1: Concept of Audit

The objective of an audit:

to enable the auditor to express an opinion on whether the FS are prepared, in all
material respects, in accordance with an applicable FR framework.
The objectives of an auditor:
to obtain reasonable assurance about whether the FS are free from material
misstatement, whether due to fraud or error, in order to enable them to express an
opinion on whether the FS are prepared in accordance with an applicable FR
framework.
True: Information is factual and conforms with reality.
Fair: Information is free from discrimination and bias.
Present fairly: The financial statements show a true and fair view.
Materiality
expression of the relative significance of a matter, A matter is considered
material if its omission or misstatement could potentially influence users'
economic decisions based on financial statements.
Reasonable assurance
'reasonable assurance' is the highest level of assurance that can be given.
Reasonable assurance is not absolute assurance due to inherent limitations in
audits, resulting in an opinion based on persuasive rather than conclusive
evidence.
Assurance engagement: a practitioner aims to obtain sufficient appropriate
evidence in order to express a conclusion designed to enhance confidence of the
intended users other than the responsible party about the outcome of the
measurement or evaluation of an underlying subject matter against criteria.
Criteria
Report
Evidence
Subject matter
Three party relationship between intended user, responsible party and
practitioner
Practitioner: the individual conducting the engagement
Intended users: the individual/organization expected to use the assurance
report.
Responsible party: the party responsible for the underlying subject matter.
Assurance Engagement Process
1) Agree scope of work to be performed with the client.
2) Formalize the terms of the engagement in a contract (engagement letter)
3) Plan the work required based on the risk and level of assurance required.
4) Obtain sufficient appropriate evidence on which to base the conclusion.
5) Perform overall review and form opinion.
6) Issue assurance report to the client as per pre-agreed format
Benefits of assurance reports
 independent opinion from an external source enhances the credibility of info.
 Reduces management bias.
 Any non-standard or modified opinion draws attention to risk.
 Relevance improved because of the expertise and knowledge of the assurance
firm.
LEVELS OF ASSURANCE
Reasonable assurance engagements
provides a high, but not absolute level of assurance.
significant amount of testing and evaluation required to support conclusion.
The conclusion expressed in a positive form.
 2: Statutory Audit And Regulation
Audit- primarily statutory concept- required by law. The auditing profession is
subject to regulation from a range of sources:
 National legislation  National regulation & standard
 Professional bodies, setting
 International standard setting
Auditor rights and duties
The rights and duties of auditors are often set out in law, to ensure that the
auditors have sufficient power to carry out an effective audit.
Auditor rights
 Access to the company's books and records
 Receive information and explanations.
 Receive notice of/attend general meetings.
 Speak at general meetings on matters that concern them as auditors.
 Receive a copy of any written resolution proposed.
Auditor duties
Report opinion on:
 Whether financial statements are fairly presented
 Adhere to local law.
 Maintain adequate records and returns.
 Ensure financial statements agree to records.
 Ensure consistency of other information
 Ensure disclosure of directors' benefits
Appointment
The auditors should be appointed by and therefore answerable to the
shareholders.
Directors Can appoint auditor:
 Before company's first period for appointing auditors
 Following a period of no auditor, at any time before the
next period for appointing auditors
 To fill a casual vacancy
Members Can appoint auditor by ordinary resolution:
(shareholders)  During a period for appointing auditors
 If company should have appointed auditor but failed to do
so
  If directors fail to do so
Secretary of Can appoint auditors if no auditors are appointed per above
State
An auditor must be appointed annually, unless the directors decide otherwise, as
audited financial statements are unlikely to be required.
Remuneration
The auditor's remuneration is determined by the whoever made the appointment
and is typically disclosed in the company's annual financial statements in many
countries.
Removal of auditors
Notice Either special notice (28 days) with copy sent to auditor
of If elective resolution in place, written resolution to terminate auditors'
removal appointment.
Directors must convene a meeting within a reasonable time.
Represe Auditors can make representations for why they should stay in office
ntations and require company to acknowledge its presence and send a copy to
its members.
If The company must inform regulatory authorities and auditors must
resoluti deposit a statement of circumstances at the company's registered office
on within 14 days of ceasing office and to regulatory authority.
passed
Auditor Can receive notice of and speak at:
rights general meeting at which their term of office would have expired.
general meeting where casual vacancy caused by their removal is to be
filled
Resignation of auditors
Resignation Auditors must submit written notices with a statement of
procedures circumstances relevant to members/creditors or a statement
that no such circumstances exist. Must be submitted for
listed companies/ public interest entities, even if there are no
such circumstances.
Resignation Sent by company to regulatory authority.
notice
Statement of Sent by:
circumstances (a) Auditors to regulatory authority
(b) Company to everyone entitled to receive a copy of
accounts
Convening of Auditors can mandate directors to hold extraordinary general
general meeting meeting to discuss resignation circumstances, and directors
must send out notice for meeting within 21 days of receiving
requisition.
Statement prior Auditors may mandate the company to distribute statement
to general of circumstances to all individuals who are entitled to notice
meeting of the meeting.
Other rights of Can receive all notices that relate to:
auditors general meeting at which their term of office would have
expired
general meeting where casual vacancy caused by their
resignation is to be filled
Can speak at these meetings on any matter which concerns
them as auditors.
International Federation of Accountants (IFAC)
non-profit, non-govtal and non-political international organisation of
accountancy bodies.
Membership
Any accountancy body may join IFAC if it is recognised by law or general
consensus within its own country as organisation of good standing within the
accountancy profession.
Members of IFAC automatically become members of the IASCF, which is an
independent not-for-profit, private sector org which sets IFRS through its
standard-setting body, IASB.
Council
consists of one representative from each member body of IFAC. It elects the
members of the Board and establishes the basis of financial contributions by
members.
Board
The Board consisting of President and 22 members elected by the Council for 3-
year terms supervise IFAC work programme. Elections are held annually so that
one-third of the Board retires each year.
The development of IAASB standards
Transparent debate
A proposed standard is discussed at a meeting, open to the public
Research and consultation
A project task force is established to develop a draft standard or practice statement.
Exposure for public comment
Regulation by the profession
IFAC member bodies, like ACCA, must adhere to IFAC's International Code of
Ethics for Professional Accountants to establish ethical standards. Disciplinary
action can be taken for non-compliance with ethics rules, failure to meet
professional standards, or dishonourable conduct.

3: Corporate Governance
Corporate Governance
the internal systems or means by which companies are directed and controlled.
It describes the framework of rules and practices by which a board of directors
ensures accountability, fairness, and transparency in a company's relationship
with each of its stakeholders.
OECD Principles of Corporate Governance
The OECD has developed its own Principles of Corporate Governance. They
provide best practice recommendations on corporate governance and are used
worldwide as a benchmark for establishing guidelines on this area. It addresses
the Ensuring the basis of an effective corporate governance
framework
The role of stakeholders in corporate governance

Disclosure and transparency

The equitable treatment of shareholders

The rights of shareholders and key ownership functions

The responsibility of the board

following six areas:

OECD document provides detailed recommendations expanding on each of the

principles. Each country can develop its own corporate governance code for
companies to follow.
The UK Corporate Governance Code
Structure of the Code
In the UK, the UK Corporate Governance Code gives guidance to companies as
to how they should be directed and controlled. It offers guidance under the
following headings:
Board leadership and company purpose
Division of responsibilities
Composition, succession and evaluation
Audit, risk and internal control
Remuneration
'comply or explain' basis.
The Code, part of UK Stock Exchange rules, mandates listed companies to
include a corporate governance report in their annual report, detailing their
application of the Code's principles and assessing their compliance, with an
explanation for non-compliance.
Auditors and the UK Corporate Governance Code
In the UK, auditors must review and report on nine specific provisions in the
Code to shareholders to ensure listed companies comply with the Code.
Provision
Is directors' responsibility for preparing annual report & accounts explained in
report?
Did directors review & report on effectiveness of risk management & internal
controls?
Has board established audit committee of at least 3 NEDs (2 NEDs for smaller
companies)?
Does the audit committee have written terms of reference?
Are the terms of reference for audit committee available/ described in annual
report?
Does audit committee arrange ways for staff to report irregularity in financial
reporting?
Does the audit committee monitor and review effectiveness of internal audit
activities?
Does audit committee have primary responsibility for appointing external
auditors?
Are there procedures in place to ensure that auditor independence is maintained
where external auditor provides non-audit services?
Audit committees
sub-committee of board of directors, usually containing a number of independent
NEDs
Role and function of the audit committee should be set out in written terms of
reference.
Responsibilities of the audit committee
 4: Internal Audit
Internal audit and corporate governance
corporate governance relates to the internal systems or means by which
companies are directed and controlled.
The UK Corporate Governance Code mandates the board to manage risk, oversee
internal control frameworks, and determine the company's risk tolerance for
long-term strategic objectives. To fulfil this, the board can establish an internal
audit function to assess and monitor internal control policies and procedures.
Internal audit function:
A function of an entity that performs assurance and consulting activities aim to
enhance its governance, risk management, and internal control processes'
effectiveness.
The UK Corporate Governance Code does not mandate all listed companies to
have an internal audit function, but many do. If a listed entity does not have one,
the board must review whether it would benefit from one annually. Many non-
listed entities also have internal audit functions to help the board fulfil their
corporate governance responsibilities. The board should weigh the cost of setting
up an internal audit department against the predicted benefit, predicted savings in
external fees, the complexity of the organization's activities, management's
perceived need for risk assessment, external stakeholder pressure, and the cost-
effectiveness of outsourcing.
Nature and purpose of internal audit assignments
The internal audit function ensures a company's risk management, governance,
and internal control processes are effective. They evaluate these processes across
the company and report their findings to the audit committee. Unlike external
auditors, they consider wider issues like reputation, compliance with laws,
growth, environmental impact, and employee satisfaction levels. This is because
the key to a company's success is often managing such risks effectively.
Scope of internal audit
The assignments internal auditors carry out will depend on the particular
circumstances of the company involved and its objectives.
 IT audits Internal auditors may examine controls over accounting systems or
other computer systems that supply data to the accounting system.
 Financial audits and operational audits: Testing central or branch controls,
such as inventory counting or cash counting, observing controls in operation at
warehouses or retail stores during attendance at counts.
 Compliance audits: Internal auditors can assist or review compliance with
laws and regulations, such as those specific to a company's overseas branch,
such as filing adequate financial or non-financial returns.
 Fraud investigations: Fraud can range from theft of assets to fraudulent
financial reporting, and internal audits can investigate suspected instances or
review controls to prevent or detect fraud.
 Customer experience audits: Internal auditors can evaluate customer service
by phoning or visiting stores, pretending to be customers, or reviewing
customer surveys.
Value for money audits
Internal audit functions can conduct Value for Money (VFM) audits to determine
if the optimal combination of goods/services is achieved at the lowest resource
level. It typically concentrates on three key areas, also known as 'the three Es'.
Economy Buying the resources needed at the cheapest cost
Efficiency Using the resources purchased as wisely as possible
Effectiveness Doing the right things and meeting the organisation's objectives
Management must establish objectives for the three areas. These objectives
outline the company's goals and aim, and after setting them, controls must be
implemented to ensure each objective is met.
Limitations of internal audit
If the internal audit function is to be effective, then both they and their work need
to possess certain qualities.
Independence
Internal auditors should be independent of their activities, such as designing,
installing, and operating systems, and should be granted sufficient status to
achieve independence from various company functions. Their reports should be
considered by directors and recommendations acted upon. They should have a
reporting line independent of their function and maintain an independent mental
attitude.
Objectivity involves considering facts without preconceived ideas.
Internal auditors should have wide-ranging skills, a multi-disciplinary team,
ongoing training, and adhere to internal audit quality management
manuals/procedures. Work should be planned, documented, supervised, and
reviewed.
Outsourcing internal audit
The internal audit function can be provided by company employees or
outsourced externally, but potentially posing a self-review threat to the auditor's
independence.
External auditor: Statutory duty to give an opinion as to whether the financial
statements 'present fairly' activities of the business. Conducted in accordance
with ISAs.
Internal auditor: Assist the board in achieving its corporate objectives.
Relying on the work of the internal auditor
The internal audit department's objectives may overlap with those of the external
auditor, allowing the external auditor to rely on the internal auditor's work in

