Sie sind auf Seite 1von 308

A-PDF Merger DEMO : Purchase from www.A-PDF.

com to remove the watermark

chapter I
\,

Role and context


of modern auditing

Introduction

Topic List
I
Role of auditing
2
The audit process
3
Statutory audit requirement
4
Legal responsibilities
5
International standards on auditing
6
Quality control
7
Documentation
Summary and Self-test
Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

Role of auditing

1.1

Purpose of the audit


Audits serve a fundamental purpose in helping to enforce accountability and promote confidence in
financial reporting. Directors are delegated responsibility for managing the affairs of the company by the
owners, in effect they act as trustees for the shareholders. The audit provides a mechanism for
shareholders to help ensure that the directors are acting in the company's best interests and therefore
plays a fundamental stewardship role.
BSA 200 Objective and General Prindples Governing an Audit of Financial Statements sets out the objectives of an
audit as follows:
'The objective of an audit of financial statements is to enable the auditor to express an opinion as to
whether the financial statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework.'

1.2

Part of the economic infrastructure


The audit is also a vital function of economic activity. For that economic activity to continue to flourish
there has to be trust. As the ICAEW Audit and Assurance Faculty publication Audit Quality states:
'An important contributor to trust and confidence is the independent audit of the information
provided to shareholders. It is a vital component of efficient capital markets.'
While the audit has a crucial role to play in providing assurance to shareholders it cannot be seen in
isolation. For example, the directors of the company have a role to play in the preparation of financial
statements that show a true and fair view. The audit has to be seen in the context of a range of interwoven
laws, regulations, and guidance, all of which promote good corporate governance. 0fVe will look at
corporate governance in detail in Chapter 3).

1.3

The expectation gap


The primary role of the auditor is to perform an independent examination of the financial statements and to
form an opinion. You should be very familiar with this concept from your earlier studies. The audit opinion
will provide reasonable assurance that the financial statements give a true and fair view; it does not
provide a certificate that they are completely accurate and free from every error or fraud, no matter how
small. BSA 200 explains that absolute assurance is not possible due to inherent limitations of the audit
including those resulting from the following factors:
~

~
~
~
~

The use of testing


Inherent limitations of internal control
The fact that most evidence is persuasive rather than conclusive
The impracticability of examining all items within a class of transactions or account balance
The possibility of collusion or misrepresentation for fraudulent purposes
The fact that the work undertaken by the auditor is permeated by judgement

The Institute of Chartered Accountants in England and Wales, March 2009

Advanced Stage- Advanced Audit and Assurance


In some instances this 'expectation gap' can lead to difficulties arising from the difference between what
shareholders expect an audit to achieve and what it is designed to achieve. The public increasingly expect
the following types of questions to be answered:
~
~

~
~

Is the company a going concern?


Is the company managed effectively?
Is there an adequate system of controls?
Is the company susceptible to fraud?

As Audit Quality states:


'A continuing challenge facing those with an interest in corporate governance and every auditor is
communicating the purpose, ambit and limitations of the audit.'

1.4

The audit opinion


The key judgement made by the auditor is whether the financial statements give a true and fair view. Whilst
there is no legal definition for these terms, 'true' and 'fair' are normally taken to mean the following:

Definition
True: The information in the financial statements is not false and conforms to reality.

In practical terms this means that the information is presented in accordance with accounting standards
and law. The f1nancial statements have been correctly extracted from the underlying records and
those records reflect the actual transactions which took place.

Definition
Fair: The financial statements reflect the commercial substance of the company's underlying transactions
and the information is free from bias.

You will have come across examples of the application of substance over form in your financial reporting
studies e.g. the treatment of a finance lease.
The problem with making judgements such as these is that they can be called into question, particularly
where others have the benefit of hindsight. The major defence that the auditor has in this situation is to
show that the work was performed with due skill and care and that the judgements made about truth
and fairness were reasonable based on the evidence available at the time. We will look at quality control in
Section 6 of this chapter. Auditor liability is covered in Chapter I 0.

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

2 The audit process

2.1

Overview
You will have covered the audit process in you earlier studies. The following diagram summarises the key
points you should be familiar with. Chapters 4 - 6 of this text cover the audit in more detail.

Point to note
BSA 200 requires that the audit should be planned and performed with an attitude of professional

scepticism.

The Institute of Chartered Accountants in England and Wales, March 2009

Advanced Stage - Advanced Audit and Assurance

3 Statutory audit requirement

3.1

The audit requirement


The basic principle is that all companies registered in Bangladesh should be audited.

4 Legal responsibilities

4.1

Companies Act 1994


The legal responsibilities regarding directors and auditors are currently contained in the Companies Act
1994 which has effectively replaced the provisions of the Companies Act 1913.

4.2

Directors' responsibilities
These duties are as follows:
~

Fiduciary Duty
Directors are fiduciaries and must, therefore, display the utmost good faith towards the company in
their dealings with it or on its behalf. They must act bona fide, in what they believe to be the best
interests of the company. They must exercise their powers for the particular purpose for which they
were conferred and not for some extraneous purpose, even though they honestly believe that to be in
the best interest of the company. But the most important feature of the fiduciary nature of their duties
is that they must not fetter their discretion to exercise their powers from time to time in accordance
with the foregoing rules. Also they must not, without the consent of the company, place themselves in
a position in which there is a conflict between their duties and personal interests. Good faith must not
only be done but must manifestly be seen to be done, and the law will not allow a person acting in a
f1duciary capacity to place himself in a situation in which his judgment is likely to be biased.

Accounting records
A company is required to keep proper books of account, which are sufficient to show and explain
the company's transactions. Failure to do so may render every officer of the company liable to a fine
or imprisonment.
In addition to the statutory requirement, the directors have an overriding responsibility to ensure they
have adequate information to enable them to fulfil their duty of managing the company's business.

Annual balance sheet


The board of directors of every company shall, at every annual general meeting held in pursuance of
section 81, "lay before the company a balance sheet together with the profit and loss account."
Board Report-- There shall be attached to every balance sheet laid before a company in general
meeting a report by its board of directors, with respect to.(a) the state of the company's affairs;
(b) the amount, if any, which the board proposes to carry to any reserve in such balance sheet;

The lnstiwte of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

(c) the amount, if any, which the board recommends should be paid by way of dividend;
{d) material changes and commitments, if any, affecting the financial position of the company which
have occurred between the end to the financial year of the company of which the balance sheet
related and the date of the report:
(2) The board's report shall, so far as is material for the appreciation of the state of company's affairs
by its members, deal with any changes which have occurred during the financial year:{a) in the nature of the company's business;
(b) in the company's subsidiaries or in the nature of the business carried on by them; and
(c) generally in the classes of business in which the company has an interest.
{3) The board shall also be bound to give the fullest information and explanations in its report
aforesaid on every reservation, qualification or adverse remark contained in the auditor's report.
(4) The board's report and any addendum thereto shall be signed by its chairman if he is authorised in
that behalf by the board, and, where he is not so authorised, shall be signed by such number of
director as are required to sign the balance sheet and the profit and loss account or the income and
expenditure account of the company.
~

Directors' and officers' insurance


Generally a company cannot indemnify a director against a liability arising from an act of negligence,
default or breach of duty. However, this statutory provision does not prevent a company from buying
and maintaining insurance against such a liability.

'"
~

Safeguarding the assets


Responsibilities to safeguard the assets of the company includes the prevention and detection of
fraud. One of the main ways in which this duty can be carried out is to implement an effective
system of controls.

4.3

Loans to Directors
Section I03 prohibits loans or guarantee or securities in favour of directors. This section follows section

860 of the Act of 1913 which was introduced in the company law of our country by the amending Act of
1936. A further amendment in 1938 extended the operation of the rule to loans to private companies in
which any director of the lending company was a member. Section I08 (I) (g) provides that the office of a
director shall be vacated if a director or any firm of which he is a partner or any private company of which
he is a director accepts a loan or guarantee from the company in contravention of section I03.
A private company may give or guarantee a loan if the loan is sanctioned by the board and the general
meeting and does not exceed fifty percent of the paid up value of the shares held by the director in his own
name. A contravention of section I03 may, in addition to the vacation of the office of the director, entail a
fine of five thousand taka or a simple imprisonment for six months in lieu of fine for every person who is a
party to such a contravention. Regulation 78 in the First Schedule to the Act also provides that the office of
a director shall be vacated if the director accepts a loan from the company.

4.4

Auditors' responsibilities
Under the Companies Act 1994, it is the external auditor's responsibility to form an independent
opinion on the truth and fairness of the financial statements
The auditor will also report by exception on the following. Whether:
~

Proper returns, adequate for audit purposes, have been received from branches

The accounts agree with the underlying records

Adequate accounting records have been kept

All necessary information and explanations have been obtained

The Institute of Chartered Accountants in England and Wales, March 2009

Advanced Stage -Advanced Audit and Assurance


The auditor also has a duty towards other information in documents containing audited financial statements
in accordance with BSA 720 Other Information in Documents Containing Audited Financial Statements (see
Chapter 6).

S International standards on auditing

5.1

Introduction
You will have covered the regulatory framework affecting the issue of International Standards on Auditing
(ISAs) including the role of the International Auditing and Assurance Standards Board (IAASB) in your Audit
and Assurance studies at the professional level. This section therefore provides a brief summary of the key
points.

5.2

Overview
The system in Bangladesh currently works as follows:

IAASB
Issues
BSA as used by
Bangladesh
Auditors
ICAB
Adopts

5.3
5.3.1

International Auditing and Assurance Standards Board


Pronouncements
IAASB was set up by the International Federation of Accountants (IFAC), which nominates a majority of its
members - others are nominated by the forum of firms -to issue professional standards. It issues the
following standards:
~

International Standards on Auditing (ISAs)


International Standards on Assurance Engagements (ISAEs) (applicable to assurance
engagements which are not audits)

International Standards on Related Services (ISRSs) (applicable to other, non-assurance


engagements)

International Standards on Quality Control (ISQCs) (applicable to all engagements carried out
under any of the IAASB's standards)

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING


~

International Standards on Review Engagements (ISREs) (are to be applied in the review of


historical financial information)

It also issues the following practice statements:


~

International Audit Practice Statements (lAPS). lAPS provide interpretive guidance and practical
assistance to professional accountants in implementing ISAs and to promote good practice.

International Review Engagement Practice Statements (IREPSs), International Assurance


Engagement Practice Statements (IAEPSs), and International Related Services Practice Statements
(IRSPSs) are issued to serve the same purpose for implementation of ISREs, ISAEs and ISRSs
respectively.

5.3.2

Authority of ISAs
ISAs are to be applied in the audit of historical financial information.
In exceptional circumstances, an auditor may judge it necessary to depart from an ISA in order to
more effectively achieve the objective of an audit. When such a situation arises, the auditor should be
prepared to justify the departure.

5.3.3

Working procedures
The working procedures of the IAASB can be summarised as follows

5.4
5.4.1

Subjects selected for detailed study are reviewed by a subcommittee

The subcommittee prepares an exposure draft for consideration by the IAASB

Once approved the exposure draft is distributed to member bodies of IFAC (and other international
organisations that have an interest in auditing standards) for comment

A revised exposure draft is issued after consideration of the comments received by the IAASB

If the revised draft is approved an ISA is issued.

ICAB Adoption Procedures


ICAB adoption of ISAs and BSAs
The process for adoption by ICAB of ISAs and BSAs is as follows:
~
~

~
~
~

5.4.2

Identification of the broad areas by the Technical and Research Committee (TRC) for formulating the
Accounting/Auditing Standards
Constitution of the study groups by the TRC for preparing the preliminary drafts of the proposed
Accounting/ Auditing Standards
Consideration of the preliminary drafts prepared by the study groups by the TRC and revision, if any,
of the drafts on the basis of deliberations at the TRC
Consideration of the drafts Accounting/ Auditing Standards by the Councii-ICAB and if found
necessary, modification of the drafts in consultation with the TRC
The Accounting/ Auditing Standards, so finalised, are issued under the authority of the Councii-ICAB as
Bangladesh Accounting Standards (BAS), and Bangladesh Standards on Auditing (BSA)

Future harmonisation: Clarity Project


The ongoing IAASB Clarity Project will also result in amendments being required to BSAs in due course.

5.5

Clarity Project
The IAASB is in the middle of a clarity project, during which they are reissuing existing ISAs, with the aim of
making the requirements within them clearer.

The Institute of Chartered Accountants In England and Wales, March 2009

Advanced Stage- Advanced Audit and Assurance


Under this project, each ISA will have:
~

~
~

5.5.1

A stated overall objective


Clarified obligations, by use of the word 'shall' where a requirement of the ISA is set out
Eliminating ambiguity in ISAs
Improving the overall readability of ISAs

Revised and redrafted ISAs


As at September 2008 the following ISAs have been revised and redrafted as part of the Clarity Project.
ISA 260 (Revised and Redrafted) Communication with Those Charged with Governance (see Chapter 6)
ISA 540 (Revised and Redrafted) Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and
Related Disclosures (see Chapters 5 and 12)
ISA 550 (Revised and Redrafted) Related Parties (see Chapter 5)
ISA 580 (Revised and Redrafted) Written Representations (see Chapter 5)
ISA 600 (Revised and Redrafted) Special Considerations -Audit of Group Financial Statements (Including the
Work of Component Auditors) (see Chapter 14)

5.5.2

Redrafted ISAs
To date the following ISAs have been reissued in the clarity form. These new standards make no significant
changes to the auditor's responsibilities but have been reworded in line with the aims of the Clarity Project.
ISA 230 (Redrafted) Audit Documentation
ISA 240 (Redrafted) The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements
ISA 250 (Redrafted) Consideration

of Laws and Regulations in an Audit of Financial Statements

ISA 260 (Redrafted) Communication with those charged with Governance


ISA 300 (Redrafted) Planning an Audit of Financial Statements
ISA 315 (Redrafted) Identifying and Assessing the Risks
Entity and Its Environment

of Material Misstatement Through Understanding the

ISA 330 (Redrafted) The Auditor's Response to Assessed Risks


ISA 51 0 (Redrafted) Initial Audit Engagements - Opening Balances
ISA 560 (Redrafted) Subsequent Events
ISA 570 (Redrafted) Going Concern
ISA 720 (Redrafted) The Auditor's Responsibility in Relation to Other Information in Documents containing Audited

Financial Statements

I0

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

6 Quality control

6.1

Principles and purpose


Audit quality is not defined in law or through regulations, nor do auditing standards provide a simple
definition.
Although each stakeholder in the audit will give a different meaning to audit quality, at its heart it is about
delivering an appropriate professional opinion supported by the necessary evidence and objective
judgements.
Many principles contribute to audit quality including good leadership, experienced judgement, technical
competence, ethical values and appropriate client relationships, proper working practices and effective
quality control and monitoring review processes.
The standards on audit quality provide guidance to firms on how to achieve these principles.

6.2

Quality control at a firm level


The fact that auditors follow BSAs provides a general quality control framework within which audits should
be conducted. There are also specific quality control standards. BSQC I: Quality Control for Firms that
Perform Audits and Reviews of Historical Finandallnformation and other Assurance and Related Service
Engagements deals with quality control at a firm level. You have studied BSQC I in Audit and Assurance at
the professional level. A summary of the key points is provided below.

6.2.1

Purpose of BSQC I
The purpose of BSQC I is to ensure that firms establish a system of quality control designed to provide
it with reasonable assurance that the firm and its personnel comply with professional standards and
regulatory and legal requirements, and that reports issued by the firm or engagement partners are
appropriate in the circumstances.

6.2.2

Elements of a system of Quality Control


BSQC I identifies the following six elements of the firm's system of quality control:

(I)

Leadership responsibilities for quality within the firm


The standard requires that the firm implements policies such that the internal culture of the firm is
one where quality is considered essential. Such a culture must be inspired by the leaders of the firm,
who must sell this culture in their actions and messages. In other words, the entire business strategy
of the audit firm should be driven by the need for quality in its operations.
The firm may appoint an individual or group of individuals to oversee quality in the firm. Such
individuals must have:
~
~

The ability to carry out the job


The necessary authority to carry out the job

The Institute of Chartered Accountants in England and Wales, March 2009

II

Advanced Stage - Advanced Audit and Assurance


(2)

Ethical requirements
Policies and procedures should be designed to provide the firm with reasonable assurance that the
firm and its personnel comply with relevant ethical requirements.
The policies and procedures should be in line with the fundamental principles, which should be
reinforced by:
~
~
~

The leadership of the firm


Education and training
Monitoring
A process to deal with non-compliance

At least annually, the firm should obtain written confirmation of compliance with its policies and
procedures on independence from all firm personnel required to be independent by ethical
requirements.
(3)

Acceptance and continuance of client relationships and specific engagements


A firm should only accept, or continue with, a client where:
It has considered the integrity of the client and does not have information that the client lacks
integrity

(4)

Is competent to perform the engagement and has the necessary time and resources

Can comply with ethical requirements including appropriate independence from the client

Human resources
The firm's overriding desire for quality will necessitate policies and procedures on ensuring
excellence in its staff, to provide the firm with 'reasonable assurance that it has sufficient personnel
with the capabilities, competence, and commitment to ethical principles necessary to perform its
engagements in accordance with professional standards and regulatory and legal requirements, and to
enable the firm or engagement partners to issue reports that are appropriate in the circumstances'.
These will cover the following issues:
~

Recruitment

Performance evaluation

Capabilities

Competence

Career development

Promotion

Compensation

The estimation of personnel needs

The firm is responsible for the ongoing excellence of its staff, through continuing professional
development, education, work experience and coaching by more experienced staff.
The assignment of engagement teams is an important matter in ensuring the quality of an
individual assignment.
This responsibility is given to the audit engagement partner. The firm should have policies and
procedures in place to ensure that
~

Key members of client staff and those charged with governance are aware of the identity of
the audit engagement partner

The engagement partner has appropriate capabilities, competence, authority and time to
perform the role

The engagement partner is aware of his/her responsibilities as engagement partner

The engagement partner should ensure that he assigns staff of sufficient capabilities, competence and
time to individual assignments so that he will be able to issue an appropriate report.

I2

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

(5)

Engagement performance
The firm should take steps to ensure that engagements are performed correctly, that is, in a~cordance
with standards and guidance. Firms often produce a manual of standard engagement procedures to
give to all staff so that they know the standards they are working towards. These may be electronic.
Ensuring good engagement performance involves a number of issues:
~

~
~

~
~

Direction
Supervision
Review
Consultation
Resolution of disputes

Many of these issues will be discussed in the context of an individual audit assignment (see below).
The firm should have policies and procedures to determine when a quality control reviewer will be
necessary for an engagement. This will include all audits of financial statements for listed companies.
When required, such a review must be completed before the report is signed.
The firm must also have standards as to what constitutes a suitable quality control review.
In particular the following issues must be addressed.
For listed companies in particular the review should include:
~

The engagement team's evaluation of the firm's independence in relation to the specific
engagement

Significant risks identified during the engagement and the responses to those risks

Judgements made, particularly with respect to materiality and significant risks

Whether appropriate consultation has taken place on matters involving differences of opinion or
other difficult or contentious matters, and the conclusions arising from those consultations
The significance and disposition of corrected and uncorrected misstatements identified during the
engagement

(6)

The matters to be communicated to management and those charged with governance and, where
applicable, other parties such as regulatory bodies

Whether working papers selected for review reflect the work performed in relation to the
significant judgements and support the conclusions reached

The appropriateness of the report to be issued

Monitoring
The standard states that firms must have policies in place to ensure that their quality control
procedures are:
~
~

~
~

Relevant
Adequate
Operating effectively
Complied with

In other wqrds, they must monitor their system of quality control. Monitoring activity should be
reported on to the management of the firm on an annual basis.
There are two types of monitoring activity, an ongoing evaluation of the system of quality control
and period inspection of a selection of completed engagements. An ongoing evaluation might include
such questions as, 'has it kept up to date with regulatory requirements?'
A period inspection cycle would usually fall over a period such as three years, in which time, at least
one engagement per engagement partner would be reviewed.

The Institute of Chartered Accountants in England and Wales, March 2009

I3

Advanced Stage - Advanced Audit and Assurance


The people monitoring the system are required to evaluate the effect of any deficiencies found. These
deficiencies might be one-offs. Monitors will be more concerned with systematic or repetitive
deficiencies that require corrective action. When evidence is gathered that an inappropriate report
might have been issued, the audit firm may want to take legal advice.
Corrective action
~
~

~
~

Remedial action with an individual


Communication of findings with the training department
Changes in the quality control policies and procedures
Disciplinary action, if necessary

Point to note
All quality control policies and procedures 'should be documented and communicated to the firm's
personnel'

6.2.3

Practical application
The ICAEW Audit and Assurance Faculty publication Quality Control in the Audit Environment: A practical guide
for frrms on implementing ISQC I recommends that firms take the following key steps to give them
confidence that they are compliant with ISQC I:

6.3

Document the operation of the quality control system

Lead from the top giving a consistent message on the importance of quality control

Always act ethically in accordance with relevant Standards and pronouncements

Focus on the right clients being matched by the right skills with emphasis on integrity and
competencies

Maintain capable and competent staff giving due attention to the firm's human resources policies and
procedures

Deliver quality audits consulting when needed and meeting requirements for engagement quality
control review

Monitor the firm's system of quality control and carry out a periodic objective inspection of a
selection of completed audit engagements

Quality control on an individual audit


You will have studied BSA 220 Quality Control for Audits of Historical Financial Information in the previous Audit
and Assurance paper. A summary of the key points is provided below.

6.3.1

Policies and procedures


It is the responsibility of the engagement team to implement quality control procedures with respect to
individual audit engagements. The engagement partner is ultimately responsible for quality control on an
individual engagement.
The policies and procedures for quality control on individual audits parallel those for the firm outlined
above. In addition, however, of particular significance for individual audits are the procedures of direction,
supervision and review.
~

Direction
At the planning stage, but also during the audit, the engagement partner ensures that the members of
the engagement team are informed of:
Their responsibilities
The nature of the entity's business
Risk issues
Problems that may arise
Detailed approach to the audit engagement

14

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING


~

Supervision
Supervision includes:
Tracking the process of the audit engagement
Considering the capabilities of individual members of the engagement team and that they
understand their instructions
Addressing issues that arise and modifying the audit approach if appropriate
Identifying matters for consultation or consideration by more senior members of the audit
engagement.

Review
Reviewing concerns the inspection of work by engagement members by more senior members of the
same engagement. This includes ensuring that:
The work has been carried out in accordance with professional and regulatory requirements
Significant matters are given further consideration
Appropriate consultations have taken place and have been documented
Where appropriate the planned audit work is revised
The work performed supports the conclusions
The evidence obtained supports the audit opinion
The objectives of the engagement have been achieved

6.3.2

Practical application
The ICAEW Audit and Assurance Faculty publication Audit Quality identifies the following as major factors
which drive audit quality:
~

Leadership
This involves:
Setting the strategies and objectives
Recognising the commonality of commercial and professional approaches
Ensuring the organisation will deliver the required quality
Setting the right tone at the top
Ensuring quality is consistently communicated

People
Audit quality is highly dependent on the quality of the people. Staff need to be both competent and
motivated. Training and development must be an integral part of professional life.

Client relationships
Managing client relationships involves:
Clearly defining the responsibilities of the auditor and management
Assessing whether the audit partner and the audit firm is objective and independent but still close
enough to have a good understanding of the business
Managing communications with the client management and audit committee so that issues are
dealt with on a regular and timely basis.

Working practices
Good working practices include:
A clear understanding of roles and responsibilities by all members of the audit team
The application of sufficient thought at each stage of the audit
Audit work should be performed with alertness of mind, professional scepticism and rigour
Completion procedures must be performed and audit conclusions carefully considered

The Institute of Chartered Accountants in England and Wales, March 2009

I5

Advanced Stage- Advanced Audit and Assurance


~

Internal monitoring
This essentially represents an 'internal audit' performed by staff independent of the audit team.

External monitoring
External monitoring is to be carried out through the ICAB QAD visit. Reports from the QAD visit
provide independent feedback on a firm's quality review processes and provide an opportunity to
measure them against good practice elsewhere.

6.4 Assuring the Quality of Professional Services


International Professional Practice Statement I Assuring the Quality of Professional Services (IPPS I) issued by
IFAC covers many of the issues dealt with by ISQC I and ISA 220 but addresses them largely from the
perspective of the role of the professional bodies e.g. ICAB. In particular it makes the following
points:
IFAC believes that the following objectives have worldwide applicability and that member bodies should
strive to achieve them:
~

Member bodies should adopt or develop quality control standards and relevant guidance that require
firms to establish quality control policies and procedures

Member bodies should develop quality review programs designed to evaluate whether firms have
established and complied with appropriate quality control policies and procedures and are complying
with those

Member bodies should require firms to make improvements in their quality control policies and
procedures where improvement is required. Corrective action should be taken where the firm fails to
comply with relevant professional standards. Educational or disciplinary measures may be necessary.

Interactive question I: Addystone Fish

[Difficulty level: Intermediate]

You are an audit senior working for the firm Addystone Fish. You are currently carrying out the audit of
Wicker Ltd, a manufacturer of waste paper bins. You are unhappy with Wicker's inventory valuation policy
and have raised the issue several times with the audit manager. He has dealt with the client for a number of
years and does not see what you are making a fuss about. He has refused to meet you on site to discuss
these issues.
The former engagement partner to Wicker retired two months ago. As the audit manager had dealt with Wicker
for so many years, the other partners have decided to leave the audit of Wicker largely in his hands.

Requirement
Comment on the situation outlined above.

See Answer at the end of this chapter.

I6

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

7 Documentation

7 .I

Audit documentation
Audit documentation is a key part of the overall quality control framework during the course of an audit.
All audit work must be documented: the working papers are the tangible evidence of all work done in
support of the audit opinion. BSA 230 Audit Documentation provides guidance on this issue.
In your previous studies, you have learnt the practical issues surrounding how audit papers should be
completed. The key general rule concerning what to include on a working paper to remember, is:
'What would be necessary to provide an experienced auditor, with no previous connection with the
audit, with an understanding of the nature, timing, and extent of the audit procedures performed to
comply with the ISAs and applicable legal and regulatory requirements and the results of the audit
procedures and the audit evidence obtained, and significant matters arising during the audit and the
conclusions reached thereon.'
The key reason for having audit papers therefore is that they provide evidence of work done. They may be
required in the event of litigation arising over the audit work and opinion given.
The BSA sets out certain requirements about what should be recorded, such as the identifying
characteristics of the specific items being tested.
It also sets out points an auditor should record in relation to significant matters. These include:
~

Discussions undertaken with directors and

How the auditor addressed information that appeared to be inconsistent with his conclusions in
relation to significant matters.

If an auditor felt it necessary to depart from customary audit work required by audit standards, he should
document why, and how the different test achieved audit objectives.
The BSA also contains details about how the audit file should be put together and actions in the event of
audit work being added after the date of the audit report (for example, if subsequent events results in
additional work being carried out}. You should be familiar with these points from your earlier studies.

7.2

R~view
We shall briefly revise here the review of working papers. Review of working papers is important, as it
allows a more senior auditor to evaluate the evidence obtained during the course of the audit for
sufficiency and reliability, so that more evidence can be obtained to support the audit opinion, if required. lt.
is an important quality control procedure.
Work performed by each assistant should be reviewed by personnel of appropriate experience to consider
whether:
~

The work has been performed in accordance with the audit programme.

The work performed and the results obtained have been adequately documented.

Any significant matters have been resolved or are reflected in audit conclusions.

The objectives of the audit procedures have been achieved.

The Institute of Chartered Accountants in England and Wales, March 2009

17

Advanced Stage- Advanced Audit and Assurance


~

The conclusions expressed are consistent with the results of the work performed and support the
audit opinion.

The following should be reviewed on a timely basis.


~

The overall audit strategy and the audit plan

The assessments of inherent and control risks

The results of control and substantive procedures and the conclusions drawn including the
results of consultations

The financial statements, proposed audit adjustments and the proposed auditors' report

In some cases, particularly in large complex audits, personnel not involved in the audit may be asked to
review some or all of the audit work, the auditors' report etc. This is sometimes called a peer review or
hot review.

Interactive question 2: Documentation (revision)

[Difficulty level: Intermediate]

Viewco is a manufacturer of TVs and video recorders. It carries out a full physical inventory count at its
central warehouse every year on 31 December, its financial year-end. Finished goods are normally of the
order of CU3 million, with components and work in progress normally approximately CUI million.
You are the audit senior responsible for the audit of Viewco for the year ending 31 December 20X I.
Together with a junior member of staff, you will be attending Viewco's physical inventory count.
Requirements
(a)

Explain why it is necessary for an auditor to prepare working papers.

(b)

State, giving reasons, what information the working papers relating to this inventory count attendance
should contain.

See Answer at the end of this chapter.

Interactive question 3: TrucksToGo Ltd

[Difficulty level: Intermediate]

You are the audit senior on the audit ofTrucksToGo Ltd. You are supervising the work of a relatively
inexperienced audit junior. The junior has been carrying out audit procedures on the assertions of
completeness and existence of non-current assets. According to the junior, audit work has been completed
and the memo below has been produced outlining some of the issues found during the audit.
Memo: Issues identified during audit

The directors have confirmed that there are no further non-current assets to include in the financial
statements. This representation was received in a meeting with the Finance Director and recorded on the
audit file at this time.
Part of the existence work on non-current assets included obtaining a sample of assets from the asset
register and then physically verifying those assets. Unfortunately, a significant number of assets were not
available for verification- the vehicles were in use by the company and therefore not on the premises. As
an alternative, vehicles on the premises were agreed back to the asset register.
A number of vehicles were noted on the company premises in a poor state of repair; for example, engines
missing. On enquiry, the vehicle manager confirmed that the vehicles were under repair. I am therefore
happy that the vehicles belonged to the company and no further action is necessary.
I have reached the conclusion that all non-current assets are correctly stated and valued in the financial
statements.

I8

The Institute of Chartered Accountants in England and Wales, March 2009

ROLE AND CONTEXT OF MODERN AUDITING

Requirement
Explain to the junior why the evidence collected is insufficient, and detail the action necessary to complete
the audit procedures. Refer to your objectives in reviewing audit documentation as a format for your
answer.

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

19

ROLE AND CONTEXT OF MODERN AUDITING

Summary and Self-test

Summary

The Institute of Chartered Accountants in England and Wales, March 2009

21

chapter 2

Ethics

Introduction

Topic List
I

Relevance of ethics

Ethical codes and standards

Making ethical judgements

Summary and Self-test


Answers to Self-test
Answers to Interactive questions
Appendix I

The Institute of Chartered Accountants in England and Wales, March 2009

33

ETHICS

Relevance of ethics

1.1

Introduction
In general terms ethics is a set of moral principles and standards of correct behaviour. Far from
being noble ideals which have little impact on real life they are essential for any society to operate and
function effectively. Put simply, they help to differentiate between right and wrong, although their
application often involves complex issues, judgement and decisions. Whilst ethical principles can be
incorporated into law in many cases their application has to depend on the self-discipline of the individual.
This principle can be seen to apply to society as a whole, the business community and the accounting
profession.

Interactive question I: Ethical risl<s

[Difficulty level: Easy]

From your knowledge brought forward from your previous studies, and any practical experience of auditing
you may have, write down as many potential ethical risk areas concerning audit as you can in the areas
below. (Some issues may be relevant in more than one column.)

~~,.;~o~~!,ff'J~r~ts:~1~' ~,,': :, ~eviewof0~~ own' , , , J:~isp~tes: ., , , lntimid~~ ',, , "~:,,


;~t~:""~~~~i,' t~ : %~ ~~ '~''"' ::: :~t~~~~ork. "' ~~:~~:."~~ ~' ~ :*r \ '
,. ;":; ~: ~~~ '
c" -~~# ~ ~~ :~ :.~t ;\~~, :~~~
f

See Answer at the end of this chapter.

The Institute of Chartered Accountants In England and Wales, March 2009

35

Advanced Stage- Advanced Audit and Assurance

1.2

Ethics in business
Business life is a fruitful source of ethical dilemmas because its whole purpose is material gain, the making of
profit. Success in business requires a constant search for potential advantage over others and business
people are under pressure to do whatever yields such an advantage. As a result organisations have become
increasingly under pressure to act and to be seen to be acting ethically. In recent years many have
demonstrated this by publishing ethical codes, setting out their values and responsibilities towards
stakeholders.

Worl<ed example: British Airways


British Airways got caught in 1993 waging a 'dirty tricks' campaign against its competitor Virgin Atlantic.
British Airways maintained that the offending actions (essentially, the poaching of Virgin's customers) were
those of a small group of employees who overstepped the bounds of 'proper' behaviour in their eagerness
to foster the interests of their employer.
An alternative view digs a little deeper. Some observers believed that the real villain of the piece was British
Airways' abrasive corporate culture, inspired by the then chairman of BA, Lord King.
One of BA's responses to its defeat in the courts against Virgin and the bad publicity arising from the case
was to introduce a code of ethics.

Worked example: Cooperative Bank


The UK's Cooperative Bank has estimated that it made 40m profit in 2003 as a result of its ethical policies.
Research showed that the Bank's ethical stance attracted business far in excess of that lost by turning away
customers with poor human rights records or weak environmental performance.

1.3

Ethics and the accounting profession


The IFAC Code of Ethics for Professional Accountants (IFAC Code) states:
'Objectives of the accountancy profession are to work to the highest standards of professionalism, to
attain the highest level of performance and generally to meet the public interest.'
The public interest is considered to be the 'collective well-being of the community of people and
institutions the professional accountant serves'. These include:
~
~
~

~
~

~
~
~

Clients
Lenders
Governments
Employers
Employees
Investors
The business and financial community
Others who rely on the work of the professional accountant

For the work of the accountant in practice or in business to maintain its value the accountant must be
respected and trusted. The individual professional accountant therefore has a duty and a responsibility to
maintain the reputation of the profession and the confidence of the public.

As a key aspect of reputation and professionalism is ethical behaviour the accounting profession has
developed ethical codes of conduct. These include:
~
~

IFAC Code
ICAB Code of Conducts

They provide guidance on what constitutes ethical behaviour and also provide assistance on determining the
right course of action where problems are encountered. This not only ensures that the highest standards

36

The lnstiwte of Chartered Accountants in England and Wales, March 2009

ETHICS
are maintained but also provides protection for the professional providing a benchmark against which
any alleged failings can be measured.

1.4

Ethics and the individual


Whilst legislation and professional bodies have their part to play through issuing guidance, the importance
of the integrity of the individual cannot be underestimated. Its ethical consequences are potentially very
significant in deciding for example, whether to whistleblow on questionable practice at work, despite
pressure from colleagues or superiors or negative consequences of doing so.
The devastating effect of the ethical choices of one individual can be seen in the following summary of the
role played by Betty Vinson, an accountant at WorldCom.

Worked example: WorldCom


WorldCom the US long-distance telephone carrier is 'credited' with being responsible for a fraud that
created the largest bankruptcy in US history. This reportedly resulted in a fine of $500 million, which at the
time was the largest fine ever imposed by the Securities and Exchange Commission (SEC).
The problems began for WorldCom in mid-2000. Its operating costs were increasing sharply due to the
fees which it had to pay to other companies for use of their telephone networks. Its Chief Executive Officer
and Chief Financial Officer had had to inform Wall Street of lower than expected profits for the second half
of the year and there was increasing pressure to improve results. Betty Vinson was working for WorldCom
at this time as a senior manager in the corporate accounting division. She was asked by her boss to falsify
the accounts in order to increase profits. This was achieved primarily by capitalising line costs rather than
treating them as operating expenses. Whilst Betty Vinson considered resignation due to the pressure she
was put under to falsify the results she continued to work for WorldCom until early 2002 and was
promoted from senior manager to director with an increase in salary of $30,000. Over an 18 month period
she had helped to falsify records at the request of her bosses increasing profits by $3.7 billion.
By March 2002 questions were being asked by internal audit. Vinson decided to disclose the details of the
falsified records to the FBI, the SEC and the US Attorney. She had hoped that her testimony could be
exchanged for immunity from prosecution, however this was not the case. In October 2002 she pleaded
guilty to two counts of conspiracy and securities fraud (carrying a maximum sentence of IS years) and in
October 2003 she was charged with entering false information on company documents (carrying a
maximum sentence of I 0 years).

Interactive question 2: Ethics and the individual

[Difficulty level: Intermediate]

List the factors which you think may have affected Betty Vinson's decision to make the fraudulent entries.
What other courses of action could she have taken?
See Answer at the end of this chapter.

2 Ethical codes and standards

The Institute of Chartered Accountants in England and Wales, March 2009

37

Advanced Stage - Advanced Audit and Assurance

2.1

Fundamental principles
~

The IFAC Code identifies five fundamental principles:


Integrity
Objectivity
Professional competence and due care
Confidentiality
Professional behaviour

2.2

Threats and safeguards


~

The IFAC Code is based on the principle that integrity, objectivity and independence are subject to
various threats and that safeguards must be in place to counter these.

The majority of threats fall into the following categories:

Self-interest threat

Undue dependence on total fees from a client

Self-review threat

Reporting on the operation of financial systems after being involved in


their design or implementation

Advocacy threat

Acting as an advocate on behalf of an assurance client in litigation or


disputes with third parties

Familiarity or trust threat

A member of the engagement team having a close or immediate family


relationship with a director of the client

Intimidation threat

Being threatened with dismissal or replacement in relation to a client


engagement

----------------~-----------------------

The IFAC Code considers that there are two general categories of safeguard:
(I}

Safeguards created by the profession, legislation or regulation


Education, training and experience requirements for entry into the profession
Continuing professional development requirements
Corporate governance regulations (see Chapter 3}
Professional standards (See Chapter I}
Professional or regulatory monitoring and disciplinary procedures
External review by legally empowered third party of the reports, returns, communications
or information produced by a professional accountant

(2}

Safeguards within the work environment


These may be:
Firm wide e.g. leadership of the firm that stresses the importance of compliance with
fundamental principles
Engagement specific e.g. rotating senior assurance team personnel

Safeguards in the work environment may differ according to whether a professional accountant works
in public practice, in business or in insolvency.

When evaluating safeguards what a reasonable and informed third party, having knowledge of all
relevant information, including the significance of the threat and the safeguards applied, would
conclude to be unacceptable should be considered.

38

The Institute of Chartered Accountants in England and Wales, March 2009

ETHICS

2.3

Professional appointment
~

The following procedures are as per IFAC and ICAB Codes:


The prospective auditor should explain to the prospective client that they have a professional
duty to communicate with the existing auditor
The client should be requested to confirm the proposed change to the existing
auditor and to authorise the existing auditor to co-operate with the prospective auditor
Where this authorisation is received the prospective auditor should write to the existing
auditor and request the disclosure of any information which might be relevant to the
successor's decision to accept or decline the appointment
The prospective auditor should then consider whether to accept or decline the
appointment in the light of the information received from the existing auditor
The existing auditor is required to respond within 14 days of receiving the requests for
information
The prospective auditor is allowed to assume that silence implies that there are no
adverse comments to be made. However the fact that no reply was received should be
considered as part of the overall decision-making process.

2.4

Confidentiality
~

Information received in confidence should not be disclosed except in the following circumstances:
Where disclosure is permitted by law and is
authorised by the client or the employer.

This might include circumstances where an


employee has committed a fraud and the
management are in agreement that the police
should be informed.

Where disclosure is required by law

For example:
~

Where there is a professional duty or right


to disclose, when not prohibited by law.

.;..

Production of documents or other provision of


evidence in the course of legal proceedings

In this instance disclosure can be made if it is in the


'public interest' to do so.

Confidential information should not be used for personal advantage or the advantage of third parties
e.g. insider trading

Applying this guidance will involve difficult judgements, particularly in making the decision as to
whether disclosure is in the public interest. Other specific matters which may need to be
considered include:
BSA 240 The Auditor's Responsibility to Consider Fraud in an Audit of Financial Statements
(see Chapter I0)
BSA 250 Considerations

2.5

of Laws and Regulations in an Audit of Financial Statements (see Chapter

I0)

Conflicts of interest
~

Conflicts of interest and confidentiality are related matters. Where a conflict of interest arises, one of
the key issues is whether it will be possible to keep information confidential.

Safeguards would include:


Notifying the affected parties of the conflict of interest and obtaining permission to act/continue
to act
Using separate engagement teams

The Institute of Chartered Accountants in England and Wales, March 2009

39

Advanced Stage - Advanced Audit and Assurance


Procedures to prevent access to information e.g. physical separation of teams and audit evidence
Clear guidelines for members of the engagement team on issues of security and confidentiality
The use of confidentiality agreements signed by employees
Regular reviews of the application of safeguards by a senior individual not involved with the
relevant client engagement.
~

Where safeguards do not mitigate the risks sufficiently the professional accountant should not
accept the engagement or should cease to act for one of the parties.

