Adequate planning also assists the practitioner to properly assign work to engagement team members, and facilitates their direction and supervision and the review of their work. Further, it assists, where applicable, the coordination of work done by other practitioners and experts. The nature and extent of planning activities will vary with the engagement circumstances, for example the size and complexity of the entity and the practitioner’s previous experience with it. Examples of the main matters to be considered include: • The terms of the engagement. • The characteristics of the subject matter and the identified criteria. • The engagement process and possible sources of evidence. • The practitioner understands of the entity and its environment, including the risks that the subject matter information may be materially misstated. • Identification of intended users and their needs, and consideration of materiality and the components of assurance engagement risk. • Personnel and expertise requirements, including the nature and extent of experts’ involvement. 13. Planning is not a discrete phase, but rather a continual and iterative process throughout the engagement. As a result of unexpected events, changes in conditions, or the evidence obtained from the results of evidence-gathering procedures, the practitioner may need to revise the overall strategy and engagement plan, and thereby the resulting planned nature, timing and extent of further procedures.
124
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 14. The practitioner should plan and perform an engagement with an attitude of professional skepticism recognizing that circumstances may exist that cause the subject matter information to be materially misstated. An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. 15. The practitioner should obtain an understanding of the subject matter and other engagement circumstances, sufficient to identify and assess the risks of the subject matter information being materially misstated, and sufficient to design and perform further evidence-gathering procedures. 16. Obtaining an understanding of the subject matter and other engagement circumstances is an essential part of planning and performing an assurance engagement. That understanding provides the practitioner with a frame of reference for exercising professional judgment throughout the engagement, for example when: • Considering the characteristics of the subject matter; • Assessing the suitability of criteria; • Identifying where special consideration may be necessary, for example factors indicative of fraud, and the need for specialized skills or the work of an expert; • Establishing and evaluating the continued appropriateness of quantitative materiality levels (where appropriate), and considering qualitative materiality factors; • Developing expectations for use when performing analytical procedures; • Designing and performing further evidence-gathering procedures to reduce assurance engagement risk to an appropriate level; and • Evaluating evidence, including the reasonableness of the responsible party’s oral and written representations. 17. The practitioner uses professional judgment to determine the extent of the understanding required of the subject matter and other engagement circumstances. The practitioner considers whether the understanding is sufficient to assess the risks that the subject matter information may be materially misstated. The practitioner ordinarily has a lesser depth of understanding than the responsible party.
Assessing the appropriateness of the subject matter 18. The practitioner should assess the appropriateness of the subject matter. An appropriate subject matter has the characteristics listed in paragraph 33 of the Framework. The practitioner also identifies those characteristics of the subject matter that are particularly relevant to the intended users, which are to be described in the assurance report. As indicated in paragraph 17 of the Framework, a practitioner does not accept an assurance engagement unless the practitioner’s preliminary knowledge of the engagement circumstances indicates that the subject matter is appropriate. After accepting the engagement, however, if the practitioner concludes that the subject matter is not appropriate, the practitioner expresses a qualified or adverse conclusion or a disclaimer of conclusion. In some cases the practitioner considers withdrawing from the engagement.
Assessing the suitability of the criteria 19. The practitioner should assess the suitability of the criteria to evaluate or measure the subject matter. Suitable criteria have the characteristics listed in paragraph 36 of the Framework. As indicated in paragraph 17 of the Framework, a practitioner does not accept an assurance engagement unless the practitioner’s preliminary knowledge of the engagement circumstances indicates that the criteria to be used are suitable. After accepting the engagement, however, if the practitioner concludes that the criteria are not suitable, the practitioner expresses a qualified or adverse conclusion or a disclaimer of conclusion. In some cases the practitioner considers withdrawing from the engagement.
125
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
20. Paragraph 37 of the Framework indicates that criteria can either be established or specifically developed. Ordinarily, established criteria are suitable when they are relevant to the needs of the intended users. When established criteria exist for a subject matter, specific users may agree to other criteria for their specific purposes. For example, various frameworks can be used as established criteria for evaluating the effectiveness of internal control. Specific users may, however, develop a more detailed set of criteria that meet their specific needs in relation to, for example, prudential supervision. In such cases, the assurance report: 1. Notes, when it is relevant to the circumstances of the engagement, that the criteria are not embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process; and 2. States that it is only for the use of the specific users and for their purposes. 21. For some subject matters, it is likely that no established criteria exist. In those cases, criteria are specifically developed. The practitioner considers whether specifically developed criteria result in an assurance report that is misleading to the intended users. The practitioner attempts to have the intended users or the engaging party acknowledge that specifically developed criteria are suitable for the intended users’ purposes. The practitioner considers how the absence of such an acknowledgement affects what is to be done to assess the suitability of the identified criteria, and the information provided about the criteria in the assurance report.
Materiality and assurance engagement risk 22. The practitioner should consider materiality and assurance engagement risk when planning and performing an assurance engagement. 23. The practitioner considers materiality when determining the nature, timing and extent of evidence-gathering procedures, and when evaluating whether the subject matter information is free of misstatement. Considering materiality requires the practitioner to understand and assess what factors might influence the decisions of the intended users. For example, when the identified criteria allow for variations in the presentation of the subject matter information, the practitioner considers how the adopted presentation might influence the decisions of the intended users. Materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests of the intended users. The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement are matters for the practitioner’s judgment. 24. The practitioner should reduce assurance engagement risk to an acceptably low level in the circumstances of the engagement. In a reasonable assurance engagement, the practitioner reduces assurance engagement risk to an acceptably low level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of expression of the practitioner’s conclusion. The level of assurance engagement risk is higher in a limited assurance engagement than in a reasonable assurance engagement because of the different nature, timing or extent of evidence-gathering procedures. However, in a limited assurance engagement, the combination of the nature, timing, and extent of evidence-gathering procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative form of expression. To be meaningful, the level of assurance obtained is likely to enhance the intended users’ confidence about the subject matter information to a degree that is clearly more than inconsequential. 25. Paragraph 49 of the Framework indicates that, in general, assurance engagement risk comprises inherent risk, control risk and detection risk. The degree to which the practitioner considers each of these components is affected by the engagement circumstances, in particular the nature of the subject matter and whether a reasonable assurance or a limited assurance engagement is being performed. Using the Work of an Expert
126
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 26. When the work of an expert is used in the collection and evaluation of evidence, the practitioner and the expert should, on a combined basis, possess adequate skill and knowledge regarding the subject matter and the criteria for the practitioner to determine that sufficient appropriate evidence has been obtained. 27. The subject matter and related criteria of some assurance engagements may include aspects requiring specialized knowledge and skills in the collection and evaluation of evidence. In these situations, the practitioner may decide to use the work of persons from other professional disciplines, referred to as experts, who have the required knowledge and skills. This ISAE does not provide guidance with respect to using the work of an expert for engagements where there is joint responsibility and reporting by a practitioner and one or more experts. 28. Due care is a required professional quality for all individuals, including experts, involved in an assurance engagement. Persons involved in assurance engagements will have different responsibilities assigned to them. The extent of proficiency required in performing those engagements will vary with the nature of their responsibilities. While experts do not require the same proficiency as the practitioner in performing all aspects of an assurance engagement, the practitioner determines that the experts have a sufficient understanding of the ISAEs to enable them to relate the work assigned to them to the engagement objective. 29. The practitioner adopts quality control procedures that address the responsibility of each person performing the assurance engagement, including the work of any experts who are not professional accountants, to ensure compliance with this ISAE and other relevant ISAEs in the context of their responsibilities. 30. The practitioner should be involved in the engagement and understand the work for which an expert is used, to an extent that is sufficient to enable the practitioner to accept responsibility for the conclusion on the subject matter information. The practitioner considers the extent to which it is reasonable to use the work of an expert in forming the practitioner’s conclusion. 31. The practitioner is not expected to possess the same specialized knowledge and skills as the expert. The practitioner has however, sufficient skill and knowledge to: 1. Define the objectives of the assigned work and how this work relates to the objective of the engagement; 2. Consider the reasonableness of the assumptions, methods and source data used by the expert; and 3. Consider the reasonableness of the expert’s findings in relation to the engagement circumstances and the practitioner’s conclusion. 32. The practitioner should obtain sufficient appropriate evidence that the expert’s work is adequate for the purposes of the assurance engagement. In assessing the sufficiency and appropriateness of the evidence provided by the expert, the practitioner evaluates: 1. The professional competence, including experience, and objectivity of the expert; 2. The reasonableness of the assumptions, methods and source data used by the expert; and 3. The reasonableness and significance of the expert’s findings in relation to the circumstances of the engagement and the practitioner’s conclusion.
Obtaining Evidence 33. The practitioner should obtain sufficient appropriate evidence on which to base the conclusion. Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of evidence; that is, its relevance and its reliability. The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence-gathering procedure for which there is no alternative. The practitioner uses
127
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
professional judgment and exercises professional skepticism in evaluating the quantity and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report. 34. An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected to be an expert in such authentication. However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance where relevant. 35. Sufficient appropriate evidence in a reasonable assurance engagement is obtained as part of an iterative, systematic engagement process involving: 1. Obtaining an understanding of the subject matter and other engagement circumstances which, depending on the subject matter, includes obtaining an understanding of internal control; 2. Based on that understanding, assessing the risks that the subject matter information may be materially misstated; 3. Responding to assessed risks, including developing overall responses, and determining the nature, timing and extent of further procedures; 4. Performing further procedures clearly linked to the identified risks, using a combination of inspection, observation, confirmation, re-calculation, re-performance, analytical procedures and inquiry. Such further procedures involve substantive procedures, including obtaining corroborating information from sources independent of the entity, and depending on the nature of the subject matter, tests of the operating effectiveness of controls; and 5. Evaluating the sufficiency and appropriateness of evidence. 36. “Reasonable assurance” is less than absolute assurance. Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following: • The use of selective testing. • The inherent limitations of internal control. • The fact that much of the evidence available to the practitioner is persuasive rather than conclusive. • The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence. • In some cases, the characteristics of the subject matter. 37. Both reasonable assurance and limited assurance engagements require the application of assurance skills and techniques and the gathering of sufficient appropriate evidence as part of an iterative, systematic engagement process that includes obtaining an understanding of the subject matter and other engagement circumstances. The nature, timing and extent of procedures for gathering sufficient appropriate evidence in a limited assurance engagement are, however, deliberately limited relative to a reasonable assurance engagement. For some subject matters, there may be specific ISAEs to provide guidance on procedures for gathering sufficient appropriate evidence for a limited assurance engagement. In the absence of a specific ISAE, the procedures for gathering sufficient appropriate evidence will vary with the circumstances of the engagement, in particular: the subject matter, and the needs of the intended users and the engaging party, including relevant time and cost constraints. For both reasonable assurance and limited assurance engagements, if the practitioner becomes aware of a matter that leads the practitioner to question whether a material modification should be made to the subject matter information, the practitioner pursues the matter by performing other procedures sufficient to enable the practitioner to report.
Representations by the responsible party 38. The practitioner should obtain representations from the responsible party, as appropriate. Written confirmation of oral representations reduces the possibility of misunderstandings between the practitioner and the responsible party. In particular, the practitioner requests from the responsible party a written representation that evaluates or
128
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION
measures the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users. Having no written representation may result in a qualified conclusion or a disclaimer of conclusion on the basis of a limitation on the scope of the engagement. The practitioner may also include a restriction on the use of the assurance report.
39. During an assurance engagement, the responsible party may make representations to the practitioner, either unsolicited or in response to specific inquiries. When such representations relate to matters that are material to the subject matter’s evaluation or measurement, the practitioner: 1. Evaluates their reasonableness and consistency with other evidence obtained, including other representations; 2. Considers whether those making the representations can be expected to be well informed on the particular matters; and 3. Obtains corroborative evidence in the case of a reasonable assurance engagement. The practitioner may also seek corroborative evidence in the case of a limited assurance engagement. 40. Representations by the responsible party cannot replace other evidence the practitioner could reasonably expect to be available. An inability to obtain sufficient appropriate evidence regarding a matter that has, or may have, a material effect on the evaluation or measurement of the subject matter, when such evidence would ordinarily be available, constitutes a limitation on the scope of the engagement, even if a representation from the responsible party has been received on the matter.
Considering subsequent events 41. The practitioner should consider the effect on the subject matter information and on the assurance report of events up to the date of the assurance report. The extent of consideration of subsequent events depends on the potential for such events to affect the subject matter information and to affect the appropriateness of the practitioner’s conclusion. Consideration of subsequent events in some assurance engagements may not be relevant because of the nature of the subject matter. For example, when the engagement requires a conclusion about the accuracy of a statistical return at a point in time, events occurring between that point in time and the date of the assurance report, may not affect the conclusion, or require disclosure in the return or the assurance report.
Documentation 42. The practitioner should document matters that are significant in providing evidence that supports the assurance report and that the engagement was performed in accordance with ISAEs. 43. Documentation includes a record of the practitioner’s reasoning on all significant matters that require the exercise of judgment, and related conclusions. The existence of difficult questions of principle or judgment, calls for the documentation to include the relevant facts that were known by the practitioner at the time the conclusion was reached. 44. It is neither necessary nor practical to document every matter the practitioner considers. In applying professional judgment to assessing the extent of documentation to be prepared and retained, the practitioner may consider what is necessary to provide an understanding of the work performed and the basis of the principal decisions taken (but not the detailed aspects of the engagement) to another practitioner who has no previous experience with the engagement. That other practitioner may only be able to obtain an understanding of detailed aspects of the engagement by discussing them with the practitioner who prepared the documentation.
129
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Preparing the assurance report 45. The practitioner should conclude whether sufficient appropriate evidence has been obtained to support the conclusion expressed in the assurance report. In developing the conclusion, the practitioner considers all relevant evidence obtained, regardless of whether it appears to corroborate or to contradict the subject matter information. 46. The assurance report should be in writing and should contain a clear expression of the practitioner’s conclusion about the subject matter information. 47. Oral and other forms of expressing conclusions can be misunderstood without the support of a written report. For this reason, the practitioner does not report orally or by use of symbols without also providing a definitive written assurance report that is readily available whenever the oral report is provided or the symbol is used. For example, a symbol could be hyperlinked to a written assurance report on the Internet. 48. This ISAE does not require a standardized format for reporting on all assurance engagements. Instead it identifies in paragraph 49 the basic elements the assurance report is to include. Assurance reports are tailored to the specific engagement circumstances. The practitioner chooses a “short form” or “long form” style of reporting to facilitate effective communication to the intended users. “Short-form” reports ordinarily include only the basic elements. “Long-form” reports often describe in detail the terms of the engagement, the criteria being used, findings relating to particular aspects of the engagement and, in some cases, recommendations, as well as the basic elements. Any findings and recommendations are clearly separated from the practitioner’s conclusion on the subject matter information, and the wording used in presenting them makes it clear they are not intended to affect the practitioner’s conclusion. The practitioner may use headings, paragraph numbers, typographical devices, for example the bolding of text and other mechanisms to enhance the clarity and readability of the assurance report.
Assurance report content 49. The assurance report should include the following basic elements: 1. A title that clearly indicates the report is an independent assurance report: 4 an appropriate title helps to identify the nature of the assurance report, and to distinguish it from reports issued by others, such as those who do not have to comply with the same ethical requirements as the practitioner. 4 See footnote 2. 2. An addressee: an addressee identifies the party or parties to whom the assurance report is directed. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. 3. An identification and description of the subject matter information and, when appropriate, the subject matter: this includes for example: o The point in time or period of time to which the evaluation or measurement of the subject matter relates; o Where applicable, the name of the entity or component of the entity to which the subject matter relates; and o An explanation of those characteristics of the subject matter or the subject matter information of which the intended users should be aware, and how such characteristics may influence the precision of the evaluation or measurement of the subject matter against the identified criteria, or the persuasiveness of available evidence. For example: The degree to which the subject matter information is qualitative versus quantitative, objective versus subjective, or historical versus prospective. Changes in the subject matter or other engagement circumstances that affect the comparability of the subject matter information from one period to the next.
130
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION
When the practitioner’s conclusion is worded in terms of the responsible party’s assertion, that assertion is appended to the assurance report, reproduced in the assurance report or referenced therein to a source that is available to the intended users.
4. Identification of the criteria: the assurance report identifies the criteria against which the subject matter was evaluated or measured so the intended users can understand the basis for the practitioner’s conclusion. The assurance report may include the criteria, or refer to them if they are contained in an assertion prepared by the responsible party that is available to the intended users or if they are otherwise available from a readily accessible source. The practitioner considers whether it is relevant to the circumstances, to disclose: o The source of the criteria, and whether or not the criteria are embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process, that is, whether they are established criteria in the context of the subject matter (and if they are not, a description of why they are considered suitable); o Measurement methods used when the criteria allow for choice between a number of methods; o Any significant interpretations made in applying the criteria in the engagement circumstances; and o Whether there have been any changes in the measurement methods used. 5. Where appropriate, a description of any significant, inherent limitation associated with the evaluation or measurement of the subject matter against the criteria: while in some cases, inherent limitations can be expected to be well understood by readers of an assurance report, in other cases it may be appropriate to make explicit reference in the assurance report. For example, in an assurance report related to the effectiveness of internal control, it may be appropriate to note that the historic evaluation of effectiveness is not relevant to future periods due to the risk that internal control may become inadequate because of changes in conditions, or that the degree of compliance with policies or procedures may deteriorate. 6. When the criteria used to evaluate or measure the subject matter are available only to specific intended users, or are relevant only to a specific purpose, a statement restricting the use of the assurance report to those intended users or that purpose: in addition, whenever the assurance report is intended only for specific intended users or a specific purpose, the practitioner considers stating this fact in the assurance report.5 This provides a caution to readers that the assurance report is restricted to specific users or for specific purposes. 5
While an assurance report may be restricted whenever it is intended only for specified intended users or for a specific purpose, the absence of a restriction regarding a particular reader or purpose does not itself indicate that a legal responsibility is owed by the practitioner in relation to that reader or for that purpose. Whether a legal responsibility is owed will depend on the legal circumstances of each case and the relevant jurisdiction.
7. A statement to identify the responsible party and to describe the responsible party’s and the practitioner’s responsibilities: this informs the intended users that the responsible party is responsible for the subject matter in the case of a direct reporting engagement, or the subject matter information in the case of an assertion- based engagement,6 and that the practitioner’s role is to independently express a conclusion about the subject matter information.
6
Refer to paragraph 10 of the Framework for an explanation of the distinction between a direct engagement and an assertion-based engagement.
131
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
8. A statement that the engagement was performed in accordance with ISAEs: where there is a subject matter specific ISAE, that ISAE may require that the assurance report refer specifically to it. 9. A summary of the work performed: the summary will help the intended users understand the nature of the assurance conveyed by the assurance report. ISA 700, “The Auditor’s Report on Financial Statements” and ISRE 2400, “Engagements to Review Financial Statements” provide a guide to the appropriate type of summary. Where no specific ISAE provides guidance on evidence-gathering procedures for a particular subject matter, the summary might include a more detailed description of the work performed. Because in a limited assurance engagement an appreciation of the nature, timing, and extent of evidence- gathering procedures performed is essential to understanding the assurance conveyed by a conclusion expressed in the negative form, the summary of the work performed: • Is ordinarily more detailed than for a reasonable assurance engagement and identifies the limitations on the nature, timing, and extent of evidence-gathering procedures. It may be appropriate to indicate procedures that were not performed that would ordinarily be performed in a reasonable assurance engagement; and • States that the evidence-gathering procedures are more limited than for a reasonable assurance engagement, and that therefore less assurance is obtained than in a reasonable assurance engagement. 10.The practitioner’s conclusion: where the subject matter information is made up of a number of aspects, separate conclusions may be provided on each aspect. While not all such conclusions need to relate to the same level of evidence-gathering procedures, each conclusion is expressed in the form that is appropriate to either a reasonable-assurance or a limited assurance engagement. Where appropriate, the conclusion should inform the intended users of the context in which the practitioner’s conclusion is to be read: the practitioner’s conclusion may, for example, include wording such as: “This conclusion has been formed on the basis of, and is subject to the inherent limitations outlined elsewhere in this independent assurance report.” This would be appropriate, for example, when the report includes an explanation of particular characteristics of the subject matter of which the intended users should be aware.