certain situations..
The ability to reduce, modify, or alter external audit procedures depends on
internal audit function's effectiveness. Auditor must determine if this work is
appropriate for the audit's purposes and establish the nature and extent of work
that can be used.
If using internal auditors to provide direct assistance, to appropriately direct,
supervise and review their work. Even if internal audit function is ineffective, it
may be useful to be aware of the conclusions formed. The effectiveness of
internal audit significantly impacts external auditors' assessment of the control
system and audit risk.
The following criteria must be considered by the external auditors when
determining whether the work of the internal audit function can be used.
 Scope of work  Due skill and care  Technical
 Organisational  Independence competence
status
When determining the areas and the extent to which the work of the internal audit
function can be used, auditor must consider the nature and scope of specific
work, its relevance to the audit strategy and plan, and the degree of judgement
involved in evaluating audit evidence. The external auditor, responsible for the
audit opinion, must make all significant judgements and therefore plan to use the
internal audit function less and perform more direct work in areas involving
significant judgments. These will be areas where:
 More judgement is needed in planning/performing procedures & evaluating
evidence.
 high risk of material misstatement
 The internal audit's objectivity is not adequately supported by its
organizational status and relevant policies/procedures.
 The internal audit function is less competent.
Direct assistance
Direct assistance refers to the use of the internal auditors to perform audit
procedures under the direction, supervision and review of the external auditor.
Where the external auditors have used direct assistance from the internal auditors
they should document the evaluation of threats to internal auditors' objectivity
and competence, the decision-making basis for their work, and the reviewer and
the date and extent of the review.
ISA 610 prohibits the use of internal auditors to provide direct assistance that:
 Involve making significant judgements in the audit.
 Relate to higher assessed risks of material misstatement.
 Relate to work with which the internal auditors have been involved.
 Relate to decisions external auditor makes regarding the internal audit
function and the use of its work or direct assistance.
The external auditor is solely responsible for audit opinion and must assess if
using internal auditors for direct assistance and the internal audit function's work
will enable them to be sufficiently involved in the audit.
 5: Professional ethics
Integrity
To be straightforward and honest in all professional and business relationships.
Objectivity
Not to compromise professional or business judgements because of bias, conflict
of interest or undue influence of others.
Professional competence and due care
The individual is required to possess and uphold professional knowledge and
skills to provide competent service to clients or organizations, adhering to current
technical and professional standards and relevant legislation.
Professional behaviour
To comply with relevant laws and regulations and avoid any conduct that the
professional accountant knows, or should know, might discredit the profession.
Confidentiality
To respect the confidentiality of information acquired as a result of professional
and business relationships.
Members acquiring information in course of their professional work should not
disclose any such information to third parties without first obtaining permission
from clients.
There are, however, certain circumstances where members may disclose
information to third parties without first obtaining permission.
Obligatory disclosure (disclosure required by law)
 Production of documents or other evidence in the course of legal proceedings
 Disclosure to public authorities of infringements of law (terrorism, money
laundering)
Voluntary disclosure (professional duty/right to disclose)
 To comply with the quality review of ACCA or another professional body
 To respond to inquiry/ investigation by ACCA/other professional regulatory
body
 To protect the interests of a professional accountant in legal proceedings
 To comply with technical/professional standards
 Where disclosure is in the public interest
Non-compliance with laws and regulations ('NOCLAR')
acts of omission/commission,intentional/unintentional, contrary to prevailing
laws or regulations. Non-compliance does not include personal misconduct
unrelated to the business activities of the entity.
The objectives of the auditor when responding to NOCLAR are:
 To comply with the fundamental principles of integrity and professional
behaviour;
 By alerting management or those charged with governance of the client, to
seek to:
a) Enable them to rectify/remediate/mitigate consequences of identified or
suspected non-compliance; or
b) Deter the commission of the non-compliance where it has not yet occurred;
and
 To take such further action as appropriate in the public interest.
Procedures suggested for the auditor when considering NOCLAR are to:
(a) Obtain an understanding of the NOCLAR matter.
(b) Discuss with management (at least one level above parties
involved/potentially involved)
(c) The client should be advised to rectify the situation, deter future incidents,
or inform those who need to know.
(d) Consider client's response and whether it indicates any concerns over their
integrity
(e) Consider whether to disclose the information to the appropriate authority, if
the law permits, or if withdrawal from the engagement may be necessary.
(f) Document all decisions, discussions and judgements.
Integrity, objectivity and independence
Professional accountants who provide assurance services are required to be
independent of the assurance client. Independence has two aspects to it:
Independence of mind/ Independence in appearance.
Much of the guidance in relation to ethical guidance applies to all company
audits. However, there are additional requirements relating purely to public
interest entities.
Public interest entities are defined as:
(a) All listed entities
(b) Entities of significant public interest because of their business, size or number
of employees or wide range of stakeholders.
Threats to the fundamental principles
Categories of threats
There are many circumstances that could threaten the professional accountant's
ability to satisfy the fundamental principles. These threats fall into one or more of
the following five categories:
Self-interest threat
The risk that a financial or other interest in a client will inappropriately influence
the professional accountant's judgement or behaviour.
Self-review threat
This arises where accountant from the audit firm performs work for client and
this must later be reviewed by the same person, or another accountant from the
same firm, in order to arrive at a judgement on the subject matter
Advocacy threat
The risk that a professional accountant promotes a client's position to the point
that the professional accountant's objectivity is compromised.
Familiarity threat
The risk that due to a long or close relationship with a client, the professional
accountant could be too sympathetic to their interests or too accepting of their
work.
Intimidation threat
The risk that the professional accountant is deterred from acting objectively
because of actual or perceived pressures, including attempts to exercise undue
influence on professional accountant. Where the above threats exist, appropriate
safeguards must be put in place to eliminate or reduce them to an acceptable
level.
Financial Interests
Financial interests might create a self-interest threat.
Example - owning shares in a client by: Safeguards
 The firm  Disposal of shares (only option if
 An audit team member firm holds shares)
 Immediate family member of the audit  Remove individual from audit
team member team
A self-interest threat arises as firm/audit  Inform audit committee
team member/immediate family would  Review by an appropriate
benefit personally if the client's financial reviewer (eg an independent
statements exceed market expectations. partner)
Loans and guarantees
Loans and guarantees might create a self-interest threat
Loans/guarantees with an audit client that is a bank
 Loans or guarantees to the firm
o No threat if immaterial to client/firm and on normal Review of work
performed by
terms
professional
o If material to audit client/firm, apply safeguards
accountant from
 Loans to an audit team member or their immediate outside the firm
family
o No threat to independence if on normal commercial
terms
Loans/guarantees with audit client that is not bank No safeguard can
Loans or guarantees to/from the firm, audit team reduce threat unless
member or their immediate family loan is immaterial to
client/ firm/team
member.
Fees
Fees might create a self-interest or intimidation threat
i) Relative size . Increase audit firm's client base to
When fees generated from an audit client reduce dependence on the client
represent a large proportion of the firm’s . Discuss with audit committee
total fees, the dependence on that client . Resign from some services
and concern about losing the client create . Consult ACCA/another professional
a self-interest or intimidation threat. accountant on any key audit areas
requiring judgement
There are additional ethical requirements .Disclose to those charged with
for public interest entity. governance
If client fees exceed 15% of firm's total .Pre-issuance review and Post-
fees for 2 consecutive years, firm should issuance review on second year's
implement safeguards to prevent undue financial statements
dependence on the client.
(ii) Overdue fees · Obtain partial payment of overdue
When a significant part of fees is not fees
paid . Discuss with audit committee
before the audit report for following year . Consider resignation if overdue fees
is issued, this might create self-interest not
threat. paid
The firm may issue a favourable opinion
rather than possibly lose the amounts
owed.
iii) Contingent fees No safeguards acceptable -
These are fees calculated on a contingent
predetermined basis relating to the fees are not allowed for audit
outcome of a transaction services,
or the result of the services performed. but contingent fees may be permitted
This creates a self-interest threat. for non-assurance work provided
adequate safeguards are implemented
Gifts and hospitality
Accepting gifts and hospitality from an audit client might create a self-interest,
familiarity or intimidation threat.
Acceptance of gifts from client may create self-interest Gifts and hospitality
threat because firm/individual may feel obliged to give a should not be
favourable opinion. Acceptance of gifts may be accepted unless the
perceived as a bribe. value is trivial and
Hospitality from clients may give rise to familiarity inconsequential.
threat
Business relationships
A close business relationship with an audit client or its management might create a
self- interest or intimidation threat
Examples include: .Disposal of firm's interests unless
. Holding interest in a joint venture with clearly insignificant
client .Removal of any individual
. Arrangements to combine one or more member who has an interest from
services or products of the firm with the audit team
clients.
Distribution of a client's products/services
Personal relationships
Family or personal relationships with client personnel might create a self-interest,
familiarity or intimidation threat.
(i) Immediate family of an audit team member Restructure the audit team's
spouse (or equivalent) or dependent. responsibilities so that the audit
A self-interest, familiarity or intimidation team member does not deal with
threat is created when an immediate family matters that are within the close
member of an audit team member is an family member’s responsibility.
employee is a position to exert significant this is required where any member
influence over the client's financial of the individual's immediate
position, financial performance/cash flows. family:
. Is a director/officer of the audit
The level of the threat depends on: client
. position held by the immediate family . Is an employee in a position to
member exert significant influence over the
. role of the audit team member preparation of the client's
accounting records or the financial
statements on which the firm will
express an opinion;
.Was in such position during any
period covered by engagement or
financial statements
(ii) Close family Restructure the audit team's
Parent/child/sibling who is not an responsibilities so that the audit
immediate family member. team member does not deal with
A self-interest, familiarity or intimidation matters that are within the close
threat is created when a close family family member’s responsibility.
member of an audit team member is: . Remove individual from the audit
. A director/officer of the audit client team
An employee in a position to exert
significant influence over the preparation
of the client's accounting records or the
financial statements on which the firm will
express an opinion
(iii) Relationships of partners and Structure the partner's/employee's
employees of the firm responsibilities to reduce potential
Firm partners and employees must consult influence over the audit
company policies & procedures if they are engagement
aware of any personal/family relationship . Review of audit work by an
between appropriate reviewer
· A partner/employee of the firm who is
not an audit team member and
. A director/officer of the audit client and
an employee of the audit client that has
significant influence over the preparation
of the client's accounting records or the
financial statements on which the firm will
express an opinion.
Employment
Where a partner or employee  Consider modification of audit plan
of the firm leaves to join an  Change members of audit team
audit client, this might create  Review by an appropriate reviewer
a self-interest, familiarity or  Quality review
intimidation threat. Public interest entities risk losing independence
if a key audit partner becomes a director or
employee with significant influence over the
client's accounting records or financial
statements on which the firm will express an
opinion, unless subsequent to the individual
ceasing to be a key audit partner:
- The audit client has issued audited financial
statements covering a period of min 12 months
- The individual was not an audit team member
with respect to audit of those financial
statements
Where director/officer/ The individual should not be assigned to the
employee of audit client audit team if their work while employed by
leaves client to join the firm, client is being evaluated during the current
self-interest, period as part of audit engagement .
self-review/familiarity threat
might be created.
Key audit partner
A key audit partner is an individual within the engagement team responsible for
making significant decisions or judgments regarding the audit of financial
statements, which the firm will express an opinion on, separate from the
engagement partner.
Long association
Over time, prolonged audit engagement . Independent partner review
can create familiarity and self-interest . Independent quality review
threats. . Rotate senior staff
For public interest entities, the Code sets Rotate after Cooling-off
outs a compulsory cooling-off period. period
Engagement partner 7 5
engagement quality reviewer 7 3
Key audit partner 7 2
Actual and threatened litigation
When litigation with an audit . Disclose to the audit committee
client occurs, or appears likely, . Removal of individual involved in
self-interest and intimidation litigation from the assurance team
threats are created. . Refuse to perform the assurance
engagement
Preparing accounting records and financial statements
Offering accounting and If the client is not a public interest entity:
bookkeeping services to Accounting services should not be performed by audit
audit clients may pose a staff
self-review threat as the Client must provide all source data
firm is unlikely to Client must approve all journal entries
critizize its own work Discuss non-audit services with audit committee
and decisions If the client is a public interest entity: provision of
accounting or bookkeeping services is not permitted
Tax services
Providing tax services to an audit client might create self-review or advocacy
threats.
Tax return preparation . Tax returns typically use historical data and analyze
Does not usually create it under current tax laws, precedents, & established
a threat. practices.
. Management must take responsibility for the tax
returns.
Tax calculations for Calculations must not be performed by audit team
accounting entries member
Preparing such Independent review of audit work conducted by a
calculations that will be reviewer not involved in providing the service.
subsequently audited by For public interest entities: Tax calculations may not
the firm creates self- be performed.
review threat.
Tax planning and other Services must not be performed by audit team
tax advisory services member
May create a self-review · Independent review of audit work to be conducted
or advocacy threat by a reviewer not involved in providing the service.
. Obtain pre-clearance from the tax authorities.
Tax advice may not be provided if effectiveness
depends on a specific accounting
treatment/presentation in FS, and the audit team has
reasonable doubts about the appropriateness of the
 related treatment and outcome of the tax advice will
have a material effect on the FS being audited.
Assistance in the Assistance services must not be provided by audit
resolution of tax team member.
disputes · Independent review of audit work to be conducted
May create a self-review by a reviewer not involved in providing the
or advocacy threat assistance.
Such services may not be provided if they involve the
firm advocating for the client before a public tribunal
or court in the resolution of a tax matter and the
amounts involved are material to the financial
statements being audited.
Internal Audit services
Providing internal audit Stipulate that client is obligated to establish, maintain,
services to an audit and monitor an internal control system,and client
client might create a management is responsible for evaluating and acting
self-review threat if the on these findings and reporting them to those charged
audit team plan to rely with governance.
on the work of the
internal audit Independent partner review to ensure appropriate
department. reliance is placed on internal audit and its work is
rigorously audited.
For public interest entities:
Internal audit service must not be provided if it relate
to:
 significant part of internal controls over financial
reporting
 Financial accounting systems that generate
information that is, individually/aggregately,
material to accounting records or FS on which the
firm will express an opinion;
 Amounts or disclosures that are, individually or in
aggregate, material to financial statements on
which the firm will express an opinion.
Firm's assumption of Client is reminded that it must evaluate
management and determine which recommendations of
responsibility may pose the firm should be implemented.
threat to objectivity if it
makes decisions on
behalf of client during
internal audit services.
Recruiting services
Providing recruiting services to an audit client might create a self-interest,
familiarity or intimidation threat.
Audit firms should only provide recruiting services for clients, focusing on
reviewing professional qualifications and advising on suitability for financial
accounting, administrative, or control positions.
They should not provide services for searching for candidates, conducting
reference checks, for position of director or senior management with influence
over preparing accounting records or financial statements. This ensures that audit
firms do not make management decisions for clients.
Conflicts of interest
Before accepting a new client, or if change in a client's circumstances, audit firms
must take reasonable steps to identify circumstances that could pose a conflict of
interest or if there is likely to be one in the future.
A conflict of interest creates threats to compliance with the principle of
objectivity and other fundamental principles. Such threats might be created
when:
A professional accountant offers services related to a specific matter to multiple
clients whose interests conflict with the matter, or the interests of the accountant
and the client for whom the accountant provides services are in conflict.
Conflicts between a professional accountants' and clients' interests
An accountant cannot accept or continue an engagement with a significant
conflict of interest between them and the client, such as direct competition or
stake in a company that threatens their objectivity. Any financial gain resulting
from an engagement or using client information is considered a significant
conflict of interest unless disclosed in writing or an advance agreement is
obtained from the client.
Conflicts between the interests of different clients
This situation arises when different clients are in direct competition with each
other and where the auditor has access to information that is particularly
sensitive.
An audit firm may have multiple clients with conflicting interests, provided that
the work the audit firm undertakes is not, itself, the subject of dispute. If an
engagement would materially prejudice any client's interests, even with
safeguards, the appointment should not be accepted or continued.
Prejudice can arise from leakage of information from one client to another and
audit firms having to choose between interests of different clients.
Safeguards
Safeguards that may reduce threats to the fundamental principles due to conflicts
of interest include:
 Notify all known relevant parties and obtain their consent
 Use of separate engagement letters
 Procedures to prevent access to information (eg separate teams, confidential
data secure access and filing and password protection) .
 Clear guidelines for members of engagement team on security &
confidentiality issues
 Use of confidentiality agreements signed by employees and partners of the
firm
Obtaining audit engagements
Advertising
Advertisements/promotional material prepared/produced by members/firms
should not
(a) Bring ACCA disrepute or bring discredit to member/firm/accountancy
profession
(b) Discredit services offered by others, by claiming superiority or otherwise
(c) Be misleading, either directly or by implication
(d) Fall short of the requirements of the UK Advertising Standards
Commissions, fees or rewards in return for the introduction of a client are
permitted, provided appropriate safeguards are put in place, such as disclosure to
the client.
Acceptance
New auditors should ensure that they have been appointed in a proper and legal
manner.
Accepting nomination as auditor
Before accepting nomination as auditor, the auditor must:
Ensure professionally qualified Consider whether disqualified on
to act legal/ethical grounds
Ensure existing resources Consider available time,staff & technical
adequate expertise
Obtain references Make independent enquiries if directors not
personally known
Communicate with present Enquire whether there are reasons behind the
auditors change which the new auditors ought to
know
New auditor
The new auditors should communicate with the present auditors to determine
whether there are any professional reasons as to why they should not accept
appointment
If at any point in the above process, the audit client refuses permission to correspond, then the
new auditor should not accept appointment as auditor.
After accepting nomination, the new (incoming) auditor should:
 Ensure outgoing auditor's removal properly conducted in accordance with
regulations
 Ensure new appointment properly conducted - obtain a copy of the resolution
passed
 Agree the terms of the engagement
Risk
Potential clients will be classified as high/low risk, depending on their
characteristics
Low risk
 Good long-term prospects High risk
 Well-financed  Poor recent or forecast
 Strong internal controls performance
 Conservative, prudent accounting  Likely lack of finance
policies  Significant control deficiencies
 Competent, honest management  Evidence of questionable integrity,
 Few usual transactions doubtful accounting policies
 Lack of finance director  Significant related party
/unexplained transactions
Where the risk level is anything other than low, the specific risks should be
identified and documented. It might be necessary to assign specialists in response
to these risks, particularly industry specialists, as independent reviewers.
Engagement economics
The expected fees for a new client should reflect the level of risk, return expected
of similar clients, and overall financial strategy of the audit firm.
Relationship with client
The audit firm seeks long-term client relationships for both financial benefits and
better service enhanced by better knowledge of the client.
Client screening
As well as contacting the previous auditors, many firms carry out stringent
checks on potential client companies and their management.
Management integrity
The integrity of those managing a company will be of great importance,
particularly if it is controlled by one or a few dominant personalities
Ability to perform work
The audit firm must have adequate resources and specialist knowledge to
perform the work effectively, while estimating the impact on existing
engagements in terms of staff time and timing of audit.
Agreeing the terms of audit engagements
The auditor's goal is to accept or continue an audit engagement only when the
basis for its performance is agreed upon, ensuring preconditions are present and a
common understanding of engagement terms between auditor and management
exists.
Preconditions for an audit
 The use by management of an acceptable financial reporting framework in the
preparation of financial statements
 Obtain management's agreement (written representation) that it acknowledges
and understands its responsibilities for:
o Preparing the financial statements
o Establishing internal control to ensure FS are free of material misstatement
o Providing the auditor with access to all records and documents and staff
If the preconditions are not present, the auditor shall not accept proposed
engagement.
Engagement letters
are the written terms of an engagement in the form of a letter.
The auditor must establish the engagement terms with management or those
charged with governance, which should be done before the audit to prevent
misunderstandings, and recorded in a written agreement. It must include the
following:
 The objective and scope of the audit
 The auditor's responsibilities & Management's responsibilities
 Identification of the applicable financial reporting framework for the
preparation of FS
Reissuing engagement letters
On recurring audits, the auditor shall assess whether circumstances require the
terms of the audit engagement to be revised and whether there is a need to
remind the entity of the existing terms of the audit engagement.
 Any indication that the entity misunderstands the objectives and scope of the
audit
 Any revised or special terms of the audit engagement
 A recent change of senior management/change in ownership
 A significant change in nature or size of the entity's business
 A change in legal or regulatory requirements
Quality management at a firm level
The fact that auditors follow international auditing standards provides a general
quality management framework within which audits should be conducted. In
addition to this, they must follow the IAASB's suite of quality management
standards.
Engagement performance
Firms should ensure engagements are performed correctly, adhering to standards
and guidance. They often provide a manual of standard engagement procedures
for staff to understand the standards they are working towards.
Good engagement performance involves:
 Direction  Supervisi  Review  Consultati  Resolutio
on on n of
disputes
Where there are differences of opinion on an engagement team, a report should
not be issued until dispute has been resolved. This may involve intervention of a
quality reviewer
Peer review
A review of the audit file carried out by another partner in the assurance firm.
Hot review/ Pre-issuance review/Engagement quality review (EQR).
peer review carried out before auditor's report is signed
Cold review/ Post-issuance review:
A peer review carried out after the auditor's report is signed.
Monitoring
The monitoring of the firm's quality management system and procedures
involves:
Ongoing evaluation: Considering whether the firm has kept up to date with
regulatory requirements
Periodic inspection: Inspecting the audit engagements of each engagement
partner over an inspection cycle
Those monitoring the system must assess deficiencies, whether one-off or
recurring, and take corrective action such as remedial action, communicating
findings with training dept , changes in quality management policies, disciplinary
action, or individual audit quality management.
Auditors must follow quality management procedures for each audit engagement
to ensure they have fulfilled their responsibilities, conducted audit in line with
professional standards and legal requirements, and their report is appropriate in
the circumstances.
The engagement partner is responsible for managing and achieving quality within
engagement. This involves adhering to ethical standards, managing resources
effectively, ensuring quality, taking responsibility for quality management, and
documenting process.
Relevant ethical requirements
The engagement partner is responsible for ensuring ethical compliance. This
includes identifying and addressing threats, evaluating any breaches and ensuring
that engagement personnel take appropriate action
Acceptance & continuance of client relationships & audit engagements
the engagement partner is responsible for acceptance / continuance procedures.If
ethically unacceptable then it is the partner's responsibility to decline it.
Engagement resources
The engagement partner must ensure that sufficient and appropriate resources are
made available to the engagement team
Engagement performance.
The engagement partner is responsible for directing and supervising the
engagement team and reviewing their work, sharing responsibility among senior
personnel. They must ensure audit evidence supports conclusions and elements
of reports communicated in advance. The partner must plan and perform audits in
line with firm's policies and ISAs, and be responsive to engagement. They must
ensure consultation within and outside team where required, and resolve any
disagreements using the firm's policies and procedures.
Direction
The partner must convene a meeting with audit team to discuss audit risks,
including responsibilities such as contributing to engagement quality,
maintaining professional skepticism, fulfilling ethical requirements, and
addressing threats to quality achievement. This includes directing and
supervising less experienced team members and ensuring ethical conduct.
Supervision
The audit is supervised by the engagement partner, with senior staff providing
practical supervision to junior staff. This includes tracking progress, considering
team members' capabilities, addressing significant issues, and identifying matters
for consultation by experienced team members. This ensures the team's
competence and time management during the audit engagement.
Review
The review assesses if the work adheres to professional standards and legal
requirements, significant matters have been addressed, the work supports
conclusions, the evidence is sufficient for an auditor's opinion, and the audit
objectives have been achieved.
Engagement quality reviews
Engagement quality reviews are necessary for audits of listed entities and other
engagements where an audit firm deems a review necessary. The engagement
partner should appoint a reviewer, cooperate with the reviewer, discuss
significant matters and judgements, and only date the auditor's report after the
review.
 6: Risk assessment

The auditor should plan and perform the audit with professional scepticism and
apply professional judgement.
Professional scepticism
An attitude that involves questioning mind, being alert to potential misstatements
due to error or fraud, and critically evaluating audit evidence. The auditor should
be alert to
o Audit evidence that contradicts other audit evidence
o Circumstances that suggest additional audit procedures are needed.
o Conditions that may indicate possible fraud.
o Information that questions the reliability of documents and responses to
questions
Professional judgement
utilizing relevant training, knowledge, and experience to make informed
decisions about appropriate actions for audit engagement situations.
the auditor should exercise professional judgement is required in planning and
performing an audit of financial statements in the following areas:
o Determining the level of audit risk and setting materiality
o Determining the nature, timing and extent of audit procedures to be performed
o Evaluating whether sufficient appropriate audit evidence has been obtained.
o Evaluating management's judgements in applying applicable financial
reporting framework
o Drawing conclusions based on the audit evidence obtained.
Audit risk
the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated.
Audit risk has two major components:
(a) One dependent on the entity and is the risk of material misstatement arising in
the financial statements (inherent risk and control risk)
(b) The other dependent on the auditor and is the risk that the auditor will not
detect material misstatements in the financial statements (detection risk)
Audit risk =Inherent risk ×control risk × Detection risk