Interactive question 3: Stewart Brice

[Difficulty level: Intermediate]

You are the Engagement Partner at Stewart Brice, a firm of Chartered Accountants. The following
situations exist.
Teresa is the audit manager assigned to the audit of Recreate, a large quoted company. The audit has been
ongoing for one week. Yesterday, Teresa's husband inherited 1,000 shares in Recreate. Teresa's husband
wants to hold on to the shares as an investment.
The Stewart Brice pension scheme, which is administered by Friends Benevolent, an unconnected company,
owns shares in Tadpole Group, a listed company with a number of subsidiaries. Stewart Brice has recently
been invited to tender for the audit of one of the subsidiary companies, Kermit Co.
Stewart Brice has been the auditor of Kripps Bros, a limited liability company, for a number of years. It is a
requirement of Kripps Bros' constitution that the auditor owns a token CUI share in the company.

Requirement
Comment on the ethical and other professional issues raised by the above matters.
Identify the ethical and professional issues Stewart Brice would need to consider.
See Answer at the end of this chapter.

3.1

Making ethical judgements

Resolving ethical conflicts


Although there are a number of sources of ethical guidance, resolving ethical issues can be complex. As you
have seen in your earlier studies (also see Appendix I) there are some specific rules which can be applied,
but current IFAC ethical guidance is primarily principles based.
The application of these principles requires a degree of skill and the onus is placed on the integrity and
judgement of the individual in weighing up the facts of the situation. In addition, it may mean that in certain
circumstances there is more than one acceptable outcome.
The IFAC Code recognises that conflicts in the application of fundamental principles may need to be
resolved. When providing a service the professional accountant must take into account:
~

The client's requirements and

The public interest.

Where these are in conflict the public interest should take priority.

40

The Institute of Chartered Accountants in England and Wales, March 2009

ETHICS
The ICAB Code sets out a framework that accountants can follow when faced with these issues, which may
be set out as framework as follows, and you may find useful when considering ethical problems in the exam.
The ICAB Code suggests that the resolution process should consider the following:
----------------------------------------------------------Relevant facts
This may involve:

Relevant parties

Ethical issues involved

Referring to the organisation's policy,


procedures, code of conduct and previous
history

Discussing the matter with trusted managers


and employees.

These may include those directly affected e.g.


shareholders, employees and employers but may
also include the community at large.

---------------------These include:

---------------

Professional ethical issues

Organisational ethical issues

Personal ethical issues

Fundamental principles related to the


matter in question

This will involve reference to the relevant ethical


guidance e.g. ICAB Code

Established internal procedures

The professional accountant may find it useful to


discuss ethical conflict issues with:
~

Immediate superior

The next level of management


A corporate governance body

~
~

Other departments e.g. legal, audit, human


resources

Consideration should also be given to the point at


which help is sought from external sources e.g.
ICAB. Generally it would be preferable for the
conflict to be resolved without externa_l

consultation.
Alternative courses of action

The following should be considered:


~

The organisation's policies, procedures and


guidelines

Applicable laws and regulations


Universal values and principles adopted by
society
Long and short-term consequences

Symbolic consequences

Private and public consequences

Where the conflict is significant and cannot be resolved the accountant would need to seek legal advice.
After exhausting all other possibilities and depending on the nature of the conflict, the individual may
conclude that withdrawal from the engagement team or resignation from the firm/employing organisation is
appropriate.
Point to note
Withdrawal/resignation would be seen very much as a last resort.

The Institute of Chartered Accountants in England and Wales, March 2009

41

Advanced Stage- Advanced Audit and Assurance

3.2

Exam context
Ethical issues will have been examined in the Knowledge and Application stage papers. However, at the
Advanced stage you will be faced with more complex situations. More emphasis will be placed on your
ability to use your judgement in the light of the facts provided, rather than testing your knowledge of the
ethical codes and standards in detail. In some instances the correct action may be uncertain and it will be
your ability to identify the range of possible outcomes which will be important rather than concluding
on a single course of action.
You should also be aware that the term 'ethics' will be used in a much broader sense than it has been in the
earlier Assurance and Audit and Assurance papers. It is likely to be combined with financial reporting,
business and tax issues where you may be required to assess the ethical judgements made by others
including management. You may also be asked to consider the issue from the point of view of the
accountant in practice and the accountant in business.
The following Interactive question demonstrates these points.

Interactive question 4: Revenue recognition

[Difficulty level: Exam standard]

You are the auditor of Bellevue Ltd for the year ended 31 December 20X8. The company provides
information to the financial services sector and is run by the managing director, Toby Stobbart. It has a
venture capital investment of which part is in the form of a loan. The investment agreement details a
covenant designed to protect the loan. This states an interest cover of 2 is required as a minimum i.e. the
company must be able to cover interest and loan principal repayments with profits at least twice.

70% of the revenue of the business is subscription based and contracts are typically 3 years in duration. 30%
of the revenue is for consultancy work which is billed on completion of the work. Consultancy projects are
for a maximum of 2 months.
During the previous year the management performed a review of the subscription revenue and concluded
that 40% of this represented consultancy work and should therefore be recognised in the first year of the
contract rather than being recognised over the duration of the contract as had previously been the case.
The audit file for 20X7 indicates that this treatment had been questioned vigorously by the audit manager
but had been agreed with the audit partner, James Cowell. James Cowell subsequently left the firm abruptly.
You have received a copy of the 20X8 draft accounts which show an interest cover of 2.02 for 20X7 and
2.0 I for 20X8. You have also been told that a similar review of subscription income has been made for
20X8 with 40% being reclassified as consultancy work as in the previous year.
What are the issues that you as auditor would need to consider in this situation?
See Answer at the end of this chapter.

42

The Institute of Chartered Accountants in England and Wales, March 2009

ETHICS

..Summary and Self-test

Summary

The Institute of Chartered Accountants in England and Wales, March 2009

43

chapter 3

Governance

Introduction

Topic List
I

Relevance of corporate governance

Corporate governance concepts

The Code of Corporate Governance

Role of the board

Associated guidance

OECD principles of corporate governance

Sarbanes-Oxley

Evaluation of corporate governance mechanisms

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

65

GOVERNANCE

Relevance of corporate governance

1.1

Introduction
Corporate governance potentially covers a wide range of issues and disciplines from company secretarial
and legal through business strategy, executive and non-executive management and investor relations to
accounting and information systems.
Corporate governance issues came to prominence in the business world from the late 1980s. The main
drivers associated with the increasing demand for developments in this area included the following:
~

Financial reporting
Issues concerning financial reporting were raised by many investors and were the focus of much
debate and litigation. Shareholder confidence in what was being reported in many instances was
eroded. Whilst corporate governance development is not just about better financial reporting
requirements, the regulation of creative accounting practices, such as off-balance sheet financing,
has led to greater transparency and a reduction in risks faced by investors.
Corporate scandals
The early 1990s saw an increasing number of high profile corporate scandals and collapses including
Polly Peck International, BCCI, and Maxwell Communications Corporation. This prompted the
development of governance codes in the early 1990s. However, the scandals since then, including
En ron, have raised questions about further measures that may be necessary.

Excessive directors' remuneration


Directors being paid excessive salaries and bonuses has been seen as one of the major corporate
issues for a number of years. Whilst CEOs have argued that their packages reflect the global market,
shareholders and employees are concerned that these are often out of step with the remuneration of
other employees and do not reflect the performance of the company.

Worl<ed example: Directors' remuneration


It has been reported in the press (October 2007) that Stan O'Neal the CEO of Merrill Lynch, the US
investment bank is to walk away with more than $200 million in shares, stock options and retirement
benefits in spite of admitting responsibility for the bank's biggest quarterly loss in its 93 year history. These
losses are the result of an $8.4 billion write down covering sub-prime mortgage bonds. Stan O'Neal is
widely accepted as being responsible for the bank's more aggressive approach to lending.

1.2

What is corporate governance?


There are a number of different definitions of corporate governance. The following definition is taken from
the UK Combined Code.

The Institute of Chartered Accountants in England and Wales, March 2009

67

Advanced Stage- Advanced Audit and Assurance

Definition
Corporate governance: The system by which organisations are directed and controlled.
An alternative definition is:
Corporate governance: The set of processes, customs, policies, laws and institutions affecting the way in
which an entity is directed, administered or controlled. Corporate governance serves the needs of
shareholders, and other stakeholders, by directing and controlling management activities towards good
business practices, objectivity and integrity in order to satisfy the objectives of the entity.

In essence corporate governance:


~

Involves the management and reduction of risk

Specifies the distribution rights and responsibilities among different participants in the
corporation, such as the board, managers, shareholders and other stakeholders

Spells out the rules and procedures for making decisions on corporate affairs

Provides the structure through which objectives are set

Provides the means of attaining the objectives and monitoring performance

It can be argued that good corporate governance:

1.3

Provides a framework for an organisation to pursue its strategy in an ethical and effective way and
offers safeguards against the misuse of resources, human, financial, physical or intellectual

Can attract new investment into companies, particularly in developing nations

Underpins capital market confidence in companies

Features of poor corporate governance


The scandals over the last 25 years have highlighted the need for guidance to tackle the various risks and
problems that can arise in organisations' systems of governance.

1.3.1

Domination by a single individual


A feature of many corporate governance scandals has been boards dominated by a single senior executive
with other board members merely acting as a rubber stamp. Sometimes the single individual may bypass the
board to action his own interests. The report on the UK Guinness case suggested that the Chief Executive,
Ernest Saunders, paid himself a CU3million reward without consulting the other directors.
Even if an organisation is not dominated by a single individual, there may be other weaknesses. The
organisation may be run by a small group centred round the chief executive and chief financial officer, and
appointments may be made by personal recommendation rather than a formal, objective process.

1.3.2

Lack of involvement of board


Boards that meet irregularly or fail to consider systematically the organisation's activities and risks are
clearly weak. Sometimes the failure to carry out proper oversight is due to a lack of information being
provided.

1.3.3

Lack of adequate control function


An obvious weakness is a lack of internal audit.
Another important control is lack of adequate technical knowledge in key roles, for example in the
audit committee or in senior compliance positions. A rapid turnover of staff involved in accounting or
control may suggest inadequate resourcing, and will make control more difficult because of Jack of
continuity.

68

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

1.3.4

Lack of supervision
Employees who are not properly supervised can create large losses for the organisation through their own
incompetence, negligence or fraudulent activity. The behaviour of Nick Leeson, the employee who caused
the collapse of Barings bank was not challenged because he appeared to be successful, whereas he was using
unauthorised accounts to cover up his large trading losses. Leeson was able to do this because he was in
charge of dealing and settlement, a systems weakness or lack of segregation of key roles that was
featured in other financial frauds.

1.3.5

Lack of independent scrutiny


External auditors may not carry out the necessary questioning of senior management because of fears of losing
the audit, and internal audit do not ask awkward questions because the chief financial officer determines their
employment prospects. Often corporate collapses are followed by criticisms of external auditors; such as the
Barlow Clowes affair where poorly planned and focused audit work failed to identify illegal use of client monies.

1.3.6

Lack of contact with shareholders


Often board members may have grown up with the company but lose touch with the interests and views of
shareholders. One possible symptom of this is the payment of remuneration packages that do not appear to
be warranted by results.

1.3.7

Emphasis on short-term profitability


Emphasis on success or getting results can lead to the concealment of problems or errors, or
manipulation of accounts to achieve desired results.

1.3.8

Misleading accounts and information


Often misleading figures are symptomatic of other problems (or are designed to conceal other problems)
but clearly poor quality accounting information is a major problem if markets are trying to make a fair
assessment of the company's value. Giving out misleading information was a major issue in the UK's
Eqwtable Life scandal where the company gave contradictory information to savers, independent advisers,
media and regulators.

1.4 Risks of poor corporate governance


Clearly the ultimate risk is of the organisation making such large losses that bankruptcy becomes
inevitable. The organisation may also be closed down as a result of serious regulatory breaches, for
example misapplying investors' monies.

The Institute of Chartered Accountants in England and Wales, March 2009

69

Advanced Stage -Advanced Audit and Assurance

2 Corporate governance concepts

One view of governance is that it is based on a series of underlying concepts. These are important as
good corporate governance depends on a willingness to apply the spirit of the guidance as well as the
letter ofthe law.

2.1

Fairness
The directors' deliberations and also the systems and values that underlie the company must be balanced
by taking into account everyone who has a legitimate interest in the company, and respecting their rights
and views. In many jurisdictions, corporate governance guidelines reinforce legal protection for certain
groups, for example minority shareholders.

2.2

Openness/transparency
In the context of corporate governance, transparency means corporate disclosure to stakeholders.
Disclosure in this context obviously includes information in the financial statements, not just the numbers
and notes to the accounts but also narrative statements such as the directors' report and the operating and
financial review. It also includes all voluntary disclosure, that is disclosure above the minimum required
by law or regulation. Voluntary corporate communications include:
~
~
~

Management forecasts
Analysts' presentations
Press releases
Information placed on websites
Other reports such as stand-alone environmental or social reports.

The main reason why transparency is so important relates to the agency problem, that is the potential
conflict between owners and managers. Without effective disclosure the position could be unfairly weighted
towards managers, since they normally have far more knowledge of the company's activities and financial
situation than owners/investors. Reducing this information asymmetry requires not only effective
disclosure rules, but strong internal controls that ensure that the information that is disclosed is reliable.

2.3

Independence
Independence is an important concept in relation to directors (as well as auditors). Corporate governance
reports have increasingly stressed the importance of independent non-executive directors; directors
who are not primarily employed by the company and who have very strictly controlled other links with it.
They should be free from conflicts of interest and in a better position to promote the interests of

70

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

shareholders and other stakeholders. Freed from pressures that could influence their activities,
independent non-executive directors should be able to carry out effective monitoring of the company in
conjunction with independent external auditors on behalf of shareholders and other stakeholders.

2.4

Probity/honesty
Hopefully this should be the most self-evident of the principles, relating not only to telling the truth, but
also not misleading shareholders and other stakeholders by presenting information in a biased way.

2.5

Responsibility
For management to be held properly responsible, there must be a system in place that allows for
corrective action and penalising mismanagement. Responsible management should do, when
necessary, whatever it takes to set the company on the right path.
The board of directors must act responsively to, and with responsibility towards, all stakeholders of the
company. However the responsibility of directors to other stakeholders, both in terms of to whom they
are responsible and the extent of their responsibility, remains a key point of contention in corporate
governance debates.

2.6

Accountability
Corporate accountability refers to whether an organisation (and its directors) are answerable in some
way for the consequences of their actions.
The UK Combined Code emphasises that boards of directors are accountable to shareholders. (See section
3). However, the Code stresses that making the accountability work is the responsibility of both parties.
Directors, as we have seen, do so through the quality of information that they provide whereas
shareholders do so through their willingness to exercise their responsibility as owners, which means
using the available mechanisms to query and assess the actions of the board.

As with responsibility one of the biggest debates in corporate governance is the extent of management's
accountability towards other stakeholders such as the community within which the organisation
operates.

2. 7

Reputation
In the same way directors' concern for an organisation's reputation will be demonstrated by the extent to
which they fulfil the other principles of corporate governance. There are purely commercial reasons for
promoting the organisation's reputation, that the price of publicly traded shares is often dependent on
reputation and hence reputation is often a very valuable asset of the organisation.

2.8 judgement
Judgement means the board making decisions that enhance the prosperity of the organisation. This
means that board members must acquire a broad enough knowledge of the business and its
environment to be able to provide meaningful direction to it. This has implications not only for the
attention directors have to give to the organisation's affairs, but also the way the directors are recruited
and trained.
The complexities of senior management mean that the directors have to bring multiple conceptual skills
to management that aim to maximise long-term returns. This means that corporate governance can involve
balancing many competing people and resource claims against each other.

The Institute of Chartered Accountants in England and Wales, March 2009

71

Advanced Stage- Advanced Audit and Assurance

2.9

Integrity
The UK Combined Code provides the following definition:

Definition
Integrity: Straightforward dealing and completeness. What is required of financial reporting is that it
should be honest and that it should present a balanced picture of the state of the company's affairs. The
integrity of reports depends on the integrity of those who prepare and present them.

Integrity can be taken as meaning someone of high moral character, who sticks to principles no matter
the pressure to do otherwise. In working life this means adhering to principles of professionalism and
probity. Straightforward dealing in relationships with the different people and constituencies whom
you meet is particularly important; trust is vital in relationships and belief in the integrity of those with
whom you are dealing underpins this.
The UK Combined Code definition highlights the need for personal honesty and integrity of preparers
of accounts. This implies qualities beyond a mechanical adherence to accounting or ethical regulations or
guidelines. At times accountants will have to use judgement or face financial situations which aren't covered
by regulations or guidance, and on these occasions integrity is particularly important.
Integrity is an essential principle of the corporate governance relationship, particularly in relation to
representing shareholder interests and exercising agency. As with financial reporting guidance, ethical codes
don't cover all situations and therefore depend for their effectiveness on the qualities of the accountant. In
addition we have seen that a key aim of corporate governance is to inspire confidence in participants in the
market and this significantly depends upon a public perception of competence and integrity.

3 The Combined Code of Corporate Governance in


Bangladesh

3.1

The Content of Corporate Governance in SEC notification


The guidelines recommended by SEC, vide notification dated 20th February, 2006 on a "comply or explain"
basis to enhance corporate governance for the listed .companies of Bangladesh are as follows:

3.1.1 Board of Directors:


3.1.1.1 Board's Size
The number of the board members of the company should not be less than 5 (five) and more than 20
(twenty}:
Provided, however, that in the case of banks and non-bank financial institutions, insurance companies and
statutory bodies for which separate primary regulators like Bangladesh Bank, Department of Insurance etc.

72

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
exist, the Board of those companies should be constituted as may be prescribed by such primary regulators
in so far as those prescriptions are not inconsistent with the aforesaid condition.

3.1.1.2 Independent Directors


All companies should encourage effective representation of independent directors on their Board of
Directors so that the Board, as a group, includes core competencies considered relevant in the context of
each company. For this purpose, the companies should comply with the following:(i) At least one tenth ( 1/1 0) of the total number of the company's board of directors, subject to a minimum
of one, should be independent directors.
Explanation: For the purpose of this clause "independent director" means a director who does not hold any
share in the company or who holds less than one percent (I%) shares of the total paid-up shares of the
company, who is not connected with the company's promoters or directors or shareholder who holds one
percent (I%) or more than one percent (I%) shares of the total paid-up shares of the company on the basis
of family relationship; who does not have any other relationship, whether pecuniary or otherwise, with the
company or its subsidiary/ associated companies, who is not a member, director or officer of any stock
exchange, and who is not a shareholder, director or officer of any member of stock exchange or an
intermediary of the capital market.

(ii) The independent director(s) should be appointed by the elected directors.

3.1.1.3 Chairman ofthe Board and Chief Executive


The positions of the Chairman of the Board and the Chief Executive Officer of the companies should
preferably be filled by different individuals. The Chairman of the company should be
elected from among the directors of the company. The Board of Directors should clearly define respective
roles and responsibilities of the Chairman and the Chief Executive Officer.

3.1.1 A The Directors' Report to Shareholders


The directors of the companies should include following additional statements in the Directors' Report
prepared under section 184 of the Companies Act, 1994:(a) The financial statements prepared by the management of the issuer company present fairly its state of
affairs, the result of its operations, cash flows and changes in equity.
(b) Proper books of account of the issuer company have been maintained.
(c) Appropriate accounting policies have been consistently applied in preparation of the financial statements
and that the accounting estimates are based on reasonable and prudent judgment.
(d) International Accounting Standards, as applicable in Bangladesh, have been followed in preparation of the
financial statements and any departure therefrom has been adequately
disclosed.
(e) The system of internal control is sound in design and has been effectively implemented and monitored.

(f) There are no significant doubts upon the issuer company's ability to continue as a going concern. If the
issuer company is not considered to be a going concern, the fact along with reasons thereof should be
disclosed.
(g) Significant deviations from last year in operating results of the issuer company should be highlighted and
reasons thereof should be explained. (h) Key operating and financial data of at least preceding three years
should be summarised.
(i) If the issuer company has not declared dividend (cash or stock) for the year, the reasons thereof should
be given.

The Institute of Chartered Accountants in England and Wales, March 2009

73

Advanced Stage- Advanced Audit and Assurance

(j} The number of Board meetings held during the year and attendance by each director should be
disclosed.
(k} The pattern of shareholding should be reported to disclose the aggregate number of shares (along with
name wise details where stated below) held by:(i} Parent/Subsidiary/Associated companies and other related parties (name wise details);
(ii} Directors, Chief Executive Officer, Company Secretary, Chief Financial Officer,
Head of Internal Audit and their spouses and minor children (name wise details);
(iii) Executives; and
(iv) Shareholders holding ten percent (I 0%) or more voting interest in the company (name wise details).
Explanation: For the purpose of this clause, the expression "executive" means top five salaried employees of
the company, other than the Directors, Chief Executive Officer, Company
Secretary, Chief Financial Officer and Head of Internal Audit.

3.1.2 Chief Financial Officer (CFO), Head Of Internal Audit And Company Secretary:
3.1.2.1 Appointment
The company should appoint a Chief Financial Officer (CFO), a Head of Internal Audit and a Company
Secretary. The Board of Directors should clearly define respective roles, responsibilities and duties of the
CFO, the Head of Internal Audit and the Company Secretary.

3.1.2.2 Requirement to Attend Board Meetings


The CFO and the Company Secretary of the companies should attend meetings of the Board of Directors,
provided that the CFO and/or the Company Secretary should not attend such part of a
meeting of the Board of Directors which involves consideration of an agenda item relating to the CFO
and/or the Company Secretary.

3.1.3 Audit Committee:


The company should have an Audit Committee as a sub-committee of the Board of Directors. The Audit
Committee should assist the Board of Directors in ensuring that the financial
statements reflect true and fair view of the state of affairs of the company and in ensuring a good
monitoring system within the business. The Audit Committee shall be responsible to the Board of
Directors. The duties of the Audit Committee should be clearly set forth in writing.

3.1.3.1. Constitution of Audit Committee


(i) The Audit Committee should be composed of at least 3 (three) members.
(ii) The Board of Directors should appoint members of the Audit Committee who should be directors of
the company and should include at least one independent director.
(iii) When the term of service of the Committee members expires or there is any circumstance causing any
Committee member to be unable to hold office until expiration of the term of service, thus making the
number of the Committee members to be lower than the prescribed number of 3 (three) persons, the
Board of Directors should appoint the new Committee member(s) to fill up the vacancy(ies) immediately or
not later than I (one) month from the date of vacancy(ies) in the Committee to ensure continuity of the
performance of work of the Audit Committee.

3.1.3.2. Chairman of the Audit Committee


(i) The Board of Directors should select I (one) member of the Audit Committee to be Chairman of the
Audit Committee.

74

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
(ii) The Chairman of the audit committee should have a professional qualification or knowledge,
understanding and experience in accounting or finance.
3.1.3.3. Reporting of the Audit Committee
3.1.3.3.1 Reporting to the Board of Directors
(i) The Audit Committee should report on its activities to the Board of Directors.
(ii) The Audit Committee should immediately report to the Board of Directors on the following findings, if
any:(a) Report on conflicts of interests;
(b) Suspected or presumed fraud or irregularity or material defect in the internal control system;
(c) Suspected infringement of laws, including securities related laws, rules and regulations; and
(d) Any other matter which should be disclosed to the Board of Directors immediately.
3.1.3.3.2 Reporting to the Authorities
If the Audit Committee has reported to the Board of Directors about anything which has material impact
on the financial condition and results of operation and has discussed with the
Board of Directors and the management that any rectification is necessary and if the Audit Committee finds
that such rectification has been unreasonably ignored, the Audit Committee should report such finding to
the Commission, upon reporting of such matters to the Board of Directors for three times or completion
of a period of 9 (nine) months from the date of first reporting to the Board of Directors, whichever is
earlier.
3.1.3.3.3. Reporting to the Shareholders and General Investors
Report on activities carried out by the Audit Committee, including any report made to the Board of
Directors under condition 1.7.3.1 (ii) above during the year, should be signed by the Chairman of the Audit
Committee and disclosed in the annual report of the issuer company.

3.1.4. External/Statutory Auditors


The issuer company should not engage its external/statutory auditors to perform the following services of
the company; namely:(i) Appraisal or valuation services or fairness opinions;
(ii) Financial information systems design and implementation;
(iii) Book-keeping or other services related to the accounting records or financial statements;
(iv) Broker-dealer services;
(v) Actuarial services;
(vi) Internal audit services; and
(vii) Any other service that the Audit Committee determines.

3.1.5. Reporting the Compliance in the Director's Report


The directors of the company shall state, in accordance with the annexure attached, in the directors' report
whether the company has complied with these conditions.

The Institute of Chartered Accountants in England and Wales, March 2009

75

Advanced Stage- Advanced Audit and Assurance

3.2

Bangladesh Bank Guidelines on Financial Institutions' Corporate


Governance

3.2.1. Structure of the audit committee and qualification of its members


As per BRPD circular 12 , the structure of the audit committee and the qualification of its members should
be as under:
Organisational structure
The audit committee will comprise of 3 (three) members;
Members of the committee will be nominated by the board of directors from the directors;
Members may be appointed for a 3 (three) year terms of the office;
Company Secretary of the bank will be the secretary of the audit committee.
Qualifications of the members
Integrity, dedication and opportunity to spare time for the committee will have to be considered while
giving nomination to a director to the committee
Each member should be capable of making valuable and effective contributions in the functioning of the
committee;
To perform his or her role effectively each committee member should have adequate understanding of the
detailed responsibilities of the committee membership as well as the bank's business, operations and its
risks.
Duties and responsibilities of audit committee will be as follows:
Internal control
Evaluate whether management is setting the appropriate compliance culture by communicating the
importance of internal control and the management of risk and ensuring that all employees have,
understanding of their roles and responsibilities.
Review the arrangements made by the management for building a suitable management information system
(MIS) including computerisation system and its applications
Consider whether internal control strategies recommended by internal and external auditors have been
implemented by the management
Review the existing risk and management procedures for ensuring an effective internal check and control
system
Review the corrective measures taken by the management as regards the reports relating to fraud, forgery,
deficiencies in internal control or other similar issues detected by internal and external auditors and
inspectors of the regulatory authority and inform the board on a regular basis.
Financial reporting
Review the annual financial statements and determine whether they are complete and consistent with the
accounting standards set by the regulatory authority
Meet with management and the external auditors to review the financial statements before their finalisation.
Internal audit
Review the activities and organisational structure of the internal audit function and ensure that no
unjustified restrictions or limitations is made;

76

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
Review the efficiency and effectiveness of internal audit function;
Review that findings and recommendations made by the internal auditors for removing the irregularities
detected and running the affairs of the bank are duly considered by the management.
External audit
Review the audit performance of the external auditors and their audit reports
Review that findings and recommendations made by the external auditors for removing the irregularities
detected and also running the affairs of the. bank are duly considered by the management
Make recommendations to the board regarding the appointment of the external auditors.
Compliance with existing laws and regulations
Review whether the laws and regulations framed by the regulatory authorities (central bank and other
bodies) and internal regulations approved by the board have been complied with.
Other responsibilities
Place compliance report before the board on quarterly basis regarding regularisation of the errors and
omissions fraud and forgeries and other irregularities as detected by the internal and external auditors and
inspectors of regulatory authorities/Bangladesh Bank.
Perform other oversight functions as requested by the board and evaluate the committee's own
performance on a regular basis.

3.2.2 Bangladesh Bank has also issued a guideline on the implementation of 'Money Laundering
Prevention Act 2002'.
3.2.3 Bangladesh Bank has issued guidelines for managing core risks in banking companies as
well as internal control implementation techniques for banking companies.

3.3

Best Practice Corporate Governance

3.3.1. SAFA Best Practices on Corporate Governance


Apart from the SEC and Bangladesh Bank guidelines, SAFA (South Asian Federation of Accountants) , of
which ICAB is a member, has adopted Best Practices on Corporate Governance on September, 2005.The
document is set out as a series of main principles, some of which have supporting principles and all of which
have provisions.
The main principles for companies themselves cover directors, remuneration, accountability/audit and
relations with shareholders. In summary they are as follows:
A. Directors:

I Effective composition of board


2 Division of responsibility between the Chairman of the board and the Chief Executive Officer
(CEO)
3 Information for and professional development ofthe board
4 Performance evaluation of the board
B. Remuneration:
I Level and make-up of directors' remuneration (the remuneration committee)
2 Policy development for directors' nomination (nomination committee)

The Institute of Chartered Accountants in England and Wales, March 2009

77

Advanc~d

Stage -Advanced Audit and Assurance

C. Accountability/audit:
I Audit committee and auditors
2 Disclosure on share trading
3 Financial reporting and annual report.
D. Relations with shareholders:
I Rights of shareholders
I. The board should include a balance of executive and non-executive directors (including some
independent non-executive directors) such that no individual or small group of individuals can
dominate the board's decision taking.
A Composition of Board
B Executive and Non-executive Directors and Independent Directors
C. Independent Director
2. Chairman and Chief Executive (A2)
Board Should lay down solid foundation for oversight and management of the company through:
- Clear division of responsibilities of the Chairperson of the board and the Chief Executive;
- Recognizing and publishing respective roles of the board and management; and
- Establishing an effective ethics and compliance framework
A Chairperson and Lead Independent Director
B Role of Chairperson
C Powers, Functions & Responsibilities of BOD
D Ethics and Values
E Meetings of BOD
F The Company Secretary
G Matters to be placed before BOD
3. Members of the Board and its Committees should not be over extended. All directors should
receive induction training upon joining the board and there should be an effective orientation
program for directors to regularly update and refresh their skills and knowledge. (A3)
A Qualification and Eligibility to act as Director
B Election of directors
C Training of BOD
4. Board should establish a process of performance evaluation in the company to ensure its sustained
success. (A4)
A Evaluation of BOD as a whole and that of individual directors
B Evaluation of CEO
C Committees of the BOD
5. Levels of remuneration should be sufficient to attract, retain and motivate directors and members
of senior management of the quality required to run the company successfully, but the company
should avoid paying more than is necessary for this purpose. A reasonable proportion of executive
directors' remuneration should be structured so as to link rewards to corporate and individual
performance. (B I)
A Remuneration Committee

78

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
6. The board should ensure planned and progressive refreshing of the board. (B2)
A Nomination Committee
Powers, Functions and Responsibilities of Nomination Committee
7. The board should establish formal and transparent arrangements for considering how they should
apply the financial reporting and internal control principles and for maintaining an appropriate
relationship with the company's auditors. (C I)
A Audit Committee
B Internal Control and Internal Audit
C Appointment & Qualification of External Auditors
D Disclosure of interest by Auditors' holding company's shares

8. Trading in company's share by key personnel shall be timely disclosed (C2)


A Disclosure of Interest by Directors, CEO & Executives holding company's share

9. The board should present a balanced and understandable assessment of company's position and
prospects through periodic financial reporting which shall include certain other information together
with certain statements/declarations by the directors and the management of the company. (C3)
A Annual Report
B Report on Corporate Governance
I0. Board should respect the rights of shareholders and facilitate the effective exercise of those
rights. (D I)
A Relationship with Shareholder

3.4 Followings are the overview of Corporate Governance in UK


The Combined Code
~

The Combined Code combines the recommendations of


- The Cadbury Report
- The Greenbury Code
- The Hampel Report
All companies incorporated in the UK and listed on the Main Market of the London Stock Exchange
must disclose how the principles of the Code have been applied
The Combined Code includes provisions covering the following issues:
-Directors
- Directors' remuneration
- Relations with shareholders
- Accountability and audit
- Institutional investors
The Combined Code includes a number of disclosure requirements

Interactive question I: Corporate Governance Code

[Difficulty level: Intermediate]

The Corporate Governance Code is a SEC requirement for listed companies. It is recommended for other
companies. Some argue that the code should be mandatory for all companies.

Requirement
(a)

Discuss the benefits of the Code to shareholders and other interested users of financial statements.

(b)

Discuss the merits and drawbacks of having such provisions in the form of a voluntary code.

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

79

Advanced Stage- Advanced Audit and Assurance

4 Role of the board

4.1

Scope of role
If the board is to act effectively, its role must be defined carefully. The Cad bury report suggests that the
board should have a formal schedule of matters specifically reserved to it for decision. Some would be
decisions such as mergers and takeovers that are fundamental to the business and hence should not
be taken just by executive managers. Other decisions would include acquisitions and disposals of assets
of the company or its subsidiaries that are material to the company and investments, capital projects,
bank borrowing facilities, loans and their repayment, foreign currency transactions, all above a certain size
(to be determined by the board).
Other tasks the board should perform include:
~

Monitoring the chief executive officer

Overseeing strategy

Monitoring risks and control systems

Monitoring the human capital aspects of the company in regard to succession, morale, training,
remuneration etc.

Ensuring that there is effective communication of its strategic plans, both internally and externally

Worked example: Role of the board


For the voluntary sector, the UK's Good Governance, A Code (or the Voluntary and Community Sector stresses
the board of trustees' role in ensuring compliance with the objects, purposes and values of the organisation
and with its governing document. The Code stresses that the Board must ensure that the organisation's
vision, mission, values and activities remain true to its objects.
The Code also lays more stress than the governance codes targeted at listed companies on trustees
focusing on the strategic direction of their organisation and not becoming involved in day-to-day activities.
The Chief Executive Officer should provide the link between the board and the staff team, and the means
by which board members hold staff to account. Where in smaller organisations trustees need to become
involved in operational matters, they should separate their strategic and operational roles.

4.2 Attributes of directors


In order to carry out effective scrutiny, directors need to have relevant expertise in industry, comp,any,
functional area and governance. The board as a whole needs to contain a mix of expertise and show a
balance between executive management and independent non-executive directors. New and
existing directors should also have appropriate training to develop the knowledge and skills required.

80

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

4.2.1

Nomination committee
In order to ensure that balance of the board is maintained, the board should set up a nomination
committee, to oversee the process for board appointments and make recommendations to the board.
The Combined Code recommends that a majority of the committee members should be independent nonexecutive directors.
The nomination committee needs to consider the balance between executives and independent nonexecutives, the skills and knowledge possessed by the board, the need for continuity and succession
planning and the desirable size of the board. Recent corporate governance guidance has laid more stress on
the need to attract board members from a diversity of backgrounds.
The nomination committee should also be responsible for reviewing the time required from nonexecutive directors, as a basis for deciding whether the non-executive directors are spending enough time
on the company's activities. The nomination committee should also brief newly-appointed non-executive
directors about what is expected of them in terms of time commitments, committee service and

involvement outside board meetings.

4.3

Possession of necessary information


As we have seen above, in many corporate scandals, the board were not given full information. The Higgs
report (see section 5) stresses that it is the responsibility both of the chairman to decide what information
should be made available, and directors to satisfy themselves that they have appropriate information of
sufficient quality to make sound judgements.

4.4

Performance of board
Appraisal of the board's performance is an important control over it. The Higgs report recommends that
performance of the board should be assessed once a year. Separate appraisal of the chairman and
chief executive should also be carried out, with links to the remuneration process.

4.5

Board membership and division of responsibilities


All reports acknowledge the importance of having a division of responsibilities at the head of an
organisation. The simplest way to do this is to require the roles of chairman and chief executive to be
held by two different people.
This division has not been made mandatory in the UK. The Cad bury report recommended that if the posts
were held by the same individual, there should be a strong independent element on the board with a
recognised senior member. The Higgs report suggested that a senior independent non-executive director
should be appointed who would be available to shareholders who have concerns that were not resolved
through the normal channels.

Worked example: Director influence


Another area of concern is whether individual directors are exercising disproportionate influence on the
company. For example Boots prohibited the chairman of the remuneration committee from serving on the
audit committee and vice versa.

4.6

Non-executive directors
Non-executive directors have no executive (managerial) responsibilities.
Non-executive directors should provide a balancing influence, and play a key role in reducing conflicts
of interest between management (including executive directors) and shareholders. They should provide
reassurance to shareholders, particularly institutional shareholders, that management is acting in the
interests of the organisation.

The Institute of Chartered Accountants in England and Wales, March 2009

81

Advanced Stage - Advanced Audit and Assurance

Worked example: Sources of non-executive directors


The Higgs report made a number of suggestions about possible sources of non-executive directors:

4.6.1

Companies operating in international markets could benefit from having at least one non-executive
director with international experience

Lawyers, accountants and consultants can bring skills that are useful to the board

Listed companies should consider appointing directors of private companies as non-executive


directors

Including individuals with charitable or public sector experience but strong commercial awareness can
increase the breadth of diversity and experience on the board

Role of non-executive directors


The Higgs report also provides a useful summary of the role of non-executive directors:

4.6.2

Strategy: non-executive directors should contribute to, and challenge the direction of, strategy.

Performance: non-executive directors should scrutinise the performance of management in meeting


goals and objectives, and monitor the reporting of performance.

Risk: non-executive directors should satisfy themselves that financial information is accurate and that
financial controls and systems of risk management are robust.

Directors and managers: non-executive directors are responsible for determining appropriate
levels of remuneration for executives, and are key figures in the appointment and removal of senior
managers and in succession planning.

Advantages of non-executive directors


Non-executive directors can bring a number of advantages to a board of directors.

82

They may have external experience and knowledge which executive directors do not
possess. The experience they bring can be in many different fields. They may be executive directors
of other companies, and thus have experience of different ways of approaching corporate governance,
internal controls or performance assessment. They can also bring knowledge of markets within which
the company operates.

Non-executive directors can provide a wider perspective than executive directors who may be
more involved in detailed operations.

Good non-executive directors are often a comfort factor for third parties such as investors or
creditors.

The English businessman Sir John Harvey-Jones has pointed out that there are certain roles nonexecutive directors are well-suited to play. These include 'father-confessor' (being a confidant for the
chairman and other directors), 'oil-can' (intervening to make the board run more effectively) and
acting as 'high sheriff (if necessary taking steps to remove the chairman or chief executive).

The most important advantage perhaps lies in the dual nature of the non-executive director's role.
Non-executive directors are full board members who are expected to have the level of knowledge
that full board membership implies. At the same time they are meant to provide the so-called strong,
independent element on the board. This should imply that they have the knowledge and
detachment to be able to assess fairly the remuneration of executive directors when serving on the
remuneration committee, and to be able to discuss knowledgeably with auditors the affairs of the
company on the audit committee.

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

4.6.3

Problems with non-executive directors


Nevertheless there are a number of difficulties connected with the role of non-executive director.

4.6.4

In many organisations, non-executive directors may lack independence. There are in practice a
number of ways in which non-executive directors can be linked to a company, as suppliers or
customers for example. Even if there is no direct connection, potential non-executive directors are
more likely to agree to serve if they admire the company's chairman or its way of operating.

There may be a prejudice in certain companies against widening the recruitment of non-executive
directors to include people proposed other than by the board or to include stakeholder
representatives.

High-calibre non-executive directors may gravitate towards the best-run companies, rather than
companies which are more in need of input from good non-executives.

Non-executive directors may have difficulty imposing their views upon the board. It may be easy to
dismiss the views of non-executive directors as irrelevant to the company's needs. This may imply that
non-executive directors need good persuasive skills to influence other directors. Moreover, if
executive directors are determined to push through a controversial policy, it may prove difficult for
the more disparate group of non-executive directors to oppose them effectively.

Sir John Harvey-Jones has suggested that not enough emphasis is given to the role of non-executive
directors in preventing trouble, in warning early on of potential problems. But on the contrary,
when trouble does arise, non-executive directors may be expected to play a major role in rescuing the
situation, which they may not be able to do.

Perhaps the biggest problem which non-executive directors face is the limited time they can devote
to the role. If they are to contribute valuably, they are likely to have time-consuming other
commitments. In the time they have available to act as non-executive directors, they must contribute
as knowledgeable members of the full board and fulfil their legal responsibilities as directors. They
must also serve on board committees. Their responsibilities mean that their time must be managed
effectively, and they must be able to focus on areas where the value they add is greatest.

Number of non-executive directors


Most corporate governance reports acknowledge the importance of having a significant presence of nonexecutive directors on the board. The question has been whether organisations should follow the broad
principles expressed in the Cadbury report:
'The board should include non-executive directors of sufficient character and number for their views
to carry significant weight.'
or whether they should follow prescriptive guidelines. New York Stock Exchange rules now require listed
companies to have a majority of non-executive directors.

4.6.5

Independence of non-executive directors


Various safeguards can be put in place to ensure that non-executive directors remain independent. Those
suggested by the corporate governance reports include:
~

Non-executive directors should have no business, financial or other connection with the
company, apart from fees and shareholdings. Recent reports such as the Higgs report have widened
the scope of business connections to include anyone w.ho has been an employee or had a material
business relationship over the last few years, or served on the board for more than ten years.