In a reasonable assurance engagement, the conclusion should be expressed in the positive form: for example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria” or “In our opinion the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated.”
In a limited assurance engagement, the conclusion should be expressed in the negative form: for example: “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria” or “Based on our work described in this report, nothing has come to our attention that causes us to believe that the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is not fairly stated.” Where the practitioner expresses a conclusion that is other than unqualified, the assurance report should contain a clear description of all the reasons. (Also see paragraphs 51-53.)
11.The assurance report date: this informs the intended users that the practitioner has considered the effect on the subject matter information and on the assurance report of events that occurred up to that date. 12.The name of the firm or the practitioner, and a specific location, which ordinarily is the city where the practitioner maintains the office that has responsibility for the engagement: this informs the intended users of the individual or firm assuming responsibility for the engagement.
132
NON-AUDIT ASSURANCE ENGAGEMENTS SECTION 50. The practitioner may expand the assurance report to include other information and explanations that are not intended to affect the practitioner’s conclusion. Examples include: details of the qualifications and experience of the practitioner and others involved with the engagement, disclosure of materiality levels, findings relating to particular aspects of the engagement, and recommendations. Whether to include any such information depends on its significance to the needs of the intended users. Additional information is clearly separated from the practitioner’s conclusion and worded in such a manner so as not to affect that conclusion.
Qualified conclusions, adverse conclusions and disclaimers of conclusion 51. The practitioner should not express an unqualified conclusion when the following circumstances exist and, in the practitioner’s judgment, the effect of the matter is or may be material: 1. There is a limitation on the scope of the practitioner’s work, that is, circumstances prevent, or the responsible party or the engaging party imposes a restriction that prevents, the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level. The practitioner should express a qualified conclusion or a disclaimer of conclusion; 2. In those cases where: • The practitioner’s conclusion is worded in terms of the responsible party’s assertion, and that assertion is not fairly stated, in all material respects; or • The practitioner’s conclusion is worded directly in terms of the subject matter and the criteria, and the subject matter information is materially misstated,7 the practitioner should express a qualified or adverse conclusion; or 7
In those direct reporting engagements where the subject matter information is presented only in the practitioner’s conclusion, and the practitioner concludes that the subject matter does not, in all material respects, conform with the criteria, for example: “In our opinion, except for [ ... ], internal control is effective, in all material respects, based on XYZ criteria,” such a conclusion would also be considered to be qualified (or adverse as appropriate).
3. When it is discovered, after the engagement has been accepted, that the criteria are unsuitable or the subject matter is not appropriate for an assurance engagement. The practitioner should express: • A qualified conclusion or adverse conclusion when the unsuitable criteria or inappropriate subject matter is likely to mislead the intended users; or • A qualified conclusion or a disclaimer of conclusion in other cases. 52. The practitioner should express a qualified conclusion when the effect of a matter is not so material or pervasive as to require an adverse conclusion or a disclaimer of conclusion. A qualified conclusion is expressed as being “except for” the effects of the matter to which the qualification relates. 53. In those cases where the practitioner’s unqualified conclusion would be worded in terms of the responsible party’s assertion, and that assertion has identified and properly described that the subject matter information is materially misstated, the practitioner either: • Expresses a qualified or adverse conclusion worded directly in terms of the subject matter and the criteria; or • If specifically required by the terms of the engagement to word the conclusion in terms of the responsible party’s assertion, expresses an unqualified conclusion but emphasizes the matter by specifically referring to it in the assurance report.
133
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Other reporting responsibilities 54. The practitioner should consider other reporting responsibilities, including the appropriateness of communicating relevant matters of governance interest arising from the assurance engagement with those charged with governance. 55. In this ISAE, “governance” describes the role of persons entrusted with the supervision, control and direction of a responsible party. 8 Those charged with governance ordinarily are accountable for ensuring that an entity achieves its objectives and for reporting to interested parties. If the engaging party is different from the responsible party it may not be appropriate to communicate directly with the responsible party or those charged with governance over the responsible party. In many countries, principles of governance have been developed as a point of reference for establishing good governance behavior. Such principles often focus on publicly traded companies; they may however, also serve to improve governance in other forms of entities. There is no single model of good governance. Governance structures and practices vary from country to country.
8
56. In this ISAE, “relevant matters of governance interest” are those that arise from the assurance engagement and, in the practitioner’s opinion, are both important and relevant to those charged with governance. Relevant matters of governance interest include only those matters that have come to the attention of the practitioner while performing the assurance engagement. If the terms of the engagement do not specifically require it, the practitioner is not required to design procedures for the specific purpose of identifying matters of governance interest.
Effective date 57. This ISAE is effective for assurance engagements where the assurance report is dated on or after January 1, 2005. Earlier application is permissible.
Public sector perspective This ISAE is applicable to all professional accountants in the public sector who are independent of the entity for which they perform assurance engagements. Where professional accountants in the public sector are not independent of the entity for which they perform an assurance engagement, this ISAE should be applied with particular reference to the guidance in footnotes 2 and 4.
134
I nternational Framework f or A ssurance E ngagements
International Framework for Assurance Engagements (Effective for Assurance Reports Issued on or after January 1, 2005)
CONTENTS Introduction Definition and Objective of an Assurance Engagement Scope of the Framework Engagement Acceptance Elements of an Assurance Engagement Inappropriate Use of the Practitioner’s Name
Paragraph 1–6 7–11 12–16 7–19 20–60 61
INTERNATIONAL FRAMEWORK FOR ASSURANCE ENGAGEMENTS FRAMEWORK 4 Introduction 1. This Framework defines and describes the elements and objectives of an assurance engagement, and identifies engagements to which International Standards on Auditing (ISAs), International Standards on Review Engagements (ISREs) and International Standards on Assurance Engagements (ISAEs) apply. It provides a frame of reference for: a) Professional accountants in public practice (“practitioners”) when performing assurance engagements. Professional accountants in the public sector refer to the Public Sector Perspective at the end of the Framework. Professional accountants who are neither in public practice nor in the public sector are encouraged to consider the Framework when performing assurance engagements b) Others involved with assurance engagements, including the intended users of an assurance report and the responsible party; and c) The International Auditing and Assurance Standards Board (IAASB) in its development of ISAs, ISREs and ISAEs. 2. This Framework does not itself establish standards or provide procedural requirements for the performance of assurance engagements. ISAs, ISREs and ISAEs contain basic principles, essential procedures and related guidance,
135
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
consistent with the concepts in this Framework, for the performance of assurance engagements. The relationship between the Framework and the ISAs, ISREs and ISAEs is illustrated in the “Structure of Pronouncements Issued by the IAASB” section of the Handbook of International Auditing, Assurance, and Ethics Pronouncements. 3. The following is an overview of this Framework: • Introduction: This Framework deals with assurance engagements performed by practitioners. It provides a frame of reference for practitioners and others involved with assurance engagements, such as those engaging a practitioner (the “engaging party”). • Definition and objective of an assurance engagement: This section defines assurance engagements and identifies the objectives of the two types of assurance engagement a practitioner is permitted to perform. 1 If a professional accountant not in public practice, for example an internal auditor, applies this Framework, and a) this Framework, the ISAs, ISREs or the ISAEs are referred to in the professional accountant’s report; and (b) the professional accountant or other members of the assurance team and, when applicable, the professional accountant’s employer, are not independent of the entity in respect of which the assurance engagement is being performed, the lack of independence and the nature of the relationship(s) with the entity are prominently disclosed in the professional accountant’s report. Also, that report does not include the word “independent” in its title, and the purpose and users of the report are restricted. This Framework calls these two types reasonable assurance engagements and limited assurance engagements. • Scope of the Framework: This section distinguishes assurance engagements from other engagements, such as consulting engagements. • Engagement acceptance: This section sets out characteristics that must be exhibited before a practitioner can accept an assurance engagement. • Elements of an assurance engagement: This section identifies and discusses five elements assurance engagements performed by practitioners exhibit: a three party relationship, a subject matter, criteria, evidence and an assurance report. It explains important distinctions between reasonable assurance engagements and limited assurance engagements (also outlined in the Appendix). This section also discusses, for example, the significant variation in the subject matters of assurance engagements, the required characteristics of suitable criteria, the role of risk and materiality in assurance engagements, and how conclusions are expressed in each of the two types of assurance engagement. • Inappropriate use of the practitioner’s name: This section discusses implications of a practitioner’s association with a subject matter.
Ethical principles and quality control standards 4. In addition to this Framework and ISAs, ISREs and ISAEs, practitioners who perform assurance engagements are governed by: a) The IFAC Code of Ethics for Professional Accountants (the Code), which establishes fundamental ethical principles for professional accountants; and b) International Standards on Quality Control (ISQCs), which establish standards and provide guidance on a firm’s system of quality control. 5. Part A of the Code sets out the fundamental ethical principles that all professional accountants are required to observe, including: a) Integrity; b) Objectivity; c) Professional competence and due care;
136
I nternational Framework f or A ssurance E ngagements d) Confidentiality; and e) Professional behavior. 6. Part B of the Code, which applies only to professional accountants in public practice (“practitioners”), includes a conceptual approach to independence that takes into account, for each assurance engagement, threats to independence, accepted safeguards and the public interest. It requires firms and members of assurance teams to identify and evaluate circumstances and relationships that create threats to independence and to take appropriate action to eliminate these threats or to reduce them to an acceptable level by the application of safeguards.
Definition and objective of an assurance engagement 7. “Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. 8. The outcome of the evaluation or measurement of a subject matter is the information that results from applying the criteria to the subject matter. For example: • The recognition, measurement, presentation and disclosure represented in the financial statements (outcome) result from applying a financial reporting framework for recognition, measurement, presentation and disclosure, such as International Financial Reporting Standards, (criteria) to an entity’s financial position, financial performance and cash flows (subject matter). • An assertion about the effectiveness of internal control (outcome) results from applying a framework for evaluating the effectiveness of internal control, such as COSO4 or CoCo, 5 (criteria) to internal control, a process (subject matter).
In the remainder of this Framework, the term “subject matter information” will be used to mean the outcome of the evaluation or measurement of a subject matter. It is the subject matter information about which the practitioner gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report.
9. Subject matter information can fail to be properly expressed in the context of the subject matter and the criteria, and can therefore be misstated, potentially to a material extent. This occurs when the subject matter information does not properly reflect the application of the criteria to the subject matter, for example, when an entity’s financial statements do not give a true and fair view of (or present fairly, in all material respects) its financial position, financial performance and cash flows in accordance with International Financial Reporting Standards, or when an entity’s assertion that its internal control is effective is not fairly stated, in all material respects, based on COSO or CoCo. 10. In some assurance engagements, the evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the intended users. These engagements are called “assertion-based engagements.” In other assurance engagements, the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users. The subject matter information is provided to the intended users in the assurance report. These engagements are called “direct reporting engagements.”
137
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
11. Under this Framework, there are two types of assurance engagement a practitioner is permitted to perform: a reasonable assurance engagement and a limited assurance engagement. The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement6 as the basis for a positive form of expression of the practitioner’s conclusion. The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
Scope of the framework 12. Not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that do not meet the above definition (and therefore are not covered by this Framework) include: • Engagements covered by International Standards for Related Services, such as agreed-upon procedures engagements and compilations of financial or other information. • The preparation of tax returns where no conclusion conveying assurance is expressed. 6
Engagement circumstances include the terms of the engagement, including whether it is a reasonable assurance engagement or a limited assurance engagement, the characteristics of the subject matter, the criteria to be used, the needs of the intended users, relevant characteristics of the responsible party and its environment, and other matters, for example events, transactions, conditions and practices, that may have a significant effect on the engagement.
13. An assurance engagement may be part of a larger engagement, for example, when a business acquisition consulting engagement includes a requirement to convey assurance regarding historical or prospective financial information. In such circumstances, this Framework is relevant only to the assurance portion of the engagement. 14. The following engagements, which may meet the definition in paragraph 7, need not be performed in accordance with this Framework: a) Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and b) Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply: i) Those opinions, views or wording are merely incidental to the overall engagement; ii) Any written report issued is expressly restricted for use by only the intended users specified in the report; iii) Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and iv) The engagement is not represented as an assurance engagement in the professional accountant’s report. Reports on Non-Assurance Engagements 15. A practitioner reporting on an engagement that is not an assurance engagement within the scope of this Framework, clearly distinguishes that report from an assurance report. So as not to confuse users, a report that is not an assurance report avoids, for example: • Implying compliance with this Framework, ISAs, ISREs or ISAEs. • Inappropriately using the words “assurance,” “audit” or “review.” 7 Consulting engagements employ a professional accountant’s technical skills, education, observations, experiences, and knowledge of the consulting process. The consulting process is an analytical process that typically involves some combination of activities relating to: objective-setting, fact-finding, definition of problems
138
I nternational Framework f or A ssurance E ngagements
or opportunities, evaluation of alternatives, development of recommendations including actions, communication of results, and sometimes implementation and follow-up. Reports (if issued) are generally written in a narrative (or “long form”) style. Generally the work performed is only for the use and benefit of the client. The nature and scope of work is determined by agreement between the professional accountant and the client. Any service that meets the definition of an assurance engagement is not a consulting engagement but an assurance engagement.
16. The practitioner and the responsible party may agree to apply the principles of this Framework to an engagement when there are no intended users other than the responsible party but where all other requirements of the ISAs, ISREs or ISAEs are met. In such cases, the practitioner’s report includes a statement restricting the use of the report to the responsible party.
Engagement acceptance 17. A practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge of the engagement circumstances indicates that: a) Relevant ethical requirements, such as independence and professional competence will be satisfied; and b) The engagement exhibits all of the following characteristics: i) The subject matter is appropriate; ii) The criteria to be used are suitable and are available to the intended users; iii) The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion; iv) The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited assurance engagement, is to be contained in a written report; and v) The practitioner is satisfied that there is a rational purpose for the engagement. If there is a significant limitation on the scope of the practitioner’s work (see paragraph 55), it may be unlikely that the engagement has a rational purpose. Also, a practitioner may believe the engaging party intends to associate the practitioner’s name with the subject matter in an inappropriate manner (see paragraph 61). Specific ISAs, ISREs or ISAEs may include additional requirements that need to be satisfied prior to accepting an engagement. 18. When a potential engagement cannot be accepted as an assurance engagement because it does not exhibit all the characteristics in the previous paragraph, the engaging party may be able to identify a different engagement that will meet the needs of intended users. For example: a) If the original criteria were not suitable, an assurance engagement may still be performed if: i) The engaging party can identify an aspect of the original subject matter for which those criteria are suitable, and the practitioner could perform an assurance engagement with respect to that aspect as a subject matter in its own right. In such cases, the assurance report makes it clear that it does not relate to the original subject matter in its entirety; or ii) Alternative criteria suitable for the original subject matter can be selected or developed. b) The engaging party may request an engagement that is not an assurance engagement, such as a consulting or an agreed-upon procedures engagement. 19. Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable justification. A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not disregard evidence that was obtained prior to the change.
139
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Elements of an assurance engagement 20. The following elements of an assurance engagement are discussed in this section: a A three party relationship involving a practitioner, a responsible party, and intended users; b) An appropriate subject matter; c) Suitable criteria; d) Sufficient appropriate evidence; and e) A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement.
Three party relationship 21. Assurance engagements involve three separate parties: a practitioner, a responsible party and intended users. 22. The responsible party and the intended users may be from different entities or the same entity. As an example of the latter case, in a two-tier board structure, the supervisory board may seek assurance about information provided by the management board of that entity. The relationship between the responsible party and the intended users needs to be viewed within the context of a specific engagement and may differ from more traditionally defined lines of responsibility. For example, an entity’s senior management (an intended user) may engage a practitioner to perform an assurance engagement on a particular aspect of the entity’s activities that is the immediate responsibility of a lower level of management (the responsible party), but for which senior management is ultimately responsible.
Practitioner 23. The term “practitioner” as used in this Framework is broader than the term “auditor” as used in ISAs and ISREs, which relates only to practitioners performing audit or review engagements with respect to historical financial information. 24. A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialized skills and knowledge beyond those ordinarily possessed by an individual practitioner. As noted in paragraph 17 (a), a practitioner does not accept an engagement if preliminary knowledge of the engagement circumstances indicates that ethical requirements regarding professional competence will not be satisfied. In some cases this requirement can be satisfied by the practitioner using the work of persons from other professional disciplines, referred to as experts. In such cases, the practitioner is satisfied that those persons carrying out the engagement collectively possess the requisite skills and knowledge, and that the practitioner has an adequate level of involvement in the engagement and understanding of the work for which any expert is used.
Responsible party 25. The responsible party is the person (or persons) who: a) In a direct reporting engagement, is responsible for the subject matter; or b) In an assertion-based engagement, is responsible for the subject matter information (the assertion), and may be responsible for the subject matter. An example of when the responsible party is responsible for both the subject matter information and the subject matter, is when an entity engages a practitioner to perform an assurance engagement regarding a report it has prepared about its own sustainability practices. An example of when the responsible party is responsible for the subject matter information but not the subject matter, is when a government organization engages a practitioner to perform an assurance engagement regarding a report about a private company’s sustainability practices that the organization has prepared and is to distribute to intended users. The responsible party may or may not be the party who engages the practitioner (the engaging party).
140
I nternational Framework f or A ssurance E ngagements 26. The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users. In a direct reporting engagement, the practitioner may not be able to obtain such a representation when the engaging party is different from the responsible party.
Intended Users 27. The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report. The responsible party can be one of the intended users, but not the only one. 28. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. The practitioner may not be able to identify all those who will read the assurance report, particularly where there is a large number of people who have access to it. In such cases, particularly where possible readers are likely to have a broad range of interests in the subject matter, intended users may be limited to major stakeholders with significant and common interests. Intended users may be identified in different ways, for example, by agreement between the practitioner and the responsible party or engaging party, or by law. 29. Whenever practical, intended users or their representatives are involved with the practitioner and the responsible party (and the engaging party if different) in determining the requirements of the engagement. Regardless of the involvement of others however, and unlike an agreed-upon procedures engagement (which involves reporting findings based upon the procedures, rather than a conclusion): a) The practitioner is responsible for determining the nature, timing and extent of procedures; and b) The practitioner is required to pursue any matter the practitioner becomes aware of that leads the practitioner to question whether a material modification should be made to the subject matter information. 30. In some cases, intended users (for example, bankers and regulators) impose a requirement on, or request the responsible party (or the engaging party if different) to arrange for, an assurance engagement to be performed for a specific purpose. When engagements are designed for specified intended users or a specific purpose, the practitioner considers including a restriction in the assurance report that limits its use to those users or that purpose.
Subject Matter 31. The subject matter, and subject matter information, of an assurance engagement can take many forms, such as: • Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may be the recognition, measurement, presentation and disclosure represented in financial statements. • Non-financial performance or conditions (for example, performance of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness. • Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document. • Systems and processes (for example, an entity’s internal control or IT system) for which the subject matter information may be an assertion about effectiveness. • Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness. 32. Subject matters have different characteristics, including the degree to which information about them is qualitative versus quantitative, objective versus subjective, historical versus prospective, and relates to a point in time or covers a period. Such characteristics affect the:
141
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
a) Precision with which the subject matter can be evaluated or measured against criteria; and b) The persuasiveness of available evidence. The assurance report notes characteristics of particular relevance to the intended users. 33. An appropriate subject matter is: a) Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and b) Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate.
Criteria 34. Criteria are the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and disclosure. Criteria can be formal, for example in the preparation of financial statements, the criteria may be International Financial Reporting Standards or International Public Sector Accounting Standards; when reporting on internal control, the criteria may be an established internal control framework or individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria may be the applicable law, regulation or contract. Examples of less formal criteria are an internally developed code of conduct or an agreed level of performance (such as the number of times a particular committee is expected to meet in a year). 35. Suitable criteria are required for reasonably consistent evaluation or measurement of a subject matter within the context of professional judgment. Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Suitable criteria are context-sensitive, that is, relevant to the engagement circumstances. Even for the same subject matter there can be different criteria. For example, one responsible party might select the number of customer complaints resolved to the acknowledged satisfaction of the customer for the subject matter of customer satisfaction; another responsible party might select the number of repeat purchases in the three months following the initial purchase. 36. Suitable criteria exhibit the following characteristics: a) Relevance: relevant criteria contribute to conclusions that assist decision-making by the intended users. b) Completeness: criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure. c) Reliability: reliable criteria allow reasonably consistent evaluation or measurement of the subject matter including, where relevant, presentation and disclosure, when used in similar circumstances by similarly qualified practitioners. d) Neutrality: neutral criteria contribute to conclusions that are free from bias. e) Understandability: understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations. The evaluation or measurement of a subject matter on the basis of the practitioner’s own expectations, judgments and individual experience would not constitute suitable criteria. 37. The practitioner assesses the suitability of criteria for a particular engagement by considering whether they reflect the above characteristics. The relative importance of each characteristic to a particular engagement is a matter of judgment. Criteria can either be established or specifically developed.