Inherent risk
the susceptibility of an assertion or disclosure to a misstatement that could be
material either individually or when aggregated with other misstatements, before
consideration of any internal controls
Inherent risk is affected by the nature of the entity. For example:
o The industry in which client o . Whether its financial statements:
operates. o Include complex calculations.
o Any regulations it is subject to
Control risk
The risk lies in the possibility of a material misstatement in an assertion about a
transaction, account balance, or disclosure that the entity's internal control may
not prevent or detect promptly.
Detection risk
the risk that the auditor to reduce audit risk to an acceptably low level will not
detect a misstatement that exists and that could be material, either individually or
when aggregated with other misstatements.
Detection risk is sub-divided into two components: sampling risk and non-
sampling risk.
Factors which increase non-sampling risk include:
o Auditor's lack of experience o Poor planning
o Time pressure o New client
o Financial constraints o Lack of industry knowledge
Materiality in Planning and Performing an Audit
The materiality level set by an auditor is a judgement-based decision based on
the level of audit risk. The lower the level, the more work is needed to maintain a
low audit engagement risk. This level also influences the nature, timing, and
extent of audit procedures, the use of sampling techniques, and the evaluation of
the impact of misstatements. Materiality is crucial in assessing individual audit
risks, considering not just potential misstatements but whether they would be
material, allowing auditors to focus on areas that matter most for the audit as a
whole.
calculation of materiality
During audit planning, the auditor establishes materiality for the financial
statements as a whole by exercising judgment.
The following benchmarks and percentages may be appropriate in the calculation
of materiality for the financial statements as a whole:
Revenue 1/2 to 1
Total assets 1 to 2
Profit before tax 5 to 10
The auditor's choice of materiality level for financial statements depends on their
confidence in the client's figures, the use of financial statements, and other
factors. If applied to account balances like receivables and inventory, untested
balances could result in errors or misstatements, potentially leading to a material
misstatement. To reduce this risk, auditors set performance materiality levels
lower than the overall materiality, applying a lower threshold during testing. This
reduces the risk of misstatements that could lead to a material misstatement.
Revising materiality as the audit progresses
The auditor's evaluation of financial statements involves assessing the materiality
of the aggregate of uncorrected misstatements, which may need revision due to
audit events, new information, or changes in understanding of the entity and its
operations.
Documentation of materiality
ISA 320 (para. 14) requires the following to be documented:
o Materiality for the financial statements as a whole
o Materiality level or levels for particular classes of transactions, account
balances or disclosures if applicable
o Performance materiality
o Any revision of the above as the audit progressed.
Risk assessment and understanding the entity and its environment.
Objective
The auditor's objective is to identify and assess risks of material misstatement at
financial statement and assertion levels, allowing them to design and implement
responses. They must first identify the risks and assess their severity, then design
responses in accordance with ISA 315. Understanding the entity is crucial for an
adequate risk assessment, and ISA 315 considers the risk assessment as part of
audit evidence. Risk assessment procedures have to include:
o Inquiries of management.
o Analytical procedures; and
o Observation and inspection
The auditor may use information from last year's audit, but this must be
evaluated to consider whether it remains relevant and appropriate this year.
The auditor may also seek to use automated tools and techniques as part of the
risk assessment.
The ISA mandates auditors to conduct risk assessments without bias, avoiding
corroborative or contradictory evidence. They must be open to evidence that
could challenge management's narrative. ISA 315 categorizes risks into financial
statement and assertion levels.
Financial statement risks are pervasive and can affect any assertion, such as poor
management's attitude to internal control. At the assertion level, risks are more
specific and take the form of specific issues. For example, a company with
multiple locations may face inherent risks and control risks related to their
inventory counting system.
In order to assess these risks, the auditor must obtain an understanding of three
things:
 The entity and its environment
  The applicable financial reporting framework (this is IFRS for the AA
exam)
 The entity's system of internal control
Understanding the entity and its environment
The auditor must understand the entity's organizational structure, governance,
business model, industry, regulatory factors, financial performance assessment
measures, IFRS, and accounting policies. They must also consider inherent risk
factors that affect the susceptibility of assertions to misstatement.
The following diagram gives summarises the factors the auditor should consider
when obtaining an understanding of the entity and its environment.

Understanding the entity's system of internal control

The auditor must understand the entity's risk assessment process relevant to the
preparation of the financial statements, ie its process for identifying business
risks, assessing its significance and addressing these risks..
The auditor must comprehend the entity's internal control monitoring process,
including its effectiveness, addressing deficiencies, and the information sources
used, and assess its suitability for the entity's complexity and nature.
ISA 520 Analytical Procedures
Analytical procedures are essential for auditors to identify inconsistencies and
unexpected relationships in financial statements. They serve as risk assessment
procedures and can be used as substantive audit evidence when they are more
effective than tests of details in reducing detection risk.Analytical procedures
include the following types of comparisons:
 Prior periods  Predictive estimates ie
 Budgets and forecasts expectations
 Industry information  Relationships between elements of
financial information, ie ratio
analysis
The auditor must use analytical procedures as risk assessment to understand the
entity and its environment, identifying areas of unawareness and assessing risks
of material misstatement. This helps determine nature, timing, and extent of
future audit procedures.
Common ratios for use in analytical procedures include:

Assessing the risks of material misstatement

Once the auditor has obtained an understanding of the entity and its environment,
they shall assess the risks of material misstatement in the financial statements and
identify significant risks.
Significant risks
An identified risk of material misstatement is one where the inherent risk
assessment is close to the upper end due to the impact of inherent risk factors on
the likelihood and magnitude of the potential misstatement, or it is considered a
significant risk as per ISAs.
The auditor identifies risks and assesses their severity based on inherent risk.
Unusual and complex transactions and matters where judgment is required are
more likely to pose significant risk which are the most severe, while routine, non-
complex transactions are less likely to pose significant risks due to robust
internal controls.
Inherent risk factor
Complexit Business model - complex alliances and joint ventures
y Financial reporting framework - complex accounting
measurements
Transactions - complex arrangements (eg off-balance sheet
finance)
Subjectivit Financial reporting framework:
y . Wide range of possible accounting estimates
. Management choice of valuation technique
Change Changes in:
Economic conditions - instability (eg current devaluation)
Markets - exposure to volatility (eg futures trading)
Customer loss - going concern / liquidity risk
Industry model - changes in the industry in which the entity
operates
Business model - change in supply chain, new lines of business
Geography - expanding into new locations
Entity structure - for example reorganisations, subsidiaries sold
IT - IT environment change / new IT systems relevant to FR
Uncertaint Financial reporting - estimation uncertainty
y Pending litigation and contingent liabilities
Manageme Opportunities for fraudulent financial reporting
nt bias or Transactions with related parties
fraud risk Non-routine or non-systemic transactions
Transactions recorded based on management intentions
Response to audit risk
The auditor should obtain sufficient appropriate audit evidence regarding the
assessed risks of material misstatement, through designing and implementing
appropriate responses to those risks.
In the exam you are likely to be asked to explain the auditor's response to each audit risk.Here
you are not required to write out specific audit procedures, rather you need to explain:
 the types of enquiries the auditor should  correspondence they should review
make (and of whom)  impact on the level of materiality
 information/documentation they would  type of testing they should perform
require  calculations they would do/re-perform
 assets they should inspect
Audit risk
Risk that inventory has a lower Examine the instructions to identify slow
NRV than cost and is therefore moving inventory lines when attending the
overstated (eg NRV falls due to inventory count.
the client being in an industry Increase emphasis on examining year-end
where tastes/fashions change aged inventory analysis for signs of slow-
quickly. moving inventory.
Determine the sales values of post-year-
end items in inventory to ensure their
NRV exceeds the cost recorded in the
financial statements.
Assets are desirable / more Focus on testing internal controls over those
susceptible to theft leading to a assets (including physical controls to prevent
risk that recorded assets do not theft)
exist (eg inventory/non-current Increase sample sizes for inspecting recorded
assets). assets, verifying any material assets in
context of performance materiality.
Increased risk of revenue Obtain breakdown of related costs and
expenditure being incorrectly review accounting entries to ensure
classified as capital (or vice expenditure is accurately classified as
versa), leading to misstatement capital or revenue.
of assets/expenses Perform detailed review of repairs
(eg extensive refurbishment of accounts for any items which should be
included in non-current assets.
NCA where judgement is
Review the asset register to ensure only
needed to establish if nature of
capital items have been included.
work is to
enhance/repair/replace).
Increased risk of incomplete or Perform analytical procedures focusing on
unrecorded income due to fraud comparing revenue with expected
or theft (eg large amounts of seasonal /monthly patterns. If a retail client,
cash collected and held prior to perform/reperform a reconciliation of a
banking). sample of till records to actual bankings.
Receipts/invoicing significantly sample of revenue entries recorded before
in advance/arrears of providing year-end sales should be confirmed as
services or goods, therefore relating to pre year end sales by inspecting
leading to an increased risk of the contract or supporting documentation
revenue being in the wrong Trace post year end transactions back to
period supporting contract/documentation to ensure
 revenue was recorded in proper period.
Perform analytical procedures where
monthly revenue is compared to expectations
and budgeted revenue Unexpected deviations
should be investigated.
Invoices received (or payments Review post-year end bank statements and
made) in advance/arrears of cash book payments for financial year
goods or services delivery date amounts not yet included in liabilities.
leading to overstatement or Verify cost and liability recorded were
understatement of costs and/or recorded in the appropriate period using
liabilities. documents like GRNs, ensuring delivery
dates are accurate.
There is an increased risk of The audit involves reviewing post-year end
irrecoverable debts (eg due to customer receipts to identify outstanding
the nature of the client's year-end receivable balances, determining if
industry/customers), resulting in these are provided for, and reviewing aged
assets being potentially receivables analysis and correspondence files
overstated. for evidence of disputes. consider the
adequacy of any related receivables
allowance
Significant client borrowing Review correspondence with the
and/or overdraft with cash flow bank/lender for any evidence of
problems which may indicate withdrawal/extension of facilities.
going concern problems. bank should review compliance with
performance covenants affecting facilities
and increase testing in areas where
management can manipulate performance
indicators, such as provisions.
Review post year end results and cash
flow forecasts (if prepared) for evidence
the company can continue as a going
concern.
New client systems/controls Undertake additional visits (eg interim
/staff impacting on amounts audit) to assess the effectiveness of
recorded in the financial controls operating over areas affected.
statements, increasing the risk Perform extra work to document and
of errors and risk of internal evaluate new systems/controls,
controls not operating performing tests of controls where
effectively. necessary.
Increase sample sizes for substantive
 testing
over financial statement areas impacted.
Management has an incentive to Focus on and increase testing on judgemental
manipulate performance, areas in the financial statements (eg
increasing the risk of profits provisions, revenue recognition accounting
being overstated (eg policies).
remuneration/ bank funding is
reliant on performance).
Fraud
intentional act by one or more individuals among management, those charged
with governance, employees, or third parties, involving the use of deception to
obtain an unjust or illegal advantage"
Fraud risk factors
events or conditions that indicate an incentive or pressure to commit fraud or
provide an opportunity to commit fraud
two types of fraud which may cause material misstatement in the financial
statements:
Fraudulent financial reporting
Misappropriation of assets (the theft of an entity's asset)
Management and governance bear the responsibility of preventing and detecting
fraud by fostering a culture of honesty and ethical conduct and implementing
internal control systems.
The auditor is obligated to ensure financial statements are free from material
misstatement, whether due to fraud or error, and to maintain professional
skepticism throughout the audit, considering the possibility of management
overriding controls and the potential for fraud detection.
If an auditor's risk assessment indicates a significant risk of material
misstatement due to fraud, it should be treated as such. The auditor should assign
and supervise staff, evaluate client accounting policies for fraudulent reporting,
and incorporate unpredictability in audit procedures. Discussions among audit
team members should focus on potential fraud susceptibility to financial
statements.
Risk assessment procedures to obtain information in identifying the risks of
material misstatement due to fraud shall include the following:
 Enquiries of management regarding assessment of the risk that financial
statements may be misstated due to fraud, their process for identifying and
responding to risk of fraud
Enquiries of knowledge of any actual, suspected or alleged fraud, and its
views on the risks of fraud
Evaluating if any unusual relationship has been discovered during analytical
procedures, which could potentially indicate risk of material misstatement due
to fraud.
Considering whether any other information may indicate risk of material
misstatement due to fraud
Evaluating whether any fraud risk factors are present
The auditor must report any identified fraud or information about its existence to
the appropriate management level. If fraud involves management, employees
with significant roles in internal control where fraud could significantly impact
financial statements, the auditor must inform those charged with governance.
The auditor must consider whether they have a duty to report to regulatory or
enforcement authorities, as their confidentiality duty may be overridden by laws
and statutes in certain jurisdictions.
Laws and regulations
The auditor is not responsible for preventing non-compliance and cannot be
expected to detect non-compliance with all laws and regulations The auditor's
duty is to ensure that financial statements are free from material misstatements,
whether due to fraud or error, considering the legal and regulatory framework of
the entity in which they operate.
two different categories of laws and regulations:
(a) Those that have a direct effect on the determination of material amounts and
disclosures in the financial statements (such as tax or pension laws and
regulations)
(b) Those that don't directly affect material amounts and disclosures. but
compliance with financial statements is crucial for operating aspects, business
continuity, and avoiding penalties, such as regulatory compliance or operating
license terms.
For the first category, The auditor's responsibility is to obtain appropriate audit
evidence about compliance with laws and regulations, For the second category,
to conduct specific audit procedures to identify non-compliance with laws and
regulations that may impact financial statements, such as contacting management
and inspecting correspondence with relevant authorities.
 7: Audit planning and Documentation
The importance of planning
An effective and efficient audit relies on proper planning procedures. ISA 300
states the auditor shall plan the audit work so that the engagement will be
performed in an effective manner.
The objectives of planning
 To ensure that appropriate attention is devoted to important areas of the audit.
 To ensure that potential problems are identified and resolved on a timely basis.
 To ensure that audit work is organised and completed expeditiously.
 To enable appropriate audit staff to be selected and for work to be properly
assigned.
 To facilitate the direction, supervision and review of audit work performed
 To co-ordinate work done by experts and other auditors
The form and nature of planning is different for each audit and is affected by:
 Size of the entity  Commercial environment
 Complexity of the audit  Method of processing transactions
 Auditor's experience with the  Reporting requirements
entity and their knowledge of the
business
Audit Strategy
The overall audit strategy sets the scope, timing and direction of the audit and
guides the development of the more detailed audit plan.
Characteristics of the Financial reporting framework
engagement Industry-specific reporting requirements
Expected audit coverage.
Availability of internal audit work
Effect of IT on audit procedures
Availability of client personnel and data
Reporting objectives, Entity's timetable for reporting
timing of the audit Organisation of meetings with management and
and nature of those charged with governance.
communications Discussions with management and those charged
with governance.
Expected communications with third parties
Significant factors, Determination of materiality
preliminary Areas identified with higher risk of material
engagement activities, misstatement.
and knowledge gained Results of previous audits
on other engagements. Evidence of management commitment to sound
internal control.
Significant business/industry developments
Significant changes in financial reporting
framework
Nature, timing and Selection of engagement team
extent of resources Assignment of work to team members
Engagement budgeting
Examples of items to include in the overall audit strategy include:
Industry-specific financial reporting requirements
Number of locations to be visited.
Audit client's timetable for reporting to its shareholders/members
Communication between the audit team and the client
Audit plan
The audit plan converts audit strategy into a detailed plan that outlines the nature,
timing, and extent of audit procedures for engagement team members to obtain
sufficient audit evidence to reduce audit risk.
The audit plan outlines the nature, timing, and extent of planned risk assessment
procedures, further audit procedures at the assertion level, and other audit
procedures required for compliance with ISAs. items included in the audit plan
could be:
 Timetable of planned audit work
 Allocation of work to audit team members.
 Audit procedures for each major account area (eg inventory, receivables, cash)
 Materiality for the financial statements as a whole and performance
materiality
Auditor may need to adjust audit strategy or plan due to unexpected events,
changes in conditions, or audit evidence, and all such decisions must be
documented and reviewed.
Interim and final audits
Auditors usually carry out their audit work for a financial year in one or more
sittings. These are referred to as the interim audit(s) and the final audit.
Any interim audit visits are carried out during the period of review and the final
audit visit will take place after the year end.
The purpose of the interim audit
The purpose of the interim audit is to carry out procedures that would be difficult
to perform at the year end because of time constraints. Work performed during an
interim audit tends to focus on risk assessment and on documenting and testing
internal controls.
Some substantive procedures can also be carried out, but these are limited
because statement of financial position figures will not be the ones reported on.
The purpose of the final audit
During the final audit, the auditor will focus on the audit of the financial
statements and issue a report which contains the opinion expressed on the
financial statements covering the entire year being audited.
The final audit opinion will take account of conclusions reached at both (or all)
audit visits. Some audit procedures can only be performed at the final audit visit,
such as agreeing the financial statements to the accounting records and
examining adjustments made during the process of preparing the financial
statements.
Procedures carried out during the interim and final audits.
Interim audit procedures Final audit procedures
 Inherent risk assessment and gaining  Substantive procedures involving
an understanding of the entity. verification of SOFP balances and
 Recording the entity's system of amounts in the SOPL.
internal control  Obtaining third-party
 Evaluating the design of internal confirmations
controls  Analytical procedures relating to
 Carrying out tests of controls on the figures in the financial statements.
company's internal controls to ensure  Subsequent events review
they are operating as expected.  Agreeing the financial statements
 Performing substantive testing of to the accounting records
transactions/balances to gain  Examining adjustments made
evidence that the books and records during process of preparing FS.
are a reliable basis for the  Consideration of the going
preparation of FS. concern status of the entity
 Identification of issues that may have  Performing tests to ensure that the
impact on work to take place at final conclusions formed at the interim
audit audit are still valid
Audit Documentation / working papers.
Record of procedures performed; relevant audit evidence obtained & conclusions
reached. All audit work must be documented: working papers are the tangible
evidence of the work done to support the audit opinion.
Audit documentation is necessary for the following reasons.
To provide evidence of auditor's basis for conclusion about achievement of
overall objective
To provide evidence that the audit was planned and performed in accordance
with ISAs and other legal/regulatory requirements.
To assist the management team to plan and perform the audit.
To assist team member responsible for supervision to direct, supervise &
review work.
To enable the audit team to be accountable for its work
To retain a record of matters of continuing significance (points carried
forward)
To enable quality reviews and inspections to be performed (internal and
external)
Content of working papers
Working papers should be comprehensive and detailed enough for an
experienced auditor with no connection to the audit to understand the work
performed and support the conclusions reached.
The auditor must record the audit's planning, procedures, results, and
conclusions, as well as their reasoning on significant matters requiring judgment,
along with their conclusions.
Working papers may be divided in to two types:
Permanent audit files (containing information of continuing importance to the
audit
Current audit files (containing information relevant to the current year's audit).
Permanent audit file (PAF) Current Audit File (CAF)
Engagement letters Details of history of client's
Accounting systems notes and business
ICQs. Memorandum and articles
New client questionnaire Notes of board minutes
Previous year's signed FS Accounts checklist
reports to management Report to management
 Summary of unadjusted errors Accounting system notes and
Written representations ICQs
Time budgets and summaries
The current audit file also contains working papers covering each audit area.
These should include a lead schedule for each balance in the financial statements
and a list of audit procedures performed along with the results and conclusions of
the testing.
Safe custody and retention of working papers
Working papers are the property of the auditors. Audit firms must establish
policies and procedures to maintain confidentiality, safe custody, integrity,
accessibility, and retrievability of working papers, eg passwords for authorized
users and backup routines.
 8: Intro to Audit Evidence
The objective of an audit of financial statements is to enable the auditor to
express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an identified financial reporting framework.
Audit evidence:
all the information used by the auditor in arriving at the conclusions on which the
auditor's opinion is based.
Sufficient appropriate audit evidence
Auditor should obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.
Sufficient Appropriate - Reliable
Quantity - sufficient to support External better than internal
the audit opinion Appropriate Auditor generated better than
Factors to consider are: Relevant client generated
Risk assessment The evidence gathered Internal more reliable when
Nature of accounting and must cover the financial controls effective
internal control systems statement assertions Written/documentary
Materiality of the item evidence better than oral
Experience gained during Original documents more
previous audits reliable than copies
Results of audit procedures
Source and reliability of
information available