They should not take part in share option schemes and their service should not be pensionable,
to maintain their independent status.

Appointments should be for a specified term and reappointment should not be automatic. The
board as a whole should decide on their nomination and selection.

The Institute of Chartered Accountants in England and Wales, March 2009

83

Advanced Stage- Advanced Audit and Assurance


~

Procedures should exist whereby non-executive directors may take independent advice, at the
company's expense if necessary.

Whenever a question scenario features non-executive directors, watch out for threats to, or questions
over, their independence.

4.6.6

Multi-tier boards
Some jurisdictions take the split between executive and other directors to its furthest extent. Institutional
arrangements in German companies are based on a two-tiered board. A supervisory board has
workers' representatives, and perhaps shareholders' representatives including banks' representatives, in
equal numbers. The board has no executive function, although it does review the company's direction and
strategy and is responsible for safeguarding stakeholders' interests. An executive board, composed
entirely of managers, will be responsible for the running of the business.
In Japan there are three different types of board of director.
~

Policy boards - concerned with long-term strategic issues

Functional boards -made up of the main senior executives with a functional role

Monocratic boards - with few responsibilities and having a more symbolic role

Proposals to introduce two (or more) tier boards have been particularly criticised in the UK and USA as
leading to confusion and a lack of accountability. This has affected the debate on enhancing the role of nonexecutive directors, with critics claiming that moves to increase the involvement of non-executive directors
are a step on the slippery slope towards two-tier boards.

S Associated guidance

-5.1
5.1.1

The Turnbull Report


Introduction
The perception of what constitutes a corporate risk and how to measure and report such risks to investors
took a major step forward with the publication of the Turnbull Report. This was seen as a further piece of
the governance jigsaw following the Cadbury, Green bury and Hampel Reports.
In 1999 the Internal Control Working Party of the ICAEW, chaired by Nigel Turnbull (finance director of
Rank Group Ltd), issued guidance for directors of UK listed companies. The working party built on the
requirement contained in the Combined Code that boards must maintain "a sound system of internal
control to safeguard shareholders' investment and the company's assets". The detailed
provisions require annual review of all the company's internal controls, including financial, operational and
compliance controls and risk management. Potential threats to the company include environmental, ethical
and social risks. The original Turnbull Report also highlighted the role of internal audit. Internal audit is
referred to in Chapter 9 of this text.
In 2005 a revised Turnbull Report was published under the chairmanship of Douglas Flint, Group Finance
Director of HSBC Holdings. Although it did not make major amendments to the 1999 version of the report

84

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
it did emphasise the importance of companies reporting on their internal controls and risk management
procedures.

5.1.2

Objectives of the Turnbull Report


The objectives of the Turnbull Report are to encourage companies to adopt a risk-based approach to
establishing a system of internal control, i.e. to manage and control risk appropriately rather than
eliminate it. The guidance given in Turnbull outlines broad principles that require directors to use their
judgement when applying them. This should enable companies to achieve their own business objectives
rather than merely "ticking boxes".
Turnbull constantly emphasises the importance of an embedded and ongoing process of identifying and
responding to risks. Thus a company must:
~

~
~
~

Establish business objectives


Identify the key risks associated with these
Agree the controls to address the risks
Set up a system to implement the decision,. including regular feedback.

The Turnbull Report emphasises that the guidance aims to reflect sound business practice, as well as to help
companies comply with the internal control requirements of the Combined Code.

5.1.3
"-

Responsibilities of Directors, Management and Employees


The responsibilities of directors, management and employers to integrate the Turnbull Report are as
follows:
Directors
~

Have a defined process for the review of effectiveness of internal control

Seek regular assurance that the system is functioning

Review the effectiveness of internal control

Make disclosures on internal controls in the annual report and accounts

The revised 2005 Turnbull Report clarifies that directors will be expected to apply the same standard
of care when reviewing the effectiveness of internal control as when exercising their general duties.

Management
~
~

Implement board policies on risk and control


Identify and evaluate the risks faced by the company

Employees
~

5.1.4

Necessary knowledge, skills, authority etc to establish, operate and monitor the system of internal
controls.

Review of Internal Financial Control


The Turnbull guidance stipulates that directors should have regard to a series of criteria under five key
headings.
(I)

Control environment- the tone set from the top of the organisation.

(2)

Risk assessment- process to identify major risks and assess their impact.

(3)

Information systems- include monthly reporting, comparison with budgets etc as well as nonfinancial performance indicators.

(4)

Control procedures- internal controls to overcome risk (segregation of duties, authorisation, etc)

(5)

Monitoring - procedures designed to assure the board that the system is managing risk (audit
committees, internal audit, etc.)

The Institute of Chartered Accountants in England and Wales, March 2009

85

Advanced Stage - Advanced Audit and Assurance

Points to note
These five headings are essentially the same as the five components of internal control identified in BSA 315

Understanding the Entity and its Environment and Assessing the Risks

of Material Misstatement

Many perceive the overall control environment as the key component of internal control. Its importance
can be seen in the following worked example.

Worl<ed example: Control environment


Imagine a hotel group whose management prides itself on being "lean and mean".
Head office puts in controls to match this obsession. Each hotel is a separate company. Every manager has
his targets. The group has budgets and is measured by those budgets. But the key target by which the
business is run is occupancy rates.
The managers make sure that the hotels are full by reducing rates quite substantially. These low rates do
not filter through the system until a long time later. So their management system leads to a totally
ineffective system where expectations are high and the important controls are not there at all - because the
control environment is totally wrong.

5.1.5

Disclosure of Compliance with the Turnbull Report


As a minimum the annual report should contain a narrative statement disclosing that there is an
ongoing process for identifying, evaluating and managing the significant risks faced by the
company that is regularly reviewed by the board. The Turnbull guidance also states that the board may wish
to provide additional information to assist understanding of the company's risk management process and
system of internal control. The content of such narrative statements is likely, therefore, to vary widely from
company to company.
The following extract is from the statement of corporate governance of JSainsbury Ltd.

Internal control
The Board has overall responsibility for the system of
internal controls, including risk management, and has
delegated certain responsibilities to the Audit Committee.
The Audit Committee has reviewed the effectiveness of
the system of internal control and ensured that any
required remedial action has or is being taken on any
identified weaknesses. The system of internal controls is
designed to manage rather than eliminate the risk of
failure to achieve the Company's business objectives
and can only provide reasonable and not absolute
assurance against material misstatement or loss. It
includes all controls including financial, operational and
compliance controls and risk management. The
processes used to assess the effectiveness of the
internal control systems are ongoing, enabling a
cumulative assessment to be made, and include the
following:

86

discussion and approval by the Board of the


Company's strategic direction, plans and
objectives and the risks to achieving them;

review and approval by the Board of budgets and


forecasts, including both revenue and capital
expenditure;

regular operational and financial reviews of


performance against budgets and forecasts by
management and the Board;

regular reviews by management of the risks to


achieving objectives and actions being taken to
mitigate them;

regular reviews by the Board and Audit Committee


of identified fraudulent activity and any
whistleblowing by colleagues or suppliers, and
actions being taken to remedy any control
weaknesses;
regular reviews by management and the Audit
Committee of the scope and results of internal
audit work across the Company and of the
implementation of recommendations. The scope of
the work covers all key activities of the Group and
concentrates on higher risk areas;

reviews of the scope of the work of the external


auditors by the Audit Committee and any
significant issues arising;

reviews by the Audit Committee of accounting


policies and levels of delegated authority; and

consideration by the Board of the major risks


facing the Group and by the Audit Committee of
the procedures to manage them. These include
health and safety, legal compliance, litigation,
quality assurance, insurance and security and
social, ethical and environmental risks.

There is an ongoing process for identifying, evaluating


and managing the significant risks faced by the
Company. This process has been in place throughout
the year and up to the date of approval of the Annual

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
Report and Financial Statements and accords with the
Turnbull guidance. The effectiveness of the process is
reviewed annually by the Audit Committee which then
reports to the Board. The process consists of:
fonnal identification by management at each level
of the Company through a self assessment
process of the key risks to achieving their business
objectives and the controls in place to manage
them. The likelihood and potential impact of each
risk is evaluated and actions necessary to mitigate
them are identified and monitored;

certification by management that they are


responsible for managing the risks to their
business objectives and that the internal controls
are such that they provide reasonable but not
absolute assurance that the risks in their areas of
responsibility are appropriately identified,
evaluated and managed;

reporting and review by the Board of each


operating company of risk management activities
and actions taken to address non-compliance with
controls or to improve their effectiveness;

assurance from specialist functions and


committees that legal and regulatory, health and
safety, and social, ethical and environmental risks
are appropriately identified and managed; and

independent assurance by Internal Audit as to the


existence and effectiveness of the risk
management activities described by management.

The system of internal control and risk management is


embedded into the operations of the Company, and the
actions taken to mitigate any weaknesses are carefully
monitored.

J Sainsbury Ltd - Annual Report 2006

The Turnbull Report requires Boards to confirm in the annual report that necessary action has been, or is
being, taken to remedy any significant failings or weaknesses identified from their review of the
effectiveness of the internal control system. The Board should also include in the annual report such
information as is considered necessary to assist shareholders' understanding of the main features of the
company's risk management processes and system of internal control.

5.2 The Smith Report


5.2.1

Audit committees
Audit committees of independent non-executive directors should liaise with external audit, supervise
internal audit, and review the annual accounts and internal controls.
The Cadbury committee summed up the benefits that an audit committee can bring to an organisation.
'If they operate effectively, audit committees can bring significant benefits. In particular, they have the
potential to:

5.2.2

(a)

improve the quality of financial reporting, by reviewing the financial statements on behalf of the Board;

(b)

create a climate of discipline and control which will reduce the opportunity for fraud;

(c)

enable the non-executive directors to contribute an independent judgement and play a positive role;

(d)

help the finance director, by providing a forum in which he can raise issues of concern, and which he
can use to get things done which might otherwise be difficult;

(e)

strengthen the position of the external auditor, by providing a channel of communication and forum
for issues of concern;

(f)

provide a framework within which the external auditor can assert his independence in the event of a
dispute with management;

(g)

strengthen the position of the internal audit function, by providing a greater degree of independence
from management;

(h)

increase public confidence in the credibility and objectivity of financial statements.'

Recommendations
Following the major corporate failures in the US in 2002, an independent group, chaired by Sir Robert
Smith, was set up to clarify the role and responsibilities of audit committees and to develop the existing
Combined Code guidance. The report was issued in January 2003.
The key points, which are now reflected in the Combined Code and the detailed guidance, are set out
below.

The Institute of Chartered Accountants in England and Wales, March 2009

87

Advanced Stage- Advanced Audit and Assurance

Composition of the audit committee


.,

The committee must include at least three members, all independent non-executive directors .

.,

At least one member must have significant, recent and relevant financial experience, and all members
must be given suitable training.

Role of the audit committee


.,

To monitor the integrity of the company's financial statements, reviewing significant financial
reporting judgements .

.,

To review the company's internal financial control system and risk management systems
(unless covered by a separate risk committee or the board itself) .

.,

To monitor and review the effectiveness of the internal audit function .

.,

To recommend to the board which firm should be appointed as external auditor. If the board rejects
this recommendation, the committee and the board must explain their respective positions in the
annual report.

.,

To monitor and review the independence, objectivity and effectiveness of the external auditor,
taking into account relevant UK professional and regulatory requirements .

.,

To develop and implement policy on the engagement of the external auditor to supply non-audit
services, taking into account relevant ethical guidance regarding the provision of non-audit services by
the external audit firm.

Other
.,

The committee should be provided with sufficient resources .

.,

Its activities should be reported in a separate section of the directors' report (within the annual
report) .

.,

The chairman of the committee should be present to answer questions at the AGM.

Disclosures
The disclosures in the accounts are as follows:
.,
.,
.,
.,

5.3
5.3.1

A statement of compliance with the code;


A statement of the directors' responsibility for the preparation of the financial statements;
A statement on the effectiveness of the system of internal control;
A description of other features of the company's corporate governance arrangements.

The Higgs Report


Recommendations
This report, which was published in january 2003, reviewed the effectiveness of non-executive directors.
The hope is that the recommendations will significantly improve board practice and hence corporate
performance in the UK. Its recommendations, which set out a more demanding and important role for nonexecutive directors, include the following .

88

.,

An open, fair and rigorous appointments process designed to promote meritocracy in the
boardroom and to widen the pool of candidates .

.,

A new, clear description of the role of the non-executive director.

.,

The roles of chairman and chief executive to be separated (with the chief executive not progressing
to become chairman of the same company) .

.,

A new definition of 'independence', addressing both relationships that would affect a director's
objectivity and also those that could appear to do so. At least half the board would need to meet the
new test, as would all members of the audit and remuneration committees and a majority of the
nomination committee.

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
~

Closer relationships between non-executive directors and major shareholders to be promoted.

Improved induction and professional development for directors.

The performance of individual directors and of the board as a whole recommended to be evaluated at
least annually.

The liabilities of non-executive directors to be clarified.

More detailed provisions are as follows.


~-~ -~---------

Directors'
remuneration

Shareholders
and theAGM

Accountability
and audit

e------~- -~~- ------------~----------------~-----

The main provisions are:


~

The board should set up a remuneration committee composed exclusively


of non-executive directors to recommend (within terms of reference):
the company's policy on executive remuneration;
specific remuneration packages for each executive director;

The committee should consider what compensation commitments should be


included in directors' service contracts in the event of early termination,
particularly for unsatisfactory performance;

The committee should make a report each year to the shareholders;

The financial statements should include specific details of directors'


remuneration for each named director, including salary, bonuses, share options
and pension entitlement.

The main provisions are:

------------------

Boards should provide a full business presentation at the AGM with a


question and answer session;

A resume of discussions at the AGM should be made available to shareholders


on request;

Shareholders should be able to vote separately on each substantially separate


issue; the practice of 'bundling' unrelated proposals in a single resolution should
cease.

The main provisions are:


~

The company should set up an audit committee to liaise between the board
and the external and internal auditors;

The committee should keep under review the nature and extent of non-audit
services provided by the audit firm;

Directors should maintain and review controls relating to all relevant


control objectives and not merely financial controls.

More detailed provisions about the audit committee are:


._

Independent non-executive directors should make up the majority of its


members;

There should be written terms of reference which deal clearly with its authority
and duties.

In addition, the audit committee should review the scope and results of the audit
and its cost-effectiveness. It should report to the board on:

The financial reporting process and the audit thereof;

._ The internal controls of the business and the review thereof.


This internal control review should normally be carried out by the internal audit
department and the audit committee should have the power to commission that
department to carry out investigations on its behalf.

The Institute of Chartered Accountants in England and Wales, March 2009

89

Advanced Stage- Advanced Audit and Assurance

5.3.2

Relationship between external auditors and audit committees


In a briefing paper, the APB of UK has offered further suggestions on the relationship between the external
auditors and the audit committee. It recommends that there should be:
~

Clarity as to the audit committee's role, which will normally include the duty to challenge management
in respect of the financial reporting process, to monitor management's commitment to a sound
internal control environment and to appoint and fix the remuneration of the external auditors;

Frank communication between the external auditors and the committee, dealing with all significant
issues, even sensitive ones, in an open manner. This may require the bypassing of management and
direct contact with the committee, if potentially contentious situations arise;

At the completion of the audit, discussion between the external auditors and the committee about any
non-compliance with laws and regulations, the control environment, significant adjustments made, and
not made, to the financial statements and how any differences between the auditors and management
have been resolved, or not resolved.

Interactive question 2: Corporate governance

[Difficulty level: Intermediate]

Northwitch Ltd is a multinational energy group, quoted on the London and Dhaka Stock Exchanges.
The chief executive (and chairman), David Spence, was appointed four months before the year end for a
term of three years. He is keen to impose his views on the group and the audit. He has already made clear
that his Ipswich Town private box (CU 14,535), purchased through the company, will be made available only
to those who remain loyal to his cause.

Requirement
Outline any governance and related issues arising from David's appointment.
See Answer at the end of this chapter.

6 OECD principles of corporate governance

6.1

Convergence of international guidance


Because of increasing international trade and cross-border links, there is significant pressure for the
development of internationally comparable practices and standards. Accounting and financial reporting is
one area in which this has occurred. Increasing international investment and integration of international
capital markets has also led to pressure for standardisation of governance guidelines, as international
investors seek reassurance about the way their investments are being managed and the risks
involved.

90

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

6.2

OECD guidance
The Organisation for Economic Co-operation and Development (OECD) has carried out an extensive
consultation with member countries, and developed a set of principles of corporate governance that
countries and companies should work towards achieving. The OECD has stated that its interest in
corporate governance arises from its concern for global investment. Corporate governance
arrangements should be credible and should be understood across national borders. Having a common set
of accepted principles is a step towards achieving this aim.
The OECD developed its Principles of Corporate Governance in 1998 and issued a revised version in April
2004. They are non-binding principles, intended to assist governments in their efforts to evaluate and
improve the legal, institutional and regulatory framework for corporate governance in their countries.
They are also intended to provide guidance to stock exchanges, investors and companies. The focus is on
stock exchange listed companies, but many of the principles can also apply to private companies and stateowned organisations.
The OECD principles deal mainly with governance problems that result from the separation of
ownenhip and management of a company. Issues of ethical concern and environmental issues are also
relevant, although not central to the problems of governance.

6.3

OECD principles
The OECD principles are grouped into five broad areas:
(i)

The rights of shareholders


Shareholders should have the right to participate and vote in general meetings of the company,
elect and remove members of the board and obtain relevant and material information on a
timely basis. Capital markets for corporate control should function in an efficient and timely
manner.

(ii)

The equitable treatment of shareholders


All shareholders of the same class of shares should be treated equally, including minority
shareholders and overseas shareholders. Impediments to cross-border shareholdings
should be eliminated.

(iii) The role of stakeholders


Rights of stakeholders should be protected. All stakeholders should have access to relevant
information on a regular and timely basis. Performance-enhancing mechanisms for employee
participation should be permitted to develop. Stakeholders, including employees, should be able to
freely communicate their concerns about illegal or unethical relationships to the board.
(iv) Disclosure and transparency
Timely and accurate disclosure must be made of all material matters regarding the company,
including the financial situation, foreseeable risk factors, issues regarding employees and other
stakeholders and governance structures and policies. The company's approach to disclosure should
promote the provision of analysis or advice that is relevant to decisions by investors.
(v)

The responsibilities of the board


The board is responsible for the strategic guidance of the company and for the effective
monitoring of management. Board members should act on a fully informed basis, in good faith, with
due diligence and care and in the best interests of the company and its shareholders. They
should treat all shareholders fairly. The board should be able to exercise independent
judgement; this includes assigning independent non-executive directors to appropriate tasks.

The Institute of Chartered Accountants in England and Wales, March 2009

91

Advanced Stage- Advanced Audit and Assurance

7 Sarbanes-Oxley

7.I

The En ron scandal


The most significant scandal in America in recent years has been the En ron scandal, when one of the
country's biggest companies filed for bankruptcy. The scandal also resulted in the disappearance of Arthur
Andersen, one of the Big Five accountancy firms who had audited En ron's accounts. The main reasons why
En ron collapsed were over-expansion in energy markets, too much reliance on derivatives' trading which
eventually went wrong, breaches of federal law, and misleading and dishonest behaviour. However enquiries
into the scandal exposed a number of weaknesses in the company's governance.
~

A lack of the transparency in the accounts


This particularly related to certain investment vehicles that were not recognised in the statement of
financial position. Various other methods of inflating revenues, offloading debt, massaging quarterly
figures and avoiding taxes were employed.

Ineffective corporate governance arrangements


The company's management team was criticised for being arrogant and over ambitious. The Economist
suggested that Enron's Chief Executive Officer, Kenneth Lay, was like a cult leader with his staff and
employees fawning over his every word and following him slavishly. The non-executive directors were
weak, and there were conflicts of interest. The chair of the audit committee was Wendy Gramm; her
husband, Senator Phil Gramm, received substantial political donations from Enron.

Inadequate scrutiny by the external auditors


Arthur Andersen failed to spot or failed to question dubious accounting treatments. Since Andersen's
consultancy arm did a lot of work for En ron, there were allegations of conflicts of interest.

92

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
~

Information asymmetry
That is the agency problem of the directors/managers knowing more than the investors. The investors
included Enron's employees. Many had their personal wealth tied up in Enron shares, which ended up
being worthless. They were actively discouraged from selling them. Many of En ron's directors,
however, sold the shares when they began to fall, potentially profiting from them. It is alleged that the
Chief Financial Officer, Andrew Fastow, concealed the gains he made from his involvement with
affiliated companies.

Executive compensation methods


These were meant to align the interests of shareholders and directors, but seemed to encourage the
overstatement of short-term profits. Particularly in the USA, where the tenure of Chief Executive
Officers is fairly short, the temptation is strong to inflate profits in the hope that share options will
have been cashed in by the time the problems are discovered.

7.2

The Sarbanes-Oxley Act 2002


In the US the response to the breakdown of stock market trust caused by perceived inadequacies in
corporate government arrangements and the Enron scandal was the Sarbanes-Oxley Act 2002. The Act
applies to all companies that are required to file periodic reports with the Securities and Exchange
Commission (SEC). The Act was the most far-reaching US legislation dealing with securities in many years
and has major implications for public companies. Rule-making authority was delegated to the SEC on many
provisions.
Sarbanes-Oxley shifts responsibility for financial probity and accuracy to the board's audit committee,
which typically comprises three independent directors, one of whom has to meet certain financial literacy
-.
requirements (equivalent to non-executive directors in other jurisdictions).

'-~~

Along with rules from the Securities and Exchange Commission, Sarbanes-Oxley requires companies to
increase their financial statement disclosures, to have an internal code of ethics and to impose
restrictions on share trading by, and loans to, corporate officers.

7.3

:;,w;.

"<~~-

Detailed provisions of the Sarbanes-Oxley Act


These are as follows:
~

Public Ovenight Board


The Act set up a new regulator, The Public Company Accounting Oversight Board (PCAOB)
to oversee the audit of public companies that are subject to the securities laws.
The Board has powers to set auditing, quality control, independence and ethical standards
for registered public accounting firms to use in the preparation and issue of audit reports on the
financial statements of listed companies. In particular the board is required to set standards for
registered public accounting firms' reports on listed company statements on their internal control
over financial reporting. The board also has inspection and disciplinary powen over firms.

Auditing standards
Audit firms should retain working papen for at least seven years and have quality control
standards in place such as second partner review. As part of the audit they should review internal
control systems to ensure that they reflect the transactions of the client and provide reasonable
assurance that the transactions are recorded in a manner that will permit preparation of the
financial statements in accordance with generally accepted accounting principles. They
should also review records to check whether receipts and payments are being made only in
accordance with management's authorisation.

The Institute of Chartered Accountants in England and Wales, March 2009

93

Advanced Stage - Advanced Audit and Assurance


~

Non-audit services
Auditors are expressly prohibited from carrying out a number of services including internal audit,
bookkeeping, systems design and implementation, appraisal or valuation services, actuarial services,
management functions and human resources, investment management, legal and expert services.
Provision of other non-audit services is only allowed with the prior approval of the audit
committee.

Quality control procedures


There should be rotation of lead or reviewing audit partners every five years and other procedures
such as independence requirements, consultation, supervision, professional development, internal
quality review and engagement acceptance and continuation.

Auditors and audit committee


Auditors should discuss critical accounting policies, possible alternative treatments, the
management letter and unadjusted differences with the audit committee.

Audit committees
Audit committees should be established by all listed companies.
All members of audit committees should be independent and should therefore not accept any
consulting or advisory fee from the company or be affiliated to it. At least one member should be a
financial expert. Audit committees should be responsible for the appointment, compensation and
oversight of auditors. Audit committees should establish mechanisms for dealing with complaints
about accounting, internal controls and audit.

Corporate responsibility
The chief executive officer and chief finance officer should certify the appropriateness of the financial
statements and that those financial statements fairly present the operations and financial condition of
the issuer. If the company has to prepare a restatement of accounts due to material non-compliance
with standards, the chief finance officer and chief executive officer should forfeit their bonuses.

Off balance sheet transactions


There should be appropriate disclosure of material off-balance sheet transactions and other
relationships (transactions that are not included in the accounts but that impact upon financial
conditions, results, liquidity or capital resources).

Internal control reporting


Annual reports should contain internal control reports that state the responsibility of management
for establishing and maintaining an adequate internal control structure and procedures for
financial reporting. Annual reports should also contain an assessment of the effectiveness of the
internal control structure and procedures for financial reporting. Auditors should report on
this assessment.
Companies should also report whether they have adopted a code of conduct for senior financial
officers and the content of that code.

Whistleblowing provisions
Employees of listed companies and auditors will be granted whistleblower protection against
their employers if they disclose private employer information to parties involved in a fraud claim.

94

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE

7.4

Impact of Sarbanes-Oxley in America


The biggest expense involving compliance that companies are incurring is fulfilling the requirement to
ensure their internal controls are properly documented and tested. US companies had to have efficient
controls in the past, but they are now having to document them more comprehensively than before, and
then have the external auditors report on what they have done.
The Act also formally stripped accountancy firms of almost all non-audit revenue streams that they used to
derive from their audit clients, for fear of conflicts of interest.
For lawyers, the Act strengthens requirements on them to whistleblow internally on any wrongdoing they
uncover at client companies, right up to board level.

7.5

International impact of Sarbanes-Oxley


The Act also has a significant international dimension. About 1,500 non-US companies, including many
of the world's largest, list their shares in the US and are covered by Sarbanes-Oxley. There were
complaints that the new legislation conflicted with local corporate governance customs, and following an
intense round of lobbying from outside the US, changes to the rules were secured. For example, German
employee representatives, who are non-management, can sit on audit committees, and audit committees do
not have to have board directors if the local law says otherwise, as it does in Japan and Italy.
Also as America is such a significant influence worldwide, arguably Sarbanes-Oxley may influence certain
jurisdictions to adopt a more rules-based approach.

7.6

Criticisms of Sarbanes-Oxley
Sarbanes-Oxley has been criticised in some quarters for not being strong enough on certain issues, for
example the selection of external auditors by the audit committee, and at the same time being over-rigid on
others. Directors may be less likely to consult lawyers in the first place if they believe that legislation could
override lawyer-client privilege.
In addition it has been alleged that a Sarbanes-Oxley compliance industry has sprung up focusing companies'
attention on complying with all aspects of the legislation, significant or much less important. This has
distracted companies from improving information flows to the market and then allowing the market to
make well-informed decisions. The Act has also done little to address the temptation provided by generous
stock options to inflate profits, other than requiring possible forfeiture if accounts are subsequently
restated.
Most significantly perhaps there is recent evidence of companies turning away from the US Stock markets
and towards other markets such as London. An article in the Financial Times suggested that this was partly
due to companies tiring of the increased compliance costs associated with Sarbanes-Oxley
implementation. In addition the nature of the regulatory regime may be an increasingly significant factor
in listing decisions.

The Institute of Chartered Accountants in England and Wales, March 2009

95

Advanced Stage- Advanced Audit and Assurance

8 Evaluation of corporate governance mechanisms

8.1

Auditors' responsibilities
As we have seen in section 3, companies are required to provide a disclosure regarding compliance with
the conditions of the SEC corporate governance notification. As required under BSA 720, auditors should
review the compliance statement.
These include sections which deal with the following matters
~

Respective responsibilities of directors and auditors

Review of the effectiveness of internal controls

Provisions relating to audit committees

How auditor independence is safeguarded where non-audit services are provided

In order to conduct the review the auditor will need to obtain audit evidence to support the compliance
statement. The following general procedures are those usually performed by the auditor:

8.2

Reviewing the minutes of the meetings of the board of directors, and of relevant board committees

Reviewing supporting documents prepared for the board of directors or board committees that are
relevant to those matters specified for review by the auditor

Making enquiries of certain directors (such as the chairman of the board of directors and the chairman
of relevant board committees) and the company secretary

Attending meetings of the audit committee at which the annual report and accounts, including the
statement of compliance are considered and approved for submission to the board of directors.

Internal control effectiveness


The Corporate Governance Code requires that the board should at least annually, conduct a review of
the effectiveness of the company's system of internal controls and should report to
shareholders that they have done so.
In response to this statement auditors should undertake the following procedures:
The auditors should concentrate on the review carried out by the board. The objective of the auditors'
work is to assess whether the company's summary of the process that the board has adopted in reviewing
the effectiveness of the system of internal control is supported by the documentation prepared by the
directors and reflects that process.
The auditors should make appropriate enquiries and review the statement made by the board in the
accounts and the supporting documentation.
Auditors will have gained some understanding of controls due to their work on the accounts; however what they
are required to do by auditing standards is narrower in scope than the review performed by the directors.
Auditors therefore are not expected to assess whether the directors' review covers all risks and
controls, and whether the risks are satisfactorily addressed by the internal controls. To avoid

96

The Institute of Chartered Accountants in England and Wales, March 2009

GOVERNANCE
misunderstanding on the scope of the auditors' role, the Bulletin recommends that the following wording be
used in the audit report.
'We are not required to consider whether the board's statements on internal control cover all risks
and controls, or form an opinion on the effectiveness of the company's corporate governance
procedures or its risk and control procedures.'
It is particularly important for auditors to communicate quickly to the directors any material weaknesses
they find, because of the requirements for the directors to make a statement on internal control.
The directors are required to consider the material internal control aspects of any significant problems
disclosed in the accounts. Auditors' work on this is the same as on other aspects of the statement; the
auditors are not required to consider whether the internal control processes will remedy the problem.
The auditors may report by exception if problems arise such as:
(a)

The board's summary of the process of review of internal control effectiveness does not reflect
the auditors' understanding of that process.

(b)

The processes that deal with material internal control aspects of significant problems do not
reflect the auditors' understanding of those processes.

(c)

The board has not made an appropriate disclosure if it has failed to conduct an annual review, or
the disclosure made is not consistent with the auditors' understanding.

The Institute of Chartered Accountants in England and Wales, March 2009

97

Advanced Stage- Advanced Audit and Assurance

Summary and Self-test

Summary

98

The Institute of Chartered Accountants in England and Wales, March 2009

chapter I 0

Fraud and auditor liability

Introduction

Topic List
I
Fraud
2

Law and regulation

Money laundering

Auditor liability

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

407

FRAUD AND AUDITOR LIABILITY

Fraud

Itt :~::~m::::~:~ud"?"

ti

uOde"!"nd .;er,,~~1~ifitiOs fSr:"et&<r~g ~d'"d pia~ th~l' ~fidit

to maximi.se the chance .of detection and ultimately con~rol audit risk. : . .
.,.

In this section. we. willlo~k at: .

int~oduction

:"

', ,, ;: ;c. /V'

. .

'

_;;;:,t>,}.:::~/:",

. ..

. . .

.... .

>;,
C(

;w.~yJ.r;~,u.~ diffic.ulta~ea f9r J>.oi~:;~;slnes.s

An
as to
is. a
and auditor
Whatfr.iud means <,'' :..:;.. ".~
;
~ ;., .. J'';~.::.;.;;~

. The eypesoffraudtnata'busin~ss'ca~s~ff~f. ,.,. 'ci:' :.,, ..:c.


The ~ypes of ri*'factorthat:~h~e'a~.~ito,rsh'ouia'!o9~out f~~..wh~n.. plimning ~n a~dit
.. Ho'N tll~:audlt0 r~shou.rd.then ~oCI(~s.s(t.herfst<;of:(ri,u~;.'~,~~rfih& ,. . :
.

Ho,;fra~~should~erepoj-(~~J'l(.a~:alt;

:t~.:<.;:.::.~.:.:.::r

. . .

.:" .. .

.The. ongoing ~ebate.o(tll~ 'e~pe~tlon;gaJ);~n~ 'ifie fol~"dtJ@:~u.dit6r 'in ;t~e detection of. frau~ :
-;L,-' .

1.1

~"~ ,:~;

.'."!:,:: t

,""'"'

~.::.:.-~.!~.:

'"'

:'f~'::;':~"" ',":;;""""' <~:.;~~~?!'-~-~}~ 0~0~~"';i"?":\'5"'"\+

'

)''.

.~., :f

Introduction
As mentioned in Chapter 3, the OECD developed a set of principles for Corporate Governance in 1998
with a revised version being issued in 2004. The ultimate aim of these principles and any corporate
governance is to minimise business risk. Fraud is a contributing factor to business risk
The recently released Global Economic Crime Survey by PwC (PricewaterhouseCoopers) illustrated that
businesses have in fact failed to tackle fraud appropriately. In the UK the average cost of fraud to a business
was 0.8m in 2005 and this has risen to 1.75m in 2007.
Whilst one would hope that businesses were trying to address and minimise fraud, it is clear that the
opposite is happening. Businesses are, in fact in many cases complacent when it comes to fraud. The PwC
survey revealed that of the companies surveyed only 17% of them believed that they would be a victim of
fraud and yet 48% of the companies had been affected. In addition, 49% of the UK cases involved an
overseas party.
With this in mind it remains clear that fraud is still a risk to business and to the auditor. Whilst management
may still have a complacent attitude towards fraud the same cannot be said for the auditor. The risk is too
high.

1.2

What is fraud?
Definition
Fraud: Fraud is an intentional act by one or more individuals among management, those charged with
governance (management fraud), employees (employee fraud) or third parties involving the use of deception
to obtain an unjust or illegal advantage. Fraud may be perpetrated by an individual, or colluded in with
people internal or external to the business.

The Fraud Act 2006 of UK came into force in january 2007. The Act defines three classes of fraud:
~
~
~

fraud by false representation


fraud by failing to disclose information
fraud by abuse of position

An offence has occurred in any of these classes if a person has acted dishonestly and with the intent of
making a gain for themselves or for someone else, or of inflicting a loss on someone else.

The Institute of Chartered Accountants in England and Wales, March 2009

409

Advanced Stage- Advanced Audit and Assurance


It is the fact that fraud is a form of deceit that makes its prevention and detection difficult for both business
and the auditor. The perpetrator of the fraud does not want to be detected and will go out of their way to
be successful. Fraud should be distinguished from error where the latter arises from a genuine
mistake with no intention to deceive.
Whilst management may be concerned with different levels of fraud, it is only fraud that results in a material
misstatement in the financial statements that is a concern to the auditor. As you may recall, in Chapter 6
the audit report clearly states the following:
'We planned and performed our audit so as to obtain all the information and explanations which we
considered necessary in order to provide us with sufficient evidence to give reasonable assurance that the
financial statements are free from material misstatement, whether caused by fraud or other irregularity or
error. In forming our opinion we also evaluated the overall adequacy of the presentation of information in
the financial statements.'
Specifically, there are two types of fraud causing material misstatement in financial statements:
~
~

1.3

Fraudulent financial reporting


Misappropriation of assets

Fraudulent financial reporting


This fraud has a direct impact on the financial statements and will arise from any of the following:
~

~
~

Manipulation, falsification or alteration of accounting records/supporting documents


Misrepresentation (or omission) of events or transactions in the financial statements
Intentional misapplication of accounting principles

Such fraud may be carried out by overriding controls that would otherwise appear to be operating
effectively, for example, by recording fictitious journal entries or improperly adjusting assumptions or
estimates used in financial reporting.

Worked example: WorldCom


WorldCom collapsed in 2002 after a series of fraudulent financial reporting transactions. It materially
overstated its profits by approximately $9billion. This was achieved by treating telephone leases and other
expenses as capital items rather than expenses in the income statement. The incentive for the fraudulent
financial reporting was simply for company performance to meet Wall Street expectations. The fraud
resulted in the largest bankruptcy in US history and the Securities and Exchange Commission imposed its
largest fine of $500 million.

Source: Principles of Auditing An Introduction to International Standards on Auditing


by Hayes, Dassen, Schilder and Wallage second edition 2005
Pearson Education Limited

You will recall in the Parmalat example in Chapter 5 that the scenario also raises the question as to
whether auditors can simply rely on bank confirmations when they relate to substantial sums of assets. Do
these confirmations constitute sufficient and appropriate audit evidence?
There is also another form of fraudulent financial reporting known as AEM (Aggressive earnings
management). It is a topical issue and, at its most aggressive, may constitute fraudulent financial reporting.
AEM is an example of creative accounting. It occurs when management alter the financial reports in
order to mislead stakeholders about the financial position or performance of the business or to influence
the outcome of contracts. It usually involves the artificial enhancement of revenue and profit. Businesses are
likely to be at risk of this when:
~

4I0

There has been an adverse market reaction and so management may want to present a healthier
picture about the company than there is

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY


~

Management bonuses are tied into targets and there may be a personal conflict between what
management want for themselves and what is good for the company.

The business wants to reduce its tax liabilities and in this case profits may be deliberately reduced

The business needs to remain within certain financial parameters (limits, ratios) in order to achieve
new funding or so as not to be in breach of loan covenants. The parameters will be set to try and
protect the lender and the incentive for the business will be to remain within the limits in order to
keep the funding. Profit overstatement could be an issue as well as understatement of liabilities and
overstatement of assets.

Auditors should be on the alert for issues such as unsuitable revenue recognition, unnecessary accruals,
reduced liabilities, overstatement of provisions, reserves accounting and large numbers of immaterial
breaches of financial reporting requirements to see whether together, they constitute fraud.

1.4

Misappropriation of assets
This is the theft of the entity's assets (for example, cash, inventory). Employees may be involved in such
fraud in small and immaterial amounts, however, it can also be carried out by management for larger items
who may then conceal the misappropriation, for example by:
~
~
~
~

1.5

Embezzling receipts (for example, diverting them to private bank accounts)


Stealing physical assets or intellectual property (inventory, selling data)
Causing an entity to pay for goods not received (payments to fictitious vendors)
Using assets for personal use

Responsibilities with regard to fraud


Given that the incidence of fraud is likely to increase rather than the opposite, fraud is very much an
ongoing issue for both business and the auditor. Given that we live in an increasingly litigious time who is
responsible for what when it comes to fraud?
The Business
Management and those charged with governance in an entity are primarily responsible for preventing
and detecting fraud. It is up to them to put a strong emphasis within the company on fraud prevention.
We have already covered the principles of this in Chapter 3.
The Auditor
Auditors are responsible for carrying out an audit in accordance with international auditing
standards, one of which is BSA 240 The Auditor's Responsibility to Consider Fraud in an Audit of Financial
Statements, the details of which we shall look at now.

1.6

The auditor's approach to the possibility of fraud


General
The key requirement for an auditor is set out early in the BSA.
BSA 240.3
In planning and performing the audit to reduce audit risk to an acceptably low level, the auditor should
consider the risks of material misstatements in the financial statements due to fraud.
An overriding requirement of the BSA is that auditors are aware of the possibility of there being
misstatements due to fraud.
BSA 240.24
The auditor should maintain an attitude of professional scepticism throughout the audit, recognising the
possibility that a material misstatement due to fraud could exist, notwithstanding the auditor's past
experience with the entity about the honesty and integrity of management and those charged with
governance.

The Institute of Chartered Accountants in England and Wales, March 2009

41 I

Advanced Stage- Advanced Audit and Assurance


This requires that the auditor continue to question the sufficiency and appropriateness of the evidence
collected during the audit. As seen in Chapter 2 threats to auditor independence could impact on the
auditor's ability to maintain such scepticism (self review, familiarity, self interest, intimidation and advocacy).

BSA 240.27
Members of the engagement team should discuss the susceptibility of the entity's financial statements to
material misstatements due to fraud.

Interactive question I: The possibility of fraud

(Difficulty level: intermediate)

You are an audit partner of Dupi Ltd. The company operates a chain of sandwich bars throughout the south
of England. The company is owned by 3 directors. At your last meeting with the client you were informed
that the company was hoping to expand and open up some shops in the north of England. The directors
had not yet formalised the strategy for the expansion or its financing.
You have received the following letter:
'I have been an employee of this company for a number of years. Unfortunately, I have come across some
information which I am not sure what to do about. There have been a number of journals relating to
revenue for which I have not been able to obtain an explanation. The effect of these journals is to increase
revenue substantially. Not sure if this is relevant to you'.
The planning meeting with the audit team for this year's audit is scheduled for next week.

Requirement
What are the issues that you would raise at the planning meeting?
See Answer at the end of this chapter.