142
I nternational Framework f or A ssurance E ngagements
Established criteria are those embodied in laws or regulations, or issued by authorized or recognized bodies of experts that follow a transparent due process. Specifically developed criteria are those designed for the purpose of the engagement. Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement.
38. Criteria need to be available to the intended users to allow them to understand how the subject matter has been evaluated or measured. Criteria are made available to the intended users in one or more of the following ways: a) Publicly. b) Through inclusion in a clear manner in the presentation of the subject matter information. c) Through inclusion in a clear manner in the assurance report. d) By general understanding, for example the criterion for measuring time in hours and minutes. Criteria may also be available only to specific intended users, for example the terms of a contract, or criteria issued by an industry association that are available only to those in the industry. When identified criteria are available only to specific intended users, or are relevant only to a specific purpose, use of the assurance report is restricted to those users or for that purpose.
Evidence 39. The practitioner plans and performs an assurance engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material misstatement. The practitioner considers materiality, assurance engagement risk, and the quantity and quality of available evidence when planning and performing the engagement, in particular when determining the nature, timing and extent of evidence- gathering procedures.
Professional skepticism 40. The practitioner plans and performs an assurance engagement with an attitude of professional skepticism recognizing that circumstances may exist that cause the subject matter information to be materially misstated. An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. For example, an attitude of professional skepticism is necessary throughout the engagement process for the practitioner to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing conclusions from observations, and of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and evaluating the results thereof. 41. An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected to be an expert in such authentication. However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies, facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance where relevant.
Sufficiency and appropriateness of evidence 42. Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of evidence; that is, its relevance and its reliability. The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality, the less may be required). Accordingly, the sufficiency and appropriateness of evidence are interrelated. However, merely obtaining more evidence may not compensate for its poor quality.
143
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
43. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of evidence can be made; however, such generalizations are subject to important exceptions. Even when evidence is obtained from sources external to the entity, circumstances may exist that could affect the reliability of the information obtained. For example, evidence obtained from an independent external source may not be reliable if the source is not knowledgeable. While recognizing that exceptions may exist, the following generalizations about the reliability of evidence may be useful: • Evidence is more reliable when it is obtained from independent sources outside the entity. • Evidence that is generated internally is more reliable when the related controls are effective. • Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control). • Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was discussed). • Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles. 44. The practitioner ordinarily obtains more assurance from consistent evidence obtained from different sources or of a different nature than from items of evidence considered individually. In addition, obtaining evidence from different sources or of a different nature may indicate that an individual item of evidence is not reliable. For example, corroborating information obtained from a source independent of the entity may increase the assurance the practitioner obtains from a representation from the responsible party. Conversely, when evidence obtained from one source is inconsistent with that obtained from another, the practitioner determines what additional evidence-gathering procedures are necessary to resolve the inconsistency. 45. In terms of obtaining sufficient appropriate evidence, it is generally more difficult to obtain assurance about subject matter information covering a period than about subject matter information at a point in time. In addition, conclusions provided on processes ordinarily are limited to the period covered by the engagement; the practitioner provides no conclusion about whether the process will continue to function in the specified manner in the future. 46. The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the information obtained. However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence-gathering procedure for which there is no alternative. The practitioner uses professional judgment and exercises professional skepticism in evaluating the quantity and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.
Materiality 47. Materiality is relevant when the practitioner determines the nature, timing and extent of evidence-gathering procedures, and when assessing whether the subject matter information is free of misstatement. When considering materiality, the practitioner understands and assesses what factors might influence the decisions of the intended users. For example, when the identified criteria allow for variations in the presentation of the subject matter information, the practitioner considers how the adopted presentation might influence the decisions of the intended users. Materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests of
144
I nternational Framework f or A ssurance E ngagements the intended users. The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement are matters for the practitioner’s judgment.
Assurance engagement risk 48. Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated.
In a reasonable assurance engagement, the practitioner reduces assurance engagement risk to an acceptably low level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of expression of the practitioner’s conclusion. The level of assurance engagement risk is higher in a limited assurance engagement than in a reasonable assurance engagement because of the different nature, timing or extent of evidence-gathering procedures. However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative form of expression.
To be meaningful, the level of assurance obtained by the practitioner is likely to enhance the intended users’ confidence about the subject matter information to a degree that is clearly more than inconsequential. 49. In general, assurance engagement risk can be represented by the following components, although not all of these components will necessarily be present or significant for all assurance engagements: a) The risk that the subject matter information is materially misstated, which in turn consists of: i) Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls; and ii) Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some control risk will always exist because of the inherent limitations of the design and operation of internal control; and b) Detection risk: the risk that the practitioner will not detect a material misstatement that exists. The degree to which the practitioner considers each of these components is affected by the engagement circumstances, in particular by the nature of the subject matter and whether a reasonable assurance or a limited assurance engagement is being performed.
Nature, timing and extent of evidence - gathering procedures 50. The exact nature, timing and extent of evidence-gathering procedures will vary from one engagement to the next. In theory, infinite variations in evidence gathering procedures are possible. In practice, however, these are difficult to communicate clearly and unambiguously. The practitioner attempts to communicate them clearly and unambiguously and uses the form appropriate to a reasonable assurance engagement or a limited assurance engagement. 51. “Reasonable assurance” is a concept relating to accumulating evidence necessary for the practitioner to conclude in relation to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required in a reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part of an iterative, systematic engagement process involving: a) Obtaining an understanding of the subject matter and other engagement circumstances which, depending on the subject matter, includes obtaining an understanding of internal control; b) Based on that understanding, assessing the risks that the subject matter information may be materially misstated;
145
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
c) Responding to assessed risks, including developing overall responses, and determining the nature, timing and extent of further procedures; d) Performing further procedures clearly linked to the identified risks, using a combination of inspection, observation, confirmation, recalculation, re-performance, analytical procedures and inquiry. Such further procedures involve substantive procedures including, where applicable, obtaining corroborating information from sources independent of the responsible party, and depending on the nature of the subject matter, tests of the operating effectiveness of controls; and e) Evaluating the sufficiency and appropriateness of evidence. 52. “Reasonable assurance” is less than absolute assurance. Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following: • The use of selective testing. • The inherent limitations of internal control. • The fact that much of the evidence available to the practitioner is persuasive rather than conclusive. • The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence. • In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria. 53. Both reasonable assurance and limited assurance engagements require the application of assurance skills and techniques and the gathering of sufficient appropriate evidence as part of an iterative, systematic engagement process that includes obtaining an understanding of the subject matter and other engagement circumstances. The nature, timing and extent of procedures for gathering sufficient appropriate evidence in a limited assurance engagement are, however, deliberately limited relative to a reasonable assurance engagement. For some subject matters, there may be specific pronouncements to provide guidance on procedures for gathering sufficient appropriate evidence for a limited assurance engagement. For example, ISRE 2400,
“Engagements to Review Financial Statements” establishes that sufficient appropriate evidence for reviews of financial statements is obtained primarily through analytical procedures and inquiries. In the absence of a relevant pronouncement, the procedures for gathering sufficient appropriate evidence will vary with the circumstances of the engagement, in particular, the subject matter, and the needs of the intended users and the engaging party, including relevant time and cost constraints. For both reasonable assurance and limited assurance engagements, if the practitioner becomes aware of a matter that leads the practitioner to question whether a material modification should be made to the subject matter information, the practitioner pursues the matter by performing other procedures sufficient to enable the practitioner to report.
Quantity and quality of available evidence 54. The quantity or quality of available evidence is affected by: a) The characteristics of the subject matter and subject matter information. For example, less objective evidence might be expected when information about the subject matter is future oriented rather than historical (see paragraph 32); and b) Circumstances of the engagement other than the characteristics of the subject matter, when evidence that could reasonably be expected to exist is not available because of, for example, the timing of the practitioner’s appointment, an entity’s document retention policy, or a restriction imposed by the responsible party. Ordinarily, available evidence will be persuasive rather than conclusive.
146
I nternational Framework f or A ssurance E ngagements 55. An unqualified conclusion is not appropriate for either type of assurance engagement in the case of a material limitation on the scope of the practitioner’s work, that is, when: a) Circumstances prevent the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level; or b) The responsible party or the engaging party imposes a restriction that prevents the practitioner from obtaining evidence required to reduce assurance engagement risk to the appropriate level.
Assurance report 56. The practitioner provides a written report containing a conclusion that conveys the assurance obtained about the subject matter information. ISAs, ISREs and ISAEs establish basic elements for assurance reports. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so. 57. In an assertion-based engagement, the practitioner’s conclusion can be worded either: a) In terms of the responsible party’s assertion (for example: “In our opinion the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated”); or b) Directly in terms of the subject matter and the criteria (for example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria”). In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of the subject matter and the criteria. 58. In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, for example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria.” This form of expression conveys “reasonable assurance.” Having performed evidence gathering procedures of a nature, timing and extent that were reasonable given the characteristics of the subject matter and other relevant engagement circumstances described in the assurance report, the practitioner has obtained sufficient appropriate evidence to reduce assurance engagement risk to an acceptably low level. 59. In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, for example, “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria.” This form of expression conveys a level of “limited assurance” that is proportional to the level of the practitioner’s evidence-gathering procedures given the characteristics of the subject matter and other engagement circumstances described in the assurance report. 60. A practitioner does not express an unqualified conclusion for either type of assurance engagement when the following circumstances exist and, in the practitioner’s judgment, the effect of the matter is or may be material: a) There is a limitation on the scope of the practitioner’s work (see paragraph 55). The practitioner expresses a qualified conclusion or a disclaimer of conclusion depending on how material or pervasive the limitation is. In some cases the practitioner considers withdrawing from the engagement. b) In those cases where: i) The practitioner’s conclusion is worded in terms of the responsible party’s assertion, and that assertion is not fairly stated, in all material respects; or ii) The practitioner’s conclusion is worded directly in terms of the subject matter and the criteria, and the subject matter information is materially misstated,11 the practitioner expresses a qualified or adverse conclusion depending on how material or pervasive the matter is.
147
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
11 In those direct reporting engagements where the subject matter information is presented only in the practitioner’s conclusion, and the practitioner concludes that the subject matter does not, in all material respects, conform with the criteria, for example: “In our opinion, except for […], internal control is effective, in all material respects, based on XYZ criteria,” such a conclusion would also be considered to be qualified (or adverse as appropriate). c) When it is discovered after the engagement has been accepted, that the criteria are unsuitable or the subject matter is not appropriate for an assurance engagement. The practitioner expresses: i) A qualified conclusion or adverse conclusion depending on how material or pervasive the matter is, when the unsuitable criteria or inappropriate subject matter is likely to mislead the intended users; or ii) A qualified conclusion or a disclaimer of conclusion depending on how material or pervasive the matter is, in other cases. In some cases the practitioner considers withdrawing from the engagement.
Inappropriate use of the practitioner’s name 61. A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or consents to the use of the practitioner’s name in a professional connection with that subject matter. If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner. If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter, the practitioner requires the party to cease doing so. The practitioner also considers what other steps may be needed, such as informing any known third party users of the inappropriate use of the practitioner’s name or seeking legal advice.
Public sector perspective 62. This Framework is relevant to all professional accountants in the public sector who are independent of the entity for which they perform assurance engagements.
148
TA I LO R A B L E P R O C E D U R E S S E C T I O N
TAILORABLE PROCEDURES SECTION 1.0
AREA 1000: Client Acceptance and Continuance Step 1001: Client Assessment Tailorable procedures 1. Does the firm have familiarity threat? 2. Is too much revenue from this client? 3. Are directors of high integrity? 4. Is there information that would inform us of the high risk attached to the client e.g. a major fraud? 5. Have we complied with ethical requirements? 6. Are we competent and have adequate resources to deliver on the engagement? 7. Are there conditions requiring consideration e.g. change in management, business conditions, reputation or integrity? 8. Is it a public interest entity e.g. a listed company, bank, insurance company, stockbroker, pension fund? 9. Are there any specific regulatory requirements to report to authorities e.g. the Central Bank of Rwanda, Rwanda Revenue Authority etc? 10.Identification of key risks facing the business.
Step 1002: Initial meeting with management Tailorable procedures 1. Set an appropriate date for the initial meeting with those charged with governance. Invite key participants i.e. the engagement leader, the engagement manager and the field team leader as well as key client representatives e.g. Chief Financial Officer and/or Managing Director. 2. Send an agenda well in advance of the meeting to all the participants. Specify any requirements for the meeting e.g. the provision of draft financials by the management. (See template manager) 3. Document the minutes of the meeting in a timely manner in accordance with the template.
Step 1003: Letter of Engagement Tailorable procedures: 1. Prepare a letter of engagement (in duplicate) in accordance with the template. Amend as appropriate. 2. Ensure the letter of engagement is reviewed and signed by the engagement leader.
149
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
3. Dispatch the letters to the client management/those charged with governance for signing by the relevant authority. The client will sign both letters, retain one and send one back to the auditor. 4. Scan a copy and file the physical copy appropriately in the audit file.
2.0
AREA 2000: Audit Planning Step 2001: Fraud Assessment Tailorable procedures: 1. Prepare and send a fraud risk questionnaire to the client. (See template manager). The fraud risk questionnaire is attached as an appendix to the engagement letter. 2. Document the responses to the fraud risk questionnaire, and incorporate any fraud matters arising from the initial meeting with the management in the audit comfort matrix. 3. In response to the assessed risk of material misstatement, determine the impact on; a) Assignment and supervision of personnel – consider whether it is necessary to assign additional individuals with specialized skills and knowledge such as IT and forensic experts, or to assign more experienced individuals to the team. b) Unpredictability procedures – incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures to be performed.
Step 2002: Business Analysis Framework Tailorable procedures: Document the following details about the client: • Details of incorporation, physical location • Key client contacts at Board or management level • Organizational chart • Key business of the client • Competitors • Legal environment – laws and regulations affecting the client • Economic environment • Technological factors affecting client business • Accounting systems in use See template manager
Step 2003: Materiality Tailorable Procedures: 1. Obtain the current period draft financial statements. 2. Compute an appropriate level of Overall Materiality using an appropriate benchmark e.g. 5% of profit before tax, 1% of total revenues, 1% of total assets etc. 3. Compute Performance/Planning Materiality in order to reduce the risk to an acceptably low level. Judgment is required and will vary from 50% to 80% of Overall Materiality. 4. Compute specific materiality for individual classes of items/transactions (de minimis/ SUD materiality). This is normally given as 5% of the planning materiality. However, the auditor should exercise judgment. See audit guide ISA 320
150
TA I LO R A B L E P R O C E D U R E S S E C T I O N
Step 2004: Planning Analytics Tailorable procedures: 1. Obtain a copy of the draft financial statements for the year under review. 2. Perform analytical procedures at the financial statement level using the draft financials. Identify significant trends; determine whether they are in line with expectations thus identifying potential risk areas. Use planning materiality as a threshold in determining risk areas i.e. the unexplained variance should not exceed planning materiality. See template manager.
Step 2005: Audit Comfort Matrix Tailorable procedures: 1. Using the information gathered from meeting with management, planning analytics and business analysis framework, document the key risks facing the client, the management responses/controls to address the risk, the financial reporting assertions affected, and the audit approach to be used. (See template manager)
Step 2006: Summary of Comfort Tailorable procedures: 1. Prepare a Summary of Comfort (SoC) for each financial statement area (e.g. sales, cost of sales, receivables, payables, share capital, property, plant and equipment etc) that documents the nature, timing and extent of the audit procedures to be carried out. The SoC is a live document and will have to be continually updated whenever the auditor comes up with new information that has an impact on his audit. See template manager. 2. The engagement leader has to sign-off on the summary of comfort before commencement of audit fieldwork to signify his approval of the audit strategy. See template manager
Step 2007: Resource Requirements/Project Budget Tailorable procedures: Prepare a project budget for the audit, showing the various phases of the audit and the personnel involved. The project budget should help in planning for staff resources and indicates how the timelines will be met. See template manager
Step 2010: Individual Independence Confirmations Tailorable procedures: Prepare independence confirmation letters. See template manager. Independence confirmations must be sent to all engagement personnel and replies must be received before they get involved in the audit. The confirmation replies should be filed appropriately. Document the results in the format below:
Team member Dave Peter John
Date confirmation reply received 22 March 2010 23 March 2010 22 March 2010
File reference no. 2010-1a 2010-1b 2010-1c
Step 2011: Kickoff/Mobilization Meeting Tailorable procedures: 1. Send invitations to all team members who will be involved in the audit. The engagement leader and the engagement manager must be present for the meeting.
151
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
2. Discuss the items on the agenda. The aim of the meeting is to update the team members. The more experienced team members are expected to share their experience. The main focus is on the Audit Comfort Matrix, the Summary of Comfort and the project plan. 3. Agenda (for guidance purposes) • Introductions • Update on the client • Audit approach • Roles and responsibilities • Timelines
3.0
AREA 3000: Internal Controls Review Step 3001: IT General Controls Tailorable procedures: 1. Determine the accounting system in use. 2. Program Development – was the program developed in-house or was it bought from a vendor? If developed in- house, what controls over the development process existed? 3. Program changes – have there been any changes/upgrades to the software? What controls exist over such change processes? 4. Access controls – Are there restrictions on access to the software and related hardware e.g. is the server room secured? Do computers have password controls? Is there an audit trail that shows unauthorized activity? Does IT department lock out on a timely basis staff that leaves the organization, after communication from HR department?
Step 3002: Internal Controls Review 1. Document your understanding about the key controls around the business processes i.e. the frequency of the control, the nature of the control and the key risk that it is designed to mitigate. The following format may be used. AREA KEY RISK CONTROL FREQUENCY IDENTIFIED OF CONTROL Revenues and Fictitious Account opening procedures Weekly
152
NATURE OF CONTROL (preventive or detective) Preventive
receivables
customers Provisioning policy is in place. Monthly Preventive Inadequate Management authorization is required. provisioning
Purchases and payables
Underprovision
Supplier reconciliations
Monthly
Detective
TA I LO R A B L E P R O C E D U R E S S E C T I O N 2. Test the key controls identified above. Conclude on whether the controls are effective and whether reliance can be placed on their operation. Document the tests and results in a table format as shown below: CONTROL Account opening procedures
TEST Pick a sample of 4 new accounts opened in the period. For the sample selected, test for proper authorization by the chief accountant
RESULTS EXCEPTIONS? CONCLUSION Account Authorized None The control is 1 73736 Yes effective. 2 76464 Yes 3 98988 Yes 4 63738 Yes
Provisioning policy
Pick a sample of 4 minutes of Month Authorized None The control is management committee meetings 1 JanuaryYes effective. held during the year. Ensure that 2 March Yes the provisioning was discussed 3 August Yes and approved by the Finance 4 October Yes Director.
Step 3003: Taking Stock Meeting Tailorable procedures: 1. Send an invitation to all team members. 2. Agenda: • Update on controls work. Have any deficiencies been noted in controls? If yes, what is the impact on the previous strategy? Update the Audit Comfort Matrix and the Summary of Comfort. • Agree on the substantive procedures to be carried out. • Review the budget. Are there time overruns or is the team within schedule? 3. Document the minutes of the meeting in a timely manner.
4.0
AREA 4000: Substantive Procedures The substantive procedures illustrated in the following section are illustrative and comprehensive. They are not applicable for all situations. The auditor has to exercise judgment in determining which tests are applicable to the case at hand, and then include the selected tests under the Summary of Comfort (SoC). The tests that are not applicable are to be omitted from the audit file.