Financial statement assertions

The auditor uses assertions to identify, assess, and respond to potential
misstatements in financial statements, ensuring they are prepared according to
applicable financial reporting framework, and to consider various types of
potential misstatements that may occur.
Evidence must be relevant to the particular financial statement assertion the
auditor is trying to test. There are two categories:
Assertions about classes of transactions
Occurrence
Transactions and events that have been recorded or disclosed and events and
related disclosures have occurred and pertain to the entity.
Completeness:
All transactions and events that should have been recorded have been recorded
and all related disclosures that should have been included in the financial
statements have been included.
Cut-off:
Transactions and events have been recorded in the correct accounting period.
Classification:
Transactions and events have been recorded in the proper accounts.
Accuracy:
Amounts and other data relating to recorded transactions and events have been
recorded appropriately, and related disclosures have been appropriately measured
and described.
Presentation:
Transactions and events are appropriately aggregated/disaggregated and are
clearly described, and related disclosures are relevant and understandable in the
context of the requirements of the applicable financial reporting framework.
Assertions about account balances & related disclosures at period end
Completeness:
All transactions and events that should have been recorded have been recorded
and all related disclosures that should have been included in the financial
statements have been included.
Obligations and rights:
The entity holds or controls the rights to assets, and liabilities are the obligations
of the entity.
Valuation, accuracy and allocation:
Assets, liabilities, and equity interests are included in the financial statements at
appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded, and related disclosures have been appropriately measured
and described.
Existence:
Assets, liabilities, and equity interests exist.
Classification:
Assets, liabilities, and equity interests have been recorded in the proper account.
Presentation:
Transactions and events are appropriately aggregated/disaggregated and are
clearly described, and related disclosures are relevant and understandable in the
context of the requirements of the applicable financial reporting framework.
Sometimes an entity will use an expert, for example a chartered surveyor, to
assist them in the preparation of the financial statements.
Management's expert:
An expert in a field other than auditing or accounting that is employed by an
entity to assist in the preparation of financial statements.
ISA 500 mandates auditors to assess the expert's competence, capabilities,
objectivity, understanding of their work, and appropriateness of their work as
audit evidence. If insufficient evidence is available, the auditor should consider
the implications for their report.
Procedures for obtaining audit evidence
audit evidence is obtained by performing an appropriate mix of audit procedures.
There are two types of audit procedure:
Tests of controls: audit procedures designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level
Substantive procedures: audit procedures designed to detect material
misstatements at the assertion level. Substantive procedures comprise:
 Tests of details (of classes of transactions, account balances, and
disclosures); and
 Substantive analytical procedures
Audit procedure
Analytical Comparison of financial and non-financial Substantive
procedures data, identifying significant differences and procedure
relationships that are inconsistent with
other information.
Enquiry and seeking information from knowledgeable Enquiry - both
confirmatio individuals within or outside the substantive
n entity(enquiry) and obtaining procedure and a
representations directly from a third party. test of controls
(confirmation) Confirmation –
substantive
procedure
Inspection Examining records, documents & tangible Both
assets
Observation Looking at a process or procedure being Test of controls
 performed by others
Recalculatio verifying the arithmetic accuracy of Recalculation –
n (and re- documents or records, as well as auditor's substantive
performance independent execution of procedures and procedure Re-
) re-performance of controls. performance - test
of controls
use of analytical procedures as a substantive procedure
There are three main types of analytical procedures which an auditor can use:
 Variance analysis - the review of current year financial information in
comparison to prior period or budgeted information
 Ratio analysis - the calculation of ratios and analysis and investigation of
significant differences
 Proof in total - the use of interrelationships between data (financial and non-
financial) to estimate an expected value in inancial statements, with
investigation of significant differences
Factors to consider when using analytical procedures
 The suitability of analytical procedures to a particular assertion
 The reliability of the data from which the expected amounts or ratios are
developed
 Whether the expectation is sufficiently precise to identify a material
misstatement
 The amount of any difference that is acceptable without further investigation
being required
Tests of details
Tests of details are a further type of substantive procedure and describe the
process of gathering audit evidence through detailed inspection of invoices,
documents and assets.
 Inspection of invoices to verify the accuracy of the amounts recorded in the
financial statements
 Physical inspection of non-current assets and inventory to verify their
existence
 Review of board meeting minutes for evidence of any provisions for legal
claims which should be included in the financial statements
Substantive tests are designed to discover errors or omissions. Broadly speaking,
substantive procedures can be said to fall into two categories.
Tests designed to discover errors(resulting in over- or understatement)
Tests begin with accounting records and supporting documents to detect
overstatement and understatement. For instance, to ensure correct sales pricing, a
sales invoice from the receivables ledger is selected and prices are checked
against the official price list.
Tests designed to discover omissions (resulting in understatement)
Tests should start outside accounting records and then be matched back to those
records to avoid understatements through omission. For instance, a test to
determine if all raw material purchases have been properly processed would start
with goods received notes and be matched back to inventory records or payables
ledger.
Directional testing
Auditors typically use tests to identify errors and omissions in systems. It's
crucial to determine the type and direction of the test before selecting a sample.
Directional testing is particularly useful for assessing financial statement
assertions, such as existence, completeness, rights and obligations, and valuation.
Directional testing derives from a principle in double-entry bookkeeping, every
debit should have a corresponding credit. Misstatements in a debit entry can lead
to misstatements in a credit or vice versa. By carefully designing audit
procedures, auditors can draw conclusions about both directly tested debit or
credit entries and those necessary to balance the books.
A test for the overstatement of an asset simultaneously gives comfort on
understatement of other assets, overstatement of liabilities, overstatement of
income and understatement of expenses.
Primary tests provide auditors with assurance in other audit areas by examining
all account areas for overstatement and understatement, ensuring accurate
financial reporting.
Test debit items (expenditure or If a non-current asset entry in the
assets) for overstatement by selecting nominal ledger of $1,000 is selected, it
debit entries recorded in the nominal would be overstated if it is recorded at
ledger and confirming value, existence anything less than $1,000 or if the
and ownership. company did not own it, or indeed if it
did not exist.
Test credit items (income or liabilities) Select a goods despatched note and
for understatement by selecting items agree that the resultant sale has been
from appropriate sources independent recorded in the nominal ledger
of the nominal ledger and ensuring revenue account. Revenue would be
that they result in the correct nominal understated if nominal ledger did not
ledger entry. reflect the transaction at all or
reflected it at less than full value
 9: Internal Control
System of internal control
system designed, implemented and maintained by those charged with governance
to provide reasonable assurance about the achievement of an entity's objectives.

Internal controls in smaller entities

Many controls relevant to a large entity not practical/appropriate for the smaller
entity.
 Smaller entities are likely to have less segregation of duties due to limited
staff.
 Management override of controls is likely to be an increased risk as a result of
the close involvement of directors/owners.
Management should implement additional physical authorization, arithmetic,
accounting, and supervisory procedures to address these issues. The attitudes and
actions of management are crucial for auditors to assess the control environment
in smaller entities. If the internal control system is robust and direct controls are
effective, substantive procedures can be reduced.
The auditor may resort to substantive procedures to obtain sufficient audit
evidence when auditing a smaller entity.This can often mean use of:
 Confirmations
 Agreeing samples related to different financial statement areas to source
documents
 Analytical procedures where these are considered suitable
Inherent limitations of internal control systems
• Human error • Unforeseen circumstances where
• Deliberate circumvention of no control exists
processes by employees • Cost of control > benefit
• Management override of controls
inherent limitations of internal control systems mean that an auditor cannot rely
solely on audit evidence from tests of control, will always need to conduct some
substantive testing.
Use of systems of internal control by auditors
Auditor should understand the system of internal control as it is relevant to the
preparation of the financial statements. The auditor shall:
 Assess the adequacy of the accounting system as a basis for preparing the
accounts
 Identify the types of potential misstatements that could occur in the
accounts
 Consider factors that affect the risk of misstatements
 Design appropriate audit procedures
Recording accounting and control systems
The auditor must obtain and document an understanding of the entity's internal
controls regardless of whether they want to gain audit evidence by relying on the
internal controls.
Narrative notes
used to document simple internal control systems- usually typed – detail and
explains each stage of entity’s systems.

Flowcharts
Graphic illustration of physical flow of information through accounting system.
Flowlines represent sequences of processes.

Internal control questionnaires (ICQs)

 comprise a series of questions designed to help the auditor assess strength of
system of controls/whether desirable controls are present for each major
transaction cycle .
 formulated so that there is one list of questions to cover each major transaction
cycle.
 'YES' or 'NO' questions and a 'NO' answer indicates a deficiency in the

system.
Internal control evaluation questionnaires (ICEQs)
Questions focus on significant errors/omissions that could occur at each phase if
controls were weak. Heps to elicit controls that exist
Testing internal controls to gather audit evidence
 The auditor will only test internal controls for audit evidence if the initial
assessment indicates they exist and have effectively operated throughout the
period.
 If internal controls appear to be strong, the auditor will conduct tests of control
 If the results support the auditor's initial assessment, the auditor will conduct
reduced substantive procedures
 Some substantive testing always required due to inherent limitations of
internal control
Where the results of the tests of control indicate that the internal controls are not
effective, the auditor will:
 Report the deficiencies in internal controls to those charged with governance
 Perform full substantive testing.
Internal controls in the IT environment
As part of the obtaining an understanding of the entity's information system and
communication, the auditor should understand how the entity has responded to
the risks arising from information technology (IT). Fundamentally, this will be a
matter of assessing whether the entity's IT controls address the risks that arise
from IT.
Information processing controls
Controls relating to the processing of information in IT applications or manual
information processes in the entity's information system that directly address
risks to the integrity of information
Information processing controls ensure that all transactions are authorized and
recorded, and are processed completely, accurately and on a timely basis
 10: Test of Controls
Internal controls are implemented by management and governance to prevent and
detect fraud and error. Auditors must understand an entity's accounting and
internal control systems, but only test them if initial risk assessment indicates
effective control operation, to gather audit evidence about relevant financial
statement assertions.
The auditor must test that the control:
 Is properly designed.
 Exists; and
 Has operated throughout the period.
Internal control failures or deviations should be recorded and investigated by
auditors, regardless of monetary amount, to determine if they are isolated
departures or accounting errors.
If control tests are unsatisfactory, the auditor's preliminary assessment of control
risk is not supported, necessitating extensive substantive procedures.
Tests of controls include enquiry in combination with other audit procedures, for
example:
 Inspection of documents supporting controls or events to gain audit
evidence that controls have operated effectively, for example verifying that
a transaction has been authorised.
 Observation of the entity's control procedures, for example observing an
inventory count to ensure it is being conducted in accordance with the
inventory count instructions.
 Re-performance of the application of a control to ensure it was performed
correctly, for example reperforming a bank reconciliation to verify that it
has been done properly.
 Examination of evidence of management reviews, for example minutes of
board meetings
 Testing of the control activities performed by a computer, using for
example computer- assisted audit techniques (CAATs)
Stage: Order Placed
Risk Control Controls Tests of controls
objectives
That an To ensure that Conduct a credit inspect a sample of
order is goods and check on all new new customer
accepted services are only customers prior to accounts to ensure
from, and supplied to accepting an order, that credit checks and
goods customers with ideally by someone references were
despatched good credit separate from sales obtained before the
order was accepted.
to customer ratings department. Once
For a sample of
who is not accepted, new
customer accounts,
creditworth customers should be
process an order
y given a credit limit –
exceeding a
these should be
customer's credit limit
reviewed regularly
to determine if order
is rejected.
That an To ensure that all Orders should be Test a numerical
order is not goods ordered are completed on sequence using a
fulfilled despatched/fulfill sequentially computer or manual
leading to ed numbered order method, reviewing a
loss of forms and GDNs sample of unfulfilled
future generated from same orders, and
info, with a copy investigating the
business
passed to warehouse reasons behind these
from
team once order is outstanding items.
dissatisfied dispatched and the
customers sales team regularly
reviewing unmatched
order forms.
That wrong To ensure that the Spot checks should To ensure accurate
items, correct items are be conducted on packing, vouch a
wrong despatched in packed goods to sample of items
quantity or terms of item, ensure their packed to GDNs and
damaged quantity and condition and order form.
goods are condition compliance with the
despatched order form Physically inspect a
packed sample of
goods.
 Review customer
complaint files for
evidence of
incorrectly
despatched goods.

Stage: Despatch of goods

Risk Control Controls Tests of
objectives controls
That goods To ensure that On receipt of goods, Review a
are not goods are customer signs the multi- sample of
despatched despatched to part GDN. GDNs for
to the the required The customer should receive evidence of the
required destination one copy, the delivery driver customer's
destination should return the others, the signature.
sales team, the warehouse
and the invoicing
department should receive
one
Stage: Goods Invoiced and Recorded
Risk Control Controls Tests of controls
objectives
That goods To ensure that Invoices should be Match a sample of
despatched all goods sequentially GDNs with the
are not despatched are numbered and corresponding invoice.
invoiced/not correctly generated using the Perform a sequence
invoiced invoiced information on the check of invoices to
correctly GDNs ensure all invoices are
recorded.
All invoices should Compare a sample of
be authorised, and invoices with
details agreed to authorised price list
price lists/credit and credit terms to
terms. ensure accuracy.
that To ensure that Periodically review Review customer
invoices are invoices are customer accounts correspondence files
posted to posted to the for any unpaid for evidence of any
the wrong correct customer amounts. complaints/instances of
customer account Send statements to incorrect invoices
account customers on a being applied to a
monthly basis. customer's account.

Stage: Payment Received

Risk Control Controls Tests of controls
objectives
That cash To ensure that Produce aged Review aged
is not monies are receivables report on a receivables report and
received received for monthly basis and discuss the action
invoices raised actively pursue taken on old/ overdue
old/overdue balances. balances with credit
control.
That To ensure that segregation of duties Observe the
payments monies received between those who procedures in place to
received are safeguard update receivables ensure segregation of
are stolen and banked ledger and those who: duties.
promptly  Raise invoices/credit Observe the
notes procedures for
 Follow up statement banking
queries cash/cheques.
 Open and count cash
Cash/cheques should be
kept securely and
banked promptly.
Purchases system
Stage: Order Placed
Risk Control Controls Tests of controls
objectives
That order To ensure orders Orders should only Review a sample of
is are only placed be raised on receipt orders for evidence
unauthorise once authorised of authorised that purchase
d and not and vetted to purchase requisition requisition was
for business ensure they are approved by authorised and goods
use for business use department manager. are for business use.

That the To ensure that Orders should only For a sample of orders,
entity does the entity buys be placed with a vouch that the
not buy items at the most supplier suppliers
items at the competitive which is on the used are on the
most price entity's list of preferred supplier
competitive preferred suppliers listing.
price which have been
approved in terms of
cost and quality.
For non-standard
items, separate
quotations may be
required.
Stage: Goods Received
Risk Control objectives Controls Tests of controls
That goods To ensure that all On receipt of goods Observe the receipt of
ordered are goods ordered are the warehouse should goods into the
not received raise a multi-part, warehouse to ensure
received, sequentially all goods are recorded
potentially numbered GRN. One and a GRN generated.
leading to part of GRN should Verify that the GRN is
stock outs be passed to the matched to the order
purchasing form by the
department to be purchasing
matched to the order department.
form.
Enquire as to the
Unmatched orders action taken where
should be reviewed orders are unfulfilled
on a periodic basis and reperform this
and suppliers chased process.
That faulty To ensure that On receipt of goods, Observe the receipt of
goods are goods are only all items are to be goods by staff to
accepted accepted if they verified to ensure confirm the control is
 are of correct they are in carried out.
quality satisfactory
condition.
Stage: Goods Invoiced and Recorded
Risk Control Controls Tests of controls
objectives
That the To ensure that Another part of For a sample of GRNs
liability for liabilities for GRN should be trace through to
goods goods received passed to accounts corresponding invoice
received is are recognised department. and verify that the
not in the Invoices received invoice has been
recognised in accounting from suppliers recorded in the
the records should then be accounting records.
accounting matched to GRN.
records Where no invoice has
Unmatched GRNs been received verify
should be reviewed that the relevant
periodically, and an accrual has been
accrual posted for recorded.
associated liability.
That a To ensure that a Upon receipt of For a sample of
liability is liability is only supplier invoice, it invoices recorded,
recognised recognised for should be matched vouch the details back
for goods goods which to sequentially to the GRN and order
which have have been numbered GRN and form to verify that the
not been received order form. The goods were received.
received invoice should be
allocated the same
sequential number.
Stage: Payment Made
Risk Control Controls Tests of controls
objectives
That That payments All invoices should be Inspect a sample of
payments are only made to authorised for payment invoices for
are made to the correct and coded to the authorisation and
the wrong supplier for bona relevant supplier by the appropriate coding.
supplier fide purchases appropriate budget
holder. Authorisation/ Review a sample of
coding should be supplier
evidenced by a reconciliations to
signature. ensure that they have
 been completed
Statements received accurately and any
from suppliers should resultant changes
be reconciled to the authorised.
relevant purchase
ledger account on a
monthly basis. Any
subsequent changes to
the accounting records
must be authorised.
That an To ensure that Prior to being paid all Inspect a sample of
invoice is suppliers are invoices should be invoices for evidence
paid paid accurately agreed to GRN and that calculations
twice/is for order form and have been
the wrong calculations such as reperformed and the
amount unit price, sales tax, invoice stamped as
quantities and 'paid'.
discounts agreed to the
appropriate records.