I. 7

Risk assessment procedures


As discussed in Chapter 4 the auditor will undertake risk assessment procedures as set out in BSA 315

Obtaining an Understanding

of the Entity and its Environment and Assessing the Risk of Material Misstatement,

which will include assessing the risk of fraud. These procedures will include:
~

Inquiries of management and those charged with governance (e.g. as to whether there have been any
incidences of fraud, the nature of the fraud and the outcome)

Consideration of when fraud risk factors are present (some businesses are more susceptible to
fraudulent activity than others e.g. poor control environment, cash based business, dominant senior
management, poor staff relations, need for more finance, increased competition, poor market
performance)

Consideration of results of analytical procedures (e.g. any unusual fluctuations in business year on year
ratios and also those compared to industry norm)

Consideration of any other relevant information (e.g. press reports)

In identifying the risks of fraud, the auditor is required by the BSA to carry out some specific procedures.

Interactive question 2: Finding out about suspected fraud

(Difficulty level: Easy)

Requirement
Following on from Dupi Ltd (Interactive Question I), outline the information that the auditor would seek
from the client.
See Answer at the end of this chapter.

41 2

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

I .8

Examples of fraud risk factors


Now that we have seen the basic issues of fraud and the implications that they have for the planning stage
of the audit it is time to take a more practical look at the types of issues that you may be faced with in the
exam.

As mentioned at the beginning of this chapter BSA 240 splits fraud into two types:
~

Fraudulent financial reporting, and


Misstatements arising from misappropriation of assets

Appendix I to BSA 240 provides further analysis of these types of fraud depending on the conditions that
exist in the client's business community:

Incentives/pressures
Opportunities
Attitudes/rationalisations

~
~

FRAUDULENT ..
FINANCIAL REPORT'ING

IJ>o

IJ>o

IJ>o

IJ>o

Financial stability/ profitability .Is


threatened
Pressure for management to
meet the expectations of third
parties
Personal financial situation of
management threatened by the
entity's financial performance
Excessive pressure on
management or operating
personnel to meet financial
targets

OpPortunitieS

Attitudes/rationalisations

IJ>o .Significant related-party


transadions
IJ>o Assets, liabilities, revenues or
expenses based on signlfleant
estimates

IJ>o Domination of management


by a single person. or small .

Ineffective communication or
enforcement of the entity's .
values or ethical standards by
management
IJ>o Known history of violations of
secuiitles laws or other . laws and
regulations .
1J>o A practice bY. management of
. . comm!ttfng to achieve aggressive
or unrealistic forecasts
IJ>o Low morale among senior
manage111ent
.
IJ>o Relationship between
management and the current or
predecessor auditor is strained

IJ>o.

group
Complex or unstable

organisational strUcture
..... lntemal.contro.l. components
are deficient

IJ>o

Incentives/pressures
IJ>o
IJ>o

Personal financial obligations


Adverse relationships between
the entity and employees with
access to cash or other assets
susceptible to theft

.,. Large.aniounuof ~ho~

. hand or p~essed.. ..

...

lnV~ntory'kerfis

#a...

small
lri .size; en high Value, or in high
demand~ .

"' Easily cOnvertible assets. such


as bearer bonds, diamondS, or
compUter chips. . .
IJ>o lnad~uate Internal coittrol

.,. Overriding existing controls


Falllni to. correct kn~ Internal
control deficiencies
IJ>o Behaviour Indicating displeasure
or dissatisfaction with the entity
IJ>o Changes In behaviour or lifeStyle

.over assets

The Institute of Chartered Accountants in England and Wales, March 2009

41 3

Advanced Stage -Advanced Audit and Assurance

BSA 240.57
When identifying and assessing the risks of material misstatement at the financial statement level, and at the
assertion level for classes of transactions, account balances and disclosures, the auditor should identify and
assess the risks of material misstatement due to fraud. Those assessed risks that could result in a material
misstatement due to fraud are significant risks and accordingly, to the extent not already done so, the
auditor should evaluate the design of the entity's related controls, including relevant control
activities, and determine whether they have been implemented.
The auditor:
~

~
~

Identifies fraud risks


Relates this to what could go wrong at a financial statement level
Considers the likely magnitude of potential misstatement

Interactive question 3: Sellfones

[Difficulty level: Intermediate]

You are an audit manager for Elle and Emm. You are carrying out the planning of the audit of Sellfones Ltd,
a high street retailer of mobile phones in Bangladesh, for the year ending 30 September 20X7. The notes
from your planning meeting with Pami Desai, the financial director, include the following:
One of Sellfones' main competitors ceased trading during the year due to the increasing pressure on
margins in the industry and competition from online retailers.
2

A new management structure has been implemented, with I0 new divisional managers appointed
during the year. The high street shops have been allocated to these managers, with approximately 20
branch managers reporting to each divisional manager. The divisional managers have been set
challenging financial targets for their areas with substantial bonuses offered to incentivise them to meet
the targets. The board of directors have also decided to cut the amount that will be paid to shop staff
as a holiday season bonus.

In response to recommendations in the prior year's Report to Management, a new inventory system
has been implemented. There were some teething problems in its first months of operation but a
report has been submitted to the board by Steven Maclennan, the chief accountant, confirming that
the problems have all been resolved and that information produced by the system will be accurate.
Pami commented that the chief accountant has had to work very long hours to deal with this new
system, often working at weekends and even refusing to take any leave until the system was running
properly.

The company is planning to raise new capital through a share issue after the year end in order to
finance expansion of the business into other countries in Europe. As a result, Pami has requested that
the auditor's report is signed off by 15 December 20X7 (6 weeks earlier than in previous years).

The latest board summary of results includes:

9 Months to 30 june 20X7


(unaudited)

Year to 30 September 20X6


(audited)

CUm
Revenue
Cost of sales
Gross profit
Operating expenses
Exceptional profit on
sale of properties
Profit before tax
6

414

320
215

105
(89)

CUm

280
199

Revenue
Cost of sales
Gross profit

8T

Operating expenses

(70)

30

40

-II

Several shop properties owned by the company were sold under sale and leaseback arrangements.

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

Requirement
(a)

Identify and explain any fraud risk factors that the audit team should consider when planning the audit
of Sellfones Ltd.

{b)

Link the fraud risk to what could go wrong in the financial statements of Sellfones

(c)

Consider the likely magnitude of any potential misstatement in the financial statements for Sellfones
for the year ended 30 September 20X7.

See Answer at the end of this chapter.

1.9

Responding to assessed risks


Having identified risk factors as per sections 1.6 and 1.7 the auditor must then come up with responses to
the assessed risks. The auditor needs to assess if the fraud has a material impact on the financial statements
and how best to address it.

Interactive question 4: Specific audit procedures

[Difficulty level: Intermediate]

Requirement
Following on from Questions I and 2, outline the steps that the auditor should now integrate into the audit
procedures for Dupi Ltd.
See Answer at the end of this chapter.

1.1 0

Evaluation of audit evidence


The auditor evaluates the audit evidence obtained to ensure it is consistent and that it achieves its aim of
answering the risks of fraud. This will include a consideration of results of analytical procedures and
other misstatements found. The auditor must also consider the reliability of management
representations.
The auditor must obtain written representation that management accepts its responsibility for the
prevention and detection of fraud and has made all relevant disclosures to the auditors.

1.1 I

Documentation
The auditor must document:
~
~
~

~
~

I .I 2

The significant decisions as a result of the team's discussion of fraud


The identified and assessed risks of material misstatement due to fraud
The overall responses to assessed risks
Results of specific audit tests
Any communications with management

Reporting
There are various reporting requirements in BSA 240.
BSA 240.93
If the auditor has identified a fraud or has obtained information that indicates a fraud may exist, the auditor
should communicate these matters as soon as practicable to the appropriate level of management.

The Institute of Chartered Accountants in England and Wales, March 2009

41 S

Advanced Stage- Advanced Audit and Assurance

BSA240.95
If the auditor has identified fraud involving:
(a)

Management

(b)

Employees who have significant roles in internal control, or

(c)

Others, where the fraud results in a material misstatement in the financial statements the auditor
should communicate these matters to those charged with governance as soon as practicable.

The auditor should also make relevant parties within the entity aware of material weaknesses in the
design or implementation of controls to prevent and detect fraud which have come to the auditor's
attention, and consider whether there are any other relevant matters to bring to the attention of those
charged with governance with regard to fraud.
The auditor may have a statutory duty to report fraudulent behaviour to regulators outside the entity. If no
such legal duty arises, the auditor must consider whether to do so would breach their professional duty of
confidence. In either event, the auditor should take legal advice.

1.13

Withdrawal from the engagement


The auditor should consider the need to withdraw from the engagement if the auditor uncovers
exceptional circumstances with regard to fraud.

Worl<ed example: Auditor resignation

Source: Accountancy Age

'The sub-prime lender meltdown in the US has seen Grant Thornton resign as auditor for two
troubled lenders, the companies have revealed in separate regulatory filings'.

Accredited Home Lenders Holding and Fremont General said separately that Grant Thornton had
resigned as their auditor after advising them that it needed to 'significantly expand' the scope of its audit of
their 2006 financial statements.
News of Grant Thornton's resignation came at the same time that New Century Financial, a leader in the
once-booming subprime lending industry, filed for bankruptcy.

Worked example: Auditor resignation

Source: Accountancy Age

'Akintola Williams Deloitte (AWD) is stepping down from the role after 40 years in the wake of the
accounting issues that have plagued the subsidiary'.
After conducting an impairment review at the beleaguered Nigerian arm Cadbury stated in its year-end
results that the scandal had forced the company to issue a further 15m goodwill write-down. This
followed a 23m exceptional charge in the wake of overstatements for 'current and prior years.'
Cadbury said: 'After more than 40 years of service, Akintola Williams Deloitte has resigned from its
appointment as auditors to Cadbury Nigeria (CN) by mutual agreement, effective immediately.
'Following the recent disclosure of overstatement in CN's financial position and subsequent need for
restatement, we mutually believe that it would be in the interests of shareholders and in the spirit of the
highest standards of corporate governance for AWD to stand down.'
Cad bury Nigeria were careful to rule out any suggestion that the Deloitte division was involved in the
deception that led to the overstatements:
'While, thus far, there has been no suggestion of complicity by AWD in the overstatements, AWD accepts
that best practice in corporate governance requires that Cadbury Nigeria commences its rebirth on a
completely fresh slate.'
Cadbury added: 'A new auditor will be appointed by Cadbury Nigeria as soon as practicable.'

41 6

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY


Under the Companies Act the auditor has the right to resign from office at any time. This is a way of
preserving independence and integrity as well as a way of addressing threats to independence.

I .14

The expectations gap


As we have seen, fraud is a sensitive issue. When it happens, the question that is always asked is 'who's to
blame?' The answer can only be one of two : management or the auditor? Management's responsibilities for
prevention and detection of fraud are set out in governance and the auditors in BSA 240 but the public are
still not clear about the division of responsibility. The expectations gap arises from a difference in opinion as
to what the public perceive the role of the auditor to be and to what the auditor actually does.
Up to about 1940 it was widely perceived that the role of the auditor was to concentrate on arithmetical
accuracy and on prevention and detection of fraud (the Policeman Theory). Thereafter, there was a move
towards the audit being performed to verify the truth and fairness of the accounts. Given the recent fraud
scandals the debate has been reopened and once again there is pressure on the audit to return to being a
'policeman'. However, should this be the case the scope of the audit will change and costs will be incurred.

Source: Principles of Auditing An Introduction to International Standards on Auditing


by Hayes, Dassen, Schilder and Wallage second edition 2005
Pearson Education Umited
We, therefore, have to ask the questions Who is willing to bear the increased costs?' Should the general
public incur an extra tax as it is they who are demanding such protection? This is an ongoing area of debate.
There continues to be much discussion as to what could be done to narrow this gap with the auditing
profession taking the lead. This is being done with a view to protecting its members.
Narrowing the expectation gap
The expectation gap could, theoretically, be narrowed in two ways.
Educating users - the auditor's report as outlined in BSA 700 includes an explanation of the
auditor's responsibilities. It is not clear that any further information would help, and it might even have
the effect of bringing the value of the audit into question. One suggestion is that auditors could
highlight circumstances where they have had to rely on directors' representations.
Suggestions for expanding the auditor's role have included:
~

Requiring auditors to report to boards and audit committees on the adequacy of controls to
prevent and detect fraud

Encouraging the use of targeted forensic fraud reviews

Increasing the requirement to report suspected frauds.

Extending the auditor's responsibilities - research indicates that extra work by auditors with the
inevitable extra costs is likely to make little difference to the detection of fraud because:

1.1 5

Most material frauds involve management

More than half of frauds involve misstated financial reporting but do not include diversion of
funds from the company

Management fraud is unlikely to be found in a financial statement audit

Far more is spent on investigating and prosecuting fraud in a company than on its audit

Current developments
The IAASB have issued ISA 240 (Redrafted) The Auditor's Responsibilities Relating to Fraud in an Audit of
Financial Statements which has been redrafted in accordance with the clarity conventions (see Chapter I).

The Institute of Chartered Accountants in England and Wales. March 2009

41 7

Advanced Stage- Advanced Audit and Assurance

2 Law and regulation


Section overview

2. I

Legal requirements relating to the company


The Codes of Best Practice discussed in Chapter 3 are all voluntary codes of practice. However, companies
are increasingly subject to laws and regulations with which they must comply as well. Some examples are
given in the diagram below.

Environmental law
and regulation

An auditor must be aware of the effect that non-compliance with the laws and regulations would have on
the financial statements (e.g. asset impairment, penalties, rectification costs)
BSA 250 Consideration of Laws and Regulations in an Audit of Financial Statements provides guidance on the
auditor's responsibility to consider laws and regulations in an audit of financial statements.

BSA 250.2
When designing and performing audit procedures and in evaluating and reporting the results thereof, the
auditor should recognise that non-compliance by the entity with laws and regulations may materially affect
the financial statements.
An audit cannot detect non-compliance with all laws and regulations as not all of them impact in
the financial statements.
'Non-compliance' refers to acts of omission or commission by the entity being audited, either intentional or
unintentional, which are contrary to the prevailing laws or regulations. Such acts include transactions

4 I8

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY


entered into by the entity, or on its behalf by its management or employees. It does not include personal
misconduct.
Whether an act constitutes non-compliance is a legal matter that may be beyond the auditor's professional
competence, although the auditor may have a fair idea in many cases through his knowledge and training.
Ultimately such matters can only be decided by a court of law.
Laws ar.d regulations governing a business entity can vary enormously (financial disclosure rules, health and
safety, pollution, employment, etc). The further removed non-compliance is from the events and
transactions normally reflected in the financial statements, the less likely the auditor is to become aware of
it or recognise non-compliance.

2.2

Responsibility of management for compliance


Management are responsible for ensuring a client's operations are conducted in accordance with laws and
regulations.

Interactive question 5: law and regulation

(Difficulty level: Intermediate)

You are the auditor of a new company called Flowell Ltd. The directors are extremely knowledgeable about
the products they sell but less so about the regulatory framework for their industry especially the Health
and Safety aspects. You have been asked for advice about the types of policies arid procedures that they
could put in place to reduce the risk of non compliance.
Requirement

Provide a list of controls that the management of Flowell Ltd could put in place to minimise the risk of noncompliance. Detailed knowledge of Health and Safety Law is not required.
See Answer at the end of this chapter.

2.3

The auditor's consideration of compliance


As with fraud and error, the auditor is not, and cannot be held responsible for preventing non-compliance.
The fact that an annual audit is carried out may, however, act as a deterrent.
Certain factors will increase the risk of material misstatements due to non-compliance with laws and
regulations not being detected by the auditor.
(a)

There are many laws and regulations, relating principally to the operating aspects of the entity, that
typically do not have a material effect on the financial statements.

(b)

The effectiveness of audit procedures is affected by the inherent limitations of the accounting and
internal control systems and by the use of testing.

(c)

Much of the audit evidence obtained by the auditor is persuasive rather than conclusive.

(d)

Non-compliance may involve conduct designed to conceal it, such as collusion, forgery, deliberate
failure to record transactions, senior management override of controls or intentional
misrepresentations being made to the auditor.

BSA 250.13
In accordance with BSA 200 Objective and General Principles Governing an Audit of Financial Statements, the
auditor should plan and perform the audit with an attitude of professional scepticism recognising that the
audit may reveal conditions or events that would lead to questioning whether an entity is complying with
laws and regulations.
The auditor would only test for compliance with specific laws and regulations if engaged to do so.

The Institute of Chartered Accountants in England and Wales, March 2009

41 9

Advanced Stage - Advanced Audit and Assurance

BSA 250.15
In order to plan the audit, the auditor should obtain a general understanding of the legal and
regulatory framework applicable to the entity and the industry arid how the entity is complying with that
framework.
In obtaining this general understanding the auditor should obtain an understanding of the procedures
followed by the entity to ensure compliance. He should recognise that some laws and regulations may have
a fundamental effect on the operations of the entity, i.e. they may cause the entity to cease operations or
call into question the entity's continuance as a going concern. For example, non-compliance with the
requirements of the entity's licence or other title to perform its operations could have such an impact (for
example, for a bank, non-compliance with capital or investment requirements).

2.4

Understanding the business


The auditor would usually obtain a general understanding of laws and regulations affecting the entity in the
following ways.

Interactive question 6: Audit planning

(Difficulty level: Intermediate)

Following on from Question 5, you are now planning the first audit of Flowell Ltd.
Requirement
Outline the information that you are likely to require on the regulation affecting the business of Flowell and
the likely nature of the audit work that you would undertake.
See Answer at the end of the chapter.

2.5

Indicators of non compliance


Interactive question 7: Health and safety

(Difficulty level: Exam standard)

Getfit Ltd is a chain of fitness centres with about 20 branches around the country. The head office is
located in Northumberland. The centre manager is responsible for the day-to-day running of the centre but
also has the responsibility of reporting the centre's financial results to the head office on a monthly basis.
This should be done using a standard template and the results prepared in accordance with company
policies.
In order to operate, each centre must have an operating licence from the local authority. The licences cost
CU6,000 and are valid for 5 years subject to satisfactory inspection by the local authority. At the end of the
5 year period Getfit Ltd must reapply for a new operating licence.
Each centre has the following facilities:
~
~
~

~
~
~

A licensed bar
A creche
Sun beds
A swimming pool
A sauna and steam room
A gym

Staff should receive a formal induction when they start. The programme includes health and safety issues,
life guard training, food hygiene and child care depending on which area they will be working in. There are
additional training programmes for the fitness instructors.
There has recently been some bad press in the local media about the standards of maintenance of the
equipment of some of the centres.

420

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

Requirement
(a)

Using the above scenario outline the possible compliance issues for the auditor

(b)

Link the issues in (a) to the potential misstatements in the financial statements for Getfit Ltd.

See Answer at the end of this chapter.

2.6

Procedures when non-compliance is discovered


BSA 250.26
When the auditor becomes aware of information concerning a possible instance of non-compliance, the
auditor should obtain an understanding of the nature of the act and the circumstances in which it has
occurred, and sufficient other information to evaluate the possible effect on the financial statements.
When evaluating the possible effect on the financial statements, the auditor should consider the following:
~

The potential financial consequences, such as fines, penalties, damages, threat of expropriation of
assets, enforced discontinuation of operations and litigation
Whether the potential financial consequences require disclosure
Whether the potential financial consequences are so serious as to call into question the true and fair
view (fair presentation) given by the financial statements

BSA 250.28
When the auditor believes there may be non-compliance, the auditor should document the findings and
discuss them with management.
Such discussions are subject to the laws concerning 'tipping off. If information provided by management is
not satisfactory, the auditor should consult the entity's lawyer and, if necessary, his own lawyer on the
application of the laws and regulations to the particular circumstances.

BSA 250.30/31
When adequate information about the suspected non-compliance cannot be obtained the auditor should
consider the effect of the lack of audit evidence on the auditor's report.
The auditor should consider the implications of non-compliance in relating to other aspects of the audit
particularly the reliability of management representations.
On this last point, as with fraud and error, the auditor must reassess the risk assessment and the
validity of management representations.

2. 7

Reporting of non-compliance
To management
BSA 250.32/33/34
The auditor should, as soon as practicable, either communicate with the audit committee, the board of
directors and senior management, or obtain evidence that they are appropriately informed regarding noncompliance that comes to the auditor's attention.
If, in the auditor's judgement, the non-compliance is believed to be intentional and material, the auditor
should communicate the finding without delay.
If the auditor suspects that members of senior management, including members of the board of directors,
are involved in non-compliance, the auditor should report the matter to the next higher level of authority
at the entity, if it exists, such as an audit committee or a supervisory board.

The Institute of Chartered Accountants in England and Wales, March 2009

421

Advanced Stage- Advanced Audit and Assurance


In relation to the last point, where no higher authority exists, or if the auditor believes that the report may
not be acted upon or is unsure as to the person to whom to report, the auditor should consider seeking
legal advice.

2.8

The users of the auditor's report


BSA 250.35/36/37
If the auditor concludes that the non-compliance has a material effect on the financial statements, and has
not been properly reflected in the financial statements, the auditor should express a qualified or an
adverse opinion.
If the auditor is precluded by the entity from obtaining sufficient appropriate audit evidence to evaluate
whether non-compliance that may be material to the financial statements, has, or is likely to have, occurred,
the auditor should express a qualified opinion or a disclaimer or opinion on the financial statements on the
basis of a limitation on the scope of the audit.
If the auditor is unable to determine whether non-compliance has occurred because of limitations imposed
by the circumstances rather than by the entity, the auditor should consider the effect on the auditor's
report.
In Bangladesh, if the view given by the financial statements is affected by uncertainty due to suspected or
actual non compliance with law and regulations, an explanatory (called emphasis of matter) paragraph might
be appropriate.

2. 9

To regulatory and enforcement authorities


In addition, where the auditor has come across a breach of regulation he must consider whether this should
be reported to the relevant regulatory body. As discussed in Chapter 2 the auditor owes a duty of
confidentiality to clients. Reporting a breach to an external party without the client's permission could
constitute breach of confidentiality. This issue is therefore a contentious one.
A good working knowledge of the specific reporting requirements will be needed by the auditor and, in any
case the duty of confidentiality may be overridden by the law, statute or the courts of law. This will be
illustrated when we examine the issue of money laundering in the next section. In any case, the auditor
should obtain legal advice. If the auditor has a statutory duty to report, he should do so without delay.
Alternatively, it may be necessary to make disclosures in the public interest.

2.1 0 Withdrawal from the engagement


As is the case for fraud or error, withdrawal may be the only option if the entity does not take the
remedial action the auditor thinks is necessary, even for non-material matters.

2.1 I

Practical problems with BSA 250

2.1 1.1

Distinction between types of law


The most difficult distinction in practice is between:
~
~

Laws which are central to the ability of the client to conduct its business
Other laws and regulations

In practice:

422

(a)

For some business, certain laws and regulations will be central, for other businesses the same laws and
regulations will not be central.

(b)

For some businesses, laws and regulations which were not central last year may be central this year,
(for example where the maximum penalty for a first offence is a warning, but subsequent infringements
may lead to closure of the business).

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

You work for an audit firm which has a chemical factory as one of its clients. This factory has to produce
reports on its emissions.
This work is done in addition to the statutory audit and a separate report will be produced. The auditor
would review the company's systems for keeping emissions under control and would also review
correspondence with the environmental authority for evidence of breaches and the details of emissions
reported.
However, the auditors would not be expected to check the actual emissions. This demonstrates the
difference between checking systems of compliance and checking actual compliance. The auditor will reach
the required level of confidence by reviewing the system.
The auditor's competence in this area also needs to be considered, as the firm is unlikely to be expert in
measuring emissions. They may need to rely on the work of an expert in order to be satisfied that the
emissions are reasonable.

3 Money laundering

3.1

Introduction
Money Laundering is a form offraud. It received increased publicity after September 2001 when serious
issues were raised as to how terrorists were managing to finance their activities. It is essentially a process
where the perpetrator attempts to legitimise the proceeds of any crime (dirty money made good).
Proceeds of crime can include activities such as drug trafficking, terrorism, shoplifting, theft ,tax evasion and
other financial criminal activity. As a form of fraud, the emphasis is on concealing the illegal source of the
money which makes it difficult to detect especially given that the transactions are rarely linked to one
country.

3.2

International recommendations and UK law


An inter-governmental body, the Financial Action Task Force on Money Laundering (FATF) was established
to set standards and develop policies to combat money laundering and terrorist financing. In 1990, FATF
issued recommendations for governments on how to combat these offences and these recommendations
have now been endorsed by more than 130 countries.

The Institute of Chartered Accountants in England and Wales, March 2009

423

Advanced Stage - Advanced Audit and Assurance

Worked Example: Tax evasion

Source: icWa!es.co.ul<

After lengthy investigations and a trawl of 17 bank accounts, the owners of one of Wales's most popular
Chinese restaurants were ordered to pay I.Sm after being convicted of money laundering. The lengthy
investigation into their restaurant and property interests came after they admitted money laundering at
Cardiff Crown Court in April, 2005.
They may also face further jail terms if they fail to pay the I.Sm within 12 months.
The court heard that the couple had suppressed the amount of takings at the restaurant they have run for
I0 years leading to tax evasion and non-payment of VAT.
The investigation into their finances began in April 2003 as a result of a separate - and ongoinginvestigation by the multi-agency customs, police and HMRC Asset Recovery Team.

Money Laundering Prevention Act 2002


The legislation specifically relating to money laundering is contained in the Money Laundering Prevention
Act 2002 (Act No. 7 of 2002), the provisions of which supersede whatever may be contained in any other
Act in force in Bangladesh. So far as financial service providers are concerned, the Act:
defines the circumstances which constitute the offence of money laundering and provides penalties for the
commission of the offence (See Section 2 Tha of the Act),
requires banks, financial institutions and other institutions engaged in financial activities to establish the
identity of their customers (See Section 19 Ka of the Act),
requires banks, financial institutions and other institutions engaged in financial activities to retain correct
and full information used to identify their customers and transaction records at least for five years after
termination of relationships with the customers (See Section 19 Ka of the Act), and
imposes an obligation on banks, financial institutions and other institutions engaged in financial activities
and their employees:
- to make a report to the Bangladesh Bank where they suspect that a money laundering offence has been or
is being committed (See Section 19 Ga of the Act) and;
- to provide customer identification and transaction records to Bangladesh Bank from time to time on
demand (See Section 19 Kha of the Act).

3.2.1

Accountants' obligations
CAMLCO: All financial institutions must designate a Chief Anti-Money Laundering Compliance Officer
(CAMLCO) at their head office who has sufficient authority to implement and enforce corporate wide antimoney laundering policies, procedures and measures and who will report directly to senior management
and the board of directors. This provides evidence of senior management's commitment to efforts to
combat money laundering and, more importantly, provides added assurance that the officer will have
sufficient authority to investigate potentially suspicious activities.

Reporting of Suspicious Transactions:


There is a statutory obligation on all staff to report suspicions of money laundering. Section 19 Ga of the
Act contains the requirement to report to the Bangladesh Bank. Actual reporting should be made in
accordance with an internal reporting procedure to be established by a financial institution for the purposes
of facilitating the operation of the reporting obligation.
In line with accepted practice, some businesses may choose to require that such unusual or suspicious
transactions be drawn initially to the attention of supervisory management to ensure that there are no
known facts that will negate the suspicion before further reporting on to the Anti Money Laundering
Compliance Officer or an appointed deputy.
Accountants working in any financial institution have an obligation to report money laundering activities.

424

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

3.3

Risk-based approach
On any assignment, the accountants should assess the risk of money laundering activities. Clearly, every
circumstance is different, but the following diagram illustrates some key risk factors.

!Secrecy]

! Excessive use J

Transactions
rooted through
several
jurisdictions

A pattem that after a


deposit, the same (or
nearly the same) amount Is
wired to another financial
institution

High value deposits or


withdrawals not characteristic
of the type of account

Large currency or bearer


Instrument transactions

Repeated depositS or
withdrawals Just below.
the monitoring threshold
on the same day

3.4

The scope of criminal offences


The firm requires these procedures to avoid committing any of the wide range of offences under the
Regulations.

3.5

Money laundering offences


These are:
~

Concealing criminal property

'Arranging' -becoming involved in an arrangement which is known or is suspected of facilitating the


acquisition of criminal property

Acquiring, using or possessing criminal property.

Definition
Knowledge:
~

Actual knowledge

Shutting one's mind to the obvious

Deliberately deterring a person from making disclosures, the content of which one might not care to
have

Knowledge of circumstances which would indicate the facts to an honest and reasonable person

Knowledge of circumstances which would put an honest and reasonable person on inquiry and failing
to make the reasonable inquiries which such a person would have made.

The Institute of Chartered Accountants in England and Wales, March 2009

425

Advanced Stage- Advanced Audit and Assurance

Definition
Suspicion: Suspicion is not defined in existing legislation. Case law and other sources indicate that
suspicion is more than speculation but it falls short of proof or knowledge. Suspicion is personal and
subjective but will generally be built on some objective foundation and so there should be some degree of
consistency in how a business's CAMLCO treats possible causes of suspicion.

4 Auditor liability

,;

4.1

Legal liability
Auditor liability is a serious issue. We have already discussed the Enron scandal and how it caused the
demise of Arthur Andersen. Suing the auditor is a popular activity when things go wrong with a business. In
April 2005 Equitable Life launched a 4bn suit against their auditors claiming that they signed off its financial
statements without warning of the problems that led to its collapse. In December 2006 a major firm of
auditors were presented with a bill for 1.5m after having been found guilty by the Joint Disciplinary
Scheme for failing to perform a proper audit.
Under certain legislation, notably insolvency legislation, auditors may be found to be officers of the company
and could be charged with criminal offences or found liable for civil offences in connection with the winding
up of the company.
Auditors may also be found guilty of the offence of insider dealing, which is a criminal offence, as they are
privy to inside information.
Auditors could be found guilty of a criminal offence if they knew or suspected a person was laundering
money and they failed to report their suspicions to the proper authority.

4.2

Negligence
Negligence is a common law concept. It seeks to provide compensation to a person who has suffered
loss due to another person's wrongful neglect. To succeed in an action for negligence, an injured party must
prove three things:

426

(a)

A duty of care which is enforceable at law existed.

(b)

This duty of care was breached.

(c)

The breach caused the injured party loss which can be measured reliably. In the case of negligence in
relation to financial advisers/auditors, this loss must be pecuniary (i.e. financial) loss.

The Institute of Chartered Accountants in England and Wales, March 2009

\,_,_._

FRAUD AND AUDITOR LIABILITY

4.3

Who might bring an action for negligence?


The parties likely to want to bring an action in negligence against the auditors, for example, if they have
given the wrong audit opinion through lack of care, are parties such as:
~
~
~
~
~

The company
Shareholders
The bank
Other lenders
Other interested third parties

A key difference between the various potential claimants is the nature of the duty of care owed to
them.

4.4

The audit client


The auditor owes a duty of care to the audit client under contract law.
The audit client is the company as a legal entity and the 'shareholders as a body'. It is a basic maxim of
company law that the company is all the shareholders acting as a body. In other words, the company in this
respect, cannot be represented by a single shareholder.
COMPANY

COMPANY

SHAREHOLDERS AS A BODY

SHAREHOLDER

SHAREHOLDER

The company has a contract with the audit firm. In the law of many countries, a contract for the supply of a
service such as an audit has a duty of reasonable care implied into it by statute.
In other words, whatever the express terms of any written contract between the company and the audit
firm, the law always implies a duty of care into it. Therefore, if the company (all the shareholders acting as a
body) want to bring a case for negligence, the situation would be as follows.

Duty of care exists?

AUTOMATIC

Breached?

MUST BE PROVED

Loss arising caused by the auditor's


negligence?

MUST BE PROVED

In order to prove whether a duty of care had been breached, the court has to give further consideration to
what the duty of 'reasonable' care means in practice.

4.5

The auditors' duty of care


The standard of work of auditors is generally as defined by legislation. A number of judgements made in law
cases show how the auditors' duty of care has been gauged at various points in time because legislation
often does not state clearly the manner in which the auditors should discharge their duty of care. It is also
not likely that this would be clearly spelt out in any contract setting out the terms of an auditors'
appointment.

Worked example: Re Kingston Cotton Mill


When Lopes L Jconsidered the degree of skill and care required of an auditor he declared:
' ... it is the duty of an auditor to bring to bear on the work he has to perform that skill, care and caution
which a reasonably competent, careful and cautious auditor would use. What is reasonable skill, care and
caution, must depend on the particular circumstances of each case.'

The Institute of Chartered Accountants in England and Wales, March 2009

427

Advanced Stage - Advanced Audit and Assurance


Lopes was careful to point out that what constitutes reasonable care depends very much upon the facts of
a particular case. Another criterion by which the courts will determine the adequacy of the auditors' work
is by assessing it in relation to the generally accepted auditing standards of the day.

Re Thomas Gerrard & Son Ltd


The courts will be very much concerned with accepted advances in auditing techniques, demonstrated by
PennycuickJ in Re Thomas Gerrard & Son Ltd 1967 where he observed:
'... the real ground on which Re Kingston Cotton Mill ... is, I think, capable of being distinguished is that the
standards of reasonable care and skill are, upon the expert evidence, more exacting today than those which
prevailed in 1896.'

Worked example: Selsdon Fountain Pen Co Ltd


Lord Denning in the case of Fomento (Sterling Area) Ltd v Se/sdon Fountain Pen Co Ltd 1958 sought to define
the auditors' proper approach to their work by saying:
'... they must come to it with an inquiring mind - not suspicious of dishonesty .... - but suspecting that
someone may have made a mistake somewhere and that a check must be made to ensure that there has
been none.'

The auditors have a responsibility to keep themselves abreast of professional developments. Auditing
Standards are likely to be taken into account when the adequacy of the work of auditors is being
considered in a court of law or in other contested situations.
When the auditors are exercising judgement they must act both honestly and carefully. Obviously, if
auditors are to be 'careful' in forming an opinion, they must give due consideration to all relevant matters.
Provided they do this and can be seen to have done so, then their opinion should be above criticism.
However if the opinion reached by the auditors is one that no reasonably competent auditor would have
been likely to reach then they would still possibly be held negligent. This is because however carefully the
auditors may appear to have approached their work, it clearly could not have been careful enough, if it
enabled them to reach a conclusion which would be generally regarded as unacceptable.
If the auditor's suspicions are aroused, they must conduct further investigations until such suspicions are
either confirmed or allayed. Over the years, there have been many occasions where the courts have had to
consider cases in which it has been held, on the facts of those cases, that the auditors ought to have been
put upon enquiry.

4.6

Third parties
The auditor only owes a duty of care to parties other than the audit client if one has been established.
Under the law of contract the principle of 'privity of contract applies', such that there is only a duty of
care to the contracted parties.
'Third parties' in this context means anyone other than the company (audit client) who wished to make
a claim for negligence. It therefore includes any individual shareholders in the company and any potential
investors. It also includes, importantly, the bank, who is very often a key financier of the company.
The key difference between third parties and the company is that third parties have no contract with
the audit firm. There is therefore no implied duty of care. The situation is therefore as follows.

428

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

Duty of care exists1

MUST BE PROVED

Breached1

MUST BE PROVED

Loss arising caused by the auditor's


negligence/

MUST BE PROVED

Traditionally the courts have been averse to attributing a duty of care to third parties to the auditor. We
can see this by looking at some past cases that have gone to court.
A very important case is Caparo Industries pic v Dickman and Others 1990, which is described here.

Worked example: Caparo case


The facts as pleaded were that in 1984 Caparo Industries purchased I00,000 Fidelity shares in the open
market. On June 12 1984, the date on which the accounts (audited by Touche Ross) were published, they
purchased a further 50,000 shares. Relying on information in the accounts, further shares were acquired.
On September 4, Caparo made a bid for the remainder and by October had acquired control of Fidelity.
Caparo alleged that the accounts on which they had relied were misleading in that an apparent pre-tax
profit of some CU 1.3 million should in fact have been shown as a loss of over CU400,000. The plaintiffs
argued that Touche owed a duty of care to investors and potential investors.
The conclusion of the House of Lords hearing of the case in February 1990 was that the auditors of a public
company's accounts owed no duty of care to members of the public at large who relied upon the accounts
in deciding to buy shares in the company. And as a purchaser of further shares, while relying upon the
auditors' report, a shareholder stood in the same position as any other investing member of the public to
whom the auditor owed no duty. The purpose of the audit was simply that of fulfilling the statutory
requirements of the Companies Act. There was nothing in the statutory duties of company auditors to
suggest that they were intended to protect the interests of investors in the market. And in particular, there
was no reason why any special relationship should be held to arise simply from the fact that the affairs of
the company rendered it susceptible to a takeover bid.

:.,

In its report The Financial Aspects of Corporate Governance, the Cad bury Committee gave an opinion on the
situation as reflected in the Caparo ruling. It felt that Caparo did not lessen auditors' duty to use skill and
care because auditors are still fully liable in negligence to the companies they audit and their shareholders
collectively. Given the number of different users of accounts, it was impossible for the House of Lords to
have broadened the boundaries of the auditors' legal duty of care.
The decision in Caparo v Dickman considerably narrowed the auditors' potential liability to third parties. The
judgement appears to imply that members of various such user groups, which could include creditors,
potential investors or others, will not be able to sue the auditors for negligence by virtue of their placing
reliance on audited annual accounts.

Worked example: james McNaughton Paper Group Ltd


In james McNaughton Paper Group Ltd v Hicks Anderson & Co 1990, Lord Justice Neill set out the following
position in the light of Caparo and earlier cases:
(a)

In England a restrictive approach was now adopted to any extension of the scope of the duty of care
beyond the person directly intended by the maker of the statement to act upon it.

(b)

In deciding whether a duty of care existed in any particular case it was necessary to take all the
circumstances into account,

(c)

Notwithstanding (b), it was possible to identify certain matters which were likely to be of importance
in most cases in reaching a decision as to whether or not a duty existed.'

---~-----------

---------------

The Institute of Chartered Accountants in England and Wales, March 2009

429

Advanced Stage -Advanced Audit and Assurance


A more recent court case produced a development in the subject of audit liability. In December 1995, a
High Court judge awarded electronic security group ADT CU65m plus interest and costs (CU40m) in
damages for negligence against the former BDO Binder Hamlyn (BBH) partnership.

Worked example: Britannia Security Group


The firm had jointly audited the 1988/89 accounts of Britannia Security Group (BSG), which ADT acquired
in 1990 for CUI OSm, but later found to be worth only CU40m. Although, under Caparo, auditors do not
owe a duty of care in general to third parties, the judge found that BBH audit partner Martyn Bishop, who
confirmed that the firm stood by BSG's accounts at a meeting with ADT in the run-up to the acquisition,
had thereby taken on a contractual relationship with ADT. This development has occurred, apparently,
because (post-Caparo) solicitors and bankers are advising clients intent on acquisitions to get direct
assurances from the target's auditors on the truth and fairness of the accounts.
BBH appealed this decision; the liable partners, because of a shortfall in insurance cover, were left facing the
prospect of coming up with CU34m. An out of court settlement was reached with ADT.

A case in 1997 appeared to take a slightly different line, although this case related to some management
accounts on which no written report had been issued.

Worl<ed example: Peach Publishing ltd


In Peach Publishing Ltd v Slater & Co 1997 the Court of Appeal ruled that accountants are not automatically
liable if they give oral assurances on accounts to the purchaser of a business. The case involved management
accounts, which the accountant stated the accounts were right subject to the qualification that they had not
been audited. The Court held that the purpose of giving the assurance was not to take on responsibility to
the purchaser for the accuracy of the accounts. The purchaser's true objective in this case was to obtain a
warranty from the accountant's client, the target. Therefore the accountant was not assuming responsibility
to the purchaser but giving his client information on which it could decide whether or not to give the
warranty. The Court of Appeal also observed that the purchaser should not have relied on the management
accounts without having them checked by its advisers.

Worked example: Omega Trust Co Ltd


In a further case the Court of Appeal gave guidance on the effect of a disclaimer which stated that the report
had been prepared for the client only and no-one else should rely on it. In Omega Trust Co Ltd v Wright Son &
Pepper 1997 (which related to surveyors but the facts of which can be applied to accountants) the court held
that the surveyor was entitled to know who his client was and to whom his duty was held. He was entitled to
refuse liability to an unknown lender or any known lender with whom he had not agreed.

All this case law raised some problems. In spite of the judgement in Caparo, the commercial reality is
that creditors and investors (especially institutional ones) do use audited accounts. The Companies Act
requires a company to file accounts with the Registrar. Why is this a statutory requirement? It is surely
because the public, including creditors and potential investors, have a need for a credible and independent
view of the company's performance and position.
It would be unjust if auditors, who have secondary responsibility for financial statements being prepared
negligently, bore the full responsibility for losses arising from such negligence just because they are insured.
It would also be unjust if the auditors could be sued by all and sundry. While the profession has generally
welcomed Caparo, two obvious problems are raised by decision.

43 0

Is a restricted view of the usefulness of audited accounts in the profession's long-term interests?