Step 4001: Cash and Bank Tailorable procedures 1. Obtain a summary of bank balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions
153
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
2. Perform bank confirmations as set out in the detailed audit plan. Confirmations should be sent under our control. Once received perform the following; a) agree account information and account balance to summary b) investigate all discrepancies reported or questions raised in review and determine whether any adjustments are necessary c) assess impact of special arrangements or restrictions identified and determine whether disclosure is appropriate 3. Test bank reconciliation in order to obtain the desired level of assurance by performing the following: a) test the mathematical accuracy of the reconciliation by re-computation (accuracy) b) trace book balances on the client’s bank reconciliation to the lead summary (accuracy) c) trace bank balances on the client’s bank reconciliation to the bank statement (accuracy) d) test reconciling items on the bank reconciliation by performing the following: i) obtain subsequent month bank statement and supporting documentation ii) trace outstanding cheques listed on the bank reconciliation to the subsequent month’s bank statement and for those not traced, trace to the cash disbursements records for the period prior to the balance sheet date. iii) trace deposits in transit listed on the bank reconciliation to the subsequent month’s bank statement and for those not traced, trace to the cash receipts records for the period prior to the balance sheet date. iv) obtain explanation for large, unusual reconciling items and trace to supporting documentation and/or entries in the cash records, as appropriate v) review the date the above items cleared the bank or were recorded in the client’s books to ensure appropriate recording period. Trace to supporting documentation as necessary (cutoff) vi) investigate items such as, long outstanding cheques, dishonored cheques and significant adjustments in the subsequent month, and record adjustments as necessary e) review client’s bank reconciliation for review and approval by appropriate management and timely completion of reconciliation. 4. Inquire with management regarding cheques drawn before year-end and released after year-end. Consider the lapse of time for the last cheques written in the current year and the date presented to the bank. Consider whether any reversing entries are necessary. 5. Test the translation of cash accounts denominated in foreign currencies by determining that such cash accounts have been translated using the correct rate and that the reporting currency amounts have been correctly adjusted. 6. Test transfers between client’s bank accounts using targeted testing - selecting transactions that are more subject to risk 7. Identify arrangements with related parties 8. Consider disclosure requirements
Step 4002: Receivables 1. Obtain a comparative summary of accounts receivable and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers; and c) Review the summary for any possible omissions. 2. Consider performing, to an extent to achieve the desired level of assurance, substantive analytical procedures for accounts receivable in order to reduce the level of detailed substantive testing. [list procedures specific to audit] 3. Obtain a detailed listing of accounts receivable balances (aged by customer, if possible) and: a) trace totals to the comparative summary of accounts receivable balances and investigate reconciling items;
154
TA I LO R A B L E P R O C E D U R E S S E C T I O N b) test the mathematical accuracy of the listing; and c) scan the listing and investigate significant or unusual items (e.g. large balances and credit balances). d) Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 4. Test sales/accounts receivable cut-off by selecting sales by reviewing the cut-off data at the time of inventory taking and at year-end (if different) and perform the following: a) for selected sales for periods before and after the cut-off date, examine the related records of goods shipped and services performed to determine that the sales invoices are recorded as sales in the proper period; b) determine whether there are unusually high volumes of returned goods after year-end; and c) consider unusual fluctuations in sales or return patterns before and after year-end and, if present, review for possible cut-off errors. 5. Perform confirmation of selected account receivable balances as set out in the detailed audit plan 6. Review bad debt write-offs by performing the following: a) consider the reasonableness of bad debt expense in light of the levels of bad debt write-offs compared with prior years; and b) examine documentation relating to write-offs during the period and determine whether the write-offs were properly authorized. 7. Assess the adequacy of the allowance for doubtful accounts by performing the following procedures: a) obtain from the client a copy of the aged accounts receivable listing and review the overall reasonableness of the aging and investigate unusual trends and conditions that may indicate audit risk requiring further attention; b) determine whether the aged listing of accounts receivable balances is correct by reperforming aging of the client’s list; c) obtain a list of accounts for which an allowance has been established. Review and test the process used by management to develop their estimate of collectability. Consider applying targeted testing on outstanding balances subject to higher risk of non-collection; d) where provisions are made by the use of formulae based on the aged listing, determine by reference to the details in our notes of the client’s procedures whether the basis is: i) consistent with prior years; ii) appropriate in the circumstances; and iii) in accordance with the accounting policy; e) determine the effect, if any, of the client’s policies and experiences regarding the timing of the passage of title, sales returns and allowances where right of return exists, and bill and hold situations; and f) discuss collectability with management and review other documentation supporting collectability as necessary. 8. Test translation of amounts denominated in foreign currencies (Note: The accounts receivable area does not contain steps addressing the completeness audit objective. This audit objective could be tested by performing the following steps, as applicable, in the Sales area: “Test recorded sales,” “Test sales returns” and “Test sales discounts.”)
Step 4003: Payables Tailorable procedures 1. Obtain a comparative summary of accounts payable and: a) test the mathematical accuracy of the summary; b) trace account balances to the general ledger and the previous year’s working papers; and c) review the summary for any possible omissions.
155
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
2. Perform, to an extent to achieve the desired level of assurance, substantive analytical procedures for accounts payable. [list procedures specific to audit] 3. Obtain detailed accounts payable listing (aged by vendor, if possible) and perform the following: a) trace totals from the detailed accounts payable listing to the totals of the summary; b) select reconciling items in order to obtain the desired level of assurance. Trace selected reconciling items to supporting documentation and where there are significant reconciling items, determine whether the results of the investigations have been reviewed and approved by a responsible official; c) test the mathematical accuracy of the detailed accounts payable listing to obtain a high level of assurance that accuracy is achieved; d) scan the detailed listing of accounts payable and investigate significant or unusual items (e.g. debit balances, large balances, old unpaid invoices) or obvious omissions; and e) consider whether there are unrecorded liabilities by using our knowledge of the company and its industry. Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 4. If appropriate, by applying targeted testing or non-statistical sampling, for selected vendor accounts payable balances from the detailed listing obtain supplier’s statement and: i) reconcile the account detail between the supplier’s statement and the accounts payable detail listing; and ii) investigate all reconciling items by inquiring with management and agreeing to supporting documentation (e.g. vendor invoices, receiving reports, cash payments), as necessary. Determine whether adjustments, if any, are necessary. If supplier’s statements are not available, consider performing either one or a combination of both of the following: a) Perform accounts payable confirmation procedures b) Verify accounts payable balances as follows: i) for vendor invoices subsequently paid, trace recorded liabilities on the detailed listing to the disbursement records and check advices for that vendor and verify that the payments relate to the detail account balance by agreeing invoice amounts and numbers; and ii) for vendor invoices not subsequently paid, trace selected recorded liabilities on the detailed listing to supporting documentation (e.g., invoices, receiving reports, purchase orders, suppliers’ statements). 5. Search for unrecorded liabilities. Obtain the desired level of assurance by target testing for both significant value invoices and those subject to higher risk of inclusion or exclusion from the proper period (e.g. closer to year-end) and if further assurance is required from tests of details, perform non-statistical sampling of the remaining untested population. Sample should be selected from all accounts payable sources (i.e. the disbursement records, invoices received and recorded records, goods received not yet invoiced records and credits for returns) for the period after the balance sheet date up to the date of the completion of fieldwork. By reference to supporting documentation, determine whether the item has been properly included as a liability or properly excluded. 6. Test, to an extent based on materiality and inherent risk, the translation of accounts payable balances denominated in foreign currencies by determining that such accounts have been translated using the correct rate and that the reporting currency amounts have been correctly adjusted. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
156
TA I LO R A B L E P R O C E D U R E S S E C T I O N
Step 4004: Revenues Tailorable procedures 1. Obtain a comparative summary of sales account balances and: a) test the mathematical accuracy of the summary; b) trace account balances to the general ledger and the previous year’s working papers; and c) review the summary for any possible omissions. 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for sales. Review management information, if any, and if useful, apply analytical procedures to this information. 3. Consider reviewing/scanning details in sales listings for large / unusual items and analyzing significant suspense accounts, if applicable. 4. Consider selecting items recorded in the sales account to obtain the desired level of assurance by performing the following (Only as applicable): i) ensure that a sales invoice was issued and the sale was accurately posted to the correct customer’s account in the sales ledger; ii) test mathematical accuracy of sales invoices; iii) test the pricing by checking invoice to an authorized price list/catalog or special terms such as discounts and authorization by responsible official; and Select dispatch documentation (e.g., bill of lading) to obtain the desired level of assurance by performing the following: iv) trace dispatch documentation (e.g., bill of lading) to sales invoices and agreeing quantity. v) if dispatch documentation (e.g., bill of lading) are pre-numbered, verify numerical sequence on a test basis. vi) determine whether the delivery terms (FOB shipment or delivery) were correctly applied in the timing of posting the sale. 5. Consider selecting items recorded in the sales returns credit account to obtain the desired level of assurance by performing the following (Only as applicable): i) test mathematical accuracy of sales returns credit invoices; ii) test pricing by checking credit invoice to sales invoice; iii) ensure that the credit invoice was approved by appropriate individual. For selected goods returned documentation, perform the following: iv) trace goods returned documentation to sales returns credit invoices, testing quantity of sales returns with credit invoice, and verifying that the selected invoices have been posted to the general ledger; v) if sales returns credit invoices are pre-numbered, verify numerical sequences on a test basis; and vi) refer to “Test sales/accounts receivable cutoff” step in the accounts receivable audit area in order to determine the applicability of sales returns issued after year end to the prior year. 6. For sales discounts if applicable (select from relevant general ledger accounts): i) determine that the discounts have been authorized by an appropriate person. ii) if the discounts relate to defective goods or services, inspect evidence to verify the facts iii) consider examining credits for discounts and allowances issued after year end for applicability to the preceding year. Consider disclosure requirements including related party transactions Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
157
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Step 4005: Cost of Sales Tailorable Procedures 1. Obtain a comparative summary of Cost of sales account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for cost of goods sold. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 3. Test, to obtain the desired level of assurance by selecting items of costs of sales from the cost of sales in the general ledger and perform the following: a) trace the transfer of item from the inventory Account to the cost of sales account; b) examine evidence of receipt of goods (for example receiving documentation); and c) verify the purchase prices used for the selected items to purchase orders, purchase invoices, price lists or other available evidence. 4. Test, to obtain the desired level of assurance, by selecting items of cost of sales from the cost of sales account in the general ledger, purchase journal, and/or bills of material and perform the following: a) trace the transfer of item from inventory account to the cost of sales account; b) examine evidence of receipt of goods and/or work performed (for example receiving documentation); c) verify the purchase prices used for the direct material component of the selected items to purchase orders, purchase invoices, price lists or other available evidence; d) determine the labor hour content by reference to job sheets, payroll records or other supporting documentation. Ascertain the reasonableness and consistency of estimates of labor content. Compare pay rates used to value labor hours to authorized pay rates or other appropriate supporting documentation (e.g., standard costing information); and e) compare overhead allocated with related supporting documentation (e.g., standard costing information) and check computations. 5. Review reconciliations of opening inventory, quantities purchased or manufactured, quantities sold and closing inventory in order to determine whether, within reasonable limits, all goods purchased have been accounted for. Where differences arise, due to normal causes such as losses in transit or absorption, determine whether they appear reasonable (e.g. by comparison with past experience). Where differences are significant, determine whether they have been investigated and adequate explanations obtained. In addition, examine significant adjustments and determine that any adjustments have been approved by an appropriate person. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure
158
TA I LO R A B L E P R O C E D U R E S S E C T I O N
Step 4006: Accruals and other liabilities Tailorable Procedures 1. Obtain a comparative summary of accruals, provisions, and other liabilities balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Obtain detailed accruals, provisions and other liabilities listing (classified between current and non-current, if possible) and perform the following: a) trace totals from the detail accruals, provisions and other liabilities listing to the totals of the summary. b) select reconciling items, to an extent based on materiality and inherent risk, to achieve the audit objective of accuracy. Trace the selected reconciling items to supporting documentation. c) test, to an extent based on materiality and inherent risk, the mathematical accuracy of the detailed accruals, provisions and other liabilities listing. d) where there are significant reconciling items, determine whether the results of the investigations have been reviewed and approved by a responsible official. e) examine support for any significant adjustments made in accruals, provisions and other liabilities accounts throughout the year. 3. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for accruals, provisions and other liabilities. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 4. Test year-end accruals, provisions and other liabilities by: a) examining, to an extent based on materiality and inherent risk, documentation (i.e. payroll records, check advices for payments subsequently made, agreements, contracts, invoices, and board minutes) that supports year-end balances; b) for estimated balances, perform the following additional procedures: i) discuss with management the method of determining balance; ii) evaluate whether the assumptions used are consistent with each other, the prior year, supporting data, relevant historical data, and industry data; iii) determine whether accounting estimates are in compliance with GAAP; iv) perform recalculation of amounts; v) apply analytical procedures; vi) assess reasonableness of year-end balance; and vii) verify that significant estimates are disclosed in the financial statements. c) update roll-forward information for new agreements (i.e. warranty, bonus plans, employee contracts), including modifications and interpretations thereof. d) For accruals, provisions and other liabilities balances that are regulated (e.g., payroll, sales tax), test to an
159
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
extent based on materiality and inherent risk that the client is in compliance with such regulations by performing the following: i) inspect returns to confirm that they have been properly completed and submitted on time; ii) confirm that payments since the balance sheet date have been made by the due date; iii) discuss and assess the outcome of any recent regulatory inspections; and iv) consider the use of other service lines to assist in review. 5. Test, to an extent based on materiality and inherent risk, completeness by considering knowledge of the client’s business and prior years’ audit results, analyzing relationships of account balances to other related accounts (e.g., payroll, property taxes, commissions, professional fees, fixed assets), considering evidence from other tests (e.g., search for unrecorded liabilities), and considering liabilities arising out of non-compliance with appropriate regulations. 6. Test, to an extent based on materiality and inherent risk, completeness by reviewing significant expenses for goods and services from which accruals, provisions or other liabilities can arise and obtaining explanations for the omission of these items on the accruals, provisions and other liabilities detail listing. 7. Review classification of short-term and long-term for accruals, provisions and other liabilities for appropriate presentation in the financial statements. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4007: Equity and Reserves 1. Obtain capital account analysis and reconcile totals: a) trace account balances to the general ledger and the previous year’s working papers; b) test the mathematical accuracy of the analysis; and c) review the summary for any possible omissions d) examine support for any significant adjustments made in capital accounts throughout the year. 2. Confirm common, preferred and treasury share information: a) confirm detail for each class of shares, including common and preferred shares authorized, issued and outstanding, and reacquired shares, with stock registrars and transfer agents; b) confirm the number of shares authorized and classes of capital stock with the appropriate regulatory body; and c) investigate reported discrepancies by inquiring of the client and examining supporting documentation. 3. For each class of shares, including common and preferred, trace and agree amounts authorized to the articles of incorporation. 4. Test, to an extent based on materiality and inherent risk, the mathematical accuracy of the detailed capital account general ledgers. Scan the detailed capital account general ledgers and investigate significant or unusual entries. 5. Verify, to an extent based on materiality and inherent risk, the recording of purchases and the issuance of common and preferred shares, by performing the following: a) examine documentation (e.g., bank and transfer agent statements, broker’s advices, agreements, minutes of meetings of shareholders, board of directors) that supports the nature and amount of the transaction; b) determine that: i) cash or other consideration has been received or paid; ii) the transaction was recorded at the appropriate amount and in the proper period. Where shares are issued or redeemed at a premium ensure that the difference between the par value of the share and the fair value received has been recorded to an additional share premium/paid-in-capital account ; iii) the fair value for non-cash consideration is appropriate, when applicable; and
160
TA I LO R A B L E P R O C E D U R E S S E C T I O N iv) the transaction was authorized and approved. c) where appropriate, count and inspect reacquired certificates to ensure that certificates have been issued or endorsed to the company. 6. Test, to an extent based on materiality and inherent risk, dividends paid and payable at year-end by performing the following: a) examine documentation (e.g. bank and transfer agent statements, minutes of meetings of shareholders, board of directors, and related committees) that supports the dividend amount and number of stockholders of record; b) test to ensure that the dividends paid and dividends payable at year-end were recorded at the appropriate amount, to the correct accounts, and in the proper period (in the period declared); c) ensure the transactions were authorized and approved. 7. Obtain an analysis of reserve balances and perform the following: a) trace account balances to the general ledger and the previous year’s working papers; b) determine the nature of changes in the reserve balances from the prior year to the current year and examine, to an extent based on materiality and inherent risk, supporting documentation; and c) assess the adequacy of the year-end reserve balances. 8. For clients who maintain their own share register and stock certificate books perform, to an extent based on materiality and inherent risk, the following: a) examine stock certificate books and determine that stubs for shares issued and outstanding have been properly filled out, cancelled certificates are attached to original stubs and are properly cancelled and endorsed, and unissued certificates are intact; (accuracy and existence) b) account for the sequence of stock certificates issued, unissued, surrendered and voided; and (completeness) c) reconcile total shares issued and outstanding with the general ledger; d) reconcile total shares per client’s detailed shareholder listing to total shares issued and outstanding; and e) determine that each class of stock is appropriately reflected in the accounts and is within the amounts authorized. 9. Examine register of pledges, cessions, bonds, directors and officers 10. Ensure that register of interests in contracts is properly kept 11. Review the minutes Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure. Review the terms of articles of incorporation and bylaws, corporate or partnership agreements, prospectuses, underwriting and legal or other agreements (shareholder rights plans, loan agreements, debt indentures) pertaining to capital and other equity accounts. Consider the effect of such documents on the financial statements, including the notes. Determine whether appropriate information for capital related accounts (i.e. earnings per share, capital stock, reacquired shares, redemption requirements, restrictions on payment of dividends or retained earnings) has been obtained for required disclosure in the financial statements. Review corporate agreements and legal documents. Consider the effect of such documents on the financial statements, including the notes.
Step 4008: Contingencies and other Commitments Tailorable Procedures a) Obtain a schedule of all significant contingencies and commitments. The schedule should include corresponding amounts at the previous balance sheet date.
161
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) Test the mathematical accuracy of the schedule. c) Inquire of management regarding matters or situations that may expose the client to possible material loss contingencies and/or commitments. Document for each matter discussed: i) a description of the nature of each possible material contingency or commitment. ii) the asset that may be impaired or the liability that may be incurred. iii) the amount of contingency or commitment in question. iv) the current status of each situation. v) the client’s assessment of the potential outcome of the contingency or commitment. For possible material loss contingencies and commitments revealed in the above steps, obtain evidential matter to further ascertain likelihood of occurrence and amount of loss that can reasonably be estimated to be incurred. 2. Consider other procedures performed during the course of the audit for evidence of conditions that may indicate the existence of a material loss contingency or commitment. The procedures to be considered include: a) read minutes of meetings of stockholders, directors, committees of the board, and management committees for matters such as contracts, litigation, and authorization of fixed asset acquisitions or disposals. b) read contracts and agreements. c) review bank confirmations for items such as guarantees, endorsements, and discounted receivables. d) review analyses of interest expense for payments that may indicate discounted receivables. e) evaluate lawyers’ letters for mention of litigation, claims (in dispute), and assessments. f) review related party transaction analyses for guarantees and other commitments. g) review tax examiner’s reports, notices of assessments, and income tax analyses for additional prior-year amounts. h) inquire of client’s management and employees about any unrecorded liabilities as well as any other unasserted claims. i) inquire of client’s risk consultants and insurance agents and brokers who provide insurance coverage. j) review audit work relating to environmental liabilities for unrecorded contingencies. For possible material loss contingencies and commitments revealed in the above steps, obtain evidential matter to further ascertain likelihood of occurrence and amount of loss that can reasonably be estimated to be incurred. 3. Determine that material loss contingencies and commitments have been properly reflected in the financial statements. Verify the accuracy of the information by comparing it to the information we have audited or audit the information if not previously audited (tailor audit program to add the additional procedures performed). Information that may be considered in determining the adequacy of disclosure may include: a) identification of the existing condition, situation, or set of circumstances that indicated that a loss contingency or commitment exists. b) when the condition or situation creating the loss contingency or commitment occurred. c) identification of the asset that may be impaired or the liability that may be incurred. d) identification of future events that will resolve the uncertainty, including, if known, when resolution is likely to occur. e) determination of the current status of the situation. f) amount of loss that can reasonably be estimated to be incurred. g) amount of future commitment that will be incurred Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
162
TA I LO R A B L E P R O C E D U R E S S E C T I O N
Step 4009: Operating Expenses Tailorable Procedures 1. Obtain a comparative summary of operating expenses account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for operating expenses. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 3. Test, to obtain the desired level of assurance, by selecting items (e.g., entries from cash disbursements journals) and significant journal entries in the operating expenses accounts in the general ledger and perform the following: a) examine evidence of receipt of goods and/or services provided (receipt of goods, documentation of service provided); b) verify the purchase price used for the selected items to available evidence, e.g., cash disbursements documentation, vendor’s invoices, board minutes; and c) verify that expenditure has been classified appropriately. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Specific considerations in not-for-profit organizations. When dealing with projects, the auditor has to consider the impact of organization specific requirements in addition to the requirements of International Standards on Auditing. In normal scenarios, the donor organization has benchmarks for the extent of testing required by the auditor. For example, the donor organization may require that the auditor specifically test 100% of all the expenses or a specific class of expenses (or any other percentage). In such scenarios, the auditor needs to ensure that they perform their audit in accordance with IAS and in addition meet the benchmarks set. The auditor is free to pick a larger sample when performing expenditure verification but cannot go below the benchmarks set.