Once paid invoice

should be stamped
'paid'.
Payroll system
The payroll system has two main areas to consider:
HR function  Notifications of salary changes
 Staff appointment Payroll processing function
 Staff removal  Monthly processing of payroll
 Staff appraisal

Ideally, these roles should be performed by different staff or departments, but this
may not be feasible in smaller businesses due to difficulties in segregation of
duties
There are inherent risks within a payroll system, including:
Fraud  Claiming payment for more hours
than genuinely worked
 Establishing fake payroll records
 Theft (if wages are paid in cash
 Changing pay rates without
(rare))
authorisation
Errors
 Complexities relating to tax
 Other deductions

Stage: Work recorded

Risk Control Controls Tests of controls
objectives
That hours To ensure that Hours worked should Observe a sample
worked are hours worked be recorded using of employees
not recorded are accurately timesheets or a clocking in and out
accurately recorded clocking in and out to ensure it is done
system. according to the
entity's procedures.
Hours recorded to be
reviewed by Inspect a sample of
responsible official. timesheets for
evidence that they
have been reviewed
by a responsible
official.
That To ensure that Overtime must be For a sample of
additional only overtime authorised by overtime payments,
hours are which has been appropriate supervisor/ refer to the
recorded completed is manager in advance of overtime
which have recorded and the overtime being authorization form
not been paid carried out and an and examine it for
worked overtime authorisation proof of authorized
form completed. overtime.
Stage: Recognition of payroll liability
Risk Control Controls Tests of controls
objectives
That fictitious To ensure that Where new joiners Obtain a list of
employees are only individuals are taken on/ current joiners/leavers and
paid which are bona employees leave trace a sample to
fide employees HR/staff manager ensure accurate HR
are paid should complete and documentation and
sign a joiners/leavers payroll system
form which should amendment
be passed to payroll.
Payroll must Select a sample of
acknowledge receipt starters and leavers
of the form and make during the period
necessary changes to and determine
the payroll system, whether they were
which should be genuine employees
reviewed by a by tracing
supervisor. employee details
Personnel files back to personnel
should be held for all files.
employees.
Review procedures
Assign unique for entering and
employee numbers to removing employee
each employee .Only numbers from the
employees with valid payroll master file.
numbers can be paid.
That wages To ensure that Any changes to Review a sample of
are wages are standing data for the reports showing
paid/deductio paid/deductions payroll should be changes made to
ns made at the are made at the authorised by standing data to
wrong rate appropriate rate in HR/staff manager ensure that changes
the payroll master using appropriate made were
file. documentation. appropriately
A report of changes authorised and
to standing data accurately made.
should be printed on Recalculate PAYE
a monthly basis and and other
reviewed by an deductions to
appropriate manager ensure they have
to ensure all changes been correctly
are bona fide and calculated.
accurately made.
Stage: Payment made
Risk Control Controls Tests of controls
objective
That To ensure that Each month, a printout of Review the printout
employees employees are all amounts due to be to determine
are not paid paid the correct paid to employees should whether any
the amount amount be printed and reviewed unusual items were
that they are according to for any unusual amounts/ followed up.
due to payroll employees. Discuss the
receive per records/their outcome with
payroll payslip The total of amount to be management.
records/their paid should be recast.
payslip Recast the schedule
If employees are paid via in order to ensure it
BACS transfer, their bank has been accurately
account number must be cast.
verified and the amount
due to each employee For a sample of
should be agreed back to employees
the payroll system and reperform the
payslip. controls in place to
ensure they have
Then the BACS transfer been completed
should be authorised by accurately.
the payroll manager/
finance director. Vouch the
authorisation of the
If employees are paid in payroll manager/
cash then an additional finance director.
check should be made
that the amount included Observe cash
in the wage packet agrees payment process.
back to payslip.

Wage packets should be

made up by two payroll
staff and employees
required to sign to
confirm receipt of the
wage packet.
The inventory system
The main objectives/stages of the internal controls in this system are to ensure:
 Only goods required by the entity are accepted and are accurately recorded
 Damaged goods are not accepted, and inventory is appropriately valued
 The business is not interrupted due to stock outs
 Inventory is kept securely (not damaged or stolen)
Stage: Only goods required by entity are accepted and accurately recorded
Risk Control Controls Tests of controls
objectives
That goods To ensure that A copy of the Inspect a sample of
which have only goods authorised order form GRNs for evidence
not been which have been should be passed to of a signature
ordered are ordered are warehouse. When verifying that
accepted accepted goods are received, goods received
match to order form were traced back to
and only accept if they an authorised order
were ordered. form.
GRN should be signed
as evidence it has been
vouched back to order
form.
inventory To ensure all All GDNs and GRNs Inspect
sales & inventory sales are processed on a documentation to
purchases are and purchases daily basis to record the confirm that daily
recorded in are recorded in despatch and receipt of processing of
wrong correct inventory. GDNs and GRNs
accounting accounting occurs.
period period
Stage: Damaged goods are not accepted & inventory is appropriately
valued
Risk Control Controls Tests of controls
objectives
That To ensure that On receipt of Observe the receipt of
damaged/ goods are only goods, verify all goods by staff to confirm
faulty goods accepted if they items to ensure the control is carried out.
are accepted are of they are in
appropriate satisfactory
quality condition.
That To ensure that Standard costs to Review the entity's
inventory is inventory is be regularly procedures for updating
not valued properly stated reviewed by standard costs and test a
at the lower at the lower of management to sample of standard costs
of cost and cost and NRV ensure they are to determine whether they
NRV kept up to date. approximate to current
Inventory cost.
managers should Discuss inventory review
review inventory procedure with mgmt. and
regularly to observe review process/
identify slow- inspect any reports issued
moving, obsolete after review.
& excess
inventory.

Stage: The business is not interrupted due to stock outs

Risk Control Controls Tests of controls
objectives
That goods To ensure that On receipt of goods, Observe the receipt
ordered are goods ordered the warehouse should of goods into the
not received, are received raise a multi-part, warehouse to
potentially sequentially numbered ensure all goods are
leading to goods received note recorded and a
stock (GRN). GRN generated.
outs
One part of GRN Verify that GRN is
should be passed to matched to order
purchasing department form by purchasing
to be matched to order department.
form.
Enquire as to action
Unmatched orders taken where orders
should be reviewed on are unfulfilled and
a periodic basis and reperform this
suppliers chased process.
Stage: Inventory is kept securely (not damaged or stolen)
Risk Control Controls Tests of controls
objectives
That To ensure Inventory should be Inspect the environment
inventory that stored in an appropriate in which inventory is
is inventory is environment stored to ensure it is
damaged/ safeguarded Access to inventory suitable for the nature of
stolen should only be granted to the inventory.
 appropriate personnel. Inspect the identity cards
of employees working
Items should only be
within the inventory area
issued from inventory if
accompanied by copy of Inspect a sample of GDNs
customer sales order to verify that they relate
form. to bona fide customer
orders.
That To ensure Inventory should only be For a sample of inventory
inventory that all moved if accompanied movements, inspect
movemen inventory by a pre-numbered GDN GDNs and GRNs to
ts are not movements or GRN. determine whether
adequatel are Regular reconciliations inventory is being moved
y authorised performed of inventory for valid reasons.
and records with the general Review a sample of
monitored
recorded ledger. reconciliations to confirm
Duties of maintaining they have been accurately
inventory records and prepared and reviewed by
custodianship should be a manager/supervisor.
segregated. Observe recording of
inventory and discuss
inventory procedures with
relevant staff to ensure
proper segregation of
duties
The bank and cash system
The main objectives/stages of the internal controls in this system are to ensure:
 All monies received are recorded
 All monies received are banked
 Cash and cheques are safeguarded against loss or theft
 All payments are authorised, made to correct payees and recorded
 Payments are not made twice for the same liability
Stage: All monies received are recorded
Risk Control Controls Tests of controls
objective
That That all monies Segregation of duties between Observe the process
monies received are those receiving monies and of post being
are recorded those recording them. opened and monies
receive Two people should open post received recorded to
d but and record amounts received ensure that the
not on a 'receipts listing'. The entity's internal
recorde information should be shared controls are being
d with another staff member adhered to.
who will record transactions Inspect
in cash book and write a bank documentation such
paying slip. as the bank paying
Another staff member should in slip for evidence
be responsible for banking any of each staff
monies received. member carrying
out their separate
part of the process.

Stage: All monies received are banked

Risk Control Controls Tests of controls
objective
That To ensure that Bank reconciliations Reperform the bank
monies monies should be performed reconciliation to ensure it
receive received are on a weekly/monthly has been done accurately.
d are banked basis by someone not Review the bank
not responsible for the reconciliation for evidence
banked banking and the of the supervisor/manager
reconciliation review being performed.
reviewed by a Request management's
supervisor/ manager. confirmation on the
Customer statements frequency of sending
should be prepared customer statements and
and sent out on a review customer
regular (monthly) correspondence to assess
basis level of errors identified as a
result.
Stage: Cash and cheques are safeguarded against loss or theft
Risk Control Controls Tests of controls
objective
That cash/ To ensure that Unbanked receipts Physically verify the
cheques are cash/cheques should be kept in a location of unbanked
misappropriat are safeguarded locked safe at all receipts/cheque books
ed against times. to ensure they are
loss/theft Cheque books should kept securely.
be kept by a
supervisor/ manager
and stored in secure
location such as
locked drawer/cash
tin/safe.
Stage: All payments are authorised, made to correct payees and recorded
Risk Control Controls Tests of controls
objective
That invoices To ensure that All invoices should be Inspect a sample of
are paid invoices are authorised for invoices for
without being only paid once payment and coded to authorisation and
authorised/pai authorised and the relevant supplier appropriate coding.
d to the wrong that payment is by the appropriate Review a sample of
supplier and made to the budget holder prior to supplier statement
not recorded correct payee the invoice being reconciliations to
accurately in and recorded paid. ensure that they have
the accounting Authorisation/coding been completed
records should be evidenced accurately and any
by a signature. resultant changes
Monthly authorised.
reconciliation of
supplier statements to
purchase ledger
accounts is required,
and any subsequent
changes to accounting
records must be
authorized.

Stage: Payments are not made twice for the same liability
Risk Control Controls Tests of controls
objective
That an To ensure that Once paid, invoice Inspect a sample of
invoice is paid invoices are not should be stamped invoices for evidence
twice paid twice for 'paid'. that calculations have
the same Purchase invoices been reperformed and
liability should be sequentially the invoice stamped
numbered and as 'paid'.
recorded as 'paid' on Attempt to process a
the system so that the previously paid
computer will not invoice to determine
allow the same if system will block
invoice to be paid the payment.
twice.
Non-current assets
The principal internal controls in this system which have not already been
detailed in the purchases system are to ensure:
 That capital expenditure is appropriately classified in the accounting
records
 That capital items are recorded in the non-current asset register
 That there is safe custody of assets
Stage: capital expenditure is appropriately classified in accounting records
Risk Control Controls Tests of controls
objective
That revenue To ensure that Separate order forms Inspect a sample of
expenditure is capital should be used for the orders for capital
recorded as expenditure is purchase of inventory items.
capital appropriately items and capital Vouch that the
expenditure or classified in the items. appropriate level of
vice versa accounting For capital items, authorisation has
records order should be been made and
authorised by one or evidenced by a
two managers/ signature. Verify that
directors depending the account code
on value of items relates to the item
ordered order should ordered.
be coded.
 to appropriate non- Discuss with
current asset account. management the
Periodically, review outcome of the
revenue and capital nominal ledger
expenditure nominal reviews.
ledger accounts for Inspect any journals
evidence of large/unusual made to correct
items which may have errors to ensure that
they have been
been incorrectly
authorised.
recorded.
Stage: That capital items are recorded in the non-current asset register.
Risk Control Controls Tests of controls
objective
That To ensure that Periodically review the For a sample of non-
capital capital items non-current assets held current assets,
items are are recorded in by the business and trace inspect the non-
not the non-current them through to verify current asset register
recorded in asset register that they are recorded in to ensure that they
the non- the non-current asset have been included.
current Review the
register.
asset reconciliation to see
register On a monthly basis, the level of
reconcile the totals on adjustments required.
non-current asset nominal Discuss with
ledger codes to the management why
balance per the non- errors have occurred,
current asset register. and action being
Investigate any taken to reduce
differences. Authorise all future errors.
adjustments.
Stage: That there is safe custody of assets
Risk Control Controls Tests of controls
objective
That To ensure that Establish physical Test the operation of the
capital there is safe safeguards over non- physical controls, for
items custody of current assets such as example obtain to gain
are assets locks, safes, keypads, access to a restricted area
misapp- CCTV, security without following security
ropriate guards in order to procedures.
reduce the risk of For a sample of assets,
theft. inspect insurance
Maintain adequate documents to determine
insurance over non- whether insurance is
current assets adequate and up to date.
Communication of deficiencies in internal control
significant deficiency in internal control
deficiency or combination of deficiencies in internal control that, in the auditor's
professional judgement, requiring the attention of those responsible for
governance.
Determining whether a deficiency is significant
The auditor should consider the following matters when determining whether a
deficiency in internal control is a significant deficiency:
 The susceptibility to loss or fraud of the related asset or liability
 The likelihood of the deficiencies resulting in material misstatements in FS
 Interaction of the deficiency with other deficiencies in internal control
 The subjectivity and complexity of determining estimated amounts
 The cause and frequency of the exceptions identified as a result of the
deficiencies
 The importance of the controls to the financial reporting process
 The volume of activity that has occurred or could occur
Reports to management
Once auditor has decided that there are significant deficiencies which need to be
communicated to those charged with governance, they should include this
information in a report to management.
Reports to management by the internal audit function
The internal audit function may prepare a report on deficiencies, implications,
and recommendations, with a more flexible format determined by management
compared to external auditor reports.
Those charged with governance:
The individual or organization responsible for overseeing the strategic direction
and obligations related to the entity's accountability.
Matters auditor would communicate to those charged with governance
 The auditor's responsibilities to form and express an opinion on the financial
statements
 The fact that it is the responsibility of those charged with governance to
prepare FS
 An overview of the planned scope and timing of the audit
 Significant findings from the audit:
 Views on accounting policies/ estimates and financial statement disclosures
 Significant difficulties encountered during the audit
 Significant deficiencies in design, implementation or effectiveness of internal
control
 Written representations requested by the auditor
 Other matters which are significant to the oversight of the financial reporting
process
 For listed entities:
 A statement confirming their independence
 Any relationships that may impact their independence
 Safeguards implemented to eliminate/ reduce threats to independence to an
acceptable level
Third parties interested in communications to those charged with governance
Those charged with governance may provide copies of written communication
from auditors to third parties, such as banks or regulatory authorities, ensuring
they understand it was not prepared with their interests in mind. To that effect,
written communication from the auditors will include certain caveats:
 The report has been prepared for the sole use of the entity.
 The information must not be shared with a third party or quoted without
written consent of the auditors.
 No responsibility is assumed by the auditors to any other person.
 11: Audit sampling
Selecting items for testing
The external audit aims to assess if financial statements are free from material
misstatement and fairly presented. The auditor must decide on the extent of
testing they will perform, as testing everything as it would be impractical.
the auditor shall determine means of selecting items for testing that are effective
in meeting the purpose of the audit procedure.
Selecting all items (100% testing)
More common for substantive procedures than tests of controls. Appropriate for:
 Population with small number of high value items
 Significant risk of material misstatement
 Repetitive calculations performed using automated tools and techniques.
Selecting specific items
Not sampling as cannot be projected to the entire population. Appropriate for:
 High value or key items (eg suspicious, risky or prone to error)
 Items to obtain information (eg about the nature of the entity's transactions)
 Stratification
Auditor may want to test specific items within a population, such as reviewing
the client's 10 largest receivables balances post-yearend. The receivables
population is divided into two sub-populations: one with the ten largest balances,
and the other with remaining balances. The auditor may also test a sample of
these balances, known as stratification.
Audit sampling
application of audit procedures to less than 100% of the items within a relevant
population, ensuring equal chance of selection for all sampling units, to draw
reasonable conclusions about the entire population.
Population
the entire set of data from which a sample is selected and about which the auditor
wishes to draw conclusions.
Types of sampling
statistical sampling and non-statistical sampling
Non-statistical sampling does not use any mathematical basis for selecting a
sample.
Block selection
Block sampling is a method used by auditors to test whether certain items have
specific characteristics, such as sample of 50 consecutive cheques. However, it
may not accurately represent the entire population, especially if errors occurred
only during a specific period, making it difficult to project these errors onto the
entire population.
Haphazard selection
The auditor chooses items from a sample without a structured technique,
avoiding conscious bias or predictability, such as excluding items due to
inconvenience.
Statistical sampling uses:
 Mathematical number tables to choose a sample which is free from bias; and
 Probability theory to evaluate the results of the testing.
Random selection
The process employs random number tables or a computerized random number
generator to select items in the sample, ensuring equal selection of all items in
the population.
Systematic selection
The sampling method involves selecting items using a constant interval, with the
first interval starting at random.
The difference between the two types of sampling is statistical sampling allows
for measurement and control of sampling risk, while non-statistical sampling
cannot. Audit procedures remain the same in both cases , but meaningful
extrapolation can only occur from a randomly selected statistical sample.
Value weighted selection (or monetary unit sampling (MUS))
The population is randomly ordered, and items are selected for sampling by
weighting them in proportion to their value.