For private companies there will probably be an increase in the incidence of personal guarantees and
warranties given by the directors to banks and suppliers.

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY


Recent developments in the US appear to try and redress the balance of liability by highlighting the
responsibilities of management with regard to published financial statements. The Sarbanes-Oxley Act
requires chief executive officers and finance officers to certify that the accounts of listed companies are not
misleading and present the company's financial positional and results fairly. In addition, they are required to
confirm that they are responsible for internal controls ad have reported significant control weakness to the
auditors/audit committee.
The Companies Act requires directors not to make misleading statements to the auditors. However,
auditors retain liability to shareholders for negligence and breach of duty, therefore they need to
corroborate statements made to them and ensure they are not relying on representations recklessly.

4.7

Banks and other major lenders


Banks and other major lenders have generally been excluded from the extent of negligent auditors' liability
by the decision in Caparo.
Banks often include clauses in loan agreements referring to audited accounts and requesting that they have
access to audited accounts on a regular basis or when reviewing the loan facility. In other words, banks may
document a 'relationship' with the auditors to establish that a duty of care exists.
A recent Scottish case involved a situation similar to this and may suggest that judicial thinking on the
matter is developing.

Worked example: Bannerman Johnstone Maclay and Others


In Royal Bank of Scotland v Bannerman Johnstone Maclay and Others 2002 the bank, who provided an overdraft
facility to the company being audited, claimed the company had misstated its position due to a fraud and
that the auditors were negligent in not discovering the fraud. The auditors claimed that they had no duty of
care to the bank. However, the judge determined that the auditors would have known that the bank
required audited accounts as part of the overdraft arrangement and could have issued a disclaimer to the
bank. The fact that they had not issued a disclaimer was an important factor in deciding that the auditors did
owe a duty of care to the bank.

This case did however establish the principle that auditors could exclude liability to third parties. See below.

Worked example: Galoo ltd v Bright Graham Murray ( 1994) BCC 319
Galoo Ltd had incurred losses of 25 million between 1986 and 1990, and had paid a dividend of 500,000
in 1988. It sued the auditor for breach of contractual duty to exercise reasonable care and skill, maintaining
that the trading losses were attributable to the continued existence of the company, which, in turn, was due
to reliance on the allegedly negligent audit opinions. The Court of Appeal held that there was no causal
connection between the alleged negligence and the losses incurred. The financial reports may have allowed
the company to continue trading, but the company's existence was not the cause of its losses. The claim
against the auditor was struck out.

4.8

Assurance services
The audit firm might be able and prepared to offer assurances to the bank in relation to financial
statements, position, internal controls or other matters of interest to a primary lender. If this is the case,
and the service is required by the bank, the auditor should seek to create an engagement with the bank
itself.
You should bear in mind that providing assurance services to a lender could result in a conflict of interest
arising.

The Institute of Chartered Accountants in England and Wales, March 2009

43 I

Advanced Stage- Advanced Audit and Assurance

4. 9

Settlements out of court


Many liability claims are settled out of court. The advantages of doing so are claimed to be a saving in time
and cost, and also perhaps a lower settlement. An out of court settlement also avoids a high profile court
case which potentially damages a firm's reputation.
Arguments against an out-of-court settlement include the allegations that they often arise through the
unwillingness of an auditor's insurance company to risk a settlement in court. An out of court settlement
also leaves the question of the audit frrm's responsibility unsettled, but nevertheless the firm's insurance
premiums may rise.

4.1 0

Disclaimers
The cases above suggest that a duty of care to a third party may arise when an accountant does
not know that his work will be relied upon by a third party, but only knows that it is work of a kind
which is liable in the ordinary course of events to be relied upon by a third party.
Conversely, an accountant may sometimes be informed or be aware, before he carries out certain work,
that a third party will rely upon the results. An example is a report upon the business of a client which the
accountant has been instructed to prepare for the purpose of being shown to a potential purchaser or
potential creditor of that business. In such a case an accountant should assume that he will be held to owe
the same duty to the third party as to his client. The Bannermann case suggests this will also be
necessary for audit work.
There are areas of professional work where it is not possible for liability to be limited or excluded. There
are other areas of professional work (for example when preparing reports on a business for the purpose of
being submitted to a potential purchaser) where although such a limitation or exclusion may be included, its
effectiveness will depend on the view which a court may subsequently form of its reasonableness.

4.1 I

Litigation avoidance
The other aspect of how firms are trying to deal with litigation is what they are trying to do to avoid
litigation. This strategy has various aspects.
~

Client acceptance procedures are very important, particularly the screening of new clients and the use
of engagement letters.
Performance of audit work. Firms should make sure that all audits are carried out in accordance

with professional standards and best practice.


~

Quality control. This includes not just controls over individual audits but also stricter 'whole-firm'
procedures. (See Chapter I)

Issue of appropriate disclaimers. We discussed above the importance of these.

Interactive question 8: Audit Liability

[Difficulty level: Exam standard]

Although auditors can incur civil liability under various statutes it is far more likely that they will incur
liability for negligence under the common law, as the majority of cases against auditors have been in this
area. Auditors must be fully aware of the extent of their responsibilities, together with steps they must take
to minimise the danger of professional negligence claims.

Requirements
(a)

Discuss the extent of an auditors' responsibilities to shareholders and others during the course of
their normal professional engagement.

(b)

List six steps which auditors should take to minimise the danger of claims against them for negligent
work.

See Answer at the end of this chapter.

43 2

The Institute of Chartered Accountants in England and Wales, March 2009

FRAUD AND AUDITOR LIABILITY

4. ~ 2

Current issues in auditor liability


As auditor liability is an important practical issue, there are regularly developments in this area.
Even with Pll and other means of restricting liability there has been great concern throughout the audit
profession globally at the remaining risks to firms' survival in the face of claims which might exceed their
insurance cover.
The profession has lobbied for further protection in the form of proportionate liability or capping liability.

Definitions
Proportionate liability: Proportionate liability would allow claims arising from successful negligence
claims to be split between the auditors and the directors of the client company, the split being determined
by a judge on the basis of where the fault was seen to lie. This would require the approval of shareholders.
Capping liability: Capping liability would set a maximum limit on the amount that the auditor would have
to pay out under any claim.

The Institute of Chartered Accountants in England and Wales, March 2009

433

chapter II

Auditing in an IT
environment

Introduction

Topic List
I

Information technology and risk

Impact on controls

Electronic commerce

Summary and Self-test


Technical reference
Answers to Self-test
Answer to Interactive question

The Institute of Chartered Accountants in England and Wales, March 2009

45 I

AUDITING IN AN IT ENVIRONMENT

Information technology and risk

(A

Section overview

~ ~
~

The main risks associated with using computerised systems include infection by viruses and access by
unauthorised users. Both these risks could potentially have a very damaging effect on the business.

This means that a number of the. cootrols which the directors are required to put into place to
safeguard the assets of the shareholders must be ihcorporated into the computer systems.
.
.
A~ditors have to assess the effectiveness of the controls in place within computer systems and cando
this by performing a systems audit as part of their initial assessment of risk during the planning stage
of the audit.

1.1

A huge number of organisations now use computer systems to run their businesses and to process
finanCial information.

The use of information technology


Most organisations and businesses, even very small entities, now use information technology to some
degree. The first use of a computerised accounting system is thought to have been back in 1954 by General
Electric, and rapid advances in computer technology since then are allowing companies to conduct business
globally, making them indispensable and essential to an entity's operations.
However, the increasing use of computer systems brings with it certain risks to the business which can
also have an impact on the risk of the financial statements being misstated. These risks have
increased with the development of the Internet in the last few years and with it the facility for transactions
to be conducted electronically.

I .2

Risks associated with the use of computerised systems


The two key business risks of organisations using computerised systems are:
~

The system being put at risk by a virus or some other fault or breakdown which spreads across the
system

The system being invaded by an unauthorised user who could then


Affect the smooth operation of the system
Obtain commercially sensitive information

The client is likely to have contingency plans in the event of the system being affected by the risks
outlined above. However, it is also important to know that the original system is as reliable as could be
expected, and whether it is the best system that the company could be using, at the given cost.
The company might seek such assurances from its service provider. However, the service provider has a
vested interest in the company believing that its system is reliable and the best available, because he is paid
to supply it.
This means that the directors might seek an assurance service from the auditors or another firm of
accountants, to undertake work to ascertain whether the assertions of the service provider are correct.
If a firm of accountants considers taking on such an assurance engagement, it must ensure that it has staff of
sufficient skills and experience to undertake the procedures required to ascertain whether the assurances
are correct. It must ensure that it has an IT specialist on the team.

Internal control effectiveness is generally assessed by means of undertaking a systems audit.

The Institute of Chartered Accountants in England and Wales, March 2009

453

Advanced Stage -Advanced Audit and Assurance

I .3

Systems audit
As part of any audit, auditors are required to assess the quality and effectiveness of the accounting
system. Increasingly, this necessarily includes a consideration of the computer systems in place within the
organisation.
Auditors could accept an assurance engagement to undertake this task outside of the audit and to report
specifically on findings. The following are the key areas they are likely to concentrate on to establish how
reliable the systems are:
~

~
~

Management policy
Segregation of duties
Security

You should be aware that these are important control considerations in a computer environment. The
details that the reporting accountant will consider within each area are outlined below.

Management policy

~
~

Does management have a written statement of policy with regard to computer systems?
Is it compatible with management policy in other areas?
Is it adhered to?
Is it sufficient and effective?
Is it updated when the systems are updated?
Does it relate to the current system?

Segregation of duties
~

Is there adequate segregation of duties with regard to data input?


Are there adequate system controls (e.g. passwords) to enforce segregation of duties?

Security
~

Is there a security policy in place:


Physical security (locked doors/windows)
Access security (passwords
Data security (virus shields)

I .4

Is it adhered to?

Is it sufficient and effective?

Reporting
It is vital that management receive information on the effectiveness of their controls systems and systems
reliability generally. This is because, as stated earlier, the operations of the company are likely to rely heavily
if not completely on computer systems, and if problems arise, operations could be severely affected.
Problems could arise in terms of:
~
~

No production being possible


No invoicing being possible
Invoicing being duplicated or omitted

Other stakeholders, such as customers and suppliers, will also be interested in the reliability of the
company's systems, as they will not want to deal with a company which makes mistakes and cannot operate
properly.
It is because of the vital importance of this area to business that management may also want to obtain
assurance concerning the information it receives on systems reliability.

454

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING IN AN IT ENVIRONMENT

2 Impact on controls
Section overview

2.1

IT controls comprise general and applic:ation controls. General controls establish a framework of
overall control over the system's activities whereas application controls are specific controls over the
applications maintained by the.system.

Computer-assisted audit techniques (CMTs) can be used by the auditor to test application controls
within the client's computer systems.

Introduction
The internal control activities in a computerised environment fall within two categories: general controls
and application controls. We will discuss these in greater detail below.

2.2

General controls
The purpose of general IT controls is to establish a framework of overall control over the computer
information system's activities to provide a reasonable level of assurance that the overall objectives of
internal controls are achieved. They include controls over access security, data centre and network
operations, software acquisition, change and maintenance, and application system acquisition, development
and maintenance. They are sometimes referred to as supervisory, management or information technology
controls. General controls are considered in detail below.

Development of
computer applications

Standards over systems design, programming and documentation


Full testing procedures using test data
Approval by computer users and management
Segregation of duties so that those responsible for design are not
responsible for testing
Installation procedures so that data is not corrupted in transition
Training of staff in new procedures and availability of adequate
documentation

Prevention or detection
of unauthorised changes
to programs

Segregation of duties
Full records of program changes
Password protection of programs so that access is limited to computer
operations staff
Restricted access to central computer by locked doors, keypads
Maintenance of programs logs
Virus checks on software: use of anti-virus software and policy prohibiting
use of non-authorised programs or files
Back-up copies of programs being taken and stored in other locations
Control copies of programs being preserved and regularly compared with
actual programs
Stricter controls over certain programs (utility programs) by use of readonly memory

The Institute of Chartered Accountants in England and Wales, March 2009

455

Advanced Stage- Advanced Audit and Assurance

Complete testing procedures

Testing and
documentation of
program changes

Documentation standards
Approval of changes by computer users and management
Training of staff using programs
Operation controls over programs

Controls to prevent
wrong programs or files
being used

Libraries of programs
Proper job scheduling

Controls to prevent
unauthorised
amendments to data
files

Physical security over remote terminals


Limited access to authorised personnel only
Firewalls
User identification controls such as passwords
Encryption of data

Controls to ensure
continuity of operation

Storing extra copies of programs and data files off-site


Protection of equipment against fire and other hazards
Back-up power sources
Emergency procedures
Disaster recovery procedures e.g. availability of back-up computer
facilities
Maintenance agreements and insurance

The auditors will wish to test some or all of the above general controls, having considered how they affect
the computer applications significant to the audit.
General IT controls that relate to some or all applications are usually interdependent controls, i.e. their
operation is often essential to the effectiveness of application controls. As application controls may be
useless when general controls are ineffective, it will be more efficient to review the design of general IT
controls first, before reviewing the application controls.

2.3

Application controls
The purpose of application controls is to establish specific control procedures over the accounting
applications in order to provide reasonable assurance that all transactions are authorised and recorded,
and are processed completely, accurately and on a timely basis. Application controls include data capture
controls, data validation controls, processing controls, output controls and error controls. Examples of
application controls are shown in the table below.

Controls over input:


completeness

Manual or programmed agreement of control totals


Document counts
One-for-one checking of processed output to source documents
Programmed matching of input to an expected input control file
Procedures over resubmission of rejected items

456

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING IN AN IT ENVIRONMENT

Controls over input:


accuracy

Programs to check data fields (for example value, reference number, date) on
input transactions for plausibility
Digit verification (e.g. reference numbers are as expected)
~

Reasonableness test (e.g. sales tax to total value)

Existence checks (e.g. customer name)

Character checks (no unexpected characters used in reference)

Necessary information (no transaction passed with gaps)

Permitted range (no transaction processed over a certain value)

Manual scrutiny of output and reconciliation to source


Agreement of control totals (manual/programmed)

Controls over input:


authorisation

Controls over
processing

Manual checks to ensure information input is


~

Authorised

Input by authorised personnel

Similar controls to input must be in place when input is completed, for


example, batch reconciliations
Screen warnings can prevent people logging out before processing is
complete

Controls over master


files and standing
data

One-to-one checking
Cyclical reviews of all master files and standing data
Record counts (number of documents processed) and hash totals (for
example, the total of all the payroll numbers) used when master files are
used to ensure no deletions
Controls over the deletion of accounts that have no current balance

Control over input, processing, data files and output may be carried out by IT personnel, users of the
system, a separate control group and may be programmed into application software.

2.4

The use ofCAATs


Computer-assisted audit techniques (CAATs) can assist the auditor in testing application controls. As
you will know from your earlier audit studies, there are generally two types of CAATs: audit software
and test data.
Audit software includes generalised audit software and custom audit software. Generalised audit
software includes programs that allow the auditor to carry out tests on computer files and databases. An
example of a generalised audit software program is ACL.
Generalised audit software allows auditors to perform a number of functions such as database access,
sample selection, arithmetic functions, statistical analyses and report generation.
The advantages of generalised audit software include the fact that it is easy to use, limited IT programming
skills are needed, the time required to develop the application is relatively short, and entire populations can
be examined, thus negating the need for sampling. However, the drawbacks of using this type of CAAT are
that it involves auditing after the client has processed the data rather than whilst the data is being
processed, and it is limited to procedures that can be performed on data that is available electronically.
Custom audit software is normally written by auditors for specific audit tasks. It is normally used in
situations where the client's computer system is not compatible with the auditor's generalised audit
software or where the auditor wants to do some testing that might not be possible with the generalised

The Institute of Chartered Accountants in England and Wales, March 2009

45 7

Advanced Stage -Advanced Audit and Assurance


audit software. However, this type of CMT can be expensive and time-consuming to develop and may
require a lot of modification if the client changes its accounting application programs.
Test data is used to test the application controls in the client's computer programs. Test data is
first created for processing and it included both valid and invalid data which is processed on the client's
computer and application programs. The invalid data should therefore be highlighted as errors. Test data
allows the auditor to check data validation controls and error detection routines, processing logic controls,
arithmetic calculations and the inclusion of transactions in records and files.
The main benefit of test data is that it provides direct evidence on the effectiveness of controls in the
client's application programs. However, its drawbacks include the fact that it is very time-consuming to
create the test data, the auditor cannot be certain that all relevant controls are tested and the auditor must
make sure that all valid test data is removed from the client's systems.
In the table below, we briefly examine ways of testing application controls, including the use of CMTs to
do so.

Manual controls
exercised by the user

If manual controls exercised by the user of the application system are


capable of providing reasonable assurance that the system's output is
complete, accurate and authorised, the auditors may decide to limit tests
of control to these manual controls.

Controls over system


output

If, in addition to manual controls exercised by the user, the controls to be


tested use information produced by the computer or are contained
within computer programs, such controls may be tested by examining the
system's output using either manual procedures or CMTs. Such output
may be in the form of magnetic media, microfilm or printouts.
Alternatively, the auditor may test the control by performing it with the
use ofCMTs.

Programmed control
procedures

In the case of certain computer systems, the auditor may find that it is
not possible or, in some cases, not practical to test controls by examining
only user controls or the system's output. The auditor may consider
performing tests of control by using CMTs, such as test data,
reprocessing transaction data or, in unusual situations, examining the
coding of the application program.

-~--------- "'

----

As we have already noted, general IT controls may have a pervasive effect on the processing of transactions
in application systems. If these general controls are not effective, there may be a risk that misstatements
occur and go undetected in the application systems. Although weaknesses in general IT controls may
preclude testing certain IT application controls, it is possible that manual procedures exercised by users
may provide effective control at the application level.

3 Electronic commerce

458

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING IN AN IT ENVIRONMENT

3.1

Introduction
Definitions
Internet: The Internet is a global network connecting millions of computers.
World Wide Web: The World Wide Web (www) is a system of Internet servers that supports specially
formatted documents. A group of documents accessed from the same base web site is known as a website.
Electronic data interchange: Electronic data interchange (EDI) is a form of computer to computer data
transfer. Information can be transferred in electronic form, avoiding the need for the information to be reinputted somewhere else.
Electronic mail: Electronic mail (e-mail) is a system of communicating with other connected computers
or via the Internet in written form.
Electronic commerce: Electronic commerce (e-commerce) involves individuals and companies carrying
out business transactions without paper documents, using computer and telecommunications links.

3.2

Engaging in e-commerce
The terms described above are all now commonly used in business. You are probably familiar with most, if
not all, of them.
All of them are (or can be) used in e-commerce. As this is a very fast growing area of business, it is an
important area for everyone, including accountants, today.
A business can engage in e-commerce to a large or small extent. The greater the involvement a business has
with e-commerce, the more the risk associated with it. The extent of involvement is explored in the
following table.

Information provision: A website can be used as a marketing device, to provide


information to potential customers, and to enable them to request further information
through an email link.

LOW

Transactions with existing customers. Existing customers can be given the opportunity
to track current contracts or initiate others over the website.
Access to new customers. A website can be used as a place where new customers may
initiate transactions with the company.
New business model. A website can be used to diversify into specific web-based products,
for example, items that are 'downloadable'.

HIGH

There are a variety of business risks specific to a company involved in e-commerce, which will exist to a
greater or lesser degree depending on the extent of involvement.
~

Risk of non-compliance with taxation, legal and other regulatory issues

Contractual issues arising: are legally binding agreements formed over the Internet?

Risk of technological failure (crashes) resulting in business interruption

Impact of technology on going concern assumption, extent of risk of business failure

Loss of transaction integrity, which may be compounded by the lack of sufficient audit trail

Security risks, such as virus attacks and the risk of frauds by customers and employees

The Institute of Chartered Accountants in England and Wales, March 2009

459

Advanced Stage -Advanced Aud'1t and Assurance


~

Improper accounting policies in respect of capitalisation of costs such as website development costs,
misunderstanding of complex contractual arrangements, title transfer risks, translation of foreign
currency, allowances for warranties and returns, and revenue recognition issues

Over-reliance on e-commerce when placing significant business systems on the Internet

Many of these issues have implications for the statutory audit and these are discussed in detail in the
next section.
An entity that uses e-commerce must address the business risks arising as a result by implementing
appropriate security infrastructure and related controls to ensure that the identity of customers and
suppliers can be verified, the integrity of transactions can be ensured, agreement on terms of trade can be
obtained, as well as payment from customers is obtained and privacy and information protection protocols
are established.

3.3

Considerations for auditors


BAPS I0 13 Electronic Commerce - Effect on the Audit of Financial Statements sets out the special
considerations for auditors who are undertaking audits of companies that use e-commerce, because of the
particular risks associated with using public networks such as the Internet for business.
Firstly the auditor needs consider whether the staff assigned to the audit have appropriate IT and
Internet business knowledge to carry out the audit. The auditor must also ensure that he has sufficient
knowledge of the client's business in accordance with BSA 315 Obtaining an Understanding of the Entity and its
Environment and Assessing the Risks of Material Misstatement In particular the auditor must consider the
following:
~
~
~
~

The entity's business activities and industry


The entity's e-commerce strategy
The extent of the entity's e-commerce activities
The entity's outsourcing arrangements

Internal controls can be used to mitigate many of the risks associated withe-commerce. The auditor has
to consider the control environment and control procedures in accordance with the requirements of BSA
315. There may be situations (such as the use of highly automated e-commerce systems, high transaction
volumes, lack of electronic evidence) when the auditor would have to use tests of control as well as
substantive procedures to render audit risk to an acceptably low level. In these situations, CAATs could be
used.
When auditing an entity that uses e-commerce, BAPS I013 states that the auditor must consider in
particular the issues of security, transaction integrity and process alignment.
When examining the issue of security, the auditor should consider the following:
~
~
~
~

The use of firewalls and virus protection software


The effective use of encryption
Controls over the development and implementation of systems used to support e-commerce
activities
Whether security controls already in place are as effective as new technologies become available
Whether the control environment supports the control procedures implemented

When considering transaction integrity, the auditor must consider the completeness, accuracy, timeliness
and authorisation of the information provided for recording and processing in the financial records, by
carrying out procedures to evaluate the reliability of the systems used for capturing and processing the
information.

Process alignment is the way the IT systems used by the entity are integrated with one another to
operate effectively as one system. Many websites are not automatically integrated with the internal systems
of the entity, such as its accounting system and inventory management system, and this may affect issues
such as the completeness and accuracy of transaction processing, the timing of recognition of sales,
purchases and other transactions, and the identification and recording of disputed transactions.

460

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING IN AN IT ENVIRONMENT

3.4

Other assurance engagements


A key problem with e-commerce is one of trust. In most cultures, consumers grant their trust to business
parties that have a close physical presence: buildings, facilities and people to talk to. On the Internet these
familiar elements are simply not there. The seller's reputation, the size of his business, and the level of
customisation in product and service also engender trust.
Internet merchants need to elicit consumer trust when the level of perceived risk in a transaction is high.
However, research has found that once consumers have built up trust in an Internet merchant such
concerns are reduced.
Internet merchants need to address issues such as fear of invasion of privacy and abuse of customer
information (about their credit cards, for example) because they stop people even considering the Internet
as a shopping medium.
The parties involved in e-commerce need to have confidence that any communication sent gets to its target
destination unchanged, and without being read by anyone else.

Web Trust and SysTrust are examples of assurance services developed in the last few years in relation to
e-commerce. The underlying principles of these two services have been combined into one common set of
principles known as Trust Services, which allow auditors to evaluate business systems and controls.
Trust Services are based on five principles:
~
~

Security- the system is protected against unauthorised access


Availability- the system is available for operation and use as agreed

Processing integrity- system processing is complete, accurate, timely and authorised

Online privacy- personal information obtained as a result of e-commerce is collected, used,

Confidentiality- information designated as confidential is protected as agreed

disclosed and retained as agreed


WebTrust and SysTrust can be used to provide assurance on an organisation's website and on its systems
respectively. Such assurance engagements are performed as reasonable assurance engagements other than
an audit of historical financial information in accordance with ISAE 3000.
It has been a feature of electronic commerce that people appeared to be happy to browse on-line, but less
happy to make purchases, due to a lack of knowledge about the company they were dealing with. This led
to concerns about
~
~
~

Processing of the transaction


Use of the personal information that must be given to complete the sale
Poor business practices by the company (late delivery/errors in order etc)

Web assurance seeks to remove this barrier by providing assurance to the users of the service. An
assurance assignment under WebTrust would involve looking at the assertions of the company's
website in respect of the five principles outlined above, and seeking evidence as to whether what it says
about its service is true, and whether the systems in place comply with the pre-determined criteria.
The outcome of the exercise is that if the accountant has assurance that the systems comply and the
representations made about the service are fair, the website can be WebTrust accredited.
Note however, that in order to obtain the Web Trust accreditation, the organisation must meet all the
Trust Services principles and engage a practitioner who is licensed to provide the WebTrust service.
Similarly, SysTrust allows practitioners to provide assurance on a company's information system, again using
the principles described above. Briefly, such an assignment would consider the system's infrastructure,

software, personnel, procedures and data.

The Institute of Chartered Accountants in England and Wales, March 2009

46 I

Advanced Stage- Advanced Audit and Assurance

Interactive

Inc

level; Exam

NewForm Inc (NewForm), a client of your firm, has recently established an e-commerce division within its
existing business to provide an additional outlet for its product range, which consists of up-market casual
wear for adults. An objective in introducing the new division was to have a completely paperless ordering,
payment and despatch system.
The new e-commerce system is administered centrally by NewForm and deals with customer orders and
credit card payments. Customers are able to place orders and pay for the goods on-line. Inventories for
customer orders are held remotely by Key Distributors (KD), which is a completely separate business from
NewForm. Once on-line payment by credit card is cleared by NewForm, despatch details are forwarded to
KD electronically. KD then despatches customer orders. Inventories are ordered by NewForm for delivery
direct to KD.

Requirements
(a)

In planning the audit of NewForm, identify and explain four key risks that may arise from the
development of the new e-commerce division.

(b)

Identify and explain the application controls which you think are necessary for the integrity of the
ordering and payments system.

See Answer at the end of this chapter.

462

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING IN AN IT ENVIRONMENT

Summary and Self-test

Summary
Application controls
Data capture
- Data validation
- Processing
Output
- Errors

IT controls

General controls
Access security
Data centre and network
operations
- Software acquisition, change and
maintenance
Application systems acquisition,
development and maintenance

Non-compliance with law


- Security
.
- Accounting policies
- Transaction integrity
Crashes
- Going concern
- Contractual issues

WebTrust and
SysTrust

Assurance
Security
- Availability
- Processing integrity
Online privacy
- Confidentiality

The Institute of Chartered Accountants in England and Wales, March 2009

463

chapter I I

Auditing in an IT
environment
Contents
Introduction

Topic List
Information technology and risk
2

Impact on controls

Electronic commerce

Summary and Self-test


Technical reference
Answers to Self-test
Answer to Interactive question

The Institute of Chartered Accountants in England and Wales. March 2009

45 I

AUDITING IN AN IT ENVIRONMENT

1 n~o
I

... - ...... .o........ _~..._ ..... 1,.,. .....,.... n,..


,....=c:k
I I \.C\..IIIIV Vl:JT a.
U
_,,

I 1114\.

Section overview

I .I

A huge number of organisations now use computer systems to run their businesses and to process
financial information .

._

The main risks associated with using computerised systems include infection by viruses and access by
unauthorised users. Both these risks could potentially have a very damaging effect on the business.

This means that a number of the controls which the directors are required to put into place to
safeguard the assets of the shareholders must be incorporated into the computer systems .

._

Auditors have to assess the effectiveness of the controls in place within computer systems and can do
this by performing a systems audit as part of their initial assessment of risk during the planning stage
of the audit.

The use of information technology


Most organ1sat1ons and businesses. even very small entitles, now use information technology to some
degree. The first use of a computerised accounting system is thought to have been back 1n 1954 by General
Electric, and rapid advances in computer technology since then are allowing compan1es to conduct business
globally, making them indispensable and essential to an entity's operations.
However, the increasmg use of computer systems brings with it certain risks to the business which can
also have an 1m pact on the risk of the financial statements being misstated. These risks have
mcreased with the development of the Internet in the last few years and with It the facility for transactions
to be conducted electronically.

1.2

Risks associated with the use of computerised systems


The two key business risks of organisations using computerised systems are:
~

The system being put at risk by a virus or some other fault or breakdown which spreads across the
system

.,

The system being invaded by an unauthorised user who could then


Affect the smooth operation of the system
Obtain commercially sensit1ve information

The client is likely to have contingency plans in the event of the system being affected by the nsks
outlined above. However, it is also important to know that the original system is as reliable as could be
expected, and whether it is the best system that the company could be using, at the given cost.
The company might seek such assurances from its serv1ce provider. However, the service provider has a
vested interest in the company believing that its system is reliable and the best available. because he 1s paid
to supply 1t.
This means that the directors might seek an assurance service from the auditors or another firm of
accountants, to undertake work to ascertain whether the assertions of the service prov1der are correct.
If a fwm of accountants considers taking on such an assurance engagement, it must ensure that it has staff of
sufficient skills and experience to undertake the procedures required to ascertain whether the assurances
are correct. It must ensure that it has an IT specialist on the team.

Internal control effectiveness is generally assessed by means of undertaking a systems audit.

The Institute of Chartered Accountants in England and Wales. March 2009

45 3

chapter 12

Auditing fair values

Introduction

Topic List
I

Fair value

Financial instruments

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

471

AUDITING FAIR VALUES

Fair value
Section overview
~.

Fair Value measurements of assets, liabilities and components of equity. may arise from both the initial
recording of transactions and .later changes in value

Auditing fair value requires both the assessment of risk and evaluating the appropriateness of the fair
value

1.1

.Fair value is a key issue to investment property, pension costs, share-based payments

Introduction
Fair value is the amount for which an asset or liability could be exchanged between knowledgeable, willing
parties in an arm's length transaction.
Fair value accounting is increasingly important and affects the audit of valuation for both assets and
liabilities. Many standards now allow valuation at fair value. The following table summarises some of the
main instances which you should be familiar with from your financial reporting studies.

BAS 16 Property, Plant and


Equipment

Under the revaluation model an item of property, plant and equipment


whose fair value can be measured reliably is carried at fair value less
any subsequent depreciation

BAS 19 Employee Benefrts

When accounting for a defined benefit plan the fair value of plan
assets should be established

BAS 36 Impairment of Assets

Recoverable amount is the higher of fair value less costs to sell and
value in use

BAS 39 Financial InstrumentsRecognition and Measurement

Fair values may be used to measure certain financial assets and


liabilities

BAS 40 Investment Property

After initial recognition investment property may be measured at


fair value

BAS 41 Agriculture

A biological asset should be measured at its fair value less


estimated point of sale costs
Agricultural produce should be measured at its fair value less
estimated point of sale costs at the point of harvest

BFRS 2 Share-based Payment

Share-based payment transactions should be measured at fair


value

BFRS 3 Business Combinations

Calculation of goodwill reflects the difference between the acquisition


date fair value of the consideration given plus the noncontrolling interest (which may be measured at fair value) and
the acquisition date fair value of the identifiable assets acquired
and liabilities assumed

As you can see above fair value measurements of assets, liabilities and components of equity may arise from
both the initial recording of transactions and later changes in value. Changes in fair value
measurements that occur over time may be treated in different ways under different circumstances. For
example, the revaluation of an item of owner occupied property would be recorded as other
comprehensive income and taken directly to equity, whilst the annual restatement of an investment
property will be reflected in profit or loss.

The Institute of Chartered Accountants in England and Wales, March 2009

473

Advanced Stage- Advanced Audit and Assurance


For the auditor the use of fair values will raise a number of issues. The determination of fair value will
generally be more difficult than determining historical cost. It will be more difficult to establish whether
fair value is reasonable for complex assets and liabilities than for more straightforward assets or liabilities
which have an actively traded market and therefore a market value.
Generally speaking, the trend towards fair value accounting will increase audit work required, not only
because determining fair values is more difficult, but because fair values fluctuate in a way that historical
costs do not, and will need vouching each audit period. Fair value will, for the same reasons, increase
audit risk.
Fair value is the subject of an auditing standard, BSA 545 Auditing Fair Value Measurements and Disclosures.
This addresses audit considerations relating to the measurement, presentation and disclosure of material
assets, liabilities and specific components of equity presented or disclosed at fair value in financial
statements. The standard requires auditors to obtain sufficient appropriate audit evidence that fair
value measurements and disclosures are in accordance with the entity's applicable financial reporting
framework. This means that the auditor must have a sound knowledge of the accounting requirements
relevant to the entity and when fair value is allowed.

1.2
1.2.1

Auditing fair value measurements and disclosures


Risk assessment
Management is responsible for establishing the process for determining fair values. This process will vary
considerably from organisation to organisation. Some companies will habitually value items at historical cost
where possible, and may have poor processes for determining fair values if required. Others may have
complex systems for determining fair value if they have a large number of assets and liabilities which they
account for at fair value, particularly where a high degree of estimation is involved.
BSA 545 requires the auditor to assess the entity's process for determining fair value measurements and
disclosures and the related control activities and to assess the risks of material misstatement. This
would include consideration of the following:

1.2.2

The relevant control activities over the process e.g. controls over data and the segregation of duties
between those committing the entity to the underlying transaction and those responsible for
undertaking the valuations.

The expertise and experience of those persons determining the fair value measurements

The role that information technology has in the process

The types and accounts or transactions requiring fair value measurements or disclosures e.g.
whether the accounts arise from routine/recurring transactions or non-routine/unusual transactions

The extent to which the process relies on a service organisation

The extent to which the entity uses the work of experts in determining fair value measurements and
disclosures

The significant management assumptions used

Documentation supporting management's assumptions

The methods used to develop and apply management assumptions and to monitor changes in those
assumptions

The integrity of change controls and security procedures for valuation models and relevant
information systems, including approval processes

Controls over the consistency, timeliness and reliability of the data used in valuation models

Evaluating the appropriateness of fair value


BSA 545 requires the auditor to evaluate whether the fair value measurements and disclosures in the
financial statements are in accordance with the entity's applicable financial reporting framework.

474

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES


Where these measurements are based on assumptions about future conditions, transactions or events
resulting from management intentions to carry out certain actions the auditor should:
~

Consider management's past history of carrying out its stated intentions with respect to assets or
liabilities

Review written plans and other documentation, including where applicable, budgets minutes etc

Consider management's stated reasons for choosing a particular course of action

Consider management's ability to carry out a particular course of action given the entity's
economic circumstances, including the implications of its contractual commitments.

If there are alternative allowable methods for measuring fair value, or a particular model is not prescribed
by the relevant accounting standard, the auditor should consider whether the entity's method is
consistent with other fair value measurements in the financial statements and whether it is applied
consistently.

1.2.3

Audit procedures in response to risk assessment


BSA 545 states that the auditor should perform further audit procedures designed to address the risk
of misstatement.
The nature, timing and extent of further audit procedures will depend heavily on the complexity of the
fair value measurement. For example, the fair value measurement of assets that are sold in open, active
markets that provide readily available and reliable information on the prices at which exchanges actually
occur should be relatively straightforward e.g. published price quotations for marketable securities.
Alternatively, a specific asset may not have an active market or may possess characteristics that make it
necessary for management to estimate its fair value e.g. an investment property or a complex derivative
financial instrument. The estimation of fair value may be achieved through the use of a valuation model
(for example, a model premised on projections and discounting of future cash flows, or an option pricing
model) or through the assistance of an expert such as an independent expert (e.g. to value property,
brands or other specialist assets).
Complex fair value measurements normally are characterised by greater uncertainty regarding the
reliability of the measurement process. This greater uncertainty may be the result of:
~

Length of the forecast period

The number of significant and complex assumptions associated with the process

A higher degree of subjectivity associated with the assumptions and factors used in the process

A higher degree of uncertainty associated with the future occurrence or outcome of events
underlying the assumptions used

When obtaining audit evidence the auditor evaluates whether:


~

~
~

The assumptions used by management are reasonable


The fair value measurement was determined using an appropriate model if applicable
Management used relevant information that was reasonably available at the time

Other actions by the auditor would also include the following:

1.2.4

The auditor should consider the effect of subsequent events on the fair value measurements and
disclosures in the financial statements

The auditor should evaluate whether the disclosures about fair values made by the entity are in
accordance with its financial reporting framework

The auditor should obtain written representations from management

Current developments
As we saw in Chapter 5 the IAASB has issued ISA 540 (Revised and Redrafted) Auditing Accounting Estimates,
Including Fair Value Accounting Estimates, and Related Disclosures as part of the Clarity Project (see Chapter I).

The Institute of Chartered Accountants in England and Wales, March 2009

475

Advanced Stage- Advanced Audit and Assurance


This standard combines two former standards, ISA 540 Audit of Accounting Estimates and ISA 545 Auditing Fair
Value Measurements and Disclosures. The new ISA treats fair values as a type of accounting estimate and
therefore the requirements of the ISA listed in Chapter 5 (section 7.5) apply as they would to any other
type of accounting estimate.

1.3

Application
This section looks at the audit of a number of areas where fair value is a key issue. Note that whilst the
audit of fair value is important audit procedures also need to address other aspects too, for example
completeness, ownership, disclosure and so on.

1.3.1

Investment property
Definition
Investment property: Property (land or a building- or part of a building- or both} held (by the owner
or by the lessee under a finance lease) to earn rentals or for capital appreciation or both, rather than for:
~
~

Use in the production or supply of goods or services or for administrative purposes; or


Sale in the ordinary course of business.

The following would be non-investment properties:


~
~

~
~

Property held for sale in the ordinary course of business


Property being constructed or developed on behalf of third parties
Owner occupied property
Property being constructed or developed for future use as investment property

Investment property is initially measured at its cost. After recognition it is either measured at cost or fair
value.
Audit evidence

Classification as an investment
property

Confirm that all investment properties are classified in


accordance with BAS 40 definition. This will include:
~

A building owned by the entity and leased out under one or


more operating leases

A building that is vacant but is held to be leased under one or


more operating leases

Verify rental agreements, ensuring that the occupier is not a


connected company and that the rent has been negotiated at
arm's length
If the building has recently been built, check the architect's
certificates to ensure that construction work has been
completed.

47 6

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

Valuation

If cost model adopted check compliance with BAS 16


If fair value model adopted:

Disclosure

Check that fair value reflects market conditions at the


end of the reporting period

Agree valuation to valuer's certificate

Where current prices in an active market are not available


confirm that alternative valuation basis is reasonable and in
accordance with BAS 40

Recalculate gain or loss on change in fair value and agree to


amount in statement of comprehensive income

If fair value cannot be measured reliably confirm use of cost


model

Confirm compliance with BAS 40, for example:


~

Disclosure of policy adopted

If fair value model adopted disclosure of a reconciliation of


carrying amounts of investment property at the beginning
and end of the period.

Interactive question I: Investment property and fair value


level:
Propertyco Ltd, an investment property company, has a portfolio of properties including the following:

Property A

This is used as the company head office

Property B

This is held under a finance lease and is currently rented out to a nongroup company under an operating lease

Property C

This was acquired in the year at a cost of CU3m including legal fees. It
is currently vacant but a tenant is being actively sought

Property D

This has been owned by Propertyco Ltd for a number of years and is
currently rented out to a non-group company

Propertyco Ltd wishes to adopt the fair value model in accordance with BAS 40. Currently all of the above
properties are recorded in the financial statements at fair value.
Based on the information above:
(a)

Identify the audit issues which the auditor would need to consider

(b)

List the audit procedures you would perform regarding fair values

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

477

Advanced Stage -Advanced Audit and Assurance

1.3.2

Pension costs
The treatment of a defined contribution scheme is relatively straightforward.
BAS 19 Employee Benefits requires the following.
(a)

Contributions to a defined contribution plan should be recognised as an expense in the period they
are payable (except to the extent that labour costs may be included within the cost of assets).

(b)

Any liability for unpaid contributions that are due as at the end of the period should be recognised as a
liability (accrued expense).

(c)

Any excess contributions paid should be recognised as an asset (prepaid expense), but only to the
extent that the prepayment will lead to, e.g. a reduction in future payments or a cash refund.

(d)

Disclosure is required of a description of the plan and the amount recognised as an expense in the
period.

Accounting for defined benefit plans is much more complex.


An outline of the method used for an employer to account for the expenses and obligation of a defined
benefit plan is given below.
Actuarial assumptions should be used to make a reliable estimate of the amount of future benefits
employees have earned from service in relation to the current and prior years. Assumptions include, for
example, employee turnover, mortality rates, future increases in salaries (if these will affect the eventual
size of future benefits such as pension payments).