Various organizations have different benchmarks. The European Union, SIDA, GTZ and USAID all have different benchmarks. It is up to the auditor to clarify if the benchmarks apply to a specific audit engagement and plan for it. The letter of engagement and the auditor’s report has to clearly refer to the specific requirements.
163
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Step 4010: Payroll Tailorable Procedures 1. Obtain a summary of payroll account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 2. Perform, to an extent to achieve the desired level of assurance, substantive analytical procedures for payroll. [list procedures specific to audit] 3. Select payroll detail (e.g., payroll register) for pay periods during the period under audit to obtain the desired level of assurance and perform the following: a) determine that the payroll is approved (normally at the time the total net payroll deposit transfer is approved); b) check the postings of the totals of gross wages/salaries and deductions to the appropriate accounts and the general ledger; c) agree the total of net wages to the bank transfer amount or payroll disbursement; d) test the mathematical accuracy of the payroll register. e) from each of the payrolls selected, select employees to obtain the desired level of assurance and perform the following: i) confirm that the entries are in respect of a genuine employee, by reference (for example) to personnel records. For new employees, inspect evidence that their hiring, job description and pay rates are properly authorized. If deemed appropriate, physically verify existence by locating employee at the client’s place of business; ii) check the calculation of gross pay by reference to authorized records of pay rates and authorized time or piece work records; iii) check the calculation of deductions (e.g., payroll taxes, pension contributions) and verify that the calculations is in accordance with underlying regulations and authorizations. Check that voluntary deductions have been authorized by the employee; iv) review time cards for employee department and job tickets for job assignment and trace through the labor distribution; v) inspect documentation supporting individual payment to employee (e.g., electronic funds transfer advice, returned check); and vi) trace individual payment to appropriate bank statement. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4011: Non operating income Tailorable Procedures 1. Obtain a comparative summary of non-operating income and expense account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for non- operating income and expense.
164
TA I LO R A B L E P R O C E D U R E S S E C T I O N The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 3. Test, to an extent based upon materiality and inherent risk, non-operating income and expense balances by performing the following: a) select amounts recorded in the related general ledger accounts and trace amounts to supporting documentation (e.g., royalty agreements, board minutes, cash receipts and disbursement documentation) (accuracy); and b) obtain sufficient information to test completeness, such as minutes of the board, contracts, royalty- agreements, and verify the total of the non-operating income and expense balances (completeness). Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4012: Finance Costs Tailorable Procedures 1. Obtain a summary of financial income and expense account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for financial income and expenses. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation 3. Test, to an extent based on materiality and inherent risk, the accuracy of amounts included in the financial income and expense balance by: a) for interest income and interest expense: i) recomputing or applying analytical procedures to test the calculation of the interest expense or interest income recorded for the period; and
165
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
ii) tracing to supporting documentation (e.g. debt agreements, bank statements). b) for investment income and dividends: i) recomputing or applying analytical procedures to test the calculation of the interest income and dividends recorded for the period; ii) recomputing the accuracy of discount or premium amortization; and iii) tracing to supporting documentation (e.g. investor statements, board minutes). c) for other financial income and expense amounts: i) tracing to supporting documentation (e.g. board minutes, relevant contracts). 4. Obtain sufficient information to test completeness, for example, debt agreements, bank statements, investment statements, board minutes, derivative contracts, etc. and verify the total of the financial income and expense balances. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4013: Property, Plant and Equipment 1. Obtain a lead sheet of the property, plant and equipment account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Obtain a fixed asset continuity schedule, including balances at the beginning of the period, additions, disposals, transfers, depreciation, and balances at the end of the period and: a) test the mathematical accuracy b) trace account balances to the lead sheet and the previous year’s working papers c) review for any possible omissions 3. Obtain a detailed listing of fixed asset balances and: a) trace the totals to the lead sheet of fixed asset balances b) investigate reconciling items c) examine support for any significant adjustments made throughout the year in reconciling the detailed fixed asset records with the general ledger accounts d) test the mathematical accuracy of the detailed listing e) scan the detailed listing and investigate items which may be repairs and maintenance expense or assets which may no longer be in use Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 4. Obtain the detailed listing of the repairs and maintenance accounts and: a) investigate any significant fluctuations b) examine supporting documentation relating to significant charges to the account and determine whether the charge should be capitalized or expensed 5. Perform the following for fixed asset additions by target testing high value items, together with non-statistical sampling of the remaining balance of additions, if material, and further assurance required a) examine documentation (i.e. invoices, contracts, purchase agreements) that support the addition b) evaluate whether the addition has been properly capitalized according to GAAP and the client’s fixed asset policy c) ensure the addition was recorded at the appropriate amount
166
TA I LO R A B L E P R O C E D U R E S S E C T I O N 6. Perform the following for significant fixed asset disposals a) examine documentation (i.e. bill of sale) that supports the disposal b) test amounts adjusted to the accumulated depreciation accounts c) test amounts charged against or credited to the income statement accounts (loss/gain on disposal) d) verify sales price and examine remittances as appropriate e) test disposals for approval/authorization 7. Perform the following to test the reasonability of the depreciation expense: a) evaluate whether the depreciable life is reasonable b) recompute depreciation expense c) investigate any significant differences from actual depreciation expense d) agree total depreciation expense to the income statement/general ledger 8. Enquire with management and review the fixed asset detail to determine whether any impaired assets exist (inability to recover the carrying value) by testing high value assets or assets susceptible to permanent diminution in value. 9. Test, to an extent based on materiality and inherent risk, lease agreements by performing the following: a) reviewing lease agreements, including operating leases, to determine whether the lease has been appropriately capitalized or expensed in compliance with GAAP 10. Consider disclosure requirements for capitalized leases, test the recording of asset and liability amounts at the net present value of the minimum lease payments. Confirm that all relevant financial statement assertions have been addressed for capitalized leases, reviewing asset lives (not to exceed the life of lease) for reasonableness for operating leases prepare information for note disclosure and ensure consistency with prior year 11.Physically inspect fixed assets by testing from sheet to floor (existence) and vice versa (completeness) 12.Review valuations performed on the fixed assets by applying targeted testing to high value assets re-valued during the year 13.Consider overall disclosure requirements 14.Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4014: Intercompany Balances 1. Obtain a summary of intercompany account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 2. Test intercompany accounts schedule: a) Obtain or update schedules setting out the legal, management and operating structures of the parent and investees, identifying business units which are to be consolidated, those which have to be treated as associates or joint ventures and those which are to be excluded from the parent and investees financial statements. Identify all changes, including dates, in the parent and investees structure including: i) acquisitions of business units; ii) disposals of business units; iii) other changes in group shareholdings; and iv) changes in financial reporting requirements. Verify that the business units are properly included or excluded from the schedule of intercompany balances based upon this review.
167
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
b) Ensure significant adjustments (for example adjustments necessary to ensure compliance with parent/ subsidiary accounting policies): v) are properly reviewed by and authorized by client management; vi) agree to supporting documentation; vii) have been correctly posted; and viii)consider the need for any further adjusting journal entries. c) Determine that intercompany balances (i.e., receivables and payables) cancel out. Follow up any differences and substantiate their disposition. d) If appropriate, test, to an extent based on materiality and inherent risk, the accuracy of the translation of intercompany account balances denominated in foreign currencies by determining that such accounts have been translated using the correct rate and that the reporting currency amounts have been correctly adjusted. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure
Step 4015: Income Tax 1. Obtain an analysis of non-federal income tax accounts, including balances at the beginning of the period, amounts provided during the period, payments made, refunds received, other transfers or adjustments, and balances at the end of the period, and: a) trace account balances to the general ledger and the previous year’s working papers; and b) test the mathematical accuracy of the analysis. 2. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for current and deferred income taxes. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 3. Test, to an extent based on materiality and inherent risk, the current tax provision by performing the following: a) obtain a detailed computation of the current tax provisions and agree amounts to the non-federal current and deferred tax analysis; b) agree income before taxes used in the tax computation to book income before taxes; (accuracy) c) determine that the client has identified all items and transactions that create permanent differences in the current year; (completeness) d) review the nature and amounts of the permanent items for propriety and consistency with the prior year and trace amounts to supporting audit documentation, as appropriate; (accuracy, completeness and existence/ occurrence) e) test the mathematical accuracy of the calculation; and (accuracy) f) assess the adequacy of accruals for current year taxes, considering whether the accrual, where applicable, includes the effect of interest and penalties not paid. (accuracy and completeness) 4. Test, to an extent based on materiality and inherent risk, the statutory to effective tax rate reconciliation by performing the following:
168
TA I LO R A B L E P R O C E D U R E S S E C T I O N a) obtain a reconciliation of the statutory tax rate to the effective tax rate; b) confirm to authoritative source that the statutory rate is appropriate; (accuracy) c) determine that all items and transactions are included in the reconciliation; (completeness) d) review the nature and amounts of significant items included in the reconciliation and agree to supporting audit documentation, as appropriate; and (accuracy and existence/occurrence) e) test the mathematical accuracy of the calculation. (accuracy) 5. Test, to an extent based on materiality and inherent risk, the non-federal deferred income tax asset and liability balances and tax provision by performing the following: a) obtain a schedule of deferred income tax assets and liabilities and deferred income tax provision at year-end and agree amounts to the non-federal current and deferred tax analysis; b) for the deferred income asset and liability balances: i) determine that the client has identified all deferred asset and liabilility balances that are created by book/ tax differences; ii) review the nature and amounts of these book/tax differences for propriety and consistency with the prior year and trace amounts to supporting audit documentation, as appropriate; iii) review the appropriateness of the tax rate used when balance is to reverse and the calculation of the deferred tax provision or credit recorded in the current year. c) verify that the change in the deferred tax asset and liability balances is recorded to the deferred tax provision account. 6. Assess the realizability of deferred income tax assets. Determine whether a provision or valuation allowance is necessary. 7. Compare taxes payable or refundable shown on the tax return filed for the previous year with the general ledger amount recorded for that year. Determine that any necessary accounting adjustments have been made and determine if the cause of such accrual to tax return adjustments have been considered in the current and deferred income tax provisions for the current year. 8. Vouch, to an extent based on materiality and inherent risk, payments made and refunds received in the current year by performing the following: a) obtain a listing of tax payments made or refunds received during the year and agree amounts to the analysis of current and deferred income tax balances; b) examine support (i.e. checks cut or received) for payments made or refunds received; and c) consider whether payments have been made on a timely basis and whether penalties may be assessed. If penalties have been charged for late payments, review the calculation. Determine whether adjustment is necessary. 9. Assess the impact of pending and completed tax authorities examinations, by performing the following: a) for those completed in the current year: i) ascertain the nature of any issues settled and examine reports for their effect on prior and current year’s tax provisions and deferred tax assets and liabilities ii) test payments made or assessments by: agreeing payments to reports received, determining whether calculations are appropriate and determining whether payment, including interest and penalties were recorded properly; iii) determine whether the client has filed amended returns to reflect the effect of tax assessments or payments; and b) for those pending in the current year: i) determine the status of the revenue authorities’ examinations through discussion with the client and review of supporting documentation and correspondence; and ii) assess the impact of exposures from such pending and completed examinations on the company’s accruals for additional taxes.
169
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
10. Determine the adequacy of accruals for tax exposures by considering such information as: the results of the preceding step relating to revenue authorities’ examinations, tax returns for open years not yet examined by taxing authorities for items similar to those adjusted or proposed in revenue agent examination reports, our knowledge of the company, industry and other matters that identify issues that could affect the company’s income tax accruals. Be particularly alert to issues that would cause permanent differences, the related income tax of which would be charge to income tax expense, as opposed to temporary differences that would be charged to deferred income taxes in the balance sheet because it represents a timing difference. Also, determine that the accrual includes the effect of interest and penalties. 11. Review the short-term and long-term classification of current and deferred tax balances and the asset and liability classification of deferred tax balances for appropriate presentation in the financial statements 12. Obtain a schedule of carryover items (i.e. expiration dates, net operating losses, tax credits) and determine that the accounting and disclosure is appropriate. 13.Identify tax arrangements with related parties by performing the following procedures: a) determine whether there are tax sharing arrangements in existence with related parties (parent company and subsidiary, subsidiaries of a common parent, affiliates, enterprise and its principal owners, management, or members of their immediate families) through review of minutes, inquiry with management, etc. and review such agreements; b) determine that the allocation methodology for taxes is in accordance with GAAP; c) determine that the entity’s income taxes have been allocated in accordance with the agreement; and d) ensure that appropriate disclosures have been made. Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4016: Marketable Securities 1. Obtain a comparative summary of marketable investments account balances and: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Obtain a detailed listing of investments, classified between current and noncurrent at the end of the period and segregated into appropriate categories, including: i) specific description and identification and name in which registered; ii) quantity, market value, cost and amortized cost of investments, and accrued income receivable at beginning of period; iii) quantity and cost of investments acquired, including discount and premium, and income earned during the period; iv) quantity and cost of investments disposed of, income received and gain or loss on disposal of investments during the period; v) discount accretion (accrual) and premium amortization during the period. vi) quantity, market value, cost and amortized cost of investments and accrued income receivable at end of period; and vii) classification of investment (e.g., held to maturity, available for sale, or trading). b) Trace the beginning and ending balances to the comparative summary obtained in the program step “Agree comparative summary totals to the general ledger” or to the general ledger and previous year’s working papers.