Sampling risk
The risk refers to the possibility that the auditor's conclusion, based on a sample,
may differ from the conclusion if the entire population were audited using the
same procedure.
The auditor must select a sample size that minimizes sampling risk, and if high
risk is assessed, a larger sample size is required to have reasonable assurance that
the results are free from material misstatement. Other factors which affect sample
size include:
Risk of If the auditor assesses inherent and control risk to be high, then
material detection risk needs to be low to reduce audit risk to an
misstatement acceptably low level. Detection risk includes both sampling
and non-sampling risk and for sampling risk to be low a larger
sample size is needed.
Required The auditor's confidence level that sample results'
confidence representative of the population is directly proportional to the
level size of the sample
Expected error The auditor's expected error level in the population determines
the sample size required for make a reasonable estimate of the
actual amount of the errors. Also directly proportional.
Tolerable The auditor's tolerance for errors is determined by the level of
error/ misstatement they can accept before determining if there is a
misstatement material misstatement, with a larger sample size required for
lower tolerance.

a rate of deviation from internal control procedures, set by auditor aiming to

ensure that this rate is not exceeded by the actual rate of deviation in the
population.
Tests of details
When using sampling for detail tests, auditors should project monetary errors
from the sample to the population and compare it to the level of tolerable
misstatement. An anomaly error can be excluded from projecting sample errors,
but it still needs to be considered alongside non-anomalous errors.
Tests of controls
When sampling is used to test controls, no explicit projection of errors is needed
as the sample deviation rate is the projected deviation rate for the entire
population.
For example, if the auditor has performed tests of controls on a sample of 20
items and has found two deviations, this represents an error rate of 10% (2/20 x
100). The auditor must then decide if this error rate is acceptable. If the
evaluation of sample results indicates that there may be significant issues, the
auditor may:
 Request management to investigate identified errors and the potential for
further errors and make any necessary adjustments.
 Modify the nature, timing and extent of further audit procedures; and/or
 Consider the effect on the auditor's report
Automated tools and techniques involve using a computer to perform audit work.
Computers can be used to perform either substantive procedures or tests of
controls. There are two particularly common types: audit software and test data.
Audit software (used for substantive procedures)
consists of computer programs used by the auditor, as part of their auditing
procedures, to process data of audit significance from the entity's accounting
system. Audit software is used to conduct substantive procedures. It may consist
of generalized audit software or custom audit software.
Generalized audit software: This software enables auditors to conduct tests on
computer files and databases, extract data, select criteria-matching data, perform
arithmetic calculations, facilitate audit sampling, and produce documents and
reports.
Custom audit software is written by auditors for specific tasks when
generalized audit software cannot be used. Audit software can be used to:
 Select information
 Perform calculations
 Read and extract data from a client's system and produce a report in a
specified format
 Print reports in specified formats
Test data (used for tests of controls)
techniques used in conducting audit procedures by entering data into an entity's
computer system, and comparing the results obtained with pre-determined
results. Test data is used for tests of controls.
Test data is a set of fictitious transactions used by auditors to assess the
effectiveness of internal controls in a client's computer systems and it requires
significant cooperation from the client, particularly in terms of access time.
There are two typical uses of test data:
(a) Test data used to test specific controls in computer programs
For example, an auditor could try to access data or areas of the computer system
which are password protected in order to determine whether the control is
operating effectively.
(b) Test transactions
The auditor processes and monitors computer systems' output to verify correct
transactions. This can be conducted live or dead and involves submitting valid
and invalid data. Invalid data can include zero quantity items, negative prices, or
high prices. The auditor expects valid data to be processed and invalid data to be
rejected. Some systems have embedded test facilities, comprising of a 'dummy
unit' to which test transactions are posted throughout the period or a systems
control and review file (SCARF) where real transactions are replicated and stored
for later review by the auditor.
Audit data analytics (ADA)
Big data:
broad term for the larger, more complex datasets that can be held by modern
computers. The term refers to a qualitative shift in data availability compared to
the past.
Data analytics: is the examination of data to try to identify patterns, trends or
correlations.
Currently, ISAs focus on riskiest areas, while ADA offers the opportunity to
examine all an entity's data, potentially revolutionizing the way audits are
conducted and aligning with auditing standards.
Data analytics software, despite initial costs and extensive training, can improve
audit efficiency and quality by allowing auditors to examine entire entities' data
and test entire populations. This allows quick interrogation of large amounts of
data, focusing immediately on riskiest areas and reducing audit risk. Examples:
 Analyze patterns relating to revenue or costs per product or per customer
 Trace the matching of orders to goods dispatched/goods received
documentation and to the invoice, in order to determine whether revenue and
costs should be recognized
 Interrogate journals to determine whether there are any patterns (regarding
who has processed certain journals) where fraud is suspected
 12: Non-current assets
Auditing accounting estimates
Management often makes estimates under uncertainty over outcomes and
judgement, increasing the risk of misstatement. Detecting material misstatements
is often harder and less persuasive than for other items in financial statements.
ISA 540 requires auditors to gather appropriate evidence for its reasonableness of
accounting estimates and related disclosures in financial statements,
Intangible non-current assets
Intangible assets, such as patents, franchises, are identifiable non-monetary assets
without physical substance, governed by IAS 38, and those with finite useful
lives are amortised.
Intangibles' existence and valuation are key assertions (not 'do they exist?', but
'are they genuinely assets?'), audited using IAS 38. Purchase invoices or
specialist valuations are required for capitalization, and amortisation audits are
similar to depreciation audits.
Research and development expenditure
Research: original and planned investigation undertaken with the prospect of
gaining new scientific or technical knowledge and understanding.
Development: the application of research findings or other knowledge to a plan
or design for the production of new or substantially improved materials, devices,
products, processes, systems or services before the start of commercial
production or use.
Research cannot be capitalized as an intangible asset and must be expensed to
the statement of profit or loss. An entity must capitalize development expenditure
if it satisfies all of following criteria
Probable future economic benefits
Intention to complete and use/sell asset
Resources adequate and available to complete and use/sell asset
Ability to use/sell the asset
Technical feasibility of completing asset for use/sale
Expenditure can be measured reliably
The audit work undertaken must serve to ensure that any development
expenditure meets the IAS 38 Intangible Assets criteria.
Tangible non-current assets : Financial statèrent assertion
Completeness
 Obtain or prepare a summary of tangible non-current assets showing how the
following reconcile with the opening position.
 Gross carrying  Accumulated  Carrying amount
amount depreciation
 Compare non-current assets in the general ledger with the non-current assets
register and obtain explanations for differences.
 For a sample of assets which physically exist, agree that they are recorded in
the non-current asset register
 If a non-current asset register is not kept, obtain a schedule showing the
original costs and present depreciated value of major non-current assets.
 Reconcile the schedule of non-current assets with the general ledger.
Existence
 Confirm that the company physically inspects all items in the non-current
asset register each year.
 Inspect assets, focusing on high value items and additions in-year. Confirm
items inspected:
o Exist o Are in good condition
o Are in use o Have correct serial numbers
 Review records of income-yielding assets.
 Reconcile opening and closing vehicles by numbers as well as amounts.
Valuation
 Verify valuation to valuation certificate.
 Reasonableness of valuation is evaluated by considering the valuer's
experience, scope of work, methods and assumptions used, and alignment with
accounting standards.
 Reperform calculation of revaluation surplus.
 Confirm whether revaluations have been updated regularly so that the asset's
carrying amount is consistent with its fair value by asking the Finance
Director and inspecting the previous financial statements.
 Inspect draft accounts to verify client has recognized revaluation losses in
profit/ loss statements, unless there's a credit balance in equity in which case,
debit to cancel credit to equity, and always credit all gains to equity.
 Review insurance policies in force for all categories of tangible non-current
assets and consider the adequacy of their insured values and check expiry
dates.
Valuation - depreciation ·
 Review depreciation rates applied in relation to:
 Asset lives  Consistency with prior years
 Residual values and accounting policy
 Replacement policy  Possible obsolescence
 Past experience- gains/losses
on disposal
 Review non-current assets register to ensure that
 depreciation has been charged on all assets with a finite useful life.
 For revalued assets, ensure that the charge for depreciation is based on the
revalued amount by recalculating it for a sample of revalued assets.
 Reperform calculation of depreciation rates to ensure it is accurate.
 Compare ratios of depreciation to non-current assets (by category) with:
o Previous years o Depreciation policy rates
 Scrutinize draft accounts to ensure that depreciation policies and rates are
disclosed in the accounts.
Rights and obligations
 Verify title to land and buildings by inspection of:
o Title deeds
o Land registry certificates
o Leases
 Obtain a certificate from solicitors/bankers:
o Stating purpose for which the deeds are being held (custody only)
o Stating deeds are free from mortgage or lien
 Inspect registration documents for vehicles held, confirming that they are in
client's name.
 Confirm all vehicles are used for the client's business.
Examine documents of title for other assets (including purchase invoices,
architects' certificates, contracts, hire purchase or lease agreements).
 Review for evidence of charges in statutory books and by company search.
 Review leases of leasehold properties to ensure that company has fulfilled
covenants
Additions: rights and obligations, valuation and completeness
 Examine invoices after year end, orders, minutes for evidence of capital
commitments.
 Verify additions by inspection of architects' certificates, solicitors' completion
statements, suppliers' invoices etc.
 Review capitalization of expenditure by examining for non-current assets
additions and items in relevant expense categories (repairs, motor/sundry
expenses) to ensure that:
o Capital/revenue distinction is correctly drawn
o Capitalization is in line with consistently applied company policy
 Inspect NCA account for sample of purchases to ensure they have been
properly allocated
 Verify that additions have been recorded by scrutinizing the non-current asset
register and general ledger.
Disposals: rights and obligations, completeness and accuracy
 Verify disposals with supporting documentation, checking transfer of title,
sales price and dates of completion and payment
 Recalculate gain or loss on disposal.
 Consider whether proceeds are reasonable.
 If the asset was used as security, ensure release from security has been
correctly made.
Classification
 Review non-current asset disclosures in FS to ensure they meet IAS 16
criteria.
 For sample of fully depreciated assets, inspect register to ensure no more
depreciation.
Goodwill
 Agree the consideration to sales agreement by inspection.
 Consider whether asset valuation is reasonable.
 Agree that the calculation is correct by recalculation.
 Review the impairment review and discuss with management.
 Ensure valuation of goodwill is reasonable / there has been no impairment not
adjusted through discussion with management.
Research and development (R&D) costs
 Confirm that capitalized development costs conform to IAS 38 criteria by
inspecting details of projects and discussions with technical managers.
 Confirm feasibility and viability by inspection of budgets.
 Recalculate amortisation calculation to ensure it commences with production /
is reasonable.
 Inspect invoices to verify expenditure incurred on -R&D projects.
Other intangibles
 Agree purchased intangibles to purchase documentation agreement by
inspection.
 Inspect specialist valuation of intangibles and ensure it is reasonable.
 Review amortisation calculations and ensure they are correct by recalculation.
 13: Inventory
Audit approach
The audit approach must consider the following with regards to inventory:
Quantity - normally arrived at by a year-end inventory count (unless perpetual
system)
Valuation - must apply IAS 2 Inventories
Disclosure
The approach to audit of inventory depends on the control system in place. If an
entity has a perpetual inventory system, a controls-based approach is feasible, as
long as the controls are designed appropriately. However, for inventory quantities
determined by a year-end count, a substantive approach is taken.
The physical inventory count
The auditor conducts a client's inventory count to verify inventory quantity and
conditions, as physical inventory count procedures offer unique evidence about
inventories and work-in-progress which can’t be obtained elsewhere or at any
other time.
where inventory is material, auditors shall obtain audit evidence regarding its
existence and condition by attending the physical inventory count (unless
impracticable). The following process is to be performed:
Evaluate management's instructions and procedures for recording and
controlling the result of the physical inventory count
Observe the performance of the count procedures
Inspect the inventory
Perform audit procedures over the entity's final inventory records to determine
whether they accurately reflect the count results
Perform test counts
Attendance at the inventory count can be either substantive procedures or tests of
controls, depending on the auditor's risk assessment, planned approach and
specific procedures carried out.
Planning the inventory count
Before the physical inventory count the auditors should ensure audit coverage of
the count is appropriate, and that the client's count instructions have been
reviewed.
Factors to consider when planning attendance at the inventory count
 The risks of material misstatement of inventory
 Internal controls related to inventory
 Whether adequate procedures and proper instructions are issued for counting
 The timing of the count
 Whether the entity maintains a perpetual inventory system
 Locations at which inventory is held (including material amounts held by third
parties)
 Whether the assistance of an auditor's expert is required
Inventory held by third parties
Where the entity has inventory that is held by third parties and which is material
to the financial statements, the auditor shall obtain sufficient appropriate audit
evidence by performing one or both of the following:
 Direct confirmation from the third-party regarding quantities and condition
 Inspection or other appropriate audit procedures (if third party's integrity and
objectivity are doubtful, for example)
Attendance at inventory count
During the inventory count the auditors should observe whether the count is
being carried out according to instructions, carry out test counts, and watch out
for third-party inventory and slow-moving inventory and cut-off problems.
Audit procedures during attendance at the inventory count
 Observe whether the client's staff are following inventory count instructions to
ensure the count is complete and accurate
 Perform test counts to ensure procedures and internal controls are operating
effectively, and to gain evidence over the existence and completeness of
inventory
 Ensure that the procedures for identifying damaged, obsolete and slow-
moving inventory
 operate effectively to confirm valuation of inventory:
 Obtain information about the inventory's condition, age and usage
 Obtain information concerning the stage of completion of work-in-progress
 Confirm that inventory held on behalf of third parties is separately identified
and accounted for to ensure that inventory is not overstated
 Obtain copies of the last goods received note (GRN) and the last goods
despatch note (GDN) in order to confirm cut-off of inventory
 Conclude whether any amendment is necessary to subsequent audit procedures
 Gain a comprehensive understanding of inventories' levels and values held to
assess the reasonableness of the financial statements' inventory figure.
Performing test counts
The auditors perform test counts to ensure procedures and internal controls are
working properly. The auditor should test counts from the inventories to the
inventory sheets (to gain evidence of completeness) and from the inventory
sheets to the inventories (to prove existence). Tests should concentrate on high
value inventory. If the results of the test counts are unsatisfactory, the auditors
may request that inventory be recounted.
Documentation of audit work performed during the count
The auditors' working papers should include the following:
 Details of their observations and procedures performed
 The manner in which points that are relevant and material to the inventory
being counted or measured have been dealt with by the client
 Instances where the client's procedures have not been satisfactorily carried out
 Items for subsequent testing, such as photocopies/extracts from rough
inventory sheets
 Details of the sequence of inventory sheets
 The auditors' conclusions
After the inventory count
After the count the auditors should check that final inventory sheets have been
properly compiled from count records and that book inventory has been
appropriately adjusted.
Key tests include the following:
 Trace items that were test counted to final inventory sheets.
 Agree sequence of inventory sheets
 Observe whether all count records have been included in final inventory
sheets.
 Inspect final inventory sheets to ensure they are supported by count records.
 Confirm that continuous inventory records have been adjusted to amounts
physically
counted or measured, and that differences have been investigated.
 Confirm cut-off by using details of the last serial number of GRN and GDN
and details of movements during the count.
Review replies from third parties about inventory held by or for them.
Cut-off
Cut-off testing is an audit procedure performed after inventory count to ensure all
company transactions are included in the correct period. It involves obtaining
samples of GRNs and GDNs and matching them to purchase/sales invoices to
verify correct account balances. The auditor should have obtained samples during
inventory count.
Purchases cut-off
All purchases received before the year-end must be recorded in the financial
statements as a liability, expense, and closing inventory.
Goods received after the year end should not be included in the financial
statements.
Revenue cut-off
Revenue for goods that have left the warehouse should be included in revenue
and trade receivables at year end, but not in closing inventories.
Revenue made after the year end must not be included in the financial
statements but should be included in closing inventories.

Continuous (perpetual) inventory

counting
 Physical inventory counts at the year end
From the viewpoint of the auditor, this is often the best method

Physical inventory counts before or after the year end

This will provide audit evidence of varying reliability depending on:
The length of time between the physical inventory count and the year-end (the greater the
time period, the less the value of audit evidence)
The business's system of internal controls
The quality of records of inventory movements in the period between the physical inventory
count and the year end (the auditors will need to perform roll back or roll forward tests on
these records)

Continuous (or perpetual) inventory

Management has a programme of inventory counting throughout the year.
Continuous systems make use of modern computing power to link inventory records to
information about sales & purchases, as well as to management information such as an
item's location within the entity.
preferred method of monitoring inventory levels throughout the year, but its weakness is that
over time the actual inventory level will tend to diverge from what the computer says it
should be, as a result of unrecorded transactions or theft.
As a result of this divergence, it will be necessary to perform physical inventory counts of
selected inventory lines throughout the year to determine the extent of the system's
divergence from actual inventory levels. All inventory lines should be subject to a physical
count at least once a year.