Step 2
These future benefits should be attributed to service performed by employees in the current period, and in
prior periods. This gives a total present value of future benefit obligations arising from past and current
periods of service.

3
The fair value of any plan assets should be established.

4
The size of any actuarial gains or losses should be determined, and the amount of these that will be
recognised.

5
If the benefits payable under the plan have been improved, the extra cost arising from past service should
be determined.

6
If the benefits payable under the plan have been reduced or cancelled, the resulting gain should be
determined
You should refer to your corporate reporting text if you require further revision of the accounting
treatment of pensions.

478

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

Audit evidence

Scheme assets (including


quoted and unquoted
securities, debt instruments,
properties)

Scheme liabilities

Ask directors to reconcile the scheme assets valuation at the


scheme year end date with the assets valuation at the reporting
entity's date being used for BAS 19 purposes

Obtain direct confirmation of the scheme assets from the


investment custodian

Consider requiring scheme auditors to perform procedures

Auditors must follow the principles of BSA 620 Using the Work
of an Expert to assess whether it is appropriate to rely on the
actuary's work

Specific matters would include


The source data used
The assumptions and methods used
The results of actuaries' work in the light of auditors'
knowledge of the business and results of other audit
procedures

Actuarial source data is likely to include:

Actuarial assumptions (for


example, mortality rates,
termination rates, retirement
age and changes in salary and
benefit levels)

Items charged to
operating profit (current
service cost, past service cost,
gains and losses on
settlements and curtailments)

Scheme member data (for example, classes of member and


contribution details)

Scheme asset information (for example, values and income and


expenditure items)

Auditors will not have the same expertise as actuaries and are
unlikely to be able to challenge the appropriateness and
reasonableness of the assumptions. They should nevertheless
ascertain the qualifications and experience of the actuaries. Auditors
can, also, through discussion with directors and actuaries:
~

Obtain a generai understanding of the assumptions and review


the process used to develop them

Compare the assumptions with those which directors have used


in prior years

Consider whether, based on their knowledge of the reporting


entity and the scheme, and on the results of other audit
procedures, the assumptions appear to be reasonable and
compatible with those used elsewhere in the preparation of the
entity's financial statements

Obtain written representations from directors confirming


that the assumptions are consistent with their knowledge of the
business

Discuss with directors and actuaries the factors affecting current


service cost (for example, a scheme closed to new entrants may
see an increase year on year as a percentage of pay with the
average age of the workforce increasing)

Where the results of auditors' work are inconsistent with the directors' and actuaries', additional
procedures, such as requesting directors to obtain evidence from another actuary, may assist in resolving
the inconsistency.

The Institute of Chartered Accountants in England and Wales, March 2009

479

Advanced Stage -Advanced Audit and Assurance

1.3.3

Share-based payments
BFRS 2 Share-based Payments requires entities to recognise the goods or services received as a result of
share-based payment transactions.
There are three types of share-based payment transactions.
(a)

Equity-settled share-based payment transactions, in which the entity receives goods or services
in exchange for equity instruments of the entity.

(b)

Cash-settled share-based payment transactions, in which the entity receives goods or services
in exchange for amounts of cash that are based on the price (or value) of the entity's shares or other
equity instruments of the entity.

(c)

Transactions in which the entity receives or acquires goods or services and either the entity or the
supplier has a choice as to whether the entity settles the transaction in cash (or other assets) or by
issuing equity instruments.

An entity should recognise goods or services received or acquired in a share-based payment transaction
when it obtains the goods or as the services are received. They should be recognised as expenses unless
they qualify for recognition as assets. Transactions are measured at fair value.

Audit evidence
The auditor will require evidence in respect of all the components of the estimated amounts, as well as
reperforming the calculation of the expense for the current year.

Number of employees in scheme/number of


instruments per employee/length of vesting
period.

Scheme details set out in contractual


documentation

Number of employees estimated to benefit

Enquire of directors

Compare to staffing numbers per forecasts


and prediction

For equity-settled schemes check that fair


value is estimated at the grant date

For cash-settled schemes check that the fair


value is recalculated at the end of the
reporting period and at the. date of settlement

Check that the model used to estimate fair


value is in line with BFRS 2 and is appropriate
to the conditions. Consider obtaining expert
advice on the valuation if appropriate.

Fair value of instruments

---~-~-----~~---------

General

Obtain representations from management


conf1rming their view that
The assumptions used in measuring the
expense are reasonable, and
There are no share-based payment
schemes in existence that have not been
disclosed to the auditors.

(Also see Chapter 13 of this Study Manual for audit of remuneration packages).

480

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

You are the auditor of Russell Ltd. The draft financial statements for the year ending 31 December 20XS
show a profit before tax of CU400,000. Russell Ltd provided four of its directors each with 3,000 share
options on I January 20XS which vest on 31 December 20X7. The fair value of the options, determined by
use of the Black-Scholes model, is as follows:
CUIO
CUll
CUIS
CUI3

At the grant date


On I January 20X6
On I January 20X7
On 31 December 20X7

The options are dependent on continued employment. All four directors are expected to remain. No entry
has been made in the financial statements of Russell Ltd in respect of the options on the basis that they do
not vest until 31 December 20X7.
Requirement
Identify the audit issues you would need to consider in respect of the share options.
See Answer at the end of this chapter.

2 Financial instruments

2.1

Introduction
In recent years there has been huge growth in the number and complexity of financial instruments available
for investment or issue by companies. This raises both accounting and auditing issues.

Definition
Financial instrument: Any contract that gives rise to a financial asset of one entity and a financial liability
or equity instrument of another entity.

This definition is very broad which means that many common balances fall within its scope including:
~
~

Cash
Trade payables and receivables
Loans payable and receivable

The Institute of Chartered Accountants in England and Wales, March 2009

48 I

Advanced Stage- Advanced Audit and Assurance


The defmition also incorporates more complex instruments for example:
~

~
~
~
~

Debt and equity investments


Derivatives (e.g. interest rate swaps and foreign exchange contracts)
Redeemable and irredeemable preference shares
Convertible debt instruments
Investments in shares issued by other entities

The relevant accounting standards for financial instruments are:


BAS 32 Financial Instruments: Presentation
BAS 39 Financial Instruments: Recognition and Measurement
BFRS 7 Financial Instruments: Disclosures
You should be familiar with these from your corporate reporting studies. A brief summary of the key points
is provided below.

2.2

Summary of accounting treatment


~

A financial instrument should be classified as:

A financial asset
A financial liability
An equity instrument
in accordance with the substance of the contract under which it has been issued.
~

A compound instrument (e.g. a convertible bond) should be split into its component parts at the
date it is issued.

Financial assets are recognised initially at their fair value.

The rules for subsequent measurement are:


Financial assets at fair value through profit or loss

Fair value (changes recognised in profit or loss)

Held to maturity investments

Amortised cost using effective interest method

Loan and receivables

Amortised cost using effective interest method

Available-for-sale financial assets

Fair value (changes recognised in other


comprehensive income until disposal)

Disclosures must be made which enable the readers to evaluate:


The significance of financial instruments for the entity's financial position, and performance
The nature and the extent of risks arising from fmandal instruments to which the entity is
exposed during the period and at the reporting date, and how the entity manages those risks.

2.3
2.3.1

Audit issues
Risk
Financial instruments, particularly complex ones, increase audit risk. Factors which increase risk include
the following:
~

Lack of management understanding of financial instruments and therefore inadequate


management control

482

Inappropriate classification of financial instruments, particularly between debt and equity may
lead to off-balance sheet financing. This will affect gearing and therefore the risk profile of the
business. This is particularly an issue where hybrid or compound instruments have been issued where
there are both debt and equity elements.

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

2.3.2

Complexity of the accounting requirements of BAS 32 and 39. This increases the risk of error.
For example financial assets and liabilities must be classified as falling within one of four categories.
This categorisation determines their subsequent measurement (amortised cost or fair value). Incorrect
classification may have a significant impact on the financial statements

Determining fair values involves the use of valuation techniques including market estimates.
Judgements will need to be made to determine whether the valuation techniques and any estimates
made are reasonable. (See section I above)

Recognition of the costs associated with the instrument is not necessarily straightforward. For
example the discount on a discounted debenture should be treated as part of the overall cost of the
instrument and recognised over the life of the debenture.

Audit procedures
Although the issues and evidence sought will depend on the specific nature of the financial instrument, the
following key considerations will normally apply:

Classification

Review the terms of the financial instrument and confirm that they have been
classified in accordance with their substance. Where the company has designated
financial instruments to be treated at fair value through profit or loss there needs
to be evidence that the required conditions according to BAS 39 have been
satisfied at the date of designation. (e.g. that there is an accounting mismatch)
(see Financial and Corporate Reporting text for details of conditions for AFVTPL
designation)

Valuation:

Confirm that all financial assets and liabilities have been valued at fair value

Initial fair
value

Agree fair value to transaction price


Where part of the consideration has been given for something other than the
financial instrument assess valuation technique adopted, e.g. discounting of future
cash flows
Consider the impact of transaction costs where appropriate

Valuation:
Subsequent
measurement

Verify the subsequent classification of financial instruments by enquiry of


management, as to their intention to sell in the short-term, or hold to maturity.
This information should be corroborated by a review of events after the end of
the reporting period and of forecasts and projections.
Confirm that held to maturity investments and loans and receivables are
measured at amortised cost.
Check calculation of amortised cost complies with BAS 39:
~

The initial amount recognised for the financial asset

Less any repayments of the principal sum

Plus any amortisation

Confirm that the amount of amortisation has been calculated using the effective
interest method.
Confirm that financial assets and liabilities at fair value through profit or loss and
available-for-sale financial assets are remeasured at fair value
Where there is an active market agree fair value to quoted market price (current
bid price)
Where there is no active market assess the valuation technique adopted by
management and any assumptions made
(For further detail regarding the audit of fair values see section I above).

The Institute of Chartered Accountants in England and Wales, March 2009

483

Advanced Stage- Advanced Audit and Assurance

3: Convertible debenture
On 1 January 20X8 Berriman Ltd issued a CUI 0 million debenture at par. The debenture has a nominal rate
of interest of 4% and is redeemable on I January 20Y3. On this date the holder has the option to convert
the debenture to 6 million CUI ordinary shares in Berriman Ltd. The fmancial statements currently show a
long-term liability which represents the net proceeds of the debenture. The first payment of interest on 31
December 20X8 has also been recorded.
Requirements
(i)

Identify the issues surrounding this debenture

(ii)

List the audit procedures you would perform

See Answer at the end of this chapter.

2.4

Derivatives
Definition
A derivative: is a financial instrument or other contract within the scope of BAS 39 with all three of the
following characteristics:
~

Its value changes in response to the change in a specified interest rate, financial instrument price,
commodity price, foreign exchange rate, index of prices or rates, credit rating or credit index, or
other variable, provided in the case of a non-financial variable that the variable is not specific to the
party to the contract (sometimes called the 'underlying')

It requires no initial net investment or an initial net investment that is smaller than would be required
for other types of contracts that would be expected to have a similar response to changes in market
factors; and

It is settled at a future date.

Derivatives include swaps, options, swaptions, forwards, and futures. BAS 39 requires that
derivatives be measured at fair value in the statement of financial position unless they are linked to, and
must be settled by, an investment in an unquoted equity instrument that cannot be reliably measured at fair
value. In such cases the derivative would be measured at cost instead, which, in many cases, would be close
to zero.
In general entities use derivatives to either speculate or offset risk (hedge). When changes in fair value
occur these can be recognised either in profit or loss, or in equity. As a general rule changes in fair value of
a derivative are recognised in profit or loss. However, when the derivative is used to offset risk and special
hedge accounting conditions are met, at least some changes in fair value may, optionally, be recognised as a
separate component of equity. This is hedge accounting under BAS 39.
Entities must properly identify derivatives per the criteria given in the definition above.
Derivatives are becoming a common way for companies to manage financial risk. For many entities, the use
of derivatives has reduced exposure to changes in exchange rates, interest rates and commodity prices as
well as other risks. However the inherent characteristics of derivatives may also result in increased business
risk in turn increasing audit risk and presenting new challenges to the auditor. For example values of
derivatives may be volatile. Large and sudden decreases in their value may increase the risk of a Joss arising
exceeding the amount, if any, recorded in the statement of financial position. In addition, because of the
complexity of derivative activities, management may not fully understand the risks of using derivatives.
While all financial instruments have certain risks as we have seen above, derivatives often have particular
features which leverage risk including the following:

484

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES


~

Little or no cash outflows/inflows are.required until maturity of the transactions

No principal balance or other fixed amount is paid or received

Potential risks and rewards can be substantially greater than the current outlays

The value of an entity's asset or liability may exceed the amount, if any, of the derivative that is
recognised in the financial statements

BAPS I012 Auditing Derivative Financial instruments provides guidance in this area and is summarised below.
Many of the issues which it raises could equally apply to other types of financial instrument.

2.4.1

Auditing derivative financial instruments


The basic principles involved in the audit of derivatives are essentially the same as would apply to any other
transaction i.e. risk is assessed, evidence is sought and so on. BAPS I 012 provides guidance on how these
principles are adapted to deal with the specialised nature of the derivative.
Need for special skill and knowledge
Whilst the potential complexity of derivatives may raise issues for management the auditor also needs to
assess whether he possesses the knowledge and skills required to perform the audit of derivatives.
Ethical guidance requires that the professional accountant perform professional services with
competence and diligence. It further requires that the auditor maintains sufficient professional
knowledge and skill to fulfil responsibilities with due care. As a result special skill and knowledge may be
required including an understanding of:
~

The operating characteristics and risk profile of the industry in which the entity operates

The derivative financial instruments used by the entity, and their characteristics

The entity's information system for derivatives, including services provided by a service
organisation

The method of valuation of the derivative, for example whether fair value is determined by
quoted market price, or pricing model

The requirements of the financial reporting framework for financial statement assertions related to
derivatives

Knowledge of the business


BAPS I0 12 recognises the need for the auditor to obtain an understanding of the factors which affect
the entity's derivative activities. In particular the auditor should obtain an understanding of the effects
of the following:
General
economic
factors

Factors that may be relevant include:


The general level of economic activity
Interest rates (including the term structure of interest rates, and availability of
financing)
Inflation and currency revaluation
Foreign currency rates and controls
The characteristics of the markets that are relevant to the derivatives used by the
entity, including the liquidity or volatility of those markets

The Institute of Chartered Accountants in England and Wales, March 2009

485

Advanced Stage- Advanced Audit and Assurance

The industry

-Economic conditions-in-a partlcularTndustry-ttiai-may be- refevant-incTude:


The price risk in the industry
The market and competition
Cyclical or seasonal activity
Declining or expanding operations
Adverse conditions (for example, declining demand, excess capacity, serious price
competition)
Foreign currency transactions, translation or economic exposure

The entity

The auditor considers:


Knowledge and experience of management and those charged with governance
Availability of timely and reliable management information (control risk may
increase with greater decentralisation of these activities)
Objectives for the use of derivatives (risk increases where maximisation of profits
is the objective)

Key financial risks


The auditor should also obtain an understanding of the principal types of financial risk related to the
derivative activities. Key financial risks include:
~

Market risk
This relates to economic losses due to adverse changes in the fair value of the derivative

Credit risk
The risk that a customer or counterparty will not settle an obligation for full value

Settlement risk
The related risk that one side of the transaction will be settled without value being received from the
customer or counterparty

Solvency risk
The risk that the entity would not have the funds available to honour cash outflow commitments as
they fall due

Legal risk
This relates to losses resulting from a legal or regulatory action

Risk assessment and internal control


BAPS I 012 also recognises the need to comply with the BSA 315 Obtaining an Understanding of the Entity and
of Material Misstatement requirement to assess risk and design audit
procedures to ensure that risk is reduced to an acceptably low level. In addition an understanding of the
accounting and internal control system must be obtained to enable the auditor to assess whether it is
adequate to deal with the type of derivative transactions carried out by the entity. For example, the more
complex the instruments the more sophisticated the systems would need to be to deal with them.

its Environment and Assessing the Risk

The BAPS also emphasises the need for a strong control environment supported by clear control
objectives. Control objectives would include the following:

486

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

Authorised execution

Derivative transactions are executed in accordance with the entity's


approved policies

C-omplete and accurate


information

Information relatin-g to derivadves, including fair value information, is


recorded on a timely basis, is complete and accurate when entered
into the accounting system, and has been properly classified,
described and disclosed

Prevention or detection of
errors

Misstatements in the processing of account-ing information-for


derivatives are prevented and detected in a timely manner

Ongoing monitoring

Activities involving derivatives are monitored on an ongoing basis to


recognise and measure events affecting related financial statement
assertions

Valuation

Changes in the value ofderivatives are appropriately accounted for


and disclosed to the right people from both an operational and a
control viewpoint. Valuation may be part of ongoing activities

In addition for derivatives designed as hedges, internal controls should assure that those derivatives
meet the criteria for hedge accounting, both at the inception of the hedge, and on an ongoing basis.

Control procedures
One of the most important control procedures identified by BAPS I0 12 is the reconciliation. It identifies
the following as being particularly relevant:
~

Reconciliation of dealers' records to records used for the ongoing monitoring process and the
position and profit or loss shown in the general ledger

Reconciliation of subsidiary ledgers, including those maintained on computerised databases to the


general ledger

Reconciliation of all clearing and bank accounts and broker statements to ensure all outstanding items
are promptly identified and cleared

Reconciliation of entity's accounting records to records maintained by service organisations, where


applicable

Tests of controls
Examples of tests of controls to consider include:
~

Reading minutes of meetings of those charged with governance for evidence that there is a periodic
review of derivative activities and hedging effectiveness

Test transactions to determine whether the entity has obtained required approvals for the
transactions and used only authorised brokers

Discuss with management whether derivatives and related transactions are being monitored and
reported on a timely basis and read any supporting documentation

Test recorded purchases of derivatives, including their classification and prices, and the entries used to
record related amounts

Test the reconciliation process. For example, organisations that have a large number of derivative
transactions may require reconciliation and review on a daily basis

Test the controls for unrecorded transactions e.g. examine third party confirmations

Test the controls over the adequate security and back-up of data to ensure adequate recovery in the
case of disaster.

The Institute of Chartered Accountants in England and Wales, March 2009

487

Advanced Stage- Advanced Audit and Assurance


Substantive procedures
BAPS I 012 states that substantive procedures should be performed in accordance with the principles of
BSA 315. Specific examples of procedures in respect of key assertions are given as follows:
Existence and occurrence .. -~. - .. ~~Confirmation wTtti.theholcler oficounterparty to the-derivative
Inspection of underlying agreements and other forms of
supporting documentation
Inspecting supporting documentation for subsequent realisation
or settlement after the end of the reporting period
Inquiry and observation
Rights and obligations

Confirmingsignificant terms with the holder of, or counterparty


to, the derivative
Inspecting underlying agreements and other forms of supporting
documentation

Completeness

Asking the holder of/counterparty to the derivative to provide


details of all derivatives and transactions with the entity
Sending zero-balance confirmations to potential
holders/counterparties
Reviewing brokers' statements
Reviewing unresolved reconciliation items
Inspecting agreements such as loan or equity agreements for
embedded derivatives
Inspecting documentation for activity subsequent to the year end

Valuation and measurement

inspecting (focumentation with evidence of the purchase price


Confirming with the holder of/counterparty to the derivative
Reviewing the creditworthiness of counterparties to the
derivative transaction
Obtaining evidence corroborating the fair value of derivatives
measured or disclosed at fair value (in accordance with
BSA 545). This may include:
~

Assessing the reasonableness and appropriateness of the


model

Calculating the value, using a model developed by the


auditor or by a specialist engaged by the auditor

Comparing the fair value with recent transactions

Considering the sensitivity of the valuation to changes in


the variables and assumptions

Review of events after the end of the reporting period


which may provide evidence about valuation at the period
end

-Presentation an.cfdfsclosure _______ C:_tieck.compliance with-relevant reporting-standards i.e. BAS 32~


BAS 39, BFRS 7
Management representations
The extent to which representations will be sought will depend on the volume and complexity of derivative
activities.

488

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

2.4.2

Auditing derivative financial instruments in the modern world


The key to using derivatives as part of an overall investment strategy is to have adequate internal
controls in place and trained personnel handling the investments. Derivatives, which have been around for
a very long time in one form or another, have been put to good use by transferring risk from one party, the
hedger, to another, the speculator. There are many factors in today's world which can cause derivative
investment strategies to go wrong. As we have seen such factors will include:
~
~
~

~
~

A lack of internal controls


A laissez-faire management
Greed
Ineffective systems to identify and monitor risk
Inexperience

An understanding of the business process involved in derivatives trading is necessary in order to audit
derivatives successfully. The steps in a typical such process are:
Entering the deal in the trader's deal sheet
2

Trader types the deal into the system and sends an e-mail

The back office include the deal into reports

Back office process the deal using market quote information from agencies

Enter details into a 'pre-programmed' Excel sheet and/or other processing package

Confirm deal with brokers/counterparties

Carry out monthly settlement/processing

Net off between accounts payable and accounts receivable and wire the payment as necessary

Each type of derivative will be different and non-standard derivatives will be unique. This poses challenges
for the auditor.
Generally, however, the auditor should seek to:
~

Understand the client's business in order to establish the real role played by, and the risks that
are inherent in, the derivatives activity

Document the system. This would involve documenting various processes

Identify the controls in each process in order to establish the risk passed to the client by
inadequate or missing controls; and therefore, to establish the audit risk and thus the audit work that
needs to be performed

Carry out the appropriate control and substantive audit procedures

Make conclusions and report on the outcome of the audit of derivatives

Obviously the exact nature of what is to be done is dependent on the circumstances of the client. Ensuring
that the information has been captured completely and accurately in each case is important.

Worked example: Systems and processes


Typically a large oil refining company in one country will obtain oil from different sources, refine it,
producing various petroleum products for its customers.
Imagine the company is involved in trading in crude oil Futures. The traders will take forward positions
strategically with the information relating to future oil price movement available at the time. If the traders
expect the price to rise, they will take a Long Position (buy the commodity forward) and if they expect it to
fall they will take a Short Position (sell the commodity forward).
Identify the key processes that the auditor would seek evidence for in connection with this.

The Institute of Chartered Accountants in England and Wales, March 2009

489

Advanced Stage- Advanced Audit and Assurance

Solution
Capture of information: the primary source document is the trader's deal sheet. This document should
contain the date, time, the oil index, quantity traded, the position (Long or Short), nature of trade (Hedge
or Speculation) and the rationale for the trade.
Processing of information: the back office report should contain the same information as in the deal
sheet.
Confirmation of information: There should be a statement from the clearing agents (since these are
Futures) confirming the details. [Note that Swaps transactions would be confirmed differently, via
Counterparty and Broker confirmations and that Options are confirmed in the same way that futures are].
Depositing of margin money: There should be evidence that margin money had been deposited with
the exchange as required (in case the Mark to Market crosses the exchange's threshold limits).
Settlement: There will be clearing statements from clearing agents. These should be used in collaboration
with internally generated information to confirm that the appropriate settlement amounts exchanged hands.
Accounting: The deals have been accounted for correctly.
In all these processes controls will have been implemented and the auditor should identify these and assess
their utility.

4:

level: Exam

You are the auditor in charge of the audit of Johannes Ltd.


On I January 20X7, johannes Ltd ("j"), entered into a forward contract to purchase on I January 20X9,
40,000 barrels of crude oil at $70 per barrel. J is not using this as a hedging instrument and is speculating
that the price of oil will rise and plans to net settle the contract if the price rises. J does not pay anything to
enter into this forward contract. At 31 December 20X7 the fair value of the forward contract has increased
to CU500,000. At the end of 20X8, the fair value of the forward contract has declined to CU400,000.

Requirement
(a)

Identify the accounting entries you would expect to see at the inception of the contract, at 31
December 20X7, and at 31 December 20X8

(b)

Identify the risks you would expect to find in this arrangement, and the audit procedures that you
would carry out

(c)

Outline the steps that you would take to ensure compliance with BFRS 7 Financial Instruments:

Disclosures
See Answer at the end of this chapter.

490

The Institute of Chartered Accountants in England and Wales, March 2009

AUDITING FAIR VALUES

Summary and Self-test

Summary

Risk
assessment
Evaluation of appropriateness
of fair value
Audit
procedures

Evaluation of whether:
Assumptions are reasonable
Appropriate modei!Jsed
- Relevant information used

Application

.Examples
Investment property
Pension costs
..,. Share based payments
Financial instruments

.Financial instruments

The Institute of Chartered Accountants in England and Wales, March 2009

491

chapter 13

Small company audits

Introduction

Topic List
I

Management choice in forming companies

Risk

Assurance

Obtaining new finance

Reward packages

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

5I I

SMALL COMPANY AUDITS

Management choice in forming companies


Section overview

1.1

Companies arenormally formed for tax or legal reasons

Small company dynamics are key to understanding risk

Introduction
Small businesses can be run as a sole trade or partnership. Businesses often incorporate after they have
been running successfully as unincorporated for a few years. This could be due to legal or tax
considerations.

1.2

Legal factors
When a business is successful, a trader has the potential to lose the value of their business, should a claim
be made, and this loss can extend to their personal possessions, due to the concept of unlimited liability.
If a business is operated through a company, the concept of limited liability means that the owner is only
liable to the extent of the share capital they have invested in. For example, if a trader owns CUI 0 share
capital in his company, the maximum he can ever lose from the original investment is CUI 0, as the company
is treated as a separate legal person.

Interactive question I: The veil of incorporation

!eve!:

Requirement

For the two examples below, do you think the courts would lift the veil of incorporation, thereby making
shareholders and/or directors personally liable for the debts of the company without limit?
Scenario I Karpaul Ltd

You are in the process of the audit for 31 December 20X7 and you discover a number of large credit notes
throughout the year addressed to group companies.
The sales director has informed you that the sales invoices to which the credit notes related were
incorrect. The original invoices did not relate to goods dispatched as claimed, but were used to receive an
advance from a debt factoring company in order to relieve cash flow difficulties to pay wages. Credit notes
were then issued and the advance repaid to the debt factors with interest.
Many of the company's creditors on average are more that 90 days old when normal credit terms are 40
days. Karen, the sales director owns the company jointly with her husband Paul, the finance director.
Scenario 2 Quality Training Ltd

Sarah Smith has been a successful tutor with a market leading accountancy training company for many years.
Sarah would like to start her own business, but is aware that her employment contract contains a valid
competition clause preventing her from becoming self employed within a certain radius of her former
employer in a certain time period.
Sarah decides to resign, as her husband already has a training company called Quality Training Ltd, which is
currently dormant. Sarah will become a shareholder and employee, and all contracts with customers will be
with Quality Training Ltd, not Sarah herself.
See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

S 13

Advanced Stage -Advanced Audit and Assurance

1.3

Tax factors
Companies are taxed differently to sole traders.
The rate of tax historically has been lower for sole traders than companies. In 2009 the rate of tax for a
company with profits of Tk I0,000 or less was 40%. However, directors who are also shareholders can
choose creative ways to be remunerated in order to minimise their tax liability, for example drawing
dividends instead of a salary, as dividends are taxed at a lower rate of tax.

I.4

Other reasons for incorporation


A final reason for incorporation might be the prestige attached to a company in comparison to a sole
trader. A customer may be impressed and more ready to do business with a company rather than an
individual.

1.5

Small company dynamics


Small companies are most often owned and managed by the same people. This will most commonly be
husband and wife, or alternatively siblings, having taken over the business from their parent{s).
A company could also be owned between wider family members, or friends.

Worked example: Harpers


Sisters Sheila and Sylvia Harper run a successful beauty salon from their home, using two bedrooms as
treatment rooms.
The beauty industry has moved at a fast pace in recent years and they are considering offering laser hair
removal, which will require some sophisticated and expensive equipment which is expected to cost CUI m.
The following is an extract from their statement of financial position which they have presented to a bank as
part of a request for a loan to acquire the equipment.
CUm
Non-current assets {includes CU4m goodwill on acquisition of 'Expressions', a
6.0
local business with a large customer base 2 years ago)
Current assets
0.2
Current liabilities
0.1
Non current liabilities (long term loan from a family member)
1.0
The leasing company is concerned that although Sheila and Sylvia are personally wealthy, most of their
assets are owned jointly with their husbands and it will be difficult for the bank to secure a charge over
these assets. In addition, as a great proportion of assets is represented by goodwill, there are perhaps not
many other assets available.
The bank might request the business is incorporated in order to decrease their risk, as it will then be able
to secure a fixed and/or floating charge over the assets, including the equipment.
The new equipment will add CUI m to the gross assets, meaning that Harpers Ltd would be required under
the Companies Act to have an audit.
If the goodwill were to be written off, thus reducing the statement of financial position, the bank could still
request an audit as part of the loan covenant to protect its interest. If the loan covenant mentions the audit
requirement, the auditors should be aware of this and could be therefore found liable should the bank
suffer a loss. This increased audit risk is likely to have an impact on the audit fee.
Sylvia will need to carefully consider whether or not to incorporate, taking into account cost, legal factors
and tax considerations.

5 14

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

2 Risk
Section overview

2.1

In Bangladesh, all registered ioint stock companies ar!') required by law to have an audit. Many EU
countries have a small compaQy exemption from audit. The exemption is based on the turnover of
the companies. The maximum turnover of a companywhich.qualifies as exempt under EU rules is
6.5m (but additional conditions apply to total assets and the number of employees}.

Small company audit exemption


In most countries, the majority of companies are very small, employing few staff (if any) and are often
owner-managed. For example, Companies House in the UK holds records for 2.5 million live companies. In
comparison, there are a smaller number of large businesses (there are roughly 3,000 companies quoted on
the London Stock Exchange) where typically the owners (the shareholders) devolve the day-to-day running
of the business to the directors.

Definition
Small entity: A small entity is any enterprise in which:
(a)

There is concentration of ownership and management in a small number of individuals (often a single
individual), and

(b)

One or more of the following are also found:


(i)

Few sources of income and uncomplicated activities

(ii)

Unsophisticated record-keeping

(iii) Limited internal controls together with potential for management override of internal controls

Interactive question 2: Context ltd

[Difficulty level:

Context Ltd supplies contraceptives to the leisure industry, sold through vending machines in pubs and
nightclubs. Turnover has remained steady for the past five years and the statement of comprehensive
income has shown CU6m each year.
Requirement
On I july 2006 the rate of VAT for such supplies was reduced from 17.5% to 5%. Assuming that the
company will not alter the selling price to customers, would this legislation impact on whether Context Ltd
needs an audit?
See Answer at the end of this chapter.

There has long been a debate over the benefits of audit to small companies. Where small companies are
owned by the same people that manage them, there is significantly less value in an independent review of
the stewardship of the managers than where management and ownership are separate.
The case for small companies to have an audit rests on the value of the statutory audit to those who have
an interest in audited accounts, that is, the users of the accounts. The users of the accounts will have
different ideas as follows.

The Institute of Chartered Accountants in England and Wales, March 2009

S IS

Advanced Stage- Advanced Audit and Assurance

3: Small company audit


For each set of stakeholders, set out the arguments for and against making audits compulsory for small
companies.

Shareholders

Banks and other financial


creditors

Trade creditors

Tax authorities

Employees

Management

See Answer at the end of this chapter.

S 16

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

2 Risk
Section overview
~

2.1

In Bangladesh, all registered joint stock companies are required by law to have an audit. Many EU
countries hav:e a S1'!1alf company e.xe111pti.on from audit. The exemption is based on the turnover of
the companies. The maximum turnover 'of a company which. qualifies as exempt under EU rules is
6.Sm (but additional conditions apply to total assets and the number of employees).

Small company audit exemption


In most countries, the majority of companies are very small, employing few staff (if any) and are often
owner-managed. For example, Companies House in the UK holds records for 2.5 million live companies. In
comparison, there are a smaller number of large businesses (there are roughly 3,000 companies quoted on
the London Stock Exchange) where typically the owners (the shareholders) devolve the day-to-day running
of the business to the directors.

Definition
Small entity: A small entity is any enterprise in which:
(a)

There is concentration of ownership and management in a small number of individuals (often a single
individual), and

(b)

One or more of the following are also found:


(i)

Few sources of income and uncomplicated activities

(ii)

Unsophisticated record-keeping

(iii) Limited internal controls together with potential for management override of internal controls

Interactive question

Context ltd

[Difficulty level:

Context Ltd supplies contraceptives to the leisure industry, sold through vending machines in pubs and
nightclubs. Turnover has remained steady for the past five years and the statement of comprehensive
income has shown CU6m each year.

Requirement
On I July 2006 the rate of VAT for such supplies was reduced from 17.5% to 5%. Assuming that the
company will not alter the selling price to customers, would this legislation impact on whether Context Ltd
needs an audit/
See Answer at the end of this chapter.

There has long been a debate over the benefits of audit to small companies. Where small companies are
owned by the same people that manage them, there is significantly less value in an independent review of
the stewardship of the managers than where management and ownership are separate.
The case for small companies to have an audit rests on the value of the statutory audit to those who have
an interest in audited accounts, that is, the users of the accounts. The users of the accounts will have
different ideas as follows.

The Institute of Chartered Accountants in England and Wales, March 2009

5I5

Advanced Stage- Advanced Audit and Assurance

Interactive
For each set of stakeholders, set out the arguments for and against making audits compulsory for small
companies.

Shareholders

Banks and other financial


creditors

Trade creditors

Tax authorities

Employees

Management

See Answer at the end of this chapter.

51 6

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

2.2

Controls in smaller entities


Segregation of duties is a control that generally cannot operate in small entities due to the limited
number of staff. Also, as senior management often have a day to day operational role, they may be able to
override internal controls due to their position of authority.

2.3

Minimum business controls


The control systems in smaller entities are often not as sophisticated as those in larger entities. The
particular area that can be a concern for smaller entities with few staff is segregation of duties. It can be
impossible to adequately share duties between staff when there are only one or two staff.
Having established that proprietor involvement is the key to internal control in the small enterprise, we
now need to be rather more precise and identify the types of control relevant to each principal accounting
area. These controls can be referred to as 'minimum business controls'.
It is important to appreciate that such controls will not, and cannot, be evaluated and relied on by the
auditors as in a 'systems' audit approach, but they do provide overall comfort to the auditors, particularly
when determining whether to seek to rely on management assurances as to the completeness of the
accounting records.
The following checklist provides illustrative examples of minimum control standards.

Mail

Is all mail received and opened by the proprietor?

(Cash receipts are


complete}

If the proprietor does not himself open the mail, is it opened by a person
not connected with the accounts and read by him before it is distributed
to the staff (or is mail opening double staffed)?

Receipts

(Cash receipts are


complete)

Are all cheques and postal orders received by post counted by the
proprietor before they are passed to the cashier?

Are all cheques and postal orders crossed to the company's branch of its
bankers 'Not negotiable- account payee only'.

Are cash sales and credit sale receipts over the counter controlled by
locked cash register tapes which provide a continuous record of amounts
recorded and which only the proprietor can open?

Does the proprietor reconcile the cash register totals with the cash sales
receipts daily?

Is the person performing the duties of cashier barred any responsibility


concerning the sales, purchase or nominal ledgers?

Banking

Is all cash received banked intact at intervals of not more than three days?

(Cash bankings are


complete)

Does the proprietor reconcile all monies received with the copy paying-in
slips at regular intervals?

The Institute of Chartered Accountants in England and Wales, March 2009

517

Advanced Stage- Advanced Audit and Assurance

Payments

Are all payments except sundry expenses made by cheques?

(Cash payments are


complete}

Does the proprietor sign all cheques?

Are cheques signed by the proprietor only after he has satisfied himself
that

Bank statements
(Cash/cheques
safeguarded against
theft and liabilities not
paid twice)

Are petty cash expenses controlled by the imprest system?

Does the proprietor review all expenses and initial the petty cash book
before reimbursing the cashier?

Are bank statements and paid cheques sent direct to the proprietor and
opened only by him?

Does the proprietor scrutinise all paid cheques to ensure that he has
signed them all before he passes them to the cashier?

Does the proprietor:


-

Orders

He has approved and cancelled all vouchers supporting the payment?


All cheques are crossed not negotiable and account payee only?
All cheque numbers are accounted for

Are all purchase orders issued:


-

(Purchases are for the


business only}

Prepare a bank reconciliation each month? or


Review in detail a reconciliation produced by the cashier?

Serially numbered by the printer?


Pre-printed duplicate order forms?

~ Does
----- -------------------- -

the proprietor approve all orders?

------------~ -------~--------~~-----------

Receipt of goods

Are delivery notes:

(Only ordered goods


are accepted)

Checked with goods?

Compared with the copy order?

Compared with the invoice?

Wages

Is a separate cheque drawn for the exact amount to pay wages and tax?

(Wages are paid to


correct employees in
correct amount)

Does the proprietor either prepare or examine the wages records before
signing the cheque?

Does the proprietor initial the wages records after his examination?

Does the proprietor oversee the distribution of the wages packets or does
he/she distribute them personally?

If credit is granted to customers does the proprietor:

Receivables
(Credit is extended to
creditworthy
customers and debt is
chased)

Authorise every extension of credit to a customer?


Approve credit limits for each customer?

Does the proprietor authorise all:


Write-offs of bad debts?
Sales returns and allowances?
Discounts other than routine cash discounts?

Does the proprietor receive a monthly list of trade receivables, showing


the age of the debts?

~ Are all authorisations by the proprietor evidenced by his initials?


---------- ------------------------------------------------------------------ --------

5I8

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

Goods outwards

(Dispatches are
recorded, invoiced and
accounted for)

Are pre-numbered dispatch notes prepared for all goods leaving the
premises?

Are all dispatch notes:


-

Accounted for?
Cross-referenced with invoices and credit notes?

Is the proprietor satisfied that all goods leaving the premises have been
accounted for?

Inventory

Does the proprietor scrutinise inventory regularly to:

(Inventory is kept
secure and valued
properly)

Keep abreast of what is in inventory?

Discover obsolete items?

Discover damaged articles?

Ensure that inventory levels are kept under control?

Although the above types of control are desirable and feasible, they are nevertheless relatively informal.
Consequently evidence of their performance tends to be lacking and they may indeed be overridden as
there is no check on the proprietor himself.

2.4

Exam technique
In the exam, as part of a larger integrated question, you may be asked to evaluate an internal control
system. This may include asking yourself the following questions:
(a)
(b)
(c)
(d)

What controls are appropriate for a specific situation?


What are the major weaknesses in the system given in the question?
What are the consequences of the failure or non-existence of controls?
What tests would auditors use on the controls given in the question?

If you are asked about appropriate controls or weaknesses, remember the control objectives for the
accounting area. Controls should be in place to fulfil the objectives given, weaknesses will mean that the
objectives are not fulfilled.
You should use a similar thought process when deciding how to test the controls. Think of the objectives of
the system; assess how the controls given fulfil those objectives and set out tests which demonstrate
whether the controls are working. Remember that different types of test can be used to test different
controls. For example inspection can be used to test whether different documents are being compared or
documents are being properly authorised. Computation can be used to check invoices have been properly
completed or reconciliations correctly performed.

ltd

question

level:

Peter Marigold and his wife are the sole shareholders/directors of Marigold Ltd. The business company
specialises in high value contracts providing floral displays to the Royal family.
You are auditing the payroll and there are on average 75 employees. The payroll is run by Marge, the
financial accountant and reviewed each month by Peter. There are 2 other finance staff who don't have any
payroll knowledge and Peter confesses to be 'useless with figures'.

Requirements
(a)

What controls are appropriate for the payroll of Marigold Ltd?

(b)

What are the major weaknesses in the current wages system?

(c)

What are the consequences for the lack of control?

(d)

What tests will you carry out over the existing controls?

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

5I9

Advanced Stage- Advanced Audit and Assurance

3 Assurance
Section overview
~

3.1

'

'

An audit provides assurance to the shareholders and otherstakeholders of a company on the financial
,
statements because it is independent and impartial

Accountability and stewardship


The key reason for having an audit or review can be seen by working through the following case study.

of assurance
Vera decides to set up a business selling flowers. She gets up early in the morning, visits the market, and
then sets up a stall by the side of the road. For the first year, all goes well. She sells all the flowers she is
able to buy and she derives some income from the business.
However, Vera feels that she could sell more flowers if she was able to transport more to the place where
she sells them, and she also knows that there are several other roads nearby where she could sell flowers,
if she could be in two places at once. She could achieve these two things by buying a van and by employing
other people to sell flowers on the other roads.
Vera needs more money to achieve this expansion of her business. She decides to ask her rich friend Peter
to invest in the business.
Peter can see the potential of Vera's business and wants to invest, but he doesn't want to be involved in the
management of the business. He also does not want to have ultimate liability for the debts of the business if
the business fails. He therefore suggests that they set up a limited company. He will own the majority of the
shares and be entitled to dividends. Vera will be managing director and be paid a salary for her work.
At the end of the first year of trading as a limited company, Peter receives a copy of the financial
statements. Profits are lower than expected, so his dividend will not be as large as he had hoped. He knows
that Vera is paid a salary so she does not care as much as him that profits are low.
Peter is concerned by the level of profits and feels that he wants further assurance on the accounts. He
doesn't know whether they give a true reflection on the last year's trading, particularly as the profits do not
seem as high as those Vera had predicted when he agreed to invest.
Requirement

How will an audit address Peter's concerns, and what other benefits might accrue?