170
TA I LO R A B L E P R O C E D U R E S S E C T I O N c) Select reconciling items in order to obtain the desired level of assurance. Trace the selected reconciling items to supporting documentation, and determine whether the results of the client’s investigations have been reviewed and approved by a responsible official. d) Examine support for any significant adjustments made throughout the year in reconciling detailed investment records with the account(s) in the general ledger. e) Test, to an extent to obtain the desired degree of assurance, the mathematical accuracy of the detailed listing f) Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 3. Where only limited or no comfort has been obtained from controls, examine, to an extent to obtain the desired level of assurance, documentation (e.g., brokers’ advices, appropriate authorizations) that supports investments acquired and disposed of, including accumulated costs; recompute income recognized during the period; and ascertain that all transactions have been recorded in the proper period. Where significant comfort has been obtained from controls, including controls related to cutoff, review the results of analytical procedures and the results of other tests. If unusual inherent risk conditions exist or where the audit objective of cutoff was not tested or deemed inadequate, perform the cutoff procedures outlined in the above paragraph. 4. Review individual accounts for large or unusual journal entries and examine supporting detail. 5. Recompute, to an extent to obtain the desired level of assurance, discount (purchase price less than face amount of security) or premium (purchase price more than face amount of security) amortization. 6. By re-computation or the application of analytical procedures, test, to an extent to obtain the desired level of assurance, the calculation of accrued income receivable (e.g., interest and dividends) at end of period. Compare subsequent remittances credited to account that support receivable balances, as necessary. 7. Ascertain the completeness of investments, to an extent to achieve the desired level of assurance, by reviewing fluctuations in investment income and other income statement accounts and considering evidence obtained in other tests (e.g., confirmation of amounts with third parties or security counts). 8. Ascertain whether the accounting policies adopted by the entity for investments are in conformity with generally accepted accounting principles. Consider whether the entity should be using principles for marketable investments, investments requiring the cost or equity methods of accounting, or investments requiring the use of other industry accounting practices. If the investment is accounted for using the cost or equity method, consider the steps provided in the audit area “Investments in subsidiaries and affiliates”. 9. Obtain an understanding of the process used by management to classify investments, i.e., held to maturity, available for sale, and trading. Consider the following: a) In evaluating management’s intent related to an investment, examine written and approved records of investment strategies, instructions to portfolio managers, and minutes of meetings of the boards of directors or the investment committee. Also consider the entity’s investment activities to ensure they are consistent with the established policies. b) In evaluating the entity’s ability to hold a debt security to maturity, consider factors such as the entity’s financial position, known working capital requirements, operating results, debt agreements, and other relevant contractual obligations. Consider whether relevant operating and cash flow projections or forecasts or laws and regulations provide indications of an entity’s inability to hold an investment to maturity. c) Evaluate other evidence indicating that the investments are not properly classified, e.g., investments classified as held to maturity have been sold during the year. 10.To an extent based on materiality and inherent risk, review purchases and sales of securities for an appropriate period (e.g., fifteen days) prior to and subsequent to the client’s year end to determine that the client has not “window dressed” its investment position by, for example, entering into agreements with brokers to replace lower
171
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
rated securities with higher rated securities prior to the end of the year and then reversing the transactions subsequent to year end. 11. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for marketable securities. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls; b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). 12. Determine whether appropriate information has been obtained for required disclosure in the financial statements. Verify the accuracy of the information by comparing to the information we have audited or audit the information if not previously audited (tailor audit program to add the additional procedures performed). 13. In order to obtain the desired level of assurance, physically inspect securities held by the company or by other parties (e.g., custodian, issuer, counterparty). Perform the following: a) arrange to count securities; b) establish control over all securities retained by the company, in safety deposit boxes, or at other locations as of the balance sheet date; c) in the presence of the custodian, count or observe counting of the securities and trace quantities and other relevant details to the listing of investments, and obtain the signature of the custodian(s) acknowledging that securities were counted in their presence and returned intact; d) for securities registered in the name of nominees, determine whether copies of trust agreements are attached; e) where the document inspected is of a temporary nature (e.g., a transfer receipt) the final document should be inspected when it becomes available. 14. In order to obtain the desired level of assurance, confirm securities held by custodians. The confirmation should ask if the company has clear title to the securities (i.e., pledged securities). a) When performing confirmation procedures, we should maintain control over the process of i) selecting those to whom a request will be sent ii) the preparation and sending of confirmation requests iii) the responses to those requests. b) Second requests and, where warranted, third requests should be mailed when responses to positive confirmation requests have not been received within a reasonable time. c) When management requests us not to confirm balances, consider whether there are valid grounds for such a request. Before accepting a refusal as justified, examine any available evidence to support management’s explanations. In such cases, alternative procedures should be applied to the accounts receivable not subjected to confirmation. If we do not accept the validity of management’s request and are prevented from carrying out the confirmations, there has been a limitation on the scope of our work and we should consider the possible impact on our audit report. d) For confirmations returned: i) agree account information and account balance to detail listing of investments; ii) reconcile the account detail between the returned confirmation and the detail listing, where applicable;
172
TA I LO R A B L E P R O C E D U R E S S E C T I O N iii) investigate all reconciling items and determine whether any adjustments are necessary. e) Perform alternative audit procedures where no response is received to a positive external confirmation request. The alternative audit procedures should be such as to provide audit evidence about the assertions that the confirmation request was intended to provide. f) Conclude as to whether the results of the external confirmation process, together with the results from any other audit procedures performed, provide sufficient appropriate audit evidence regarding the assertion being audited. g) If we form a conclusion that the confirmation process and alternative audit procedures have not provided sufficient appropriate audit evidence regarding an assertion, we should perform additional audit procedures to obtain sufficient appropriate audit evidence and link our audit work on confirmations to that additional audit evidence 15. When investments are held by a third party custodian, perform the following: a) obtain a copy of the client’s contract with its custodian and consider its key features. Also consider the client’s assessment of the custodian; b) consider any prior year’s experience; c) if we have access to reports by the custodians’ internal auditors, obtain copies of any relevant reports and review them for significant audit implications; d) identify the regulatory requirements to which the custodian is subject (if any), and where reports to regulators are available, obtain a copy; e) perform further controls-related or substantive procedures necessary in response to risk, for example if we have obtained insufficient assurance about the competence, standing and reputation of the custodian; f) obtain independent auditor’s report on the internal control of the custodian, if available and review them for significant audit implications; g) when investments held by a custodian are not segregated and in the name of the client, consider the credit worthiness of the third party. 16. Select, in order to obtain the desired level of assurance, securities held by the issuer for confirmation. When a security is held by the issuer of the security (e.g., bearer bonds, private company securities) confirm title and quantity of the security with issuer. The confirmation should also ask if the company has clear title to the securities (i.e., securities are not pledged). a) When performing confirmation procedures, we should maintain control over the process of i) selecting those to whom a request will be sent ii) the preparation and sending of confirmation requests, and iii) the responses to those requests. b) Second requests and, where warranted, third requests should be mailed when responses to positive confirmation requests have not been received within a reasonable time. c) When management requests us not to confirm balances, consider whether there are valid grounds for such a request. Before accepting a refusal as justified, examine any available evidence to support management’s explanations. In such cases, alternative procedures should be applied to the accounts receivable not subjected to confirmation. If we do not accept the validity of management’s request and are prevented from carrying out the confirmations, there has been a limitation on the scope of our work and we should consider the possible impact on our audit report. d) For confirmations returned: i) agree account information and account balance to detail investments listing; ii) reconcile the account detail between the returned confirmation and the detail listing, where applicable; iii) investigate all reconciling items and determine whether any adjustments are necessary. iv) Summarise confirmation coverage
173
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
e) Perform alternative audit procedures where no response is received to a positive external confirmation request. The alternative audit procedures should be such as to provide audit evidence about the assertions that the confirmation request was intended to provide. f) Conclude as to whether the results of the external confirmation process, together with the results from any other audit procedures performed, provide sufficient appropriate audit evidence regarding the assertion being audited. g) If we form a conclusion that the confirmation process and alternative audit procedures have not provided sufficient appropriate audit evidence regarding an assertion, we should perform additional audit procedures to obtain sufficient appropriate audit evidence and link our audit work on confirmations to that additional audit evidence. 17. In order to obtain the desired level of assurance, confirm unsettled transactions (sales and purchases) with the broker-dealer. Trace the quantities and other relevant details to the listing of investments. a) When performing confirmation procedures, we should maintain control over the process of i) selecting those to whom a request will be sent ii) the preparation and sending of confirmation requests, and iii) the responses to those requests. b) Second requests and, where warranted, third requests should be mailed when responses to positive confirmation requests have not been received within a reasonable time. c) When management requests us not to confirm balances, consider whether there are valid grounds for such a request. Before accepting a refusal as justified, examine any available evidence to support management’s explanations. In such cases, alternative procedures should be applied to the accounts receivable not subjected to confirmation. If we do not accept the validity of management’s request and are prevented from carrying out the confirmations, there has been a limitation on the scope of our work and we should consider the possible impact on our audit report. d) For confirmations returned: i) agree account information and account balance to detail investments listing; ii) reconcile the account detail between the returned confirmation and the detail listing, where applicable; and iii) investigate all reconciling items and determine whether any adjustments are necessary. iv) summarise confirmation coverage e) Perform alternative audit procedures where no response is received to a positive external confirmation request. The alternative audit procedures should be such as to provide audit evidence about the assertions that the confirmation request was intended to provide. f) Conclude as to whether the results of the external confirmation process, together with the results from any other audit procedures performed, provide sufficient appropriate audit evidence regarding the assertion being audited. g) If we form a conclusion that the confirmation process and alternative audit procedures have not provided sufficient appropriate audit evidence regarding an assertion, we should perform additional audit procedures to obtain sufficient appropriate audit evidence and link our audit work on confirmations to that additional audit evidence. 18. When a counterparty is holding a security owned by the client (e.g., securities pledged for a borrowing), in order to obtain the desired level of assurance, confirm title and quantity of the security with the counterparty. The confirmation should also ask if the company has clear title to the securities (i.e., pledged securities). Trace the quantities and other relevant details to the listing of investments. a) When performing confirmation procedures, we should maintain control over the process of i) selecting those to whom a request will be sent
174
TA I LO R A B L E P R O C E D U R E S S E C T I O N ii) the preparation and sending of confirmation requests, and iii) the responses to those requests. b) Second requests and, where warranted, third requests should be mailed when responses to positive confirmation requests have not been received within a reasonable time. c) When management requests us not to confirm balances, consider whether there are valid grounds for such a request. Before accepting a refusal as justified, examine any available evidence to support management’s explanations. In such cases, alternative procedures should be applied to the accounts receivable not subjected to confirmation. If we do not accept the validity of management’s request and are prevented from carrying out the confirmations, there has been a limitation on the scope of our work and we should consider the possible impact on our audit report. d) For confirmations returned: i) agree account information and account balance to detail investments listing; ii) reconcile the account detail between the returned confirmation and the detail listing, where applicable; iii) investigate all reconciling items and determine whether any adjustments are necessary. iv) summarise confirmation coverage e) Perform alternative audit procedures where no response is received to a positive external confirmation request. The alternative audit procedures should be such as to provide audit evidence about the assertions that the confirmation request was intended to provide. f) Conclude as to whether the results of the external confirmation process, together with the results from any other audit procedures performed, provide sufficient appropriate audit evidence regarding the assertion being audited. g) If we form a conclusion that the confirmation process and alternative audit procedures have not provided sufficient appropriate audit evidence regarding an assertion, we should perform additional audit procedures to obtain sufficient appropriate audit evidence and link our audit work on confirmations to that additional audit evidence. 19. If investments are carried at fair value or if fair value is disclosed for investments carried at cost, obtain evidence corroborating the fair value. Test, to an extent based on materiality and inherent risk, the market values included in the detailed listing of investments (obtained in the step “Obtain a detailed listing of investments”) by comparing the market value to other sources. Other sources include: a) market quotations listed on national exchanges or over-the-counter markets from sources such as financial publications or the exchanges; b) for certain other investments, market quotations from broker-dealers who are market makers in those investments; c) if market quotations are not available, estimates of fair value from third-party sources based on proprietary models or from the entity based on internally developed or acquired models. In some situations, consider obtaining fair value estimates from more than one pricing source. In addition, consider the need to use Firm specialists or specialists unrelated to the Firm or the client to verify the client- determined market value of certain investments. If a non-Firm specialist is used, refer to the steps in the audit area “Use of the work of experts.” 20.a) Evaluate management’s conclusions about the existence of an other-than-temporary impairment condition. In evaluating management’s conclusions, obtain evidence about the conditions. Examples of factors that may indicate an other-than-temporary impairment condition are included in the Guidance below. b) If applicable, to an extent based on materiality and inherent risk, test and recalculate the client’s adjustment for other than temporary impairment.
175
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
Step 4017: Inventory 1. Obtain a lead sheet of inventory account balances and: a) test the mathematical accuracy of the summary; b) trace account balances to the general ledger and the previous year’s working papers; c) review the summary for any possible omissions 2. Perform, to an extent to achieve the desired level of assurance, substantive analytical procedures for inventory. 3. Obtain detailed priced inventory listings and perform the following: a) trace totals from the detailed priced inventory listings to the totals of the summary b) trace reconciling items to supporting documentation c) Confirm that evidence about the accuracy and completeness of system-generated reports/data has been obtained when that information is used by us to perform our audit procedures 4. Observe physical inventory. For guidance on test counts and the selection of locations to be visited refer to Audit Guide. a) test the counting of inventory items by selecting items from the inventory tags or sheets and perform an independent count. Perform other counts of inventories and compare the results with those recorded on the inventory tags or sheets by company personnel. Follow up any differences noted in the counts. Record selected items counted for subsequent comparison with priced inventory listings. b) determine that procedures for accounting for all inventory tags and count sheets are followed and that all such tags and sheets have been accounted for, including used and unused tags and sheets, and that they are secured against alteration. Obtain details of records in order to test later for suppression, manipulation, addition or substitution of records after the physical inventory count. c) determine whether slow-moving, obsolete, and damaged items are identified and recorded by the count teams. d) consider the procedures established for determining cut-off , visit the receiving and shipping departments and note the last receiving and shipping document numbers before the count. 5. Review inventory adjustments: a) Review, to obtain the desired level of assurance that accuracy is achieved, adjustments to the general ledger and, if appropriate, the detailed inventory records resulting from the client’s physical inventory b) investigate the reasons for significant adjustments 6. Trace a number of items from either our test count documentation or our copy of the count sheets used during the physical inventory observation to the final inventory listing. Also trace a number of items from the final inventory listing to the count sheets. 7. Test the costing of the detailed priced inventory listings using targeted testing or non-statistical sampling by performing the following: a) obtain and document an understanding of methods and procedures for costing inventory b) perform audit procedures to ensure that the inventory costs are appropriate, e.g., trace unit costs of inventory items to and from suppliers’ invoices c) determine whether the method of inventory pricing is consistent with the prior year d) test the mathematical accuracy of the detailed priced inventory listings; verify the following i) extended cost (that is, cost X quantity) ii) addition of the detailed priced inventory listings e) if appropriate, involve an expert to provide assistance in evaluating the appropriateness of the value assigned
176
TA I LO R A B L E P R O C E D U R E S S E C T I O N 8. Test obsolete, slow-moving, scrapped or damaged inventory a) determine whether slow-moving, obsolete, scrapped or damaged items have been adequately identified b) review the pricing of such inventory and determine whether it is priced in excess of net realizable value using targeted testing or non-statistical sampling as the NRV results of items selected could be projected, if representative of the population of inventory. 9. Evaluate standard costing procedures by: A. Gain understanding of the following information and assess its implications: a) the date and method of the last general updating of standards; b) subsequent changes in the standards; c) review and approval by a responsible official; d) regular investigation of significant variances by a responsible official; e) where standards have been updated, whether inventory is included at standard costs applicable to when it was purchased or manufactured; f) whether inventory valued at standard cost are adjusted for relevant variances during the period when the stocks were purchased or manufactured; g) whether variance records adequately distinguish between variances which should be reflected in the stock valuation and those (such as inefficiencies and abnormalities) which should not B. Test the standard costing of the inventory to obtain the desired level of assurance that the aforementioned audit objectives are achieved by performing the following: a) Evaluate the reasonableness of the standards used; and b) Ensure that the correct standard cost is applied to the relevant inventory item by selecting inventory items from the detailed inventory listing and comparing the cost used with the standard cost for that item. Where significant comfort has been obtained from controls for the audit objective of accuracy, review the results of analytical procedures and the results of other tests in order to test the standard costing of raw material inventory. If deemed appropriate, test the standard costing of the inventory to obtain a low level of assurance that the aforementioned audit objectives are achieved by performing a) and b) above C. Evaluate whether standard costs approximate actual costs. Test the calculation of variances to obtain the desired level of assurance that accuracy is achieved by selecting entries in the variance report. For the items selected, perform the following steps: a) reperform the calculation of variances, including agreeing actual costs to appropriate source documentation; b) determine that the allocation of the variance account between inventory and cost of sales is appropriate; c) where there are significant variances, determine the underlying reasons for them and determine whether appropriate adjustments to the inventory costs have been made; and d) determine if the accounting for the variances has been approved by an appropriate person. 10. To an extent based on materiality and inherent risk, perform the following: a) ascertain from discussion with the client how management determines the amount of provisions required to reduce inventory to net realizable value. b) compare the book value of individual inventory items with expected selling prices at the time of sale less cost of marketing, selling and distribution and determine whether adequate provision has been made for any expected losses. c) where provision are made by the use of formulae, determine by reference to the details recorded on the previous years working papers whether formulae used to calculate provisions are: i) consistent with prior years; ii) appropriate to the circumstances of the business.
177
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
d) consider whether any provisions are required, or whether provisions made are adequate, against inventories due to: i) increased costs of purchases or production (including adjustments of standard cost variances) that have not been fully reflected in the selling prices; ii) falling selling prices; iii) any decisions, as part of the company’s marketing strategy, to manufacture and sell products at a loss; iv) replacement or reproduction prices below cost; v) carrying values of inventory exceed selling prices; vi) obsolete, slow-moving, scrapped or damaged items; and vii) changes in foreign exchange rates Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed
Step 4018: Prepayments 1. Obtain a comparative summary of prepaid expenses account balances and:: a) test the mathematical accuracy of the summary b) trace account balances to the general ledger and the previous year’s working papers c) review the summary for any possible omissions 2. Obtain an understanding of the accounting policies relevant to prepaid expenses and an analysis of those accounts, including: a) description of accounts; b) balances at beginning of period; c) additions; d) amounts expensed or written off during the period e) balances at end of period Trace the beginning and ending balances to the comparative summary obtained in the program step “Agree comparative summary totals to the general ledger” or to the general ledger and previous year’s working papers. Examine support for any significant adjustments made in prepaid expenses accounts throughout the year 3. Test, to an extent based on materiality and inherent risk, the prepaid expenses analysis as follows: a) test the mathematical accuracy; b) identify major items of expenditures from which prepayments can arise and obtain explanations for items omitted from the detail; c) recompute the calculation of balances at end of period; d) compare amounts expensed or written off with income statement accounts. Investigate significant differences; e) examine the documentation (e.g., invoices, authorizations, contracts, agreements) that supports additions; and f) where necessary, consider confirming the details of agreements from which prepaid expenses arise with third parties. Where possible, confirmation should be at the balance sheet date. 4. Perform, to an extent to achieve the desired degree of assurance, substantive analytical procedures for prepaid expenses. Also, consider any information obtained in preliminary analytics. The degree of assurance achieved is dependent on the natural limitations of analytical procedures and the rigour with which we apply the test. Consider using financial benchmarking in steps a) and d) of the analytical procedures. Substantive analytical procedures include the following steps: a) develop an expectation, based on appropriate data (refer to guidance below for examples). Assess reliability of the data, considering the extent of comfort from controls;
178
TA I LO R A B L E P R O C E D U R E S S E C T I O N b) determine the variation amount or % (threshold) to be used in the investigation of differences from expectations; c) compute the differences between recorded amounts and the expectations; and d) investigate variations from expectations by seeking relevant explanations from management and appropriate corroborating evidence (e.g. reviewing ledgers, examining supporting documentation). Consider disclosure requirements Confirm that all relevant financial statement assertions have been addressed for transactions balances and disclosure.
5.0
AREA 5000: Completion Step 5001: Financial Statements Procedure to be performed, guidance and template links
Work completed (and cross references to steps where work is documented), including response to matters arising
Financial statements Examine material journal entries and other adjustments made during the course of preparing the financial statements Confirm that for each significant accounting estimate identified sufficient audit evidence has been obtained. Adopt one or a combination of the following approaches to ensure an accounting estimate is reasonable in the circumstances and appropriately disclosed: • Review and test the processes used by management to develop the estimate); • Use an independent estimate for comparison with that prepared by management (); and/or • Review subsequent events which confirm the estimate made.
Make a final assessment of the reasonableness of the accounting estimate based on knowledge of the business considering whether the accounting estimate is consistent with other evidence obtained during the audit
179
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Procedure to be performed, guidance and template links Record differences, whether adjusted, or expected to be adjusted, or not by the client, during the course of the audit, post to a summary of unadjusted differences and assess against overall materiality • Document discussions with management relating to the unadjusted audit differences, and if applicable the client’s decision not to record the adjustments. • Conclude as to whether unadjusted audit differences, individually or in aggregate, cause the financial statements as a whole to be materially misstated and determine their impact on the audit report. • Where reliance is placed on management information,check reconciliation to financial statements • Agree the financial statements to the underlying accounting records • Test financial statements and support for disclosure by obtaining schedules (prepared in comparative form to ensure the consistency of disclosure) that support financial statements and disclosures and confirm correct disclosure according to IFRS • Complete a relevant Financial Statement Disclosure Checklist or equivalent, tailored to the entity’s circumstances and addressing the relevant auditing, accounting and other issues. Retain the checklist in the audit file, along with detail documentation of all information needed to clarify and support any decisions on critical matters or judgmental areas. • Assess whether accounting policies are consistent with those of the previous period and whether appropriate adjustments and/or disclosures have been made
180
Work completed (and cross references to steps where work is documented), including response to matters arising
TA I LO R A B L E P R O C E D U R E S S E C T I O N Procedure to be performed, guidance and template links
Work completed (and cross references to steps where work is documented), including response to matters arising
Check the financial statements for mathematical accuracy and for consistency, the accuracy of all internal cross-referencing, and agree to the audit work on file • Review the financial statements for spelling and typographical errors • Retain a copy of the schedules and financial statements evidencing these checks on the audit file. • Perform final analytical procedures as an overall review of the financial statements in forming an overall conclusion on the financial statements as a whole • Check the wording of the audit report by determining the appropriate opinion to be rendered, that the wording of the opinion complies with generally accepted auditing standards, checking that the audit report is appropriately dated; and where the audit opinion is to be modified, ensuring that the necessary consultation procedures are followed. Where any supplementary information is presented together with the financial statements that is not covered by the opinion, ensure that the supplementary information is clearly differentiated from the audited financial statements. • Review consistency of other information with the financial statements Letter of representation (ISA 240, 250, 501, 545, 550, 570, 580) • Obtain appropriate written representations from appropriate members of management (using template representation letter), • Consider adding specific representations on matters where sufficient appropriate evidence cannot be reasonably expected to exist • Consider the (i) reliability of management’s representations, (ii) corroborate management’s representations by reviewing supporting evidence where appropriate, and (iii) whether the individuals making the representations can be expected to be well informed on the particular matters.
181
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Step 5002: Other Audit Procedures
Procedure to be performed, guidance and template links
Going concern (ISA 570) Re-evaluate (following initial assessment in planning) whether there is significant doubt about the entity’s ability to continue as a going concern in the foreseeable future.
Compliance with laws and regulations (including fraud risk) (ISA 250)
Identify any possible non-compliance with laws and regulations (and therefore fraud risk) by inquiring of management, inspecting correspondence and considering the results of tests performed in other audit areas. Evaluate the potential impact.
Where management does not provide satisfactory information, consult with the entity’s lawyer/own lawyer and communicate with the senior management, the Audit Committee and the Board of Directors, as appropriate.
Litigation, claims & assessments accruals and disclosures (ISA 501)
Evaluate litigation, claims and assessments accruals and disclosures by obtaining a detailed listing of litigation, claims and assessments from the client and from its outside legal counsel where appropriate and evaluate the completeness of the listing of pending or threatened litigation and unasserted claims.
Perform procedures to ensure the completeness of related parties identified in planning or as otherwise identified (doc-link as appropriate) : Consider examining related party transactions (if applicable) unless already performed.
Consider the timing and completion of audit documentation Confirm that the engagement team performed the specified procedures to comply with the following policies: i) If evidence was obtained before the date of the auditor’s report, but for administrative reasons was documented in the file after the date of the auditor’s report, confirm that the documentation shows when the evidence was obtained and the conclusions in respect of it were approved
182
Work completed and links, including response to matters arising
TA I LO R A B L E P R O C E D U R E S S E C T I O N
Procedure to be performed, guidance and template links
Work completed and links, including response to matters arising
ii) Confirm that procedures are in place to ensure the assembly of the final audit file within 60 days after the date of the auditor’s report unless there are territory or engagement specific regulations that are based on the audit report date and require completion of the file assembly within a shorter period, in which case the shorter period should be used.