Continuous inventory counting audits focus on tests of control, rather than

substantive audit work. but auditors must also conduct substantive audits on
completeness and existence at year-end.
Inventory valuation
Accounting for inventory
IAS 2 Inventories requires inventory to be stated at the lower of cost and NRV
Cost: Cost is defined as comprising all costs of purchase and other costs incurred
in bringing inventory to its present location and condition.
Net realisable value (NRV):
estimated selling price in the ordinary course of business, less the estimated cost
of completion and the estimated costs necessary to make the sale
Inventory should be stated at cost as companies often sell it for more than its
cost. However, if the inventory is damaged or obsolete, it should be stated at its
net realisable value, as it may not be worth what it costs.
Auditors must comprehend how a company calculates an item's cost for
inventory valuation, ensuring it includes appropriate proportion of overheads in
line with IAS 2.
An entity may use standard costs to value inventory provided that the standard
costs approximate to actual cost.
Auditing inventory valuation
Auditing the valuation of inventory has the following aims.
Ensuring the method of determining cost and the allocation of overheads is
appropriate
Confirming inventory is carried at the lower of cost and net realisable value
Completeness
 Trace test counts to the detailed inventory listing.
 Where inventory is held in third-party locations, physically inspect this
inventory or review confirmations received from the third party and match to
the general ledger.
 Compare the gross profit percentage to the previous year or industry data and
investigate any unexpected variations.
Existence
 Observe the physical inventory count
Rights and obligations
 Verify that any inventory held for third parties is not included in the year-end
inventory figure by being appropriately segregated during the inventory count.
 For any 'bill and hold' inventory (i.e. where the inventory has been sold but is
being held by the entity until the customer requires it), identify such inventory
and ensure that it is segregated during the inventory count so that it is not
included in the year-end inventory figure.
 Confirm that any inventory held at third-party locations is included in the
year-end inventory figure by reviewing the inventory listing.
Accuracy, valuation and allocation
 Obtain a copy of the inventory listing and agree the totals to the general
ledger.
 Cast the inventory listing to ensure it is mathematically correct.
 Vouch sample of inventory items to suppliers' invoices to ensure it is correctly
valued.
 Where standard costing is used, obtain a copy of the standard cost card, vouch
a sample of purchases costs to invoices and labour rates to payroll records and
discuss the amount of labour time taken per unit/batch with production staff to
ensure the standard cost is correctly valued.
 For materials, agree the valuation of raw materials to invoices and price lists.
 Confirm that an appropriate basis of valuation (eg FIFO) is being used by
discussing with management.
 For labour costs, agree costs to wage records.
 Review standard labour costs in the light of actual costs and production.
 Reconcile labour hours to time summaries.
 Where inventory relates to work in progress, discuss the stage of completion
with production management and recalculate inventory values. Consider
whether an expert is required.
 Make enquiries of management to ascertain any slow- moving or obsolete
inventory that should be written down.
 Examine prices at which finished goods have been sold after the year end to
ascertain whether any finished goods need to be written down.
 If significant levels of finished goods remain unsold for an unusual period of
time, discuss with management and consider the need to make allowance.
 Compare the gross profit percentage to the previous year or industry data.
 Compare raw material, finished goods and inventory collection period to the
previous year and industry averages.
 Compare inventory holding period with the previous year and industry
average.
 Compare the current year standard costs to the previous year after considering
current conditions.
 Compare actual manufacturing overhead costs with budgeted or standard
manufacturing overhead costs.
 Obtain a copy of the inventory listing and cast it and test the mathematical
extensions of quantity multiplied by price.
 Trace test counts back to the inventory listing.
 If the entity has adjusted the general ledger to agree with the physical
inventory count amounts, agree the two amounts.
 Where continuous (perpetual) inventory system is maintained, agree the total
on inventory listing to continuous inventory records, using automated tools
and techniques.
Cut-off
 Note the numbers of the last GDNs and GRNs before the year end and the first
GDNs and GRNs after the year end and check that these have been included in
the correct financial year.
Classification
 Review the inventory listing to ensure that inventory has been properly
classified between raw materials, work-in-progress and finished goods
 Read the notes to the accounts relating to inventory to ensure they are
understandable.
Presentation
 Complete the disclosure checklist to ensure that all the disclosures relevant to
inventory have been made.
 Review the financial statements to confirm whether the cost method used to
value inventory is accurately disclosed.
 Read the notes to the financial statements to ensure that the information is
accurate and properly presented at the appropriate amounts.
Using the work of an auditor's expert.
Auditor's expert
an individual/organization with expertise in a field other than accounting or
auditing who assists the auditor in obtaining appropriate audit evidence. They
can be an auditor's internal or external expert. Auditors' experts can help with
areas beyond inventory valuation, such as land and building valuation, legal
opinions, or litigation outcomes. However, the auditor must not refer to their
expert's work in an unmodified opinion report unless required by law or
regulation.
Using the work of internal audit
Auditors can rely on the internal audit function at a client for inventory audits,
covering various areas beyond inventory. External auditors should assess the
internal audit function if it's possible to rely on some of it. This can reduce the
volume of detailed work undertaken by the external auditor.
Internal audit work can be used for external audit purposes, but the external
auditor has sole responsibility for the audit opinion on financial statements. They
cannot reference internal audit work in their report. ISA 610 requires external
auditors to read reports from the internal audit function to understand the nature
and extent of audit procedures they performed and related findings. Before using
internal audit, external auditors must evaluate and perform audit procedures on
the entire work to determine its adequacy for the audit. The evaluation includes
the following:
Whether the work was properly planned, performed, supervised, reviewed and
documented
Whether sufficient appropriate evidence was obtained to allow the internal
auditors to draw reasonable conclusions
 Whether the conclusions reached are appropriate in the circumstances and the
reports prepared are consistent with the results of the work done
ISA 610 requires the external auditor's procedures to include reperformance of
some of the internal audit work used. Audit procedures might include:
Examination of items already examined by the internal auditors
Examination of other similar items
Observation of procedures performed by the internal auditors
The nature and extent of the audit procedures performed on specific work of the
internal auditors will depend on the external auditor's assessment of:
The assessed risk of material misstatement
The amount of judgement involved
The level of competence of the function
How well the audit function's organisational status and relevant policies and
procedures support the objectivity of the internal auditors
The external auditor must assess the validity of initial conclusions about using
internal audits work during internal audit work review and adjust audit
procedures accordingly.
Direct assistance
use of internal auditors to perform audit procedures under the direction,
supervision and review of the external auditor"
ISA 610 prohibits the use of internal auditors to provide direct assistance to
perform procedures that:
Involve making significant judgements in the audit
Relate to higher assessed risks of material misstatement where more than a
limited degree of judgment is required: Internal auditors may verify the
accuracy of accounts receivable valuation, but they should not be involved in
assessing the adequacy of provisions for irrecoverable receivables, as this may
increase the risk of material misstatement.
Relate to work with which the internal auditors have been involved
Relate to decisions the external auditor makes regarding the internal audit
function and the use of its work or direct assistance
 14: Receivables
Monies received post year end
The auditor review after date cash received to test existence and valuation of
receivables.
External confirmation
A specific technique used to test for the existence and rights and obligations of
receivables is an external confirmation/circularisation
External confirmations:
Audit evidence obtained as a direct written response to the auditor from a third-
party (the confirming party), in paper form, or by electronic or other medium.
An external confirmation will produce a written statement from each respondent
confirming the correct amount owed. The audit evidence is reliable as it is from
an independent source and in documentary form..
The confirmation letter must be written on the client's headed paper and signed
by the client with a copy of the current statement attached. It shall request that
the reply be sent directly to the auditor and a prepaid envelope is included for this
purpose.
There are two types of confirmation:
A positive confirmation request is where the confirming party responds directly
to the auditor, indicating whether they agree with the information in the request
or provides the requested information
The positive method is generally preferable, as it is designed to encourage
definite replies from those contacted.
A negative confirmation request is where the confirming party responds directly
to the auditor only if they disagree with the information in the request.
The negative method provides less persuasive audit evidence and shall not be
used as the sole substantive procedure to audit receivables unless all of the
following are present:
 The risk of material misstatement has been assessed as low.
 The auditor has obtained sufficient appropriate audit evidence on the
operating effectiveness of relevant controls.
 The population consists of a large number of small, homogeneous account
balances.
  A very low exception rate is expected.
 The auditor is not aware of circumstances or conditions that would cause
customers to disregard the requests.
An external confirmation for receivables is conducted as follows:
Where no reply is
received obtain
Obtain listing of trade Follow up by
confirmation of
receivables as at the phone/email/fax if still
individual outstanding
confirmation date no reply
invoices using
alternative procedures

Further audit work is

Send an additional
required where the
Agree total to nominal confirmation request if
confirmation response
ledger no reply in a
disagrees with the
reasonable time
balance selected

Select a sample of
Review for any
accounts for
obvious omissions/
confirmation. An aged
misstatements by
receivables report may
comparing this year's
be used to make the
list with last year's
selection.

The following balances should be included in the sample of accounts for

confirmation:
 Old, unpaid accounts
 Accounts written-off during the period under review
 Accounts with credit balances
 Accounts settled by round sum payments
 Accounts with large balances
 Accounts with nil balances
Exceptions and non-responses
Exception
A response that indicates a difference between information requested to be
confirmed, or contained in the entity's records, and information provided by the
confirming party
 Exceptions may indicate misstatements or potential misstatements in the
financial statements and must be investigated by the auditor
 The auditor must evaluate whether misstatements identified are indicative
of fraud
 Exceptions might also indicate a deficiency in internal control
  Not all exceptions represent misstatements (eg timing or clerical errors)
Non-response
A failure of the confirming party to respond, or fully respond, to a positive
confirmation request, or a confirmation request returned undelivered.
Non-response to external confirmation
 Where no response is received, the auditor shall perform alternative audit
procedures to obtain relevant and reliable audit evidence
 Verify outstanding items to back up documentation, eg invoices, GDNs and
customer orders
 Review cash received after year end
 Discuss with responsible company official
Cut-off testing
If financial statements are to 'present fairly' the activities of a business, it is
important that transactions and events have been recorded in the correct
accounting period. Consequently, auditor would perform ' cut-off' testing.
Other audit procedures
The external confirmation is not the only means by which evidence is gained.
substantive audit procedures (other than external confirmation) for
receivables
It is worth noting that some of the audit procedures test for more than one
assertion.eg
(a) Reviewing after-date cash receipts is an excellent test for both valuation and
existence.
(b) Comparing the gross profit per product line with the previous year tests for
the existence and completeness of receivables, as well as the occurrence and
accuracy of sales and the completeness, occurrence, accuracy and classification
of cost of sales.
Completeness
 Obtain a breakdown of the trade receivables figure per customer for both the
current and the previous period and compare the level of trade receivables
year on year. Discuss any obvious omissions/ unusual trends with
management.
 Select a sample of GDNs issued during the year and vouch them to the
relevant sales invoice. Inspect the revenue and receivables accounts in the
 nominal ledger to ensure that the invoice has been accurately recorded in the
correct accounting period.
 Obtain a copy of the aged receivables listing, re-cast the total to ensure it is
accurate. Agree the balance on the aged receivables listing to the nominal
ledger and trace through to the financial statements to ensure all balances are
recorded.
Rights and obligations
 Review monies received post year-end for evidence of the balance owed being
paid to the audit client, therefore confirming that the debt was due to them.
 Inspect the responses from the direct confirmation for evidence of the
customer's name and address to verify that the customer has confirmed that the
outstanding balance is due to the audit client.
 For a sample of balances due at the year-end vouch the outstanding balance
back to sales invoices and GDNs to verify that the goods were delivered and
that the amount is due to the audit client.
Accuracy, valuation and allocation
 Inspect the aged receivables listing for old and overdue amounts. Discuss the
recoverability of these amounts with management and consider whether any
write offs or allowances are necessary.
 Compare the receivables collection period ratio for the current and prior year
and discuss any significant variations with management.
 Agree monies received post year end from receivables at the year to the cash
book, therefore confirming that the balance is recoverable.
 Examine credit notes issued post year end and determine whether they relate
to pre year sales and if so whether an allowance should be made against that
balance.
 Review the adequacy of the allowance for receivables through discussion with
management and the review of correspondence from customers.
Existence
 For a sample of balances owed at the year-end, carry out a direct confirmation
of receivables, investigate any balances which do not agree and vouch
explanations to supporting documentation.
 Review monies received post year-end to confirm that balance existed at the
year-end.
 Inspect customer correspondence/complaints files to identify any concerns
over the existence of receivables.
Revenue
The audit of revenue requires an awareness of IFRS 15 Revenue from Contracts
with Customers which sets out process of recognising revenue using the
Recognise
Allocate the
Identify the revenue when (or
Identify the transaction price
performance Determine the as) entity
contract(s) with a to performance
obligations in the transaction price satisfies
customer obligations in the
contract performance
contract
obligation

following five steps:

The key assertions for revenue are occurrence, completeness and accuracy.
Auditors are seeking to obtain evidence that revenue exists and pertains to the
entity (occurrence) and is completely and accurately recorded (completeness and
accuracy). It is also important to test that revenue is recorded in the correct
period (cut-off).
Testing revenue
Analytical procedures are crucial for assessing the completeness of revenue, as
clients typically possess extensive company revenue data and can explain any
fluctuations or variances. Auditors should consider the following:
 Level of revenue over the year, compared on a monthly basis with the
previous year
 The effect on revenue value of changes in quantities sold/products or prices
 The level of goods returned allowances and discounts
 The efficiency of labour as expressed in revenue or profit before tax per
employee
 Reasons for changes in the gross profit margin (analysis should be as detailed
as possible, ideally broken down by product area and month or quarter)
Auditors should conduct a directional test on the completeness of recording
individual sales in accounting records. They should start with first revenue-
recording documents like GDNs or till rolls and trace revenue through
intermediate documents like sales summaries to the sales ledger. They must
ensure the original sample population is complete by checking the sequence of
GDNs.
You must remember the direction of this test. Since we are checking the completeness of
recording of revenue in the sales ledger, we cannot take a sample from the ledger because the
sample would not include what has not been recorded.
substantive audit procedures for revenue
Completeness
 Obtain a breakdown of revenue for the period on a month by month basis, a
product by product basis and/or per customer and compare to prior
 period/budget. Discuss any significant differences with management.
 Compare the gross product percentage by product line with the previous year
and/or industry data. Discuss any significant differences with management
Accuracy
 For a sample of sales invoices, compare the prices and terms to the authorised
price list and terms of trade documentation.
 Test whether discounts have been properly applied by recalculating them for a
sample of invoices.
 Test the correct calculation of tax on a sample of invoices.
Cut-off
 For a sample of invoices around the year end, inspect the dates and compare
with the dates of despatch and the dates recorded in the ledger for application
of correct cut-off.
 For sales returns, select a sample of returns documentation around the year
end and trace to the related credit entries.
 Perform analytical procedures on sales returns, comparing the ratio of sales
returns to sales.
Occurrence
For a sample of sales transactions recorded in the ledger, vouch the sales invoice
back to customer orders and despatch documentation.
Testing prepayments
The following procedures should be considered when testing prepayments:
Accuracy, valuation and allocation
 For a sample of prepayments from the prepayments' listing, recalculate the
amount prepaid to ensure that it has been accurately calculated
Completeness
 Compare the level of prepayments to the previous year to ensure the figure
is reasonable and complete
 Review detailed SOFP to ensure all likely prepayments have been included
Existence
 Verify by reference to invoices, cash book and correspondence
 15: Bank And Cash
Bank confirmation letter
The audit of an entity's bank balances involves obtaining confirmation from the
banker(s) of balances and other amounts in the financial statement and notes.
Bank confirmation letters are a valuable source of audit evidence as they come
directly from an independent source, providing greater assurance of reliability
than evidence obtained from the client's records. The procedure is carried out as
client to provide Bank confirmation
bank with written letter produced on Auditors agree the
Auditor to choose authority to auditor's headed balance in the
Auditors receive
from which disclose the paper and sent to bank letter to the
reply to letter
bank(s) to obtain information the bank at least bank balance as
from bank
confirmation requested in the one month in per the client
confirmation to advance of client's records
the auditors year end.

follows:
Choosing where to send a confirmation request
The following matters will impact the auditor's decision as to which of the audit
client's bank or banks to send a bank confirmation letter to:
 Size of balance  Degree of reliance on internal
 Volume of activity control
 Materiality to financial statements
Written authority
Banks require written authorization from customers to disclose requested
information in bank confirmation letters. This authority may be an ongoing
standing one and the request must refer to the client's letter of authority and date.
It can be countersigned by client or accompanied by a specific letter. Joint bank
accounts require all parties' signed letters.
Preparation and despatch of the bank confirmation letter
Control over the content and dispatch of confirmation requests is the
responsibility of the auditor.
Auditors should choose the most appropriate approach based on the quality of
audit evidence needed and the practicality of obtaining a response from the
confirming bank. Commonly requested information includes balances due to
client entities on accounts, with the request letter providing account description
and currency type.
 Listing balances and other information, and requesting confirmation of their
accuracy and completeness
 Requesting details of balances and other information, which can then be
compared with the requesting client's records
To ensure accurate financial records, clients should request information about nil
balances, closed accounts, maturity and interest terms on loans, unused facilities,
lines of credit, offsets, and collateral details. They may also request confirmation
of contingent liabilities, such as guarantees, comfort letters, and bills. Banks
often hold securities and other items in safe custody on behalf of customers, so a
request letter may ask for confirmation of these items.
Replies
Replies should be returned directly to the auditors and the auditors should check
that the bank's response covers all the information requested. Difficulty may be
encountered in obtaining a satisfactory response even where the client company
submits information for confirmation to the confirming bank. It is important that
a response is sought for all confirmation requests. Auditors should not request a
response only if the information submitted is incorrect or incomplete.
Agreement to client records
For any response received, the auditors must agree the amounts in the bank
confirmation letter to the bank balance in the client's accounting records. Any
differences will need to be investigated as they could indicate a misstatement in
the cash figure given in the financial statements.
Cut-off testing
When auditing cash balances, care must be taken to ensure that there is no
window dressing, by auditing cut-off carefully.
(a) Keeping the cash book open to take credit for remittances actually received
after the year end, thus enhancing the balance at bank and reducing receivables
(b) Recording cheques paid in the period under review which are not actually
despatched until after the year end, thus decreasing the balance at bank and
reducing liabilities
Auditors should examine paying-in slips for lodgements not cleared by the bank
until the new period to ensure they were paid on or before the period-end date. If
there are large outstanding cheques at year-end, auditors should check if they
were cleared within a reasonable time in the new period. Perform cut-off testing
for transactions at the end of the reporting period to ensure the completeness and
existence of cash balances at that date.
Audit procedures for bank
Completeness and existence
 Obtain standard bank confirmations from each bank with which the client
conducted business during the audit period.
 Trace cheques shown as outstanding from the bank reconciliation to the cash
book prior to the year end and to the after-date bank statements and obtain
explanations for any large or unusual items not cleared at the time of the audit.
 Compare cash book(s) and bank statements in detail for the last month of the
year, and match items outstanding at the reconciliation date to bank
statements. Obtain
 satisfactory explanations for all items in cash book for which there are no
corresponding entries in bank statement and vice versa by discussion with
finance staff.
Valuation
 Reperform arithmetic of bank reconciliation.
 Review bank reconciliation previous to the year-end bank reconciliation and
test whether all items are cleared in the last period or taken forward to the
year-end bank reconciliation.
 Verify contra items appearing in the cash book or bank statements with the
original entry
 Verify by inspecting paying-in slips that uncleared bankings are paid in prior
to the year end.
 Examine all lodgements in respect of which payment has been refused by the
bank; ensure that they are cleared on re- presentation or that other appropriate
steps have been taken to effect recovery of the amount due.
 Verify the bank balances with reply to standard bank letter and with the bank
statements.
 Inspect the cash book and bank statements before and after the year end for
exceptional entries or transfers which have a material effect on the balance
shown to be in-hand.
Rights and obligations
 Determine whether the bank accounts are subject to any restrictions by
enquiries with management.
Classification
 Identify whether any accounts are secured on the assets of the company by
discussion with management.
 Consider whether there is legal right of set-off of overdrafts against positive
bank balances.
 Review draft accounts to ensure that disclosures for bank are complete and
accurate and in accordance with accounting standards.
Audit of cash balances
Cash balances/floats are often individually immaterial but they may require some
audit emphasis because of the opportunities for fraud that could exist where
internal control is weak and because they may be material in total.
However, in enterprises such as hotels and retail organisations, the amount of
cash-in-hand at the period end could be considerable. Cash counts may be
important for internal auditors, who have a role in fraud prevention.
Auditors will be concerned that the cash exists, is complete, belongs to the
company (rights and obligations) and is stated at the correct value.
Where the auditors determine that cash balances are potentially material they
may conduct a cash count, ideally at the period end. Rather like attendance at an
inventory count, the conduct of the count falls into three phases: planning, the
count itself, and follow-up procedures.
 16: Payables and Accruals
Internal control considerations
The audit of payables is closely linked to the purchases system, with clients often
controlling trade payables balances through reconciliation of month-end balances
to supplier statements. If reconciliations are performed at year-end, auditors can
review them. If not, auditors must compare supplier statements with year-end
payables balances and investigate differences.
The focus on understatement
Accounts payable are a significant part of most enterprises' financial statements.
Auditors test controls on purchases to ensure completeness of liabilities.
However, they should be aware of the possibility of understatement of liabilities
to improve liquidity and profits. Their primary objective is to verify if liabilities
at year-end have been accurately recorded.
As regards trade accounts payable, this primary objective can be subdivided into
two detailed objectives:
 Is there a satisfactory cut-off between goods received and invoices
received, so that purchases and trade accounts payable are recognised in the
correct year?
 Do trade accounts payable represent the bona fide amounts due by the
company?
Confirmation of trade payables
It is also possible to undertake confirmation of trade payables, although this is
not used a great deal in practice because the auditor can test trade payables by
examining reliable, independent evidence in the form of suppliers' invoices and
statements.
However, where entity's internal controls are assessed as deficient, suppliers'
statements may not be available, so it may be relevant to undertake confirmation

Entity has strong controls in place Entity does not have strong
to ensure all liabilities are controls in place to ensure all
recorded liabilities are recorded
Confirm other suppliers with a small
Confirm large balances or zero balance
Confirm a sample of other accounts
Confirm large balances
procedures. Confirmation of trade payables provides evidence primarily for
completeness assertion.