Solution
The assurance Peter is seeking can be given by an independent audit or review of the financial statements.
An auditor can provide the two things that Peter requires:
~
~

A knowledgeable review of the company's business and of the accounts


An impartial view, since Vera's view might be biased

Other people will also view the company's accounts with interest, for example:
~
~

Creditors of the company


Taxation authorities

The various parties interested in the accounts of a company are sometimes referred to as stakeholders.
Although they will each judge the accounts by different criteria, they will all gain assurance from learning
that the accounts they are reading have been subject to an independent report.

520

The Institute of Chartered Accountants in England and Wales, March 2009

Advanced Stage- Advanced Audit and Assurance

3.2.4

BSA 240 The Auditor's Responsibility to Consider Fraud in an Audit of Financial


Statements
Within small companies, the lack of control procedures can contribute to a higher risk of employee
fraud and error. This can be overcome, to a degree, by the presence of a dominant owner-manager, which
then becomes an important factor in the overall control environment. This can however be a potential
weakness, due to the opportunity for management to override controls.
BSA 240 requires discussion amongst the audit team of the susceptibility of the entity to material
frauds or errors. This discussion is still required for a small entity but is often overlooked due to the size
of the audit team.
In addition, BSA 240 requires auditors to ask management about their assessment of risk of fraud and error.
Even if management do not have a system of assessing risk, the enquiry should still be made as it provides
valuable information about the control environment.
Two management representations are required in this area: firstly, that management acknowledges its
responsibility for the implementation and operation of accounting and internal control systems that are
designed to prevent and detect fraud and error; and secondly, that management has disclosed to the
auditor the results of its assessment of the risk that the financial statements may be materially misstated as
a result of fraud. Management may be unwilling to provide these representations as these formal
procedures are unlikely to exist. It must be remembered that failure to provide the representations is a
limitation of scope.
(Para 34-38 BAPS I005)

3.2.5

BSA 300 Planning an Audit of Financial Statements


Due to the lack of complexity, audit planning documentation may be scaled back for a small entity. A
planning meeting or general conversation may be sufficient, and notes made about future issues during last
year's audit will be particularly useful.
(Para 39-43 SAPS I 005)

3.2.6

BSA 320 Audit Materiality


At the planning stage it is often difficult to calculate materiality as a percentage of key figures, e.g. of assets,
revenue or profit, as the draft accounts may be unavailable for a small business. Trial balance figures may
have to be used instead.
In addition, using a percentage of profits may not give accurate materiality, for example, if profits are low or
close to break even. In reality, many auditors will use last years final accounts to establish a normal level of
results, to help calculate this years materiality for planning.
The auditor will need to use judgement in applying materiality when evaluating results.
(Para 47-53 BAPS 1005).

3.2.7

BSA 500 Audit Evidence


In the audit of smaller entities, there are particular problems in obtaining audit evidence to support the
assertion of completeness. There are two principal reasons for this:
(a)

The owner-manager occupies a dominant position and may be able to ensure that some transactions
are not recorded

(b)

The entity may not have internal control procedures that provides documentary evidence that all
transactions are recorded.

In these cases, the auditor will need to look for alternative courses of evidence such as external
confirmations/evidence or analytical review to find potential risk areas.
(Para 66-70 BAPS I005)

522

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

3.2

BAPS I 005 The Special Considerations in the Audit of Smaller


Entities
This practice statement gives guidance to auditors covering the specific risks and features of a small
company assurance engagement. It details how the provisions of BSAs should be applied to small company
audits.

3.2.1

BSA 210 Terms of Audit Engagements


The owner of a small company may not be aware of directors' and auditors' responsibilities, particularly if
the accounts preparation is outsourced. A primary purpose of the engagement letter is to clarify these
responsibilities.
The engagement letter may include a reference to the expectation of management representations to be
given. It is common practice for auditors of small entities to include an illustration of the type of
representation required and the potential implications of the representations not being provided. This will
ensure the directors are aware of their responsibilities whilst giving the auditor more information about
whether he chooses to accept the engagement. If a limitation on scope is foreseen, BSA 700 recommends
not accepting the engagement.
(Para 20-23 BAPS I005)

3.2.2

BSA 220 Quality Control for Audits of Historical Financial Information


The audit of a smaller entity must still be compliant with BSAs. Most of these audits are conducted using
one audit partner, one manager and one audit senior, so although assignment and delegation are taking
place, it may be difficult to form an objective view on the judgements made in the audit.
If any of these issues are complex or unusual, the view of another audit partner should be sought. A
positive point of small entity audits is that due to the increased involvement of the audit partner, they
will already be aware of the material issues in the audit.
(Para 24-28 BAPS I005)

3.2.3

BSA 230 AuditDocumentation


A small audit team may have an excellent understanding of the audit client, but it is important that the
working papers meet the standard of the BSA. As a minimum, the following must be covered.
~

~
~

The audit planning


Audit programme (nature, timing and extent of procedures)
Results of procedures
Conclusions, including significant matters requiring judgement.
(Para 29-33 BAPS I005)

The Institute of Chartered Accountants in England and Wales, March 2009

521

SMALL COMPANY AUDITS

3.2.8

BSA 550 Related Parties


In a small entity, related party transactions between the company and its directors and their families may be

significant.
The auditor's in-depth knowledge of the smaller entity will assist in identification of related parties (for
example other entities controlled by the owner management) which will also help the auditor to assess the
risk of any transactions being unrecorded or undisclosed.
(Para 85-87 BAPS I005)

3.2.9

BSA 570 Going Concern


It is unlikely that budgets and forecasts will be available for the auditor to review. In many businesses the
principal source of finance may be a loan from the owner manager.
If an entity is in difficulty, its survival may depend on the owner manager subordinating his loan in favour of
banks or other financial institutions. In this case, the auditor would inspect sufficient, appropriate evidence
of the subordination.
If an entity depends on funds from the owner manager, the auditor will consider their current financial
position and may ask for a written representation to confirm the owner-manager's understanding (taken
from para 94-97 BAPS I005).

3.2.1 0

Guidance where the audit firm prepares accounting records


BAPS I005 gives specific guidance where the audit firm prepares accounting records for small entities in
particular where risks of non compliance with BSAs could arise.
The letter of engagement will be an important tool in clarifying respective responsibilities. Although many
firms produce separate engagement letters for different services, this is not essential and a single combined
letter may be used.
When preparing accounting records, the requirements of BSA 230 do not apply. Issues may arise in
ownership and retention of these records, and the letter of engagement may well include ownership of
records.
BSA 540 Audit of Accounting Estimates may cause a problem if the auditor has assisted in the process of
preparing an accounting estimate. BSA 540 states the auditor should ensure they obtain sufficient and
appropriate audit evidence regarding the reasonableness and appropriateness of the underlying assumptions
used in arriving at the estimates, which could be easily overlooked by the auditor in these circumstances.
In the audit of a small entity, it is particularly important for the auditor to obtain management
representations in which the owner-manager acknowledges responsibility for the fair presentation of the
financial statements. This is particularly necessary where the auditor has prepared the financial statements,
because of the danger of the auditor's role and responsibility in relation to the financial statements being
misunderstood. In order to ensure these representations are meaningful the auditor should explain these
matters to management before representations are obtained.
(Appendix I BAPS I005).

3.2.11

Current developments
Internationally the revised ISAs issued as part of the Clarity Project include guidance on specific points
relating to small entity audits where relevant.

3.3

Review engagements
As discussed earlier in this chapter, an audit can be used to give assurance to a variety of stakeholders on
many issues. However, an audit is an exercise designed to give a reasonable level of assurance and involves
a high degree of testing and therefore cost. In some cases, stakeholders may find that they receive sufficient
assurance about an issue from a less detailed engagement, for example, a review. A review can provide a
cost-efficient alternative to an audit where an audit is not required by law.
The objective of a review engagement is to enable an auditor to state whether, on the basis of procedures
which do not provide all the evidence that would be required in an audit, anything has come to the auditor's

The Institute of Chartered Accountants in England and Wales, March 2009

523

Advanced Stage- Advanced Audit and Assurance


attention that causes the auditor to believe that the financial statements are not prepared, in all material
respects, in accordance with an identified financial reporting framework (limited assurance).
The major result for recipients of a review engagement is that the level of assurance they gain from it is not
as high as from an audit, although the procedures carried out in a review engagement are similar to an
audit.

3.4

Levels of assurance
The degree of assurance given by the impartial professional will depend on the nature of the exercise being
carried out.
'Assurance' here means the auditors' satisfaction as to the reliability of the assertion made by one party for
use by another party.
Directors prepare financial statements for the benefit of members. They assert that the financial statements
give a true and fair view. The auditors provide assurance on that assertion. To provide such assurance, the
auditors must:
~
~

~
~
~

Assess risk
Plan procedures
Conduct procedures
Assess results
Express an opinion

The degree of satisfaction achieved and, therefore, the level of assurance which may be provided, is
determined by the nature of procedures performed and their results.
An audit can be distinguished from other assurance engagements in the following ways.
(a)

Audit engagement: the auditor provides a reasonable, but not absolute, level of assurance that the
information audited is free of material misstatement. This is expressed positively in the audit report as
reasonable assurance.

(b)

Review engagement: the auditor provides a moderate level of assurance that the information
subject to review is free of material misstatement. This is expressed in the form of limited assurance.

Limited assurance may include when an auditor gives an assurance that nothing has come to his attention
which indicates that the financial statements have not been prepared according to the framework. In other
words, he gives his assurance in the absence of any evidence to the contrary.
(Also see Chapter 7 of this Study Manual).

4 Obtaining new finance

;\~i~!~i~~~~~;~~
~~. ~'?:c:m1~pfth~s~ jltoble. , ...
ob~i~.iog'Ni'ai!9~ .';.: ,

.of

4.1

The funding gap


Small companies face many problems raising finance, notably lack of assets available for security, lack of
audited accounts and high arrangement costs.
The lack of readily available finance brings the liquidity of a small company into question and may indicate
future going concern problems. This will increase inherent risk, and the assurance provider will need to
consider how to respond to this increased risk.

524

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS


Medium sized companies often find that finance is available from a wider range of sources, for example
venture capitalists or private equity firms.
The difference in funding sources between small and medium sized companies is often known as the
funding gap.

4.2

Lending by directors
Sometimes, the best source of finance in terms of availability and cost is money lent to the company by a
director.
It is legal and acceptable for a director to lend money to a company. The loan is
likely to be unsecured.
If a director wishes to secure the loan as a fixed or floating charge on assets,
Companies House must be notified within 21 days or the loan becomes unsecured.
Secured finance takes preference on a winding up as it ranks higher than an
unsecured loan (other than the prescribed part). It is likely that a bank will not allow
a director to have a secured loan if the bank is also providing a loan or even an
overdraft.
See section 3.2.9, the director may have to agree to subordinate the loan if the
company is in difficulty.
Another point to consider is the rate of interest paid to the director by the
company. If the interest rate is considered to be anything other than commercial,
this may cause a tax problem.
If the interest rate is excessively high, the director would be considered to have
received remuneration which will have to be declared on the directors personal tax
It would be rare for a loan from a director to be interest free, as it is not
commercially sensible and not tax efficient. In this case the auditor should consider
the possibility of money laundering by the directors.
If the director lending money to a company does not work full time in the company
and has limited financial involvement, the director may request an assurance
assignment to ensure the current financial statements have been reasonably
prepared. This is likely to constitute a review of the accounts as discussed earlier in
this chapter.
. The loan between the director and the company is a related party transaction and
should be disclosed in the accounts.
A loan made by a director will also mean that wherever the loan is ranked on the
list of creditors, this director has a different entitlement to assets on a winding up to
other directors. This could affect the control of the company.

example: Assodated
Mr Joseph and Mr Mclean jointly own Silvership Entertainment Ltd and work as comedians. They each own

SO% of the shares and neither director has lent the company money.
Mr Joseph also jointly owns another company, Mickie Ltd with Mr Marshall, another comedian.
Mickie Ltd and Silvership Ltd are not associated companies for tax purposes, as they are not under the
common control of the same persons. The same persons do not control either one of them, the definition
of control being a >SO% interest.
However, if Mr joseph loans both companies money, he would be entitled to more assets on a winding up,
so would then be in control for tax purposes as his control of assets on a winding up would exceed SO%.
This would then mean that the companies would be associated due to common control by Mr Joseph, and

The Institute of Chartered Accountants in England and Wales, March 2009

525

Advanced Stage- Advanced Audit and Assurance


the tax limits would need to be reduced to reflect this, potentially pushing each company into a higher tax
rate.
This treatment would apply even if the other directors loaned the companies the same amount, unless all of
the loans were made on the same day.

Audit of tax
If the companies were associated for tax purposes, the small and large tax limits for companies of
CU300,000 and CU 1,500,000 would need to be divided by the number of associated companies.
If Mickie Ltd and Silvership Ltd had profits of CU200,000 each, they would currently be paying tax at the
21% small companies' rate as they are below the CU300,000 limit. If these companies became associated,
the small company limit would be:

cu 300,000

- - - - = CU150,000
2 Companies

The companies would then pay tax at the full rate less marginal relief.
Although the scenario deals with tax rules, they will affect the verification of the tax charge in the accounts
so are important for audit staff.

Audit exemption
If Mickie Ltd and Silvership Ltd were previously audit exempt, it could be argued that due to their
association, they now form a group of companies. This is an example of substance over form but is also
explored in BFRS 3 Business Combinations, which states the many different ways a company can be
controlled, not restricted to shareholdings.

4.3

Raising bank finance


The largest problem for a bank lending money to a small company is security.
The bank will seek to secure a charge over company assets, which increase the arrangement fee for the
loan.
The company may not have sufficient assets for security to be possible, so the loan may be secured on the
directors' personal assets. This will increase risk and liability for the director in the case of insolvency or
winding up.
A bank is also like to require some assurance that the company is a going concern and the accounts are free
from material errors. This could involve an assurance report as detailed in section 3.
In addition, the bank loan will need to be ranked in preference to any loans from directors in a winding up.
This may increase inherent risk, as directors have an incentive to ensure the company's accounts show a
good position. If a company was in difficulty, the directors would have an incentive to withdraw money
fraudulently.

S Reward packages

5.1

Reward packages
Directors of small companies are normally also shareholders. One of the advantages of having a personal
company as opposed to a sole trader business is the ability to choose a more tax efficient remuneration.

526

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS


Some common forms of remuneration for directors are:
~
~
~
~

Salary
Benefits in kind such as company car
Dividends
Shares or share options

These forms of remuneration can cause problems for the auditor, not only in terms of calculation, but also
disclosure and inherent risks.
If companies lend money to directors, this constitutes financial assistance which is generally illegal for
public companies.
Smaller companies financial assistance rules are more relaxed to enable transactions such as management
buyouts to take place.
Company law regarding directors' loans is covered in Chapter I of this Study Manual.

5.2

Salary taken by director


If a director draws a salary, the auditor must ensure that the entries in the accounting records are correct
and check the withholding tax liabilities to ensure they are relating to payroll.
The auditor will also check the reasonableness of the employer's withholding tax expense, normally by
analytical review against the salary costs. In a small company, problems may be faced such as diverting salary
to a spouse. The auditor must ensure that salaries to directors and persons connected to them are
disclosed as related party transactions.

Worked
In July 2007, the House of Lords gave their decision on one of the most important tax cases for small
companies in the past 25 years.
In the case Jones Vs Garnett (Artie Systems), the husband earned the revenue for the company and the wife
did some administration work.
The decision was that it is allowed for a wife to receive a reasonable wage for work done and to be taxed
on that wage as normal.
A future assurance issue would be the need to verify the wife's input to the business, by focusing on how
much work the wife did for the company and whether her wages were reasonable. This could be achieved
by assessing her level of work through observation or enquiry, or inspecting timesheets, if any.

5.3

Benefits in kind as remuneration


Certain benefits such as company cars are normally easy for the auditor to detect.
The auditor must ensure that the employer's liability relating to payroll is accounted for, and that the
benefit is included as part of the directors' remuneration disclosures.
Some benefits, such as use of company assets, will be difficult to detect, and a management representation
may be the only source of evidence available if a benefit is not calculated. Depending on the nature of the
benefit, the amount may be immaterial to the accounts.
r

The Institute of Chartered Accountants in England and Wales, March 2009

527

Advanced Stage -Advanced Audit and Assurance

5.4
5.4.1

Dividends as remuneration
Legality
Historically, dividends are normally the first choice for directors to receive as remuneration due to lower
tax rates and their exemption from national insurance.
The auditor will need to ensure that any dividends paid are legal. This normally means ensuring the
company has adequate distributable profit in order to pay a dividend.
However, in order for a dividend to be legal it must be declared. Auditors need to check for evidence of
declaration, for example resolutions or minutes of meetings.
Small company directors very often do not fully understand how a company works, and continue to drawn
cash from the business as drawings after incorporation. The cash drawn may be added to a director's loan
account and a dividend may be declared, perhaps annually or even monthly to clear this balance. The
dividend is only legal if it is legally declared.

5.4.2

Reporting
Small company directors may not be aware that dividends no longer appear in the statement of
comprehensive income and that proposed dividends are not allowed to be a liability, so the auditor will
need to request adjustments to the accounts in these areas.
BAS I0 Events after the Reporting Period requires this treatment.
Another problem for auditors where dividends are paid is if the audit report is modified. When the
auditor modifies a report, there needs to be a statement in the report regarding the legality of any
dividends.
If a disagreement has led to the modification it is straightforward to decide whether any dividends are still
legal, as the disagreed figure can easily be quantified and used to assess the real distributable profits.
If a limitation on scope has taken place, for example no records for cash sales were available, the auditor is
unsure of the size of the potential error, so it is more difficult to comment on the legality of the dividend.
The auditors must therefore extrapolate the maximum possible error to comment on the dividend.

Soho Kitchens Ltd


The audit of Soho Kitchens Ltd for the year ended 31 December 2007 has been troublesome. Firstly, the
director refuses to allow depreciation of CUSO,OOO to be charged on the building as he believes that
buildings go up in value. Although the concept of depreciation has been explained to him, and the
consequences of not complying with BAS 16, the issue is unresolved and represents a material, but not
pervasive, disagreement.
In addition, the director forgot to keep records for cash sales during the first 6 months of the year, and no
other satisfactory audit tests could be carried out on this area. The 6 months' cash sales recognised total
CU68,000 which is material. This scenario results in a material, but not pervasive, limitation on scope.
The owners have been paid a dividend. When considering whether any dividends paid are legal, the auditor
will look at distributable profits, then reduce them for the CUSO,OOO depreciation which should have been
charged.
It can be argued that profits need to be reduced by a further CU68,000, being the cash sales which could
not be verified. It is impossible to say whether CU68,000 is accurate, so it is prudent to deduct the whole
balance from retained profits to assess the legality of the dividend. The auditor would ensure they reviewed
the remaining 6 months sales, and after making adjustments for seasonality, this may give a good
approximation of what the true figure may be.
If Soho Kitchens Ltd has sufficient distributable profits after making these allowances, the auditor will
comment on his report that the dividends were legal. If distributable profits are now too low, the auditor
will state that illegal dividends have been paid.

528

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

S.S
5.5.1

Shares and share options as remuneration


Introduction
Prior to the introduction of BFRS 2 Share-based Payment from I January 2005 the existence of share option
schemes was a very small issue for auditors as the auditor simply needed to review the accounts for
adequate disclosure of share option schemes.
The new standards require a more involved accounting treatment.

5.5.2

Financial reporting recap


BFRS 2 requires an expense representing the fair value of the options to be recognised from the grant
date to the vesting date. (Chapter 12 of this text covers the audit of fair value)
The fair value is ascertained using a model such as Black Scholes and includes the following variables:
~
~

~
~
~

5.5.3

Market price of shares


Exercise price
Volatility
Risk free rate of return
Length of option

Relevance to small businesses


Share options can be very tax efficient, therefore popular for small businesses due to certain types of
option being deductible from company profits, saving corporation tax. There is also no national insurance
on some share options, which can give an even greater saving. Finally, share options are often taxed under
capital gains tax which has more reliefs than income tax, (e.g. taper relief).

5.5.4

Assurance implications
Depending on the scenario, there are wide ranging and complex issues relating to the application of BFRS 2.
Firstly, the auditor will need to assess the option pricing model used and its inputs for reasonableness.
The auditor will also recalculate the fair value using the same inputs. This part of the engagement may
involve reliance on the work of an expert.
If the share-based payment scheme is a cash settled scheme or a hybrid scheme where the employee can
choose cash, the fair value needs to be updated each reporting period, so the auditor will need to perform
these checks each year. For ~quity settled schemes the fair value of the option doesn't change, it is
worked out at the grant date and remains the same.

5.5.5

The grant date


Next, the auditor must consider the point of recognition of the expense, which is the grant date. The grant
date is broadly when offer and acceptance has taken place. If employees are offered share options in writing
and are asked to respond in writing, the grant date will be the date of the response.

Worked example: Date of grant


Some companies with 3 year option plans would rather recognise a large expense one year than have the
total expense spread over 3 years. To achieve this, the directors may not respond in writing until year 3. In
year 3, as the condition of the options has been satisfied (waiting 3 years was the only condition), resulting
in an expense for the whole scheme year 3. It is clear that the grant date gives an increased inherent risk.

5.5.6

Number of vesting shares


Once the grant date has been established, it is important to spread the expense from the period from grant
to vest. If targets are involved, it might be difficult to estimate when the shares will vest and this estimate
needs to be revised in future periods.

The Institute of Chartered Accountants in England and Wales, March 2009

529

Advanced Stage -Advanced Audit and Assurance

Sales
Six sales staff are offered share options with a total value of CU I00,000 for each employee, dependent on
the company reaching sales growth targets in future. The options will vest if average growth is 13% or if
growth is IS% in any one year.
In year I, growth is 14% so the options do not vest. It is forecast that sales will be sufficient to meet target
next year.
The expense in the accounts is therefore spread over two years, being 6 x

cu 100,000
2 yrs

= CU300,000.

In year 2, sales are only up by I0% so the options do not vest. It is anticipated that targets will be met in
year 3.
In year 2. the total expense will be
6 x CUI 00,000 x

l{

years =CU400,000

Less: recognised in year I CU300,000


Expense in year 2
CUI 00,000
In year 3, the options do vest. The total expense is CU600,000 less CU400,000 in total in year 2 gives an
expense of CU200,000.
Year

Expense

cu
300,000

100,000

200,000

An auditor will have concerns about these figures as they have the potential to introduce volatility into the
statement of comprehensive income.
Because the target related to non-market conditions (it did not depend on the share price) if the target was
not met in year 3 and not forecast to be met in the future, the expense of CU400,000 to the end of year 2
would be credited to the statement of comprehensive income in full in year 3, which would again produce a
volatile profit result.
The final consideration is the number of employees who will receive the shares, in particular any staff
leaving would need to be estimated and not included in the expense. This estimate for future leavers is
updated each reporting period. For a small entity it will not be a huge problem as the scheme is likely to be
restricted to senior staff who would have a very low staff turnover.

Worked example! Share options


Blackberry Ltd is a listed company and trades in the manufacture of designer clothing. The following is an
extract from their BFRS 2 disclosure, which your audit manager has asked you to critique.
Scheme- SIP (share incentive plan)
~
~
~
~

Model used is Black Scholes


Scheme will be settled in shares in three years
I00 employees entitled, I0 expected to leave over three years.
Inputs to Black Scholes model
Share price
Exercise price
Volatility
Risk free rate
Life of option
Fair value of option

530

CU4
CU3.80
25%-40%
5%
3 years
CU0.75

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

Requirement
Using the information provided, list the audit tests you would perform on the disclosure for Blackberry Ltd.

5.5.7

Estimated leavers to be compared to previous staff turnover to ensure reasonable.

Overall expense to be recalculated using a 75p option value and 90 employees over three years (it is
unclear how many options each employee will receive). If the scheme is equity settled, i.e. will be
settled by issuing shares, the option value is calculated at the grant date and is not adjusted even if the
underlying share price moves. Cash settled schemes on the other hand are liabilities and the fair values
must be adjusted and recalculated every year.

The disclosure for volatility is incorrect, as it gives a range of volatility, only one figure is needed.

The inputs to the model need to be recalculated, probably using relevant audit software.

The share price needs to be agreed to the stock market price on the grant date.

The exercise price should be vouched to the documentation given to employees and checked against
the rules of the scheme (tax rules often allow the exercise price to be discounted from the share
price, normally a 15% discount is allowed).

Volatility represents the standard deviation of share price movements over the past three years, which
if evidence exists can be adjusted for current conditions. The auditor will carefully check the clients
calculation. If the volatility is too low, the expense will be low, thereby increasing risk. Alternatively,
volatility could be set high to attract potential investors, as large price movements mean they could
make large profits on their investments.

The risk free rate of 5% needs to be verified against an AA rated bond for three years to ensure it is
accurate.

The option life of three years must be agreed to any tax rules governing the scheme and the
documentation given to employees.

Relevance to small companies


If a company is not listed on a stock exchange, some of the figures needed for the option pricing model will
be particularly difficult to obtain.
The most difficult numbers will be share price at grant date and volatility.
The share price for an unlisted business will not be a precise calculation and this will increase inherent risk.
Valuations are covered in more detail in the Business Analysis study manual. To illustrate the type of
assurance work needed, it is assumed that the value of the whole business is estimated as follows:
P/E ratio for industry x sustainable profits
The P/E ratio contains a share price, so is only available for listed companies. A similar company or industry
average should be chosen which may be difficult depending on the activities of the company. As the P/E
ratio is for a quoted company, it needs to be scaled back to reflect the marketability of the shares. H M
Revenue and Customs recommend discounting by 50-60%.
The sustainable profits will again involve guesswork as the profits may include exceptional items. Different
accounting policies will give different profit figures compared to other businesses. There may be a need to
adjust the figures where the accounting policies differ.
Once the whole business has been valued it can be divided into a 'per share' value.
Obtaining assurance on the figure for volatility can cause an even bigger problem. This should be the
standard deviation of historical share price movements which will obviously not exist as the shares are not
traded.

The Institute of Chartered Accountants in England and Wales, March 2009

53 I

Advanced Stage -Advanced Audit and Assurance


The average volatility for most quoted shares is 25-40% for their BFRS 2 expense. A more appropriate
figure for smaller entities would be lower, perhaps I 0-15% over three years.

5.6

Increased inherent and control risk


Some of the forms of remuneration will depend on profit level, such as dividends dependent on
distributable profits. This might increase the risk of creative accounting in order to achieve the desired
profit level, which increases inherent risk.
The auditor needs to carefully consider the increased risks relating to a directors choice of remuneration
and plan their response to these risks.

532

The Institute of Chartered Accountants in England and Wales, March 2009

SMALL COMPANY AUDITS

Summary and Self-test

Summary

Risk

Incorporation

Lack of internal
controls+
management
override

Statutory audit is required


/

]
Rewards
Choice of remuneration
- scope for management
override of controls +
creative accounting
- audit problems with
valuation of share based
payments

Financing gap
Difficult to obtain
finance - inherent risk
-liquidity issues
-funding

The Institute of Chartered Accountants in England and Wales, March 2009

533

Advanced Stage- Advanced Audit and Assurance


an increase in the fees may be justified by improved services not least because the two firms of accountants
are likely to work as efficiently as possible from a sense of professional pride.
Both firms must sign the audit report and both are responsible for the whole audit whether or not they
carried out a particular area of the audit programme. It follows that both firms will be jointly liable in the
event of litigation.

4 Global enterprises
Section overview

Global enterprises are particularly affected by the

follo~ing risks:

Financial risks
,Political risks ..
Regulatory risks

.Internal C:6ntrdt w1.11. h'a~e l:o 'fiaV~r;;&~r4 'i6'a'~~~(~tX~f ~~~~~ re~~ir~illentr'

. Compliance ~ill be ke~Jeat~ie Jfi~t~~ri~tio~~~bJ~ines~\trate&i .~..


, '
'"':, -~- . ::<. ~:<,<,:f;){f:~n:::;}~~,>-~--~;~:~1. /~':.:~?;j:t>;,:,_.<::>.~-~-~-.:-. .!..;:~-: . ;:"_--.,:~.'~""' : ..__ ~ .
~ ..In response .to the tre.nd towards:globalis'ation.t~e ForUilJ of ~i~ms has ~eem founded

4.1

; ,

~:\"-~ \:~. {.\~:;:::,~:.:: ::~t:~~,::~.:ei :~,-~:/ '~( L~.-:t+;~~-t:S:f;:.:~:zt~,;:,~;~

;. " ~;~,\;,.:~:, "::f <

Introduction
Large businesses are increasingly becoming global organisations. This has implications for the business itself
and the way in which the audit is conducted. In the remainder of this section we will look at a number of
key issues affecting global organisations.

4.2
4.2.1

Inherent risk
Financial risks
By its very nature a global organisation will have businesses in countries all over the world. At any point in
time these countries may be experiencing diverse economic circumstances. This may impact on key
aspects of financial management including the effects of the following:
~

~
~

Inflation
Interest rates
Exchange rates
Currency restrictions

In some instances the impact of these can be significant. For example Zimbabwe has experienced inflation in
excess of 200 million per cent in 2008.
Overseas financial risk
The financial strategy of the company may be one of overseas financing. This could be in two
situations.

570

(I)

The raising of finance overseas but remittance of funds back to Bangladesh - probably to take
advantage of more reasonable terms.

(2)

The raising of finance overseas for the purpose of providing capital for an overseas subsidiary, branch
or significant equity investment.

The Institute of Chartered Accountants in England and Wales, March 2009

'--

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Identifying overseas financial risks


The business risks of the above transactions can be summarised as follows.
~

The legal requirements for raising loan capital in the country of origin may be more complex than the
Bangladesh equivalent.

The tax implications may be diverse and difficult to manage.

The country of origin may have strict rules on remittance of proceeds back to Bangladesh.

The company m2y have a cultural image or mission statement with which overseas financing conflicts.

The decision to finance overseas may have been made on factors that can easily be distorted in the
short term. The factors likely to have been considered would have been
The prevailing rate of exchange
The cost of financing interest or dividend payments.

Foreign exchange and interest rates are outside the control of the individual entity. Therefore, if there is an
unfavourable movement in the foreign exchange or interest rates, it could result in a significant change in
cash flow in both the short and long term.

Mitigating overseas financial risks


The business will need to mitigate risk by adopting the following or similar procedures.
~

Obtaining legal, taxation and accounting advice prior to the overseas financing commencing.

The company should hedge any overseas transactions to reduce the risk of currency and interest rate
movements significantly affecting its assets and liabilities.

The company at board level should consider the cultural and political implications of an
investment overseas.

Assessing overseas financial risks


The assurance advisor can approach the assignment initially by focusing on business risk and, where
necessary, by a more substantive approach.
The assurance advisor will therefore be addressing the issue of changing exchange and interest rates, where
material, in the relevant accounting period. He would discuss with the management any difficulties that had
arisen over the legal requirements and whether remittance from overseas had proved straightforward.
The advisor would also have gained assurance that the company had identified the Bangladesh reporting
requirements.
Having addressed business risk, the following steps may need to be taken.
~

Examination of the loan capital terms and contractual liabilities of the company.

Checking the remittance of proceeds between the country of origin and the company by reference to
bank and cash records.

Reviewing the movement of exchange and interest rates, and discussing their possible impact with the
directors.

Obtaining details of any hedging transaction and ensuring that exchange rate movements on the
finance had been offset.

Examining the financial statements to determine accurate disclosure of accounting policy and
accounting treatment conforming to Bangladesh requirements.

Evaluating whether the directors had satisfied themselves as to the company's conforming status as a
going concern.

The Institute of Chartered Accountants in England and Wales, March 2009

571

Advanced Stage- Advanced Audit and Assurance

4.2.2

Political risks
Political issues, particularly political unrest may also have implications for both the business and the way in
wh'1ch its results are reported. For example, restrictions imposed by foreign governments may call into
question the ability of a parent to control its subsidiary. This may raise questions about possible
impairment of the value of the parent's investment in the subsidiary and may affect the way in which the
investment is recorded in the group financial statements.

4.2.3

Regulatory risks
A global organisation will need to be equipped to deal with a range of local legislation. Key areas include:
~
~
~
~
~

Health and safety


Environmental legislation
Trade descriptions
Consumer protection
Data protection
Employment issues

Failure to comply with these may result in financial or other penalties, having to spend money and
resources in fighting litigation and loss of reputation.
In this area governance codes will be particularly important examples of best practice which should be
adopted worldwide, and organisations must consider the risks of breaching provisions relating to integrity
and objectivity, and also control over the organisation as a whole.

Audit impact
The variation in local regulation may also have an impact on the audit itself. For example some subsidiaries
may be in countries which do not have accounting and auditing standards developed to the same extent as
those in Bangladesh. As a result, the financial statements and the audit work carried out on them by local
practitioners may not conform to Bangladesh standards.
In this situation the group auditor may need to:
~
~

Request adjustments to be made to the financial statements of the subsidiary


Request additional audit procedures to be performed.

The increasing acceptance of international accounting and auditing standards and ongoing convergence
between these and local regulation means tbat this problem should become less significant over time.

4.3

Internal control
Many of the internal control issues stem from the inherent risks identified above. For example,
geographical, cultural and regulatory differences may result in a variety of internal control mechanisms being
adopted by the organisation. The entity will need to ensure that these mechanisms not only satisfy local
requirements but also the internal control objectives of the entity as a whole. The following specific points
should also be noted.

572

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Risk management
The management of a global enterprise will need to have regard to the corporate governance
requirements (see Chapter 3) as follows:
Control environment

This sets the tone from the top of the organisation and will need
to be applicable at both a local and global level. Factors to
consider include:
~

Organisational structure of the group

Level of involvement of the parent company in components

Degree of autonomy of management of components

Supervision of components' management by parent company

Information systems, and information received centrally on a


regular basis

~-

Risk assessment

As we have seen in section 4.2 the nature of a global


organisation increases risk. Management need to ensure that a
process is in place to identify the risks at the global level and
assess their impact

Information systems

Information systems will need to be designed so that accurate


and timely information is available both at the local level and on
an entity basis. Compatibility of systems and processes will be
important

Control procedures

Whilst there may be local variations minimum entity-wide


minimum standards must be established to ensure that there are
adequate controls throughout the organisation

Monitoring

In organisations of this size audit committees and the internal


audit function will have a crucial role to play.

'-

4.4

Divisional performance measurement


A divisional structure is one of the more common organisational structures seen in Bangladesh. Either a
single company is split into divisions (organised by product or location or strategic business units) or the
structure is that of a holding company and subsidiaries. Divisions are typically given responsibility for their
profits and assessed against them.

4.4.1

Advantages and disadvantages of a divisional structure


Advantages
~
~

~
~
~
~

Flexible in adapting to growth and diversification.


Extra divisions can simply be added into the structure.
Good for developing managers as they are given responsibility for divisional profit.
Good for evaluating activities.
Better decisions made by managers 'in the know'.
Releases top management to concentrate on strategic issues.
Aids responsibility accounting.

Disadvantages
~

Squabbles over allocation of central costs can occur.


Interdivisional trading problems (i.e. at what price should the trades take place?). This is discussed
further in section 4.4.4 below.

The Institute of Chartered Accountants in England and Wales, March 2009

573

Advanced Stage- Advanced Audit and Assurance

4.4.2

Performance management in a divisional structure


Organisations which are split into divisions have an especial need to consider how performance is measured
and improved.
In order that information be effectively disseminated in the larger business organisation, it is usual to have a
tiered management structure to receive and react to different levels of information.
Top management (e.g. directors)- use 'strategic' information to plan the organisation's objectives and
assess whether or not they are being met (e.g. profits/ROIIRI by business segment, present and potential
market studies, investment appraisal).
Middle management (e.g. managers of SBUs)- use 'tactical' information to run their areas and
implement top management's policies and strategies (e.g. analysis of sales by product/customer/geographical
location, inventory levels, cash flow projections).
Junior management (e.g. functional heads)- use 'operational' information to co-ordinate employees on a
day-to-day basis (e.g. variances, receivables and payables levels, payroll details, customer complaints, output
records).

4.4.3

Residual income and return on investment


As has been seen above, divisional performance assessment at the highest level is often centred on
residual income (RI) and return on investment (ROI).These measures were covered in your earlier
studies.
Rl is an absolute measure calculated by taking divisional profit and subtracting a notional interest charge,
this being the capital employed by the division multiplied by a required rate of return. Thus, if a division
earns a return in excess of the required rate, it will generate residual income.
Under ROI, divisional profit is divided by divisional capital employed to generate a percentage rate of
return, which can then be compared to a target.
When calculating these measures, it is important to distinguish between
~

Assessment of the division manager (based on controllable profit, i.e. costs and revenues
resulting from decisions taken by the manager)

Assessment of the division (based on traceable profit, i.e. costs and revenues which relate to the
division but which are not necessarily controllable by the manager).

Both measures rely on accounting figures that (as discussed above) are subject to manipulation and
subjectivity (e.g. whether to value non current assets at historic cost, net book value, replacement cost etc).
Both measures also require a target rate of return to be defmed. An adequate target may be difficult to
calculate, although risk can be built in to the targets so that different divisions have targets specific to their
operations.
Both measures have specific problems. Rl is troublesome when comparing divisions of different sizes, as an
additional CUI of residual income ought to be easier to achieve the larger the division. ROI, as a
percentage measure, avoids this problem, but has some of its own. For example, a new project may be
acceptable to a company because its rate of return exceeds the target. However, if the division concerned
has an ongoing average ROI that exceeds that of the project, its average will be dragged down if the project
is undertaken.

4.4.4

Transfer pricing
Transfer pricing addresses the need to value the use of goods and services of one division by another. A
well thought-out system may allow accurate divisional performance measurement while ensuring that
divisions are not motivated to make decisions adverse for the company as a whole.
However, transfer pricing often proves impossible to get right and can lead to internal conflict as well as
unreliable divisional performance measures. Recharges are often uncontrollable by those managing divisions,
yet these recharges form part of the results on which they are assessed.
Transfer pricing is often used to manipulate profits for tax purposes, rather than to measure
performance. HM Revenue and Customs spend much oftheir time analysing such recharges (particularly

57 4

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES .


where they involve transactions between companies which are resident in different countries), which might
be seen to offer some assurance that the practice has limitations.
One particular problem associated with transfer prices is in valuing a company or division as an independent
unit. Historical data may be virtually meaningless if major revenues come from inter-division or intercompany recharges. Similarly, a division of a major company is likely to find major costs (e.g. rent) to be
much higher without the economic support of a parent.
Transfer pricing systems have four primary aims.
(I)
(2)
(3)
(4)

To
To
To
To

enable the realistic measurement of divisional profit.


provide producer and receiver with realistic income and cost.
avoid taking too much autonomy from managers.
ensure goal congruence and profit maximisation for the company as a whole.

A company could elect to avoid setting transfer prices, allowing managers to negotiate with each other
towards a mutually agreeable figure. However, if either party (or both) can buy/sell outside of the company
as well, there is a danger that the company under-utilises its own resources, while incurring unnecessary
expense because the two parties failed to agree on a price.
Where the product or service has a readily available outside market, internal transfers are unlikely to occur
unless the transfer price is similar to the market price. The transfer price may be slightly below the market
price to recognise the reduction in risk (e.g. no cash changes hands so no risk of bad debts) and likely
savings in packing and delivery.
Another method used to set transfer prices is 'cost plus'. The transferring division should be able to
recover its variable costs and any contribution lost because it diverted resources in order to fulfil the
internal transfer. The costs involved should be standard rather than actual, otherwise inefficiencies in the
selling division will be passed on to the buying division.
Of course, the selling division will need to recover its fixed costs in the long run and may demand some
contribution from the buying department. As a result of this issue, a company's transfer pricing system may
need to be more complex, with the two divisions recording different figures for a transfer (two-part
transfer pricing) which are reconciled at a later date.
Divisional manager autonomy may have to be partially sacrificed in order to achieve the other aims of
transfer pricing. This may involve divisions being set a transfer price (or range within which the price must
be) but being required to justify any external transactions before authority is given. An alternative solution
is to remove all internal transactions from divisional performance when managers are assessed but, where a
division relies solely/mostly on internal sales, this may be impossible without relegating the division to cost
centre status.