Step 5003: Clearance Procedures to be performed
Documentation of work performed and/or links to documentation of work performed
Audit clearance process ISA 240/250/315/320/700 Perform subsequent events review 1. Reviewing management procedures; 2. Reading minutes of the meetings held after period end and inquiring about matters discussed at meetings for which minutes are not yet available. 3. Reading the entity’s latest available interim financia statements, budgets, cash flow forecasts and other related management reports 4. Inquiring, or extending previous oral or written inquiries, of the entity’s legal counsel concerning litigation and claims. 5. Inquiring of management as to whether any subsequent events have occurred which might affect the financial statements, including: i) Current status of items accounted for using preliminary or inconclusive data. ii) Any new commitments, borrowings or guarantees have been entered into. iii) Whether sales or acquisition of assets have occurred or are planned. iv) Any issue of new shares/debentures or an agreement to merge or liquidate v) Any assets that have been appropriated by government or destroyed vi) Any developments regarding risk areas and contingencies. vii) Any unusual accounting adjustments viii)Any events that are likely to occur which will bring into question the appropriateness of accounting policies used in the financial statements
183
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Procedures to be performed
Conclude on matters impairing our independence and ethical requirements (ISA 220), update summary prepared during the planning phase and communicate significant matters
Update assessments by: i. considering whether results of testing or changes in client environment have made preliminary assessments inappropriate ii. ensuring that where testing has been performed in advance of the the balance sheet date, audit implications of changes in activities or internal control in the intervening period are considered and evidence is obtained to cover the remaining period iii. ensuring other specific ISA requirements have been addressed by reconfirming our assessment of risk (ISA 330), and by reconfirming specific risks of material misstatement have been assessed and appropriate responses completed (ISA 320, ISA 330) iv. re-evaluating our relationship with the client when there has been a substantial change in members of management, directors, controlling interests, the client’s financial condition, litigation status, the nature of the client’s business or concerns about the client’s financial viability, reputation, integrity or reliability that raise questions about our ability to meet our professional obligations. In the event circumstances necessitate a change in the engagement terms, obtain and agree variance/ change orders in writing.
184
Documentation of work performed and/or links to documentation of work performed
T E M P L AT E M A N A G E R S E C T I O N
TEMPLATE MANAGER SECTION 1.0
Initial Client Meeting TITLE: MEETING WITH MANAGEMENT OF XYZ LTD ON 3 MARCH 2010 AT LOCATION ABC. Introductions: (The various participants introduce themselves). Record the names and titles of the attendees.
An update on the client and its environment • • • • • •
Any changes in key staff members Any impact on the business by legal, political and economic environment e.g. new legislation, entry of a competitor, implementation of a new accounting system, new product lines introduced Any reported incidents of fraud A review of the current year’s financial performance- with a focus on key statistics e.g. profitability, liquidity, gearing etc. Key performance goals and objectives of the business this year Any changes in the control environment – any key risks identified and management responses to the risks
Audit approach Key dates and timelines for the deliverables.
2.0
Engagement Letter To the appropriate representative of management (or those charged with governance) of ABC Company:
The objective and scope of the audit You have requested that we audit the financial statements of ABC Company, which comprise the Statement of Financial Position as at December 31, 20X1, and the Statement of Comprehensive Income, statement of changes in equity and
185
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
cash flows statement for the year then ended, and a summary of significant accounting policies and other explanatory information. We are pleased to confirm our acceptance and our understanding of this audit engagement by means of this letter. Our audit will be conducted with the objective of our expressing an opinion on the financial statements.
The responsibilities of the auditor We will conduct our audit in accordance with International Standards on Auditing (ISAs). Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. Because of the inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with ISAs. In making our risk assessments, we consider internal control relevant to the entity’s preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. However, we will communicate to you in writing concerning any significant deficiencies in internal control relevant to the audit of the financial statements that we have identified during the audit.
Management’s responsibility Our audit will be conducted on the basis that [management and, where appropriate, those charged with governance] acknowledge and understand that they have responsibility: a) For the preparation and fair presentation of the financial statements in accordance with International Financial Reporting Standards; b) For such internal control as [management] determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; and c) To provide us with: i) Access to all information of which [management] is aware that is relevant to the preparation of the financial statements such as records, documentation and other matters; ii) Additional information that we may request from [management] for the purpose of the audit; and iii) Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence. As part of our audit process, we will request from [management and, where appropriate, those charged with governance], written confirmation concerning representations made to us in connection with the audit. We look forward to full cooperation from your staff during our audit.
Ownership of audit working papers The working papers and files for this engagement created by us during the course of the audit, including electronic documents and files, are the sole property of RUMA CPA.
186
T E M P L AT E M A N A G E R S E C T I O N
Working for other clients We will not be prevented, or restricted by virtue of our relationship with the company, including anything in this engagement letter, from providing services to other clients, subject to our obligations of confidentiality to you under this letter.
Confidentiality All data relating specifically to the company’s business and other information which reasonably should be understood to be confidential to the company are confidential information of the company (Confidential Information). We will use Confidential Information only in relation to the provision of services provided by us to the company (the Services) and will not disclose such confidential Information to any third party without the company’s prior written consent. We will take reasonable measures to protect the confidentiality of the Confidential Information and to advise our agents and employees of the confidential nature of the Confidential Information and of the terms of this agreement.
Internet communications During the engagement we may from time to time communicate with you electronically. However, as you are aware, the electronic transmission of information cannot be guaranteed to be secure or error free and such information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or otherwise be adversely affected or unsafe for use. Accordingly while we will use reasonable procedures to check for the then most commonly known viruses before sending information electronically, we shall not have any liability to you arising from or in connection with the electronic communication of information to you.
Other services RUMA CPA offers a wide range of services beyond those discussed above in areas of business advisory services and taxation. Should you consider that there are specific areas where we may be able to assist, a specialist associate will be glad to meet you to discuss how we can help. We shall not be treated as having notice, for the purposes of our audit responsibilities, of information provided to members of our firm other than those engaged on the audit (for example information provided in connection with accounting, taxation and other services).
Fees It is our usual practice to provide estimates of our fees in advance of the work commencing and we shall require payments on account as our work progresses. Our terms are that fee notes are payable on submission.
Code of Conduct In RUMA CPA, we conduct our business within the framework of applicable professional standards, laws, regulations and internal policies. We also acknowledge that these standards, laws, regulations and policies do not govern all types of behaviour. As a result we also have a Code of Conduct for our people. This RUMA Code provides guidance on the standards of integrity and business conduct expected of our people. The Code is based on our values. Each of us at RUMA CPA has an obligation to know and understand not only the guidelines contained in the Code, but also the values on which they are based. We have an obligation to comply with the letter and spirit of this Code and to help our colleagues do the same. In the event of cases of non-compliance with this Code being reported, the firm takes such cases seriously and has a mechanism for investigating into all reported instances and for taking appropriate action where action is warranted.
187
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
If you encounter instances of inappropriate conduct by our partner or staff, please report the matter to Managing Partner, our business conduct leader.
Quality of Service If at any time you would like to discuss with us how our service to you could be improved or if you are dissatisfied with the service you are receiving please contact (the engagement partner). We undertake to look into any complaint carefully and promptly and to do all we can to explain the position to you. If we have given you a less than satisfactory service, we shall do everything reasonable to put it right.
Applicable Law This engagement letter shall be governed by, and construed in accordance with, Rwandan law. The courts of Rwanda shall have exclusive jurisdiction in relation to any claim, dispute or difference concerning the engagement letter and any matter arising from it. Each party irrevocably waives any right it may have to object to an action being brought in those courts, to claim that the action has been brought in an inconvenient forum, or to claim that those courts do not have jurisdiction
Acknowledgement and Acceptance Please confirm your agreement to the terms of this letter by signing the enclosed copy in the space provided and returning it to us. If you wish to discuss the terms of our appointment further before replying, please let us know. Yours faithfully The terms of this engagement are accepted by _________________ on behalf of ABC Limited who represents that he/ she is authorized to accept these terms on behalf of the company. Signed: ...................................... (Name and position) Date-
3.0
Fraud Risk Questionnaire To the management of XYZ Limited 1. What is management’s assessment of the risk that financial statements may be materially misstated due to fraud? Include the nature, extent and frequency of such assessment. 2. What is the managements’ process for identifying and responding to risks of fraud identified in the entity? 3. Is there communication by management to those charged with governance, regarding its processes for identifying and responding to fraud risks? 4. Is there communication by management to employees regarding its views on business practices and ethical behavior e.g. through a code of conduct? 5. Have there been any actual or attempted frauds that have come to the notice of management? (A person at an appropriate level of management should reply to the fraud risk questionnaire, appending their names and signature.)
188
T E M P L AT E M A N A G E R S E C T I O N
4.0
Documentation of Minutes of Meeting with Management The minutes must be detailed enough to identify the participants, matters discussed, and the audit impact. MEETING WITH MANAGEMENT OF XYZ LTD HELD ON 3 MARCH 2010 AT LOCATION ABC. In attendance Chris White – Chief Financial Officer Charles Brown – Chief accountant Jane Grey – Audit partner Anne Blue – Audit manager Dave Orange – Team leader Agenda item Update on client and environment
Matters Discussed One of the major customers is facing financial difficulties due to the global financial crisis.
Audit impact The provisioning for doubtful debts may be understated
There has been a nationwide recall of the company’s products due to technical defects
The warranty provisions may be understated
The company is planning to list its debt and/or equity instruments on the Rwanda Stock Exchange in the near future
Ensure that the provisions of the Stock Exchange are adhered to.
Audit approach The company has a new group reporting requirement that signed financials must be sent to global headquarters by 20 March.
The audit will not have a break between the interim phase and the final audit visit. To source for additional staff resources in order to meet the tight reporting deadline.
Analysis of financial performance The performance of the company during the year has improved significantly due to
The impact of foreign currency translation differences.
the increased sales to the Uganda market. Non current assets have significantly Review the lease agreements and reduced during the year due to ensure classification as operating an increased reliance on operating leases is in order. lease agreements
189
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
5.0
Planning Analytics Statement of Financial Position 2010 2011 VARIANCE VARIANCE EXPECTED? COMMENTS NON CURRENT ASSETS $ $ $ % YES/NO Property, Plant and equipment Investment Property Intangible assets CURRENT ASSETS Receivables Cash
EQUITY AND LIABILITIES Shareholders Equity Share capital Revaluation reserve Retained earnings Total equity
Non Current Liabilities Loans 6% Debentures Current Liabilities Payables Overdrafts Planning analytics – Statement of Comprehensive Income 2010 2011 VARIANCE VARIANCE
EXPECTED? YES/ NO
Revenues Cost of sales Gross profit Administration expenses Distribution expenses Finance costs Profit before tax Income tax expense Profit after tax See template and illustrative example
190
COMMENT
T E M P L AT E M A N A G E R S E C T I O N
6.0
Business Analysis Framework Details of incorporation, physical location
The physical location is XYZ Plaza, Kigali. The company is incorporated as a limited company.
Key client contacts at Board or management level
The key contacts at the Board are Mr Alex the MD and Ms Ann the FD while at management level it is Ms Irene the Financial Controller.
Organizational chart
Managing Director
Finance Director
Marketing Director
Finance Controller
Assistants
Accountants Messenger, Driver
Key business of the client Economic environment
The key business of the client is Interior Designing and Landscaping. There are many competitors in the field. However, ABC Limited relies on word of mouth and networking to ensure that it gets lucrative contracts.
Legal environment – laws and regulations affecting the client
Rwanda Companies Act Income Tax Act VAT Act
Technological factors affecting client business
The company uses Computer Aided Design (CAD). There are no significant technological factors affecting the business.
Accounting systems in use
SAP, QuickBooks, Sun Systems etc
191
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
7.0
Audit Comfort Matrix KEY RISKS MANAGEMENT FINANCIAL RESPONSE/CONTROLS REPORTING AREA & ASSERTIONS
AUDIT APPROACH
Revenue leakages Automated ticketing Sales - Completeness, has been introduced Accuracy
Test of controls Substantive analytical procedures and substantive tests of details over receipts
Pilferage of stocks Daily inventory counts Inventory- Existence, Completeness, Accuracy
Attend a count exercise. Perform recounts on a sample basis.
8.0
Summary of Comfort
Assertions
Receivables Area
C
A
E/O R&O
V
CL
Key risk: None
Internal Controls Testing Review controls over account opening: X X Pick a sample of new accounts opened during the year and review whether the laid down procedures were followed. Other tests of controls X X X X
X
Substantive analytical procedures Ratio analysis: compute debtor days and analyze any changes X X in the ratio. Trend analysis: determine whether the movement in receivables X X is in line with sales movement. Substantive Tests of detail Send debtor confirmations: Pick a sample of debtors and X send confirmation letters under our control. Document the result of the circularization.
X
X
X
Test the provisioning for doubtful debts.
X
Assess whether the provisioning is reasonable. Presentation and disclosure
Ensure the relevant disclosures are in accordance with IFRS. C-Completeness, A- Accuracy, E-Existence, O-Occurrence,R/0 – Rights and Obligations, V-Valuation, CL – Classification.
192
X
T E M P L AT E M A N A G E R S E C T I O N
9.0
Project Budget EL EM TS A1 A2 Client Acceptance and Continuance 3 4 Planning Letter of Engagement 1 Initial client meeting 1 1 1 Project budge 5 Business Analysis Framework 5 Analytics and Materiality 3 Fraud risk Questionnaire 2 SOC and ACM 4 8 Mobilisation Meeting 1 1 1 1 1 Reviews 5 5 Total Planning time 10 15 26 1 1
Total
53
Internal Controls review Revenues and Receivables Cycle 20 Purchases and Payables Cycle 20 Property,Plant and Equipment 20 Operating Expenses 20 IT General Controls 20 Reviews 2 10 20 Taking Stock Meeting 1 1 1 1 1 Total internal controls time 3 11 41 41 41
137
Substantive procedures Cash and bank 15 Receivables 15 Payables 15 Revenues 10 Cost of sales 15 Operating expenses 15 Financial assets 15 Reviews 2 5 10 0 0 Total substantive tests time 2 5 20 45 45
117
Completion activities Financial statements 5 20 Audit opinion 2 Summary of Adjusted Differences 8 Summary of Unadjusted Differences 8 File signoff and archiving 3 7 Reviews 1 5 0 Total time: Completion 1 13 45 0 0 Estimated Total Engagement time
16
44
132
87
87
366
Key: EL - Engagement Leader, EM - Engagement Manager, TS - Team Senior, A- Team members
193
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
10.0
Independence Confirmation Letter Dear team member (Name), In accordance with the requirements of ISQC 1 (Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements), you are required to confirm your independence with regard to client XYZ Ltd. In particular, you confirm whether you and your close family (spouses and dependants): a) Is a servant or a partner of a key official in the client. b) Have a significant shareholding in the company (exceeding local limits) or totally. c) Have received/given loans to the client. d) Have family or personal relationships with key client staff e.g. due to marriage, blood, mutual business interests etc. e) Have received goods and services from the client exceeding Frw 50,000 per annum. In case any of the answers above is positive, please contact the engagement leader (Name) immediately.
11.0
Letter of Representation (Entity Letterhead) (To Auditor) (Date) This representation letter is provided in connection with your audit of the financial statements of ABC Company for the year ended December 31, 20XX11 for the purpose of expressing an opinion as to whether the financial statements are presented fairly, in all material respects, (or give a true and fair view) in accordance with International Financial Reporting Standards. We confirm that, (to the best of our knowledge and belief, having made such inquiries as we considered necessary for the purpose of appropriately informing ourselves): Financial statements • We have fulfilled our responsibilities, as set out in the terms of the audit engagement dated [insert date], for the preparation of the financial statements in accordance with International Financial Reporting Standards; in particular the financial statements are fairly presented (or give a true and fair view) in accordance therewith. • Significant assumptions used by us in making accounting estimates, including those measured at fair value, are reasonable. (ISA 540) • Related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the requirements of International Financial Reporting Standards. (ISA 550)
194
T E M P L AT E M A N A G E R S E C T I O N All events subsequent to the date of the financial statements and for which International Financial Reporting Standards require adjustment or disclosures have been adjusted or disclosed. (ISA 560) • The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the financial statements as a whole. A list of the uncorrected misstatements is attached to the representation letter. (ISA 450) • [Any other matters that the auditor may consider appropriate Information provided • We have provided you with: o Access to all information of which we are aware that is relevant to the preparation of the financial statements such as records, documentation and other matters; o Additional information that you have requested from us for the purpose of the audit; and o Unrestricted access to persons within the entity from whom you determined it necessary to obtain audit evidence. • All transactions have been recorded in the accounting records and are reflected in the financial statements. • We have disclosed to you the results of our assessment of the risk that the financial statements may be materially misstated as a result of fraud. (ISA 240) • We have disclosed to you all information in relation to fraud or suspected fraud that we are aware of and that affects the entity and involves: o Management; o Employees who have significant roles in internal control; or o Others where the fraud could have a material effect on the financial statements. (ISA 240) • We have disclosed to you all information in relation to allegations of fraud, or suspected fraud, affecting the entity’s financial statements communicated by employees, former employees, analysts, regulators or others. (ISA 240) • We have disclosed to you all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements. (ISA 250) • We have disclosed to you the identity of the entity’s related parties and all the related party relationships and transactions of which we are aware. (ISA 550) [Any other matters that the auditor may consider necessary) Management
12.0
Component Auditor’s Confirmations [Component Auditor Letterhead] [Date] [To Group Engagement Partner] This letter is provided in connection with your audit of the group financial statements of [name of parent] for the year ended [date] for the purpose of expressing an opinion on whether the group financial statements present fairly, in all material respects (give a true and fair view of) the financial position of the group as of [date] and of its financial performance and cash flows for the year then ended in accordance with [indicate applicable financial reporting framework].
195
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
We acknowledge receipt of your instructions dated [date], requesting us to perform the specified work on the financial information of [name of component] for the year ended [date]. We confirm that: 1. We will be able to comply with the instructions. / We advise you that we will not be able to comply with the following instructions [specify instructions] for the following reasons [specify reasons]. 2. The instructions are clear and we understand them. / We would appreciate it if you could clarify the following instructions [specify instructions]. 3. We will cooperate with you and provide you with access to relevant audit documentation. We acknowledge that: 1. The financial information of [name of component] will be included in the group financial statements of [name of parent]. 2. You may consider it necessary to be involved in the work you have requested us to perform on the financial information of [name of component] for the year ended [date]. 3. You intend to evaluate and, if considered appropriate, use our work for the audit of the group financial statements of [name of parent]. In connection with the work that we will perform on the financial information of [name of component], a [describe component, for example, wholly-owned subsidiary, subsidiary, joint venture, investee accounted for by the equity or cost methods of accounting] of [name of parent], we confirm the following: 1. We have an understanding of [indicate relevant ethical requirements] that is sufficient to fulfill our responsibilities in the audit of the group financial statements, and will comply therewith. In particular, and with respect to [name of parent] and the other components in the group, we are independent within the meaning of [indicate relevant ethical requirements] and comply with the applicable requirements of [refer to rules] promulgated by [name of regulatory agency]. 2. We have an understanding of International Standards on Auditing and [indicate other national standards applicable to the audit of the group financial statements] that is sufficient to fulfill our responsibilities in the audit of the group financial statements and will conduct our work on the financial information of [name of component] for the year ended [date] in accordance with those standards. 3. We possess the special skills (for example, industry specific knowledge) necessary to perform the work on the financial information of the particular component. 4. We have an understanding of [indicate applicable financial reporting framework or group financial reporting procedures manual] that is sufficient to fulfill our responsibilities in the audit of the group financial statements. We will inform you of any changes in the above representations during the course of our work on the financial information of [name of component]. [Auditor’s signature] [Date] [Auditor’s address] Required and Additional Matters Included in the Group Engagement Team’s Letter of Instruction Matters required by this ISA to be communicated to the component auditor are shown in italicized text.