Auditors use a positive confirmation, referred to as a blank or zero-balance

confirmation. This confirmation does not state the balance owed but requires the
supplier to declare the amount owed at the year-end and to provide a detailed
statement of the account. When the confirmation is received back, the amount
must be reconciled with the entity's records.
Differences between balance confirmed and that on the payables ledger are likely
to be for reasons that are similar to those for the receivables confirmation, i.e.
goods in transit, cash in transit, or disputed invoices. Any differences should be
investigated and reconciled.
Other audit procedures:Payables and accruals

Other audit procedures: purchases and other expenses

  Inspect sample of purchase invoices to ensure they agree to amount posted to
GL.
 Compare expenses making up administrative expenses to prior year charge
and to expectations on line by line basis. Where differences are found they
should be investigated.
 Enquire of management whether there are any unsettled claims or obligations
arising before the year end and ensure these are provided for (to give
evidence over the completeness of the charge in the related expense category
in the SOPL)
 Recalculate accruals and prepayments to gain evidence that other expenses
are not over or understated.
 Compare gross profit margin with the previous year, the gross margin per the
budget and expectations. Investigate any unexpected fluctuations.
Payroll
One expense that may make up a significant proportion of expenses is the wages
cost included in the statement of profit or loss.
Other audit procedures: payroll
 Reconcile the gross costs on the payroll to the wages cost in the financial
statements.
 Reperform casts of payroll records to confirm completeness and accuracy of
costs used as a basis for the journals to the financial statements.
 Confirm payment of net pay per payroll records to cheque or bank transfer
summary.
 Inspect payroll for unusual items and investigate them further by discussion
with management.
 Perform proof-in-total (analytical procedures) on payroll by multiplying
estimated average wage (using last year's figures+expected increases) by
average number of employees (incorporating starters and leavers) and
compare to figure in draft financial statements to assess reasonableness.
Investigate any significant differences by discussing with management.
 Reperform calculations of statutory deductions to establish whether valid
deductions have been included in the payroll expense
 Select a sample of employees from the payroll and recalculate their gross and
net pay.
 Select a sample of employees from the payroll and agree their pay in the
payroll records to personnel records such as employment contracts
 Select a sample of employees who have joined or left the organisation during
the year. Agree their start/leaving date to supporting documentation. Ensure
that the employee has been added to/removed from the payroll in the correct
month. Recalculate the payroll for the month of joining/leaving to ensure its
accuracy.
Audit considerations relating to an entity using a service organisation
Service organisation
A third-party organisation that provides services to user entities that are part of
those entities' information systems relevant to financial reporting.(maintenance of
accounting records, credit control and data entry or information processing).
User entity
An entity that uses a service organisation and whose financial statements are
being audited
User auditor:
An auditor who audits and reports on the financial statements of a user entity
Service auditor:
An auditor who, at the request of the service organisation, provides an assurance
report on the controls of a service organisation
 17: Non-current liabilities

Provision a liability of uncertain timing or amount.

Liability a present obligation of the entity arising from past events, the
settlement of which is expected to result in an outflow of economic benefits from
the entity.
Obligating event an event that creates a legal or constructive obligation that
results in an entity having no realistic alternative to settling that obligation.
Legal obligation an obligation that derives from:
a) A contract (through its explicit or implicit terms).
b) Legislation; or
c) Other operation of law.
Constructive obligation: an obligation that derives from an entity's actions
where:
(a) entity has indicated its commitment to certain responsibilities through its
established past practices, published policies, and specific current statement to
other parties.
(b) has created a valid expectation from other parties that it will fulfil those
responsibilities.
Contingent liability
(a) possible obligation that arises from past events and whose existence will be
confirmed only by occurrence/non-occurrence of uncertain future events not
wholly under the entity's control.
(b) A present obligation that arises from past events but is not recognised
because:
(i)not probable that an outflow of economic benefits will be required to settle
obligation
(ii) The amount of the obligation cannot be measured with sufficient reliability.
Contingent asset
possible asset that arises from past events and whose existence will be confirmed
only by occurrence/non-occurrence of uncertain future events not wholly under
the entity's control.
Capital
Capital including share capital, distributions, and reserves must be agreed with
the share register. Auditors should examine transfers on a test basis for
companies handling their own registration work. Independent registrars should
provide a certificate of share capital in issue at year-end. Compliance with local
legislation and valid movements in reserves are crucial for auditors. Where the
Independent registrars handle registration work, and auditors review their
submitted reports and obtain a certificate of share capital in issue at year-end.
The main concern with share capital and reserves is that the company has
complied with the law. Auditors must ensure companies comply with local laws
regarding share issues and share purchases and verify valid movements in
reserves to ensure compliance with share capital and reserves.
Audit procedures for share capital, distributions and reserve:
Share  Agree the authorised share capital with the statutory documents
equity governing the company's constitution.
capital  Agree changes to authorised share capital with properly
authorised resolutions.
Issue of  Verify any issue of share capital or other changes during the
shares year with general and board minutes.
 Ensure issue or change is within the terms of the constitution,
and directors possess appropriate authority to issue shares.
 Confirm that cash or other consideration has been received or
receivable(s) is included as called-up share capital not paid.
Transfer of  Verify transfers of shares by reference to:
shares - Correspondence
- Completed and stamped transfer forms
- Cancelled share certificates
- Minutes of directors' meeting
 Review the balances on shareholders' accounts in the register of
members and the total list with the amount of issued share
capital in the general ledger
Dividends  Agree dividends paid and declared pre-yearend to authority in
minute books and reperform calculation with total share capital
issued to ascertain whether there are any outstanding or
unclaimed dividends.
 Agree dividend payments to documentary evidence.
 Test that dividends do not contravene distribution provisions by
reviewing the legislation.
Reserves  Agree movements on reserves to supporting authority.
 Ensure that movements on reserves do not contravene the
legislation and the company's constitution.
 Confirm that company can distinguish distributable & non-
distributable reserves.
 Ensure that appropriate disclosures of movements on reserves
are made in company's accounts by inspection of financial
statements.
Directors emoluments
 18: Not-for-profit Organisation
Audit of not-for-profit organisations
Organisations may fall within the scope of statutory audit if the entities
concerned are limited liability companies. Organisations not incorporated may
require an assurance engagement due to the requirements of regulatory or
governing bodies.
When carrying out an audit of a not-for-profit organisation, it is vital that the
auditor establishes:
Whether a statutory audit is required
If a statutory audit is not required, what the objectives of the engagement are.
What the engagement is to report on
To whom the report should be addressed
Risk assessment
The auditor should, during the planning stage, fully assess the risks associated
with the not-for-profit organisation. There are certain risks applicable to not-for-
profit organisations that might not necessarily be applicable to other small
companies.
Small not-for-profit organisations will generally suffer from internal control
deficiencies common to small enterprises, such as lack of segregation of duties
and the use of unqualified staff. Shortcomings may arise from the staff's lack of
training and also, if they are volunteers, from their attitude, in that they may
resent formal procedures.
The auditors will have to consider particularly carefully whether they will be able
to obtain adequate assurance that the accounting records do reflect all the
transactions of the enterprise and bear in mind whether there are any related
statutory reporting requirements.
 19: Audit Review And Finalisation
Subsequent Events
Events occurring between the date of the financial statements and the date of the
auditor's report, and facts that become known to the auditor after the date of the
auditor's report'
Financial statements may be affected by events that occur after the date of the
financial statements. For financial reporting purposes, these are categorised in
one of two ways:
Adjusting Events Non-Adjusting Events
Those that provide evidence of Those that provide evidence of
conditions that existed at the date of the conditions that arose after the date
financial statements of the financial statements
Examples: Examples:
· Settlement of a court case . Dividends declared after the year
· Sale of inventory after year end end
providing evidence of its NRV at year · Fire causing destruction of major
end plant
. Fraud/error showing accounts are . Announcement of a major
incorrect restructuring
Going Concern basis of accounting:
Financial statements are prepared assuming the entity will continue operations
unless management intends to liquidate the entity or to cease operations or has no
realistic alternative but to do so. The objectives of the auditor are:
 To obtain sufficient appropriate audit evidence conclude on the
appropriateness of management's use of going concern basis
 To conclude whether a material uncertainty exists related to events or
conditions that may cast significant doubt on the entity's ability to continue as
a going concern
 To report in accordance with ISA 570
The auditor must monitor going concern indicators during audits to assess
potential doubts about the entity's ability to continue as a going concern. If going
concern basis is not appropriate, the statements are prepared on a break-up basis.
Management's assessment
IAS 1 Presentation of Financial Statements mandates management to assess an
entity's ability to continue as a going concern.
The auditor evaluates management's assessment and requests management to
extend its assessment period to at least 12 months if assessment covers less than
12 months from date of the financial statements. Auditor also enquire of
management of its knowledge of events/conditions beyond the assessment period
that may cast doubt on entity’s ability to continue.
Based on audit evidence obtained, auditor should determine if, in their
judgement, a material uncertainty exists that may cast significant doubt on
entity's ability to continue.
Events or conditions identified
If significant doubts are identified about the entity's ability to continue as a going
concern, the auditor must obtain appropriate audit evidence to determine
whether a material uncertainty exists and perform additional procedures.
 Requesting management to make its assessment
 Evaluating management's future plans
 Evaluating the reliability of data and the assumptions used to prepare cash
flow forecast
 Considering any additional facts or information have become available since
the date management made its assessment
 Requesting written representations from management and those charged with
governance about plans for future action and the feasibility of these plans
Specific audit procedures that the auditor could perform include:
 Analysing and discussing cash flow profit and other relevant forecasts with
management
 Reviewing latest available interim financial statements
 Examining debentures, loan agreements and determining if they have been
breached
 Reading minutes of the meetings for reference to financing difficulties
 Enquiring of entity's lawyer about existence of litigation and claims, and
assessing reasonableness of mngt's assessments of their outcome and
estimated financial implications
 Obtaining and reviewing reports or regulatory actions
ISA 580 Written Representations
Written statements by management provided to auditor to confirm certain
matters/ support other audit evidence. They do not include financial statements,
supporting books and records.
There are three main areas where written representations are necessary:
 To confirm that management has fulfilled its responsibilities for preparation of
financial statements, all transactions have been recorded and reflected and all
relevant information and access has been provided to auditor as agreed in
terms of engagement
 A number of ISAs require written representations (such as fraud, laws and
regulations, estimates, going concern, related parties and subsequent events)
 To support other audit evidence relevant to financial statements if determined
by the auditor
Supporting audit evidence
Written representations, while being audit evidence, are internal and do not
provide sufficient appropriate audit evidence for the issues they pertain to.
(Where knowledge of facts is confined to management/ the matter is principally
one of judgement)
Obtaining written representations
Agree procedures at early stage (eg letter of engagement)
Print on the client's headed paper and to be signed by management
Discuss the contents of the letter with management first
Dated as close as possible to the signing of the auditor's report but not after
this date
Written representations not provided
If management does not provide requested written representations, the auditor
shall:
o Discuss the matter with management
o Re-evaluate the integrity of management and evaluate the effect this may have
on the reliability of representations and audit evidence in general
o Take appropriate actions, including determining the impact on the auditor's
report
Overall review of financial statements
The auditor reviews financial statements to assess if they align with their
understanding of the entity, designing & using analytical procedures to form an
overall conclusion.
o Financial statements are prepared using acceptable accounting policies,
consistently applied and appropriate to the entity.
o Information included in financial statements is compatible with audit findings.
o There is adequate disclosure and proper classification and presentation of
information
o Financial statements comply with statutory requirements and other
regulations.
When considering whether accounting policies are appropriate, auditors should
consider:
 Policies commonly adopted in particular industries
 Whether any departures from applicable accounting standards are necessary
for the financial statements to give a true and fair view
 Whether the financial statements reflect the substance of the underlying
transactions
Misstatements
a discrepancy between the reported amount, classification, presentation, or
disclosure of a financial statement item and the required requirements for
compliance with the FR framework .It can be due to fraud/error
An uncorrected misstatement is a misstatement that the auditor has accumulated
during the audit and that has not been corrected
Communication of uncorrected misstatements
ISA 450 mandates auditors to inform those charged with governance about
uncorrected misstatements and their impact now and also on prior periods,
identifying material misstatements individually and requesting correction.
They must also request written representation from management and governance
on whether these misstatements are immaterial to the financial statements. A
summary of these items shall be included in or attached to the representation
ISA 450 requires the auditor to document the following information:
 The amount below which misstatements would be regarded as clearly trivial
 All misstatements accumulated during the audit and whether they have been
corrected
 The auditor's conclusion as to whether uncorrected misstatements are material
and the basis for that conclusion
 20: Reports
Unmodified opinion
opinion expressed when the auditor concludes that the financial statements are
prepared in accordance with the financial reporting framework in all material
respects.
If the auditor concludes that the financial statements to be materially misstated or
lack sufficient audit evidence to make this conclusion, the auditor must modify
the opinion.
Key audit matters
those matters that, in the auditor's professional judgment, were of most
significance in the audit of the financial statements of the current period.
selected from matters communicated with those charged with governance.
only relevant to the audit of listed entities.
do not constitute a modification of the report or of the opinion.
Unrelated to if opinion is modified or not, both ways KAMs will be
communicated.
Areas of high risk of material misstatement
Areas where management have had to exercise significant judgement where
there is a high level of uncertainty.
Presentation of KAMs in the auditor's report
Each KAM detailed in the auditor's report should refer to the related disclosure in
the financial statements and will explain:
a) Why the matter was considered to be significant and therefore a KAM
b) How the matter was addressed in the audit
KAMs will be communicated in the auditor's report of listed entity for matters
that required significant auditor attention.
Where the auditor's opinion is modified in relation to a KAM, the issue is not
disclosed in the KAM but in the 'Basis for modified opinion' paragraph.
Any concerns relating to going concern would not be disclosed in the KAM,in
the 'Material uncertainty relating to going concern' paragraph.
The auditor will give a modified audit opinion when:
(a) concludes, based on the evidence obtained, that the financial statements as a
whole are not free from material misstatement; or
(b) unable to obtain sufficient appropriate audit evidence to conclude that the
financial statements as a whole are free from material misstatement.
two 'levels' of modified opinion:
(a) Material but not pervasive, where circumstances prompting misstatement are
material
(b) Material and pervasive, where the financial statements could be misleading
Pervasiveness: used to describe the effects or possible effects on the financial
statements of misstatements/undetected misstatements (due to inability to obtain
sufficient appropriate audit evidence). There are three types of pervasive effect:
a) Those not confined to specific elements, accounts or items in the FS
b) Those confined to specific elements, accounts or items in the FS and represent
or could represent a substantial portion of the FS.
c) Those that relate to disclosures which are fundamental to users' understanding
of
FS.

Emphasis of matter: A paragraph in an auditor's report highlights a crucial

aspect of the financial statements appropriately disclosed, that is fundamental to
users' understanding, according to the auditor's judgment.
Uncertain outcome of litigation/ A significant subsequent event that occurs
between the date of the financial statements and the date of the auditor's report, a
fire
 fundamental to users'
understanding and fundamental to users'
has required understanding but not
significant audit requiring significant
attention audit attention

Emphasis of
KAM matter
paragraph
Where an emphasis
of matter paragraph is used:
The paragraph should clearly reference the highlighted matter and its relevant
disclosures in the financial statements, stating that the auditor's opinion is not
modified in respect of the matter, It can come immediately before/after the
KAMs, depending on its significance
Other matter paragraph
paragraph that refers to a matter other than those presented or disclosed in the
financial statements that, in the auditor's judgement, is relevant to users'
understanding of the audit, the auditor's responsibilities or the auditor's report.
usually comes immediately after the key audit matters (matters like FS have not
been audited/ audited by another auditor)
The Auditor's Responsibilities Relating to Other Information
Other information: financial or non-financial information (other than the
financial statements and the auditor's report ) included in an entity's annual
report.
Annual report:
a document, or combination of documents, usually prepared annually by
management or those charged with governance in accordance with
law/regulation/custom.
Its purpose is to provide stakeholders with information on the entity's operations
and the entity's financial results and financial position as set out in the financial

statements.
Misstatement of the other information exists when the other information is
incorrectly stated or otherwise misleading.
Going concern
Directors' responsibility - to determine whether or not an entity is a going
concern. Auditor's responsibility - to make an assessment as to whether the
directors' conclusion is appropriate based on the results of the going concern
review performed by the auditor. The auditor must consider:
(a) Whether the use of the going concern basis is appropriate.
(b) Whether adequate disclosure has been made of any material uncertainties
affecting going concern; and
(c) Whether management's assessment was adequate.
If there is concern about any of the items above, then the auditor should consider
the implications for their auditor's report.
Auditor's report implications
The

auditor shall communicate with those charged with governance events or

conditions that may cast doubt on the entity's going concern. This will include:
 . Whether the events or conditions constitute a material uncertainty
 . Whether the use of the going concern assumption is appropriate in the
preparation and presentation of the financial statements
 . The adequacy of related disclosures
 . Where applicable, the implications for the auditor's report