Company C is organised into two divisions, Division A and Division B. Division A can sell its product
outside the company at CU20 per unit or transfer internally to Division B at CU20 per unit. Division B's
usual selling price for its finished product is CU70. Division A's variable costs are CUI 0 per unit and its
fixed costs are CUS per unit. Division B's variable costs are CU IS per unit and its fixed costs are CUI 0 per
unit.
If Division B received an offer from a customer of CU30 per unit for its final product, with the transfer
price of CU20 it would not accept the offer as its books would show a negative contribution per unit of (30
- 20 - IS) CUS.
However, assuming that Division A has surplus capacity, this would not be the right decision from the point
of view of Company C as a whole as contribution would be (30 - I0- IS) CUS per unit.
If Division A is already operating at full capacity then there would be a lost external sales contribution in A
of (20 - I0) CUI 0. Therefore, in this situation, the company as a whole should also reject the offer because
the deal would represent a loss in potential contribution of CUS per unit.

The Institute of Chartered Accountants in England and Wales, March 2009

57 5

Advanced Stage -Advanced Audit and Assurance

4.5

Compliance
A key feature of any international business strategy is that it is likely to involve compliance with overseas
accounting and auditing regulations of the host countries in which an entity does business. The most
important piece of recent legislation in this respect has been The Sarbanes-Oxley Act. This is covered in
detail in Chapter 3 of this text.

4.6
4.6.1

Transnational audits
The Forum of Firms
In response to the trend towards globalisation an international grouping, the Forum of Firms (FoF) was
founded by the following networks: BDO, Deloitte Touche Tohmatsu, Ernst & Young, Grant Thornton,
KPMG and PricewaterhouseCoopers.
Membership is open to firms and networks that have transnational audit appointments or are interested in
accepting such appointments.
These firms have a voluntary agreement to meet certain requirements that are set out in their constitution.
These relate mainly to:
~

Promoting the use of high quality audit practices worldwide, including the use of ISAs

Maintaining quality control standards in accordance with International Standards on Quality Control
issued by the IAASB, and conducting globally coordinated internal quality assurance reviews.

The IAASB has set up the Transnational Auditors Committee (TAC) to provide guidance to the
members of the FoF.
The TAC has issued the following definition of transnational audit.

Definition
Transnational audit: means an audit of financial statements which are or may be relied upon outside the
audited entity's home jurisdiction for purposes of significant lending, investment or regulatory decisions; this
will include audits of all financial statements of companies with listed equity or debt and other public
interest entities which attract particular public attention because of their size, products or services
provided.

Guidance: Other public interest entities shall include those entities in either the public or the private
sectors which have significant transactions across national borders, whether or not having either listed
equity or debt. These would include, for example, large charitable organisations or trusts, major
monopolies or duopolies, providers of financial or other borrowing facilities to commercial or private
customers, deposit-taking organisations and those holding funds belonging to third parties in connection
with investment or savings activities.
Significant transactions across national borders - shall include transactions such that there is a reasonable
expectation that the financial statements of the entity may be relied upon by a user outside the entity's
home jurisdiction for purposes of significant lending, investment or regulatory decisions. Significant in this
context does not include use of financial statements to establish normal trade terms with vendors or to
open accounts with financial institutions (i.e. accounts for purposes of collecting customer receipts or
making vendor payments). For the avoidance of doubt, an office required solely for the purpose of legal
formation and continuing legal existence in a particular jurisdiction does not constitute a significant
transaction across national borders.
In principle, the definition of transnational audit should be applied to the consolidated entity as a whole
including the individual entities comprising the consolidated entity.

57 6

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES


Examples to illustrate the definition.

Private company in US raising debt


finance in Canada

This would qualify as a transnational audit as it is reasonable


to expect that the financial statements of the company
would be used across national borders in obtaining the debt
financing.

Private Savings and Loans


operating entirely in the US (i.e.
only US depositors and US
investments)

Although it could be considered a public interest entity,


this would not qualify as a transnational audit assuming it
can be demonstrated that there are no transnational users.

International charity taking


donations through various national
branches and making grants
around the world

4.6.2

In applying the definition of transnational audit, there


should be a rebuttable presumption that all banks and
financial institutions are included, unless it can be clearly
demonstrated that there is no transnational element from
the perspective of a financial statement user and that there
are no operations across national borders. Potential
transnational users would include investors, lenders,
governments, customers, regulators, etc.
This entity can clearly be considered a pubic interest entity
and operating across borders. Further, the international
structure would create a reasonable expectation that the
financial statements could be used across national borders
by donors in other countries if not by others for purposes
of significant lending, investment or regulatory decisions.

Features of transnational audits


In the globalised business and financial environment, many audits are clearly transnational, and this produces
a number of specific problems which can limit the reliability of the audited financial statements:
~
~
~

4.6.3

Regulation and oversight of auditors differs from country to country


Differences in auditing standards from country to country
Variability in audit quality in different countries

Role of the international audit firm networks


The 'Big 4' and other international networks of firms can be seen as being ahead of governments and
institutions in terms of their global influence. They are in a position to establish consistent practices
worldwide in areas such as:
~
~
~

Training and education


Audit procedures
Quality control procedures

These firms may as a result be in a better position than national regulators to ensure consistent
implementation of high quality auditing standards.
Membership of the Forum of Firms imposes commitments and responsibilities, namely:
~
~
~

To perform transnational audits in accordance with ISAs


To comply with the IFAC Code of Ethics
Be subject to a programme of quality assurance

The Institute of Chartered Accountants in England and Wales, March 2009

577

Advanced Stage- Advanced Audit and Assurance

5 Audit of banks
Section overview

5.1

The auditor of a bank may seek confirmation of certain balances from other. banks

Bank supervisors are concerned with maintaining the integrity of the banking system

The auditor is responsible for reporting

to shareholders

Introduction
Banking is one example of a global industry which also affects all large companies. It is a regulated industry
which highlights issues faced by many large groups.
The details relating to bank auditing are complex and the key message to extract from the following is how
banking risk is managed and to determine how audits may be planned. Key sources of guidance include:

5.2

BAPS I 000

Inter-bank Confirmation Procedures

BAPS I 004

The Relationship Between Banking Supervisors and Banks' External Auditors

BAPS I006

Audits of the Financial Statements of Banks

Inter-bank confirmation procedures


BAPS I000 states that the need for confirmation arises from the need of the bank's management and its
auditors to confirm the financial and business relationships between the following:
~

~
~

The bank and other banks within the same country


The bank and other banks in different countries
The bank and its non-bank customers

The auditor will select which banks it requires confirmation from by considering matters including:
~
~

Size of balances
Volume of activity
Degree of reliance on internal controls materiality

Information may be sought in one of two ways:


Listing balances and other information, and requesting confirmation of their accuracy and
completeness
~

Requesting details of balances and other information which can then be compared with the requesting
bank's records.

Control over the content and dispatch of confirmation requests is the responsibility of the auditor.
Examples of the most commonly requested information include the following:
~
~
~

~
~
~

~
~

~
~
~

578

Balances due to/from the requesting bank on current deposit, loan and other accounts
Maturity and interest terms
Unused facilities
Lines of credit/standby facilities
Any offset or other rights or encumbrances
Collateral given or received
Contingent liabilities (e.g. arising on guarantees)
Asset repurchase and resale agreements
Options outstanding at the relevant date
Forward currency, bullion, securities and other outstanding contracts
Details of securities and other items held in safe custody

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

5.3

Key provisions
The relationship between bank supervisors and auditors is principally defined by the use of audited financial
statements in the supervision process. The audit of financial statements reflects the risks that banks are
exposed to. This section briefly outlines the role of banking supervision, banking risks and a brief summary
of analytical review of key ratios as an example audit technique.

Banking supervision
Briefly, the basic elements of banking supervision normally feature consideration of the following:
~
~
~
~

The integrity and skill of the bank's management


Sufficient internal controls to match business plans
Adequate capital to withstand risks
Sufficient liquidity to meet fund outflows.

Bank supervisors are concerned with maintaining the stability of the banking system and uses their financial
statements in making assessments of individual bank's position and performance. The external auditor is
concerned with reporting on the bank's financial statements ordinarily to the bank's shareholders. The fact
that financial statements are used in the supervision process poses the following problems:
~

Financial statements are prepared for shareholders, not for supervisory requirements

Audits are designed only to provide reasonable assurance that the financial statements taken as a
whole are free from material misstatement

There is often a choice in accounting policies allowing the exercise of judgement

The financial position of the bank may have been affected by subsequent events since the financial
statements were prepared

Assessments of internal control are with respect to assurance relating to material error and may
not be suitable for supervision purposes.

However, there are circumstances in which findings by the auditor may require urgent banking action, such
as:
~
~
~
~

Failure to fulfil one of the requirements for a banking licence


The unexpected departure of a manager in a key function
Material breach of laws and regulations
The intention of the auditor to resign or the removal of the auditor from office
Material adverse changes in the risks of the bank's business.

Banking risks
The risks relating to a bank's business may be categorised by:
~

Country risk: e.g. imposition of exchange restrictions arising in the customer's home country
resulting in losses for the bank

Credit risk bad debts of a customer

Currency risk: losses rising from adverse exchange rate movements

Fiduciary risk: negligence in the management of assets on behalf of other parties

Interest rate risk losses rising from adverse interest rate movements

Legal and documentary risk poorly or inadequately drafted contracts

Liquidity risk losses arising from inability to sell or dispose of an asset

Modelling risk: poorly understood behaviour of financial instruments

Operational risk: failed internal processes

Price risk: loss arising from adverse changes in market prices

Regulatory risk: failure to comply with regulatory or legal requirements

The Institute of Chartered Accountants in England and Wales, March 2009

579

Advanced Stage -Advanced Audit and Assurance


~

Replacement risk: failure of a customer to perform the terms of a contract. The contract will need
to be replaced, potentially at a loss

Reputational risk

Solvency risk: not having sufficient funds to meet obligations

The risks relating to a bank's business may be determined by:


~

The holding of large cash and negotiable instruments

Cross-jurisdiction transactions leading to complex management and recording of transactions

Very high leverage (the ratio of capital to total assets is low)

Being subject to rapid changes in value of assets and liabilities

The taking of short term deposits subject to potentially rapid withdrawals

Operations are geographically dispersed leading to decentralisation of authority and dispersal of


accounting and control functions

Transactions can often be directly initiated and completed by the customer without any intervention
by the bank

They are regulated by governmental authorities. Non-compliance with regulatory requirements could
have implications for the bank's financial statements

They are likely to be involved in complex financial instruments requiring carefully implemented control
procedures.

Point to not<O
The relevance of banking risk has been highlighted by the collapse of Lehman Brothers and the takeover of
HBOS by LloydsTSB in September 2008. Both banks were affected by their exposure to bad debts in the
mortgage sector.

Analytical procedures
From a performance management perspective, audit of banks may be conducted by review of key ratios to
highlight potential problem areas. The ratios that might be relevant under such circumstances are:
~

~
~
~

580

Asset quality ratios: e.g. Loan losses to total loans


Earnings ratios: e.g. cash and liquidity securities (for example, those due within 30 days) to total assets
Capital adequacy ratios: e.g. Equity as a percentage of total assets
Market risk: e.g. Effect of changes in interest rates on the bank's earnings or own funds
Funding risk: e.g. Average borrowing rate

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Summary and Self-test

Summary

- Acquisitions
- Bangladesh
-Overseas
-joint Ventures
-MBOs
-Disposals

Continued
below

Issues:
Risk
- Financial

Political

- Regulatory
Internal control
Compliance

Continued
below

The Institute of Chartered Accountants in England and Wales, March 2009

581

Advanced Stage -Advanced Audit and Assurance

l
J.
Principal auditors
(PAs)

Other auditors

Consider
/'
Materia lity of
Determine how
portion of FS which
work of other
do not audit
auditors affects
Degree of
their audit
knowle dge of
\..
business of
~
compo nents
Acceptance
Nature of
as PAs
relation ship with
firms acti ng as other
auditors
- Ability (where
necessa ry) to
perform additional
procedu res to
enable act as
principa I auditors
PA's duty to obtain
Riskofmate rial
Info and explanation
misstate ments in FS
required by auditors
of comp onents
from overseas subs
audited by other
auditors

Responsible
for opinion
on S's FS

ISA 600

~
Bring to attention
of PAs any matters
relevant to PA's work

Direct
Communication
~
/

Reporting
responsibilities

\..

582

~
Co-operate with
and assist PAs

As Parent's
auditors duty
to report on
P's own FS

Sole responsibility
. for opinion on
group ales

Permission to """'
communicate
refused. OAs notify
PAs ~ PAs agree
action with Parent's
directors

\..

The Institute of Chartered Accountants in England and Wales, March 2009

or

Refer in
auditors'
report

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

~
Obtain sufficient, appropriate
evidence that work of other
auditors (OAs) is adequate

~
Advise OAs of use to
be made of their work
and arrange to co-ordinate

[Inform OAs

[Advise OAs

--r

Areas for
special
consideration

Procedures
to identify
intra-entity
transactions

Audit
timetable

Independence
requirements

Discussion of
OAs' audit
procedures

Review of
summary of
"OAs' audit
procedures
(eg questionnaire
or checklist)

l
~

Accounting,
auditing and
reporting
requirements

Review of
OAs' working
papers

Nature, extent and timing depends on


Circumstances of engagement
- Assessment of OAs

The Institute of Chartered Accountants in England and Wales, March 2009

583

chapter 14

Business structures and


global enterprises

Introduction

Topic List
I

Business structures

Group audits

Joint audits

Global enterprises

Audit of banks

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

547

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Business structures
Section overview

1.1

The structure of a business has both accounting and auditing implications

The nature of the business structure will give rise to specific risks.

Introduction
Most quoted companies and many private companies are not single companies but groups of companies.
You will be familiar with this concept from your financial reporting studies. In the preparation of group
accounts the following accounting standards in particular must be complied with:
~
~
~
~

BFRS 3 Business Combinations


BAS 21 The Effects of Changes in Foreign Exchange Rates
BAS 27 Consolidated and Separate Financial Statements
BAS 28 Investments in Associates
BAS 31 Interests in joint Ventures

Many of the basic principles applied in the audit of a group are much the same as the audit of a single
company, however, there are a number of significant additional considerations. One of the key issues
will be the impact of the group structure on the risk assessment, including the process by which the
existing structure has been achieved, e.g. acquisition, MBO etc and/or changes to that structure. In many
cases the risk issues will be related to the accounting treatments adopted.

1.2
1.2.1

Change and risk assessment


Introduction
Change by its very nature will have an impact on the company. The impact of these changes will be
important for the auditor as
~

They are likely to alter the business risk of the company


The auditor must ensure that he has proper knowledge of the company.

The areas most significantly affected by change are as follows.


Costs

A ccounting treatment
Markets
People

5 ystems
By considering these areas for any change it is possible to identify the key risks of any strategy.

1.2.2

Costs
The change process will incur additional costs; these will need to be financed and accounted for.
Initially, costs may outweigh revenues achieved. The company will need to ensure that it can withstand this
potential loss-making situation.
Unfamiliarity of a market can result in costs being higher than necessary due to inexperience of pricing
policies or additional costs incurred to rectify mistakes or replace wastage.

The Institute of Chartered Accountants in England and Wales, March 2009

549

Advanced Stage -Advanced Audit and Assurance

I .2.3

Accounting
Each type of change will result in accounting implications for the company; it may for example mean that the
company has to

1.2.4

Prepare group accounts for the first time

Satisfy the requirements of BFRS 5 Non-current Assets Held for Sale and Discontinued Operations in
relation to any disposals of material business segments

Consider provisions under BAS 37 Provisions, Contingent Uabi/ities and Contingent Assets

Provide disclosure of significant investments and financing

Account for new assets and liabilities being brought into the financial statements

Account for disposal of surplus assets

Account for purchase consideration, including related disclosures, whether cash, issue of shares or
other capital instrument.

Markets
Any movement into a new market has its risks. Again, inexperience of the new customers' needs or of a
new product make it easy for mistakes to be made.

1.2.5

People
People

Staff retained

Staff disposed of

(Existing & New staff)

I \

550

Staff coming from different


organisations will now have to
work together. Problems arising
could include

Changes in systems or working


practices mean that staff will be
inexperienced in their new roles.
Examples include

If staff are to be disposed of, costs


such as redundancy need to be
considered.

Resentment from staff


who feel their company has
been taken over

Dealing with unusual


transactions

Remaining staff may feel


threatened by disposal of staff,
any cut backs encouraging them
to seek other employment.

Change in working
conditions, wage rates,
overtime working, benefits
and other policies

Dealing with unusual


accounting systems.

Remaining staff may feel burdened


taking on disposed staffs
workload.

Reorganisation of
hierarchical structure

Staff may also face pressure from


a change in the volume of their
work, especially if a company is
growing.

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES


If staff have not bought in to the changes they are less likely to work effectively for the company resulting in
lower production, more mistakes and potentially even deliberate malicious action. All of these will increase
the business risk of the company.

1.2.6

Systems
All companies should have established systems and procedures; any major change undergone by the
company should cause a review of these systems to take place.
An expansion of the company into similar areas may not cause the existing system to change much beyond
an assessment of its ability to cope with an increased volume of transactions.
Movement into new areas will cause the most changes to the systems. Staff will need to be trained, or new
staff recruited. Inexperienced staff or poor quality systems will result in errors and a loss to the business.

1.3

Acquisitions
A company may choose to grow by buying another company; therefore this type of change will usually
involve the acquiring company buying an existing company. The acquiring company will obtain control of the
acquiree's assets and liabilities and be able to direct the future operations of that company.

1.3.1

Keys issues of acquisitions


Acquisition can take many forms; the type of acquisition (e.g. hostile, friendly) and future management of
the subsidiary (fully integrated, autonomous) will also impact on risk.

Valuation of assets and liabilities

These should be valued at fair value at the date of


acquisition. Valuations may also be required for
certain intangibles even where the intangibles were
not previously recognised in the individual financial
statements of the acquiree.

Valuation of consideration

This should be at fair value and will include any


contingent consideration. Any deferred
consideration should be discounted.

Goodwill

This must be calculated and accounted for in


accordance with BFRS 3.

Date of control

The results of any subsidiary should only be


accounted for from the date of acquisition.

Level of control

This will determine the nature of the investment and


its subsequent treatment in the group financial
statements e.g. subsidiary, associate.

Accounting policies I year end

Accounting policies and year ends must be


consistent across the group.

------------

The group must have systems which enable the


identification of intra-group balances and
accounts.

Consolidation adjustments

---------~----

Adequacy of provisions in the target company

Whilst the acquirer is likely to know its plans, other


provisions may be necessary within the acquired
entity.
If such provisions are currently unrecognised and
have never been recorded (e.g. in board minutes),
there is a clear risk that the acquiring entity will
overpay.

The Institute of Chartered Accountants in England and Wales, March 2009

551

Advanced Stage- Advanced Audit and Assurance


Use of provisions to manipulate post acquisition
profits

Provisions may be recognised at the point of


acquisition and then released at some point in
the future in order to make post change results
appear impressive. This may imply that change was a
correct business decision. The use of such
provisions has been reduced by BAS 37.

The audit consequences of these issues will be addressed in section 2.

1.3.2

Joint ventures
What is a joint venture?
Two or more companies come together to carry out a project or activity. This is different from
an acquisition as two companies are not combining together in their entirety.
Joint ventures tend not to be for the long term, only being set up for the life of the specific project.
You should be familiar with the concept of a joint venture from your Financial Reporting Studies.

ventures
The Royal Bank of Edinburgh entered into several joint ventures:
(I)

'Ecost Personal Finance has made excellent progress since it was launched 18 months ago. To date, the
joint venture has acquired over 700,000 customers.
In a relatively short time, in partnership with Ecost, we have established a significant and innovative
new force in UK banking. We remain very optimistic about the prospects for Ecost Personal Finance
and our expectations remain that this business will move into profit in the near future.

(2)

We have also received an encouraging response to the Branson One Account through our joint
venture with Branson Dlrect Personal Financial Services.'

Requirement
Using the CAMPS framework (see section 1.2.1) examine the risk factors associated with the Royal Bank of
Edinburgh joint ventures.

Solution
Costs
The set up costs of the two ventures will need financing. Will this be done from the existing funds within
the companies, or will external finance be needed?
As RBE is a financial institution, is it providing the bulk of the finance with loan amount outstanding to the
other parties?
How will the infrastructure be established? Who will pay for the Web site to be constructed and
maintained. What is the split of these costs?
What is the profit forecast for the first periods? Initial expenses are likely to exceed revenues, therefore
losses may be expected in the initial periods.
Accounting
RBE is already established in this market and is therefore likely to be providing the asset base to support to
activities. How are the assets valued in the joint venture accounts?
Is there any payment to be made to RBE for the knowledge and experience that it brings to the JV?
What is the type of venture?
What is the agreement on profit sharing? The underlying elements will need to be audited and the profit
share recalculated.

552

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES


How long is the JV agreement for? To ascertain the correct write off period of assets.

Markets
The products are likely to be launched through the Internet; this may expand the customer base of the
companies. E-business has its own specific set of risks, these are covered in the Business Strategy section of
Business Environment.

People
It is likely that there will be a combination of staff involved from each of the parties, plus some additional
staff new to both organisations. The cultural and operational impacts (as explained in the main text) need to
be considered.

Systems
As these will effectively be new entities a complete new set of systems will need to be established. Risk will
be increased due to the unfamiliarity of the staff with these systems.
Responsibility for control. If the entity is a limited company then the directors will be responsible for
ensuring proper controls.

1.3.3

Management Buy-Outs
Whether it is a management buy-out (MBO), a management buy-in (MBI) or a combination of the two
(BIMBO), the most pressing risk is that one party is likely to have a comparative advantage on detailed
financial information. In this respect, the current management team of a business have a major advantage
over existing shareholders, interested investors/buyers and providers of finance.
For example, in an MBI where the outgoing management team own stakes in the enterprise, there is an
inherent danger of overstating the value of the organisation. In an MBO it may work both ways, with the
MBO team looking for as low a price as possible, but also needing to convince outside providers of finance
to invest.
In a BIMBO the situation becomes even more complicated, with the existing management team looking to
convince the additional management team that prospects are good in order to conclude the deal, whilst
knowing that once the deal is finalised the two groups will have to work in tandem.
In addition to the above issues, an existing management team may find its role changing from manager to
owner/manager, introducing new risks (conflict of interest, bias in preparing financial information etc).
In any buyout scenario both historical and future financial information will play a key role.
Consistency must exist between accounting treatments in both past and future data to ensure
comparability.
Historical data is likely to suffer from the problem that the audit was not designed with a business valuation
in mind. Future data presents a more obvious problem for auditors and accountants, in that there is full
knowledge of the reasons for preparation and, as such, liability for error and omission is clearer. The level
of assurance, and therefore the level of detail of the assurance work, will necessarily be greater than for a
statutory audit.
As a result of these issues, the external parties in a buyout situation are likely to take independent
assurance advice, rather than reliance being placed on the work of the company's usual auditors or
accountants. Whilst any deal remains incomplete, privacy is likely to ensure that external parties have to
rely on complete and accurate information being presented. The due diligence exercise (see Section 4
below) provides a detailed verification, normally after the deal is complete, that the information relied upon
was correct.
The greater the level of assurance that can be achieved, the easier it is likely to be to raise finance,
whatever the source. The cost of finance may also be reduced if the assurance achieved is considered
reliable. For this reason, many organisations will pay relatively high professional fees to the largest and most
renowned firms of accountants and advisors.
Whilst the initial investment in fees is high, the returns (greater probability of finance and at a lower cost)
can easily make the decision valid.

The Institute of Chartered Accountants in England and Wales, March 2009

55 3

Advanced Stage- Advanced Audit and Assurance

1.3.4

Divestment and withdrawal


A company may decide that the best option for dealing with a declining market is to withdraw: fighting to
maintain a share of a decreasing market can result in increase in expenses, coupled with a decrease in
turnover. The withdrawal from a market will give rise to several audit issues, mainly falling into two
categories.
Withdrawal

Obsolete inventory

Obsolete non current assets


(impairment)

Disposal of investment

Accounting for closure (BFRS 5)

Going concern implications if remaining


fixed costs cannot be covered

Obsolete inventory
Inventory which is no longer required will need to be written down. When carrying out the inventory
count, the auditor will need to ensure that all inventory relating to the discontinued activity is identified.
The following procedures should take place.
~

Discussions with management concerning net realisable value of inventory.

Investigation offuture costs relating to any modifications needed for the inventory.

Review of after date sales to assess likelihood of sale and sale proceeds.

Obsolete non current assets


Tangible non current assets- operational
If an operation has been withdrawn from, rather than sold as a business segment, it is likely that some non
current assets such as plant and machinery and property will remain with the company. The following will
need to be considered.
~

Net realisable value of non current assets (review of post year end sales invoices/review of trade
magazines).

Write down of non current assets to recoverable amount, surplus property to the market value.

Impairment reviews will need to be performed. This is likely to consider the remaining assets as
one cash generating unit; lack of future revenue from this unit is likely to result in the assets being
valued at their net realisable value (i.e. fair value less costs to sell) rather than their value in use.

Disposal of investments
Disposal of a subsidiary, or other investment, will need to be accounted for in the group and parent
company financial statements.
The auditor will need to ascertain the date of disposal, through inspection of sale agreements, to identify
the correct period of allocation to the accounts.

554

Parent company- The auditor will need to compare the sale proceeds (inspection of sale
agreements/bank receipts) with the carrying amount of the investment in the statement of financial
position to ensure that the correct profit or loss on disposal is accounted for.

Group accounts- The auditor would need to ensure that the investment is not included in the yearend statement of financial position (unless some share holding remains). Amounts in the income
statement should be pro-rated for the number of months held.

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

2 Group audits
Section overview

2.1

The principal auditor has sole responsibility for the audit opinion in the group financial statements

The other auditors should cooperate with the principal auditors. In some cases this will be a legal
duty

The princip;~.l auditor will need to assess the extent to which the work of the other auditors can be
relied on

Specific audit procedures will be performed on the consolidation process

Where a group includes a foreign subsidiary compliance with. relevant accounting standards will need
to be considered

Risk assessment
The audit of groups presents a number of additional audit risks from those for a single undertaking.
These can include:
~
~

~
~

Accounting treatment of investment in group accounts


The subsidiaries' financial statements
Entities within the group audited by different auditors
Particular problems of overseas subsidiaries.

We will consider each of these issues in the remainder of this section.

2.2

Group accounts and subsidiaries' financial statement


The first two of the issues listed above have been referred to in section I. However, the diagram below
summarises the key points in the context of the group audit.

Risk assessment

Accounting treatment
in group accounts

Subsidiaries'
financial statements

The Institute of Chartered Accountants in England and Wales, March 2009

555

Advanced Stage- Advanced Audit and Assurance

2.2.1

Inappropriate inclusion, or exclusion


from, consolidation or incorrect
treatment of excluded s1,1bsidiaries

Scope of other auditors' work (may not


provide sufficient appropriate evidence
that financial statements are free from
material misstatement)

Past audit problems

Inappropriate consolidation method

Anticipated changes

Inappropriate translation method for


overseas subsidiaries

Materiality

Incorrect consolidation adjustments, e.g.


failure to eliminate intra-group items
properly, e.g. leading to potential
overstatements of assets and profits

Sufficiency of evidence to confirm


amounts

Overseas subsidiaries (see section 2.5)

Non coterminous year ends

Existence of letter of comfort (see


section 2.6)

Misclassification of investments
(subsidiary v associate v financial asset)

Inconsistent accounting policies for


amounts included in consolidation

Incorrect calculation (fair values) or


treatment of goodwill

Incorrect calculation of profit/loss on


disposal or classification of results of
subsidiaries disposed of (continuing v
discontinued)

Incorrect determination of date of


acquisition

Deferred or contingent consideration;


step acquisition

Acquisition
If the group audit includes a newly acquired subsidiary or a subsidiary which is disposed of compliance
with BFRS 3 will be relevant. The auditor will need to consider the following issues in particular:

Level of control

The auditor will need to consider whether the


appropriate accounting treatment has been
adopted depending on the level of control.
Procedures will be as follows:
Identify total number of shares held to calculate %
holding.
Review contract or agreements between companies
to identify any restriction on control e.g. right of
veto ofthird parties.

Date of control/change in stake

The auditor should:


Review purchase agreement to identify date of
control.
Ensure consolidation has occurred from date

control achieved.
Review consolidation schedules to ensure amounts
have been time apportioned if appropriate.

556

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISF.S

Valuation of assets and liabilities at fair value

A review will need to be taken of the fair value of


assets and liabilities at the date of acquisition,
adjusted to the year end. Review of trade journals
or specialist valuations may be required. Where
specialist valuers have been used (e.g. to value
brands) an assessment will need to be made on the
reliability of these valuations. Where intangibles
have been recognised on consolidation which
were not previously recognised in the individual
financial statements of the acquiree the auditor will
need to give careful consideration as to the
justification of this and whether the treatment is in
accordance with BFRS 3.
Estimates for provisions existing at the date of
acquisition will need to be assessed for reliability.

Contingent consideration should be included as


part of the consideration transferred. The discount
rate used to discount deferred consideration

Valuation of consideration

should be validated and an assessment of the


likelihood of payment should be performed.
Goodwill

The auditor will need to consider whether the initial


calculation is correct in accordance with BFRS 3.
Performance of the subsidiary company will need to
be reviewed to identify whether any impairment is
necessary.

Prior year audit of subsidiary

As first year of inclusion of subsidiary, review last


year's audit report for any qualification and
consider implications for this year's audit if
necessary.

Planning issues

Adjust audit plan to ensure visit to subsidiary is


included. If audited by another auditor contact
secondary auditor to discuss
~
~
~

Audit deadline
Type and quality of audit papers
Review of audit

Identification of consolidation adjustments.


Using the work of another auditor is discussed
further in section 2.3 below.

2.2.2

Disposal
Where the group includes a subsidiary which has been disposed of during the year the following issues will
be relevant:
~

Identification of the date of the change in stake

Assessment of the remaining stake to determine the appropriate accounting treatment post
disposal

Whether the profit or loss on disposal has been calculated in accordance with BFRS

Whether amounts have been appropriately time apportioned e.g. income and expense items

The Institute of Chartered Accountants in England and Wales, March 2009

55 7

Advanced Stage- Advanced Audit and Assurance

2.2.3

Auditing an ongoing group of companies


Certain issues will be relevant to the auditor each year irrespective of whether there is any change in
the structure of the group. In particular the auditor will need to ensure that BAS 27 has been complied
with. The following will be relevant:

Accounting policies/year end

Identify subsidiary's accounting policies from


review of financial statements, compare to parent
companies and adjust for consistency where
necessary.
Further adjustments may be required if some group
companies prepare financial statements in
accordance with I FRS and others in accordance
with local standards.
Ensure that subsidiary's year end is consistent with
the parent company's or that interim accounts have
been prepared where necessary.

Consolidation adjustments

Review consolidation schedules, purchase, sales


ledger and intra-group accounts to identify any
intra-group transactions or outstanding balances,
ensure these have been cancelled out in the group
accounts.

Transactions involving group companies


Transactions involving group companies should be
audited in the same way as other transactions with
third parties. However, systems should exist to
ensure all intra group transactions are separately
identified to ensure they are all appropriately
eliminated on consolidation.

Intra group balances


These should be audited in the same way as
balances with third parties. In particular:
~

Share certificates should be examined

Dividends should be verified

Intra group balances should be verified including


any security attaching thereto

Carrying amounts should be assessed in the


same way as third party investments.

Inter-company guarantees
Any inter-company guarantees (e.g. as surety for
external loans) should be ascertained and
consideration given to whether disclosure as a
contingent liability is required.

558

The Institute of Chartered Accountants in England and Wales, March 2009

'.

.....__

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

2.2.4

Materiality
Where a subsidiary is immaterial it can normally be ignored. However care should be taken with respect to
the following.
~

Apparently immaterial subsidiaries may be materially understated.

Several small subsidiaries may cumulatively be material.

2.2.5

Subsidiaries with a small asset base may engage in transactions of significant value and which may be
relevant to understanding the group.

Understanding the group structure


The best practice in group audits emphasises the need to analyse the group structure. It states that an
understanding of the group structure allows the group auditor to:
~
~

2.3

Plan work to deal with different accounting frameworks or policies applied throughout the group
Deal with differences in auditing standards
Integrate the group audit process effectively with local statutory audit requirements.

Using the work of another auditor


We have identified the fact that entities within the group may be audited by different auditors as a risk
factor. Guidance on this aspect of the group audit is provided in BSA 600 Using the Work of Another Auditor.
Subsidiaries may be audited by firms other than the parent company auditor meaning that the parent
company auditor will have to express an opinion on financial information some of which has been audited
by another party. BSA 600 addresses this issue in particular and is summarised below.
Point to note
This section and the technical reference at the end of the chapter is based on BSNISA 600. In October
2007 the IAASB issued a revised version of this ISA The key points are summarised in section 2.8 below.

2.3.1

Responsibility of principal auditors


Definitions
Principal auditor: The auditor with responsibility for reporting on the financial statements of an entity
when those financial statements include financial information of one or more components audited by
another auditor.
Other auditor: An auditor, other than the principal auditor, with responsibility for reporting on the
financial information of a component which is included in the financial statements audited by the principal
auditor. Other auditors include affiliated firms, whether using the same name or not, and correspondents,
as well as unrelated auditors.
Component: A division, branch, subsidiary, joint venture, associated company or other entity whose
financial information is included in financial statements audited by the principal auditors.

The duty of the principal auditors is to report on the group accounts, which includes balances and
transactions of all the components of the group.
Principal auditors have sole responsibility for this opinion even where the group financial statements
include amounts derived from accounts which have not been audited by them. As a result, they cannot
discharge their responsibility to report on the group financial statements by an unquestioning acceptance of
component companies' financial statements, whether audited or not.

The Institute of Chartered Accountants in England and Wales, March 2009

SS9

Advanced Stage- Advanced Audit and Assurance

2.3.2

Rights of principal auditors


The principal auditors of a parent company incorporated in Great Britain have the following rights:
~

The right to require from auditors of subsidiaries also incorporated in Great Britain the information
and explanations they require.

The right to require the parent company to take all reasonable steps to obtain reasonable information
and explanations from foreign subsidiaries

Point to note
The principal auditors also have all the statutory rights and powers in respect of their audit of the parent
company that you should be familiar with from your earlier studies (for example right of access at all times
to the parent company's books, accounts and vouchers).

2.3.3

Acceptance as principal auditors


BSA 600 states that the auditor should consider whether the auditor's own participation is sufficient to be
able to act as the principal auditor.
The principal auditors should not be so far removed from large parts of the group audit that they are
unable to form an opinion. The BSA suggests that, in this context, the principal auditors should consider the
following.
(a)

The materiality of the portion of the financial statements which they do not audit

(b)

The degree of their knowledge regarding the business of the components

(c)

The risk of material misstatements in the fmancial statements of the components audited by other
auditors

(d)

The performance of additional procedures as set out in the BSA regarding the components
audited by the other auditor resulting in the principal auditor having significant participation in such an
audit

(e)

The nature of the principal auditor's relationship with the firm acting as other auditor.

Point to note
In addition to these points, the prospective principal auditor should also consider the general points relating
to acceptance of appointment which you have covered in your earlier studies.

2.3.4

Principal auditor's procedures


When planning to use the work of another auditor, BSA 600 requires the principal auditor to consider the
professional competence of the other auditor in the context of the specific assignment. This would include
consideration of the following:
~
~
~
~

Professional qualifications of the other auditors


Whether they belong to a professional body
The experience of the other auditors and the reputation of any firm to which they are affiliated
Adequacy of resources.

The principal auditor should perform procedures to obtain sufficient appropriate audit evidence that the
work of the other auditor is adequate for the principal auditor's purposes.
BSA 600 states that the principal auditors should advise the other auditors of:
(a)

The independence requirements of both the entity and component. The principal auditors should
obtain written representations on compliance.

(b)

The use to be made of the other auditors' work and report. The principal auditors should make
sufficient arrangements for the co-ordination of efforts at the planning stages of the audit. The
principal auditors should inform the other auditors about the following matters.
~
~

560

Areas requiring special consideration (key risks, control environment}


Procedures for the identification of disclosable inter-company transactions

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES


~
~

(c)

Procedures for notifying principal auditors of unusual circumstances


The timetable for completion of the audit

The accounting, auditing and reporting requirements which are relevant.


The principal auditors should obtain written representations from the other auditors.
The nature, timing and extent of the principal auditor's procedures will depend on the individual
circumstances of the engagement, and their assessment of the other auditors' competence.
Procedures that the principal auditors may use include the following.
~
~
~

Discussions with the other auditors about audit procedures


Review of a written summary of those procedures (perhaps using a questionnaire)
Review of the other auditors' working papers.

These procedures may be considered unnecessary if evidence has already been obtained of quality
control over the other auditors' work, for example, through inter-firm reviews within affiliated firms.
The principal auditor should also consider the significant findings of the other auditor.
This consideration may involve:
~
~
~

Discussions with the other auditors and with the management of the component
Review of copies of reports to directors or management issued by the other auditors
Supplementary tests, performed by the principal auditors or by the other auditors.

Under the revised BSA the principal auditor is required to document any review that it undertakes, for the
purposes of the group audit, of the audit work conducted by other auditors.

2.3.5

Co-operation between auditors


BSA 600 states that the other auditor should co-operate with the principal auditor.
Information supplied by other auditors
Where the component is a subsidiary the other auditors may have a statutory duty to co-operate as
mentioned in Section 2.3.2 above.
If there is no such statutory obligation, but the principal auditors state their intention to use the other
auditors' work, then the other auditors may need to obtain permission from the component to
communicate with the principal auditors on the auditing matters.
Where this permission is refused, the other auditors should inform the principal auditors of the refusal, so
that the principal auditors can agree with the directors of the entity they audit what action to take.
The other auditors should draw to the attention of the principal auditors any matters they discover in their
audit which they feel is likely to be relevant to the principal auditors' work.
If the other auditors are unable to perform any aspect of their work as requested, they should inform the
principal auditors.
Information supplied by principal auditors
There is no obligation statutory or otherwise, on the principal auditor to provide information to the other
auditor. Where the principal auditor identifies matters that may have an important bearing on the other
auditor's work the principal auditors should discuss an appropriate course of action with the management
of the parent . Where the agreed course of action involves communication with the other auditors or the
other entity legal and professional requirements such as confidentiality rules must be taken into account.

The Institute of Chartered Accountants in England and Wales, March 2009

561

Advanced Stage- Advanced Audit and Assurance

2.3.6

Reporting considerations
As we have said in section 2.3.1 above, the principal auditor has sole responsibility for the audit opinion
on the group financial statements. This includes responsibility for those elements of the group financial
statements which have been audited by the other auditors.
When the principal auditor concludes that the work of the other auditor cannot be used and the principal
auditor has not been able to perform sufficient additional procedures regarding the financial information of
the component audited by the other auditor, the principal auditor should express a qualified opinion or
disclaimer of opinion because there is a limitation in the scope of the audit.
If the other auditors issue a modified report, the principal auditors should consider whether the nature and
significance of the qualification means that the principal auditors' report also needs to be modified.

Division of responsibility
BSA 600 states that the above procedures are always desirable. Nevertheless, in some countries the
principal auditors can base their opinion solely on the other auditor's audit report.
When the principal auditor does so, the principal auditor's report should state this fact clearly and should
indicate the magnitude of the portion of the financial statements audited by the other auditor. In these
circumstances the procedures of the principal auditors will be confined to considering the competence of
the other auditors, and communicating with the other auditors at the planning stage. The fact that the
principal auditor has sole responsibility for the group audit opinion means that this would not apply and any
reference to the other auditors in the group audit report could be misunderstood.

Interactive

I: Other auditors

[Difficulty: Exam

You are the main auditor of Mouldings Holdings, a listed company, which has subsidiaries in Bangladesh and
overseas, many of which are audited by other firms. All subsidiaries are involved in the manufacture or
distribution of plastic goods and have accounting periods coterminous with that of the parent company.

Requirement
(a)

State why you would wish to review the work of the auditors of the subsidiaries not audited by you

(b)

Describe the key audit procedures you would carry out in performing such a review.

See Answer at the end of this chapter.

2.4

The consolidation: audit procedures


After receiving and reviewing all the subsidiaries' (and associates') financial statements, the principal auditors
will be in a position to audit the consolidated financial statements. The ICAEW Audit and Assurance faculty
booklet Promoting best practice in group audits warns against treating the consolidation as simply an
arithmetical exercise