196
T E M P L AT E M A N A G E R S E C T I O N Matters that are relevant to the planning of the work of the component auditor: • A request for the component auditor, knowing the context in which the group engagement team will use the work of the component auditor, to confirm that the component auditor will cooperate with the group engagement team. • The timetable for completing the audit. • Dates of planned visits by group management and the group engagement team, and dates of planned meetings with component management and the component auditor. • A list of key contacts. • The work to be performed by the component auditor, the use to be made of that work, and arrangements for coordinating efforts at the initial stage of and during the audit, including the group engagement team’s planned involvement in the work of the component auditor. • The ethical requirements that are relevant to the group audit and, in particular, the independence requirements. • In the case of an audit or review of the financial information of the component, component materiality (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures), and the threshold above which misstatements cannot be regarded as clearly trivial to the group financial statements. • A list of related parties prepared by group management, and any other related parties that the group engagement team is aware of, and a request that the component auditor communicates on a timely basis to the group engagement team related parties not previously identified by group management or the group engagement team. • Work to be performed on intra-group transactions and unrealized profits and intra-group account balances. • Guidance on other statutory reporting responsibilities, for example, reporting on group management’s assertion on the effectiveness of internal control. Where time lag between completion of the work on the financial information of the components and the group engagement team’s conclusion on the group financial statements is likely, specific instructions for a subsequent events review. Matters that are relevant to the conduct of the work of the component auditor: • The findings of the group engagement team’s tests of control activities of a processing system that is common for all or some components, and tests of controls to be performed by the component auditor. • Identified significant risks of material misstatement of the group financial statements, due to fraud or error, that are relevant to the work of the component auditor, and a request that the component auditor communicates on a timely basis any other significant risks of material misstatement of the group financial statements, due to fraud or error, identified in the component and the component auditor’s response to such risks. • The findings of internal audit, based on work performed on controls at or relevant to components. • A request for timely communication of audit evidence obtained from performing work on the financial information of the components that contradicts the audit evidence on which the group engagement team originally based the risk assessment performed at group level. • A request for a written representation on component management’s compliance with the applicable financial reporting framework, or a statement that differences between the accounting policies applied to the financial information of the component and those applied to the group financial statements have been disclosed. • Matters to be documented by the component auditor. Other information • A request that the following be reported to the group engagement team on a timely basis: o Significant accounting, financial reporting and auditing matters, including accounting estimates and related judgments. o Matters relating to the going concern status of the component.
197
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
o Matters relating to litigation and claims. o Significant deficiencies in internal control that the component auditor has o identified during the performance of the work on the financial information of the component, and information that indicates the existence of fraud. • A request that the group engagement team be notified of any significant or unusual events as early as possible.
13.0
Independent Auditor’s Report – Unmodified Opinion [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the Financial Position Statement as at December 31, 20X1, and the Statement of Comprehensive Income, statement of changes in equity and cash flows statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s Responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
198
T E M P L AT E M A N A G E R S E C T I O N
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
Report on other Legal Requirements The Rwandan Companies Act requires that in carrying our audit, we consider and report to you on the following matters. We confirm that: i) We are not related to (insert name of client) and have no interests or debt in the company; ii) We have obtained all the information and explanations which to the best of our knowledge and belief were necessary for the purposes of our audit; iii) In our opinion, proper books of account have been kept by the company, so far as appears from our examination of those books; iv) We have communicated to you through a management letter highlighting problems linked with the company’s management and our recommendations for improvement.
14.0
Independent Auditor’s Report – Consolidated Financial Statements [Appropriate Addressee]
Report on the Consolidated Financial Statements We have audited the accompanying consolidated financial statements of ABC Company and its subsidiaries, which comprise the consolidated balance sheet as at December 31, 20X1, and the consolidated income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the consolidated financial statements Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with International Financial Reporting Standards,35 and for such internal control as management determines is necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s Responsibility Our responsibility is to express an opinion on these consolidated financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement.
199
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation36 of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the consolidated financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company and its subsidiaries as at December 31, 20X1, and (of) their financial performance and cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
15.0
Independent Auditor’s Report – Qualified – Except for (Note: the matter is material but not pervasive.) [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
200
T E M P L AT E M A N A G E R S E C T I O N Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for Qualified Opinion The company’s inventories are carried in the balance sheet at xxx. Management has not stated the inventories at the lower of cost and net realizable value but has stated them solely at cost, which constitutes a departure from International Financial Reporting Standards. The company’s records indicate that had management stated the inventories at the lower of cost and net realizable value, an amount of xxx would have been required to write the inventories down to their net realizable value. Accordingly, cost of sales would have been increased by xxx, and income tax, net income and shareholders’ equity would have been reduced by xxx, xxx and xxx, respectively. Qualified Opinion In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
201
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
16.0
Report on the Consolidated Financial Statements – Adverse Opinion (Note: The financial statements are materially misstated due to the non-consolidation of a subsidiary. The material misstatement is deemed to be pervasive to the financial statements.) INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Consolidated Financial Statements We have audited the accompanying consolidated financial statements of ABC Company and its subsidiaries, which comprise the consolidated balance sheet as at December 31, 20X1, and the consolidated income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the consolidated financial statements Management is responsible for the preparation and fair presentation of these consolidated financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of consolidated financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these consolidated financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the consolidated financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the consolidated financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the consolidated financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the consolidated financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the consolidated financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our adverse audit opinion. Basis for adverse opinion As explained in Note X, the company has not consolidated the financial statements of subsidiary XYZ Company it acquired during 20X1 because it has not yet been able to ascertain the fair values of certain of the subsidiary’s material assets and liabilities at the acquisition date. This investment is therefore accounted for on a cost basis. Under International Financial
202
T E M P L AT E M A N A G E R S E C T I O N Reporting Standards, the subsidiary should have been consolidated because it is controlled by the company. Had XYZ been consolidated, many elements in the accompanying financial statements would have been materially affected. The effects on the consolidated financial statements of the failure to consolidate have not been determined. Adverse opinion In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion paragraph, the consolidated financial statements do not present fairly (or do not give a true and fair view of) the financial position of ABC Company and its subsidiaries as at December 31, 20X1, and (of) their financial performance and their cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
17.0
Independent Auditor’s Report – Qualified – Limitation of Scope Note: The auditor was unable to obtain sufficient appropriate audit evidence regarding an investment in a foreign affiliate. INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
203
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for qualified opinion ABC Company’s investment in XYZ Company, a foreign associate acquired during the year and accounted for by the equity method, is carried at xxx on the balance sheet as at December 31, 20X1, and ABC’s share of XYZ’s net income of xxx is included in ABC’s income for the year then ended. We were unable to obtain sufficient appropriate audit evidence about the carrying amount of ABC’s investment in XYZ as at December 31, 20X1 and ABC’s share of XYZ’s net income for the year because we were denied access to the financial information, management, and the auditors of XYZ. Consequently, we were unable to determine whether any adjustments to these amounts were necessary. Qualified opinion In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
204
T E M P L AT E M A N A G E R S E C T I O N
18.0
Independent Auditor’s Report – Modified – Disclaimer INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements We were engaged to audit the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on conducting the audit in accordance with International Standards on Auditing. Because of the matter described in the Basis for Disclaimer of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Basis for disclaimer of opinion The company’s investment in its joint venture XYZ (Country X) Company is carried at xxx on the company’s balance sheet, which represents over 90% of the company’s net assets as at December 31, 20X1. We were not allowed access to the management and the auditors of XYZ, including XYZ’s auditors’ audit documentation. As a result, we were unable to determine whether any adjustments were necessary in respect of the company’s proportional share of XYZ’s assets that it controls jointly, its proportional share of XYZ’s liabilities for which it is jointly responsible, its proportional share of XYZ’s income and expenses for the year, and the elements making up the statement of changes in equity and cash flow statement. Disclaimer of opinion Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express an opinion on the financial statements.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
205
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
19.0
Independent Auditor’s Report – Unmodified – Emphasis of Matter INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence that we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for qualified opinion The company’s short-term marketable securities are carried in the balance sheet at xxx. Management has not marked these securities to market but has instead stated them at cost, which constitutes a departure from International Financial Reporting Standards. The company’s records indicate that had management marked the marketable securities to market, the company would have recognized an unrealized loss of xxx in the income statement for the year. The carrying amount of the securities in the balance sheet would have been reduced by the same amount at December 31, 20X1, and income tax, net income and shareholders’ equity would have been reduced by xxx, xxx and xxx, respectively.
206
T E M P L AT E M A N A G E R S E C T I O N Qualified opinion In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards. Emphasis of matter We draw attention to Note X to the financial statements which describes the uncertainty10 related to the outcome of the lawsuit filed against the company by XYZ Company. Our opinion is not qualified in respect of this matter.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
20.0
Independent Auditor’s Report – Corresponding Figures Notes: • The auditor’s report on the prior period, as previously issued, included a qualified opinion. • The matter giving rise to the modification is unresolved. • The effects or possible effects of the matter on the current period’s figures are material and require a modification to the auditor’s opinion regarding the current period figures. INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements 8 We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
207
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for qualified opinion As discussed in Note X to the financial statements, no depreciation has been provided in the financial statements, which constitutes a departure from International Financial Reporting Standards. This is the result of a decision taken by management at the start of the preceding financial year and caused us to qualify our audit opinion on the financial statements relating to that year. Based on the straight-line method of depreciation and annual rates of 5% for the building and 20% for the equipment, the loss for the year should be increased by xxx in 20X1 and xxx in 20X0, property, plant and equipment should be reduced by accumulated depreciation of xxx in 20X1 and xxx in 20X0, and the accumulated loss should be increased by xxx in 20X1 and xxx in 20X0. Qualified opinion In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
208
T E M P L AT E M A N A G E R S E C T I O N
21.0
Independent Auditor’s Report – Corresponding Figures (2) Notes • The auditor’s report on the prior period, as previously issued, included a qualified opinion. • The matter giving rise to the modification is unresolved. • The effects or possible effects of the matter on the current period’s figures are immaterial but require a modification to the auditor’s opinion because of the effects or possible effects of the unresolved matter on the comparability of the current period’s figures and the corresponding figures. INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements 13 We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation16 of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for qualified opinion Because we were appointed auditors of ABC Company during 20X0, we were not able to observe the counting of the physical inventories at the beginning of that period or satisfy ourselves concerning those inventory quantities by
209
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
alternative means. Since opening inventories affect the determination of the results of operations, we were unable to determine whether adjustments to the results of operations and opening retained earnings might be necessary for 20X0. Our audit opinion on the financial statements for the period ended December 31, 20X0 was modified accordingly. Our opinion on the current period’s financial statements is also modified because of the possible effect of this matter on the comparability of the current period’s figures and the corresponding figures. Qualified opinion In our opinion, except for the possible effects on the corresponding figures of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
Report on Other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
22.0
Independent Auditor’s Report – Corresponding Figures (3) Notes: • The prior period’s financial statements were audited by a predecessor auditor. • The auditor is not prohibited by law or regulation from referring to the predecessor auditor’s report on the corresponding figures and decides to do so.
INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
210
T E M P L AT E M A N A G E R S E C T I O N Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards. Other matter The financial statements of ABC Company for the year ended December 31, 20X0, were audited by another auditor who expressed an unmodified opinion on those statements on March 31, 20X1.
Report on Other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
23.0
Independent Auditor’s Report – Comparative Financial Statements Notes: • Auditor is required to report on both the current period financial statements and the prior period financial statements in connection with the current year’s audit.
211
T H E
R U M A • • •
C P A
A U D I T
G U I D E
M A N U A L
The auditor’s report on the prior period, as previously issued, included a qualified opinion. The matter giving rise to the modification is unresolved. The effects or possible effects of the matter on the current period’s figures are material to both the current period financial statements and prior period financial statements and require a modification to the auditor’s opinion.
INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the balance sheets as at December 31, 20X1 and 20X0, and the income statements, statements of changes in equity and cash flow statements for the years then ended, and a summary of significant accounting policies and other explanatory information. Management’s responsibility for the financial statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor’s responsibility Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained in our audits is sufficient and appropriate to provide a basis for our qualified audit opinion. Basis for qualified opinion As discussed in Note X to the financial statements, no depreciation has been provided in the financial statements, which constitutes a departure from International Financial Reporting Standards. Based on the straight-line method of depreciation and annual rates of 5% for the building and 20% for the equipment, the loss for the year should be increased by xxx in 20X1 and xxx in 20X0, property, plant and equipment should be reduced by accumulated depreciation of xxx in 20X1 and xxx in 20X0, and the accumulated loss should be increased by xxx in 20X1 and xxx in 20X0.
212
T E M P L AT E M A N A G E R S E C T I O N Qualified opinion In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company as at December 31, 20X1 and 20X0 and (of) its financial performance and its cash flows for the years then ended in accordance with International Financial Reporting Standards.
Report on Other Legal and Regulatory Requirements [Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other reporting responsibilities.] [Auditor’s signature] [Date of the auditor’s report] [Auditor’s address]
213
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
LAWS AND REGULATIONS Client: Accounting Period: Prepared by:
Date:
Reviewed by:
Date:
Approved by
Date:
Non compliance by an entity with laws and regulations may materially affect the financial statements. We perform procedures to consider explicitly the risk of non-compliance with laws and regulations that may materially affect the financial statements. We make an assessment of the significant laws and regulations which provide the legal framework in which the entity operates and which are central to the entities ability to conduct its business or which have an effect on the determination of material amounts and disclosures is made during the planning phase of the engagement (ISA 250.2)*. We evaluate the means by which the entity ensures compliance with the laws and regulations during the planning phase of the engagement (ISA 250.15). This template should be used to document this assessment and assist us to identify instances of non compliance. If a Yes response is given in Part B, or a breach is identified through our enquiries in Part C, then procedures must be selected from Part D to investigate and evaluate the impact of the possible breach of law/ regulation. Based on the audit procedures completed we did not become aware of any instances of non compliance with laws and regulations and performed the following additional procedures.
PART A: Understanding the Legal and Regulatory Framework Through our understanding of the business we have knowledge of the laws and regulations applicable to the industry and regulatory environment in which the entity operates. We typically perform the following procedures to confirm our understanding of the legal and regulatory framework in which the entity operates and obtain an understanding of the procedures followed by the entity to ensure compliance with that framework (ISA 250.15).
214
L A W S A N D R E G U L AT I O N S
PROCEDURES • Enquire of those charged with governance as to the laws and regulations that may be expected to have a fundamental effect on the operations of the entity.
• Enquire of those charged with governance as to the entity’s policies and procedures regarding compliance with laws and regulations and how compliance with the policies and procedures is monitored. • Enquire of those charged with governance the process for identifying, evaluating and accounting for litigation claims and assessments. • Discuss with auditors of significant subsidiaries in other countries the relevant legal and regulatory framework that may have a material impact on the group financial statements. RESULTS
We consider laws and regulations which provide the legal framework in which the entity operates and which are central to the entity’s ability to conduct its business (ISA 250.18). We obtain a sufficient understanding of these laws and regulations to consider them when auditing the assertions related to the determination of amounts to be recorded and disclosures to be made (ISA 250.19).
APPLICABLE LAWS AND REGULATIONS: Law / Regulation tax and pension laws and regulations
Rationale for Significance to the Financial Statements including account assertions affected.
terms of an operating license regulatory solvency requirements environmental regulations The form and content of financial statements
OVERSEAS The following laws and regulations have been identified by the Primary Team as those affecting overseas subsidiaries which may have a material impact on our financial statements. Specific reference has been made to these laws and regulations in the instructions to the subsidiary auditors.
• * Where the entity has significant environmental considerations refer to International Auditing Practice Statement (IAPS) 1010 for further guidance.
215
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
PART B: Enquiries made Regarding Compliance We make enquiries of management and those charged with governance (ISA 250.18) to identify instances of non compliance. Typical enquiries and typical individuals of whom these enquiries are made are:
ENQUIRIES What is management’s attitude toward compliance with laws and regulations? Have you observed any instances of non compliance with laws and regulations? Have you been provided with notice from regulators of possible instances of non-compliance with laws and regulations? What is the process for reporting any breach of a law or regulation?
How are you aware of changes in laws and regulations? How do ensure that subsidiaries (including those overseas) comply with local laws and regulations?
Are you aware of any breaches or possible breaches in the overseas subsidiaries? What are the laws and regulations which you are responsible for compliance with? (We should ensure this answer is consistent with our expectation based on our knowledge of the laws and regulations relevant to the entity and the entities)
INDIVIDUALS OF WHOM ENQUIRIES ARE MADE* -
RESULTS OF ENQUIRIES
* Delete / Amend as appropriate the details of whom enquiries are made and the nature of those enquiries. Ensure that enquiries are made in respect of all laws and regulations identified as significant in Part A.
216
L A W S A N D R E G U L AT I O N S
PART C: Indicators of Non-Compliance We review correspondence with the relevant licensing or regulatory authorities to identify instances of non compliance (ISA 250.18) and consider whether through the performance of our audit procedures we noticed any of the following indicators. INDICATORS OF NON COMPLIANCE
Yes/No
Mitigating Factor / Comment
Did our review of correspondence from regulators indicate an instance of non compliance? Have there been any payments of fines / penalties to regulators? Have there been unusual payments to consultants, related parties, employees or government employees for compliance related services? Do sales commissions or agent’s fees appear excessive in relation to those ordinarily paid by the entity or in its industry or to the services actually received? Has there been any relevant adverse media coverage? Are there complex corporate structures including offshore entities where ownership / purpose is not clearly defined? Have there been unusual transactions with companies registered in tax havens? Have there been any unusual payments in cash, cashiers checks etc? Have payments been made for goods and services to a country other than from which they originated or at prices significantly above or below market? Have there been transactions with no apparent purpose or that make no obvious economic sense? Are we aware of any unauthorized transactions or improperly reported transactions? Is there adverse media comment?
RESULTS
217
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
PART D: Suggested Procedures for Evaluating Non-Compliance Where we became aware of information concerning possible instances of non compliance we perform the following (ISA 250.26). PROCEDURES • Identify any actual or contingent consequences which may arise from the non-compliance. •
Document the nature of the breach, the circumstances in which it occurred and any other information considered sufficient to evaluate the effect on the financial statements considering; - potential consequences such as fines, penalties, damages; and - Possible disclosure requirements.
• Consider any obligations we may have regarding reporting of the non compliance.
RESULTS OF PROCEDURES
Note: Where we became aware of instances of non compliance we consider our obligations to report under the Proceeds of Crime Act 2002 or the Money Laundering Regulations 2003 to the firms Money Laundering Compliance Officer (ISA 250A.22-1). Any reporting to the firms Money Laundering Compliance Officer should not be documented on the audit file. The following are examples of the types of policies and procedures an entity may implement to assist in the prevention and detection of non compliance with laws and regulations: • Monitoring legal requirements and ensuring that operating procedures are designed to meet these requirements. • Instituting and operating appropriate systems of internal control. • Developing, publicizing and following a code of conduct. • Ensuring employees are properly trained and understand the code of conduct. • Monitoring compliance with the code of conduct and acting appropriately to discipline employees who fail to comply with it. • Engaging legal advisors to assist in monitoring legal requirements. • Maintaining a register of significant laws and regulations with which the entity has to comply within its particular industry and a record of complaints. In larger entities, these policies and procedures may be supplemented by assigning appropriate responsibilities to the following: • An internal audit function. • An audit committee. • A compliance function.
218
L A W S A N D R E G U L AT I O N S
FINANCIAL STATEMENT ERROR CHECKLIST Client Name: ………………………………....................…… Time period:…………………………................. The following programme must be completed for all sets of financial statements, and is to be sent to the partner with the draft set of accounts. SIGNATURE / DATE 1. The page numbers are correct and in sequential order. 2. The accounting dates at the head of each page are consistent, and agree with dates in notes e.g. fixed assets, reserves etc. 3. The information presented in the directors’ report is consistent with information found elsewhere in the financial statements, and is cross-referenced to that other information. 4. The audit opinion refers to the correct page numbers and accounting period. 5. The notes (on the face) to the Statement of Comprehensive Income and Statement of Financial Position are in sequential order. 6. The note numbers and values for both years referred to in the Statement of Comprehensive Income and Statement of Financial Position agree with the information contained in the supporting notes (and there are no rounding off errors). This checking is evidenced by properly explained ticks on both, statements and notes. 7. The Statement of Financial Position totals agree. 8. The information presented in the cash flow statement is consistent with information found elsewhere in the financial statements, (and there are no rounding off errors). This checking is evidence by properly explained ticks on statements, and where applicable, notes. 9. Casts and cross casts are correct. 10.All figures appearing in the audited financial statements and attached notes have cross-referenced to the audit file on the draft except where the figures are instead referred to another part of the financial statements, which have been referred to the file.
219
T H E
R U M A
C P A
A U D I T
G U I D E
M A N U A L
11.Comparative figures have been agreed to the previous year’s financial statements. 12.I appreciate that the above procedures are fundamental to the production of financial statements and accept that it is my responsibility to ensure that these procedures have been properly complied with. SIGNED: Staff member responsible for completion of check- list REVIEWED: Manager, having ensured that above steps have been complied with
220
SIGNATURE / DATE
Printer Set House 3rd Floor Avenue de la Paix P.O. Box 2611 Kigali, Rwanda Tel: +250 573781, 572854, 547816 Fax: +250 574816 Email: info@rumacpa.com Website: www.rumacpa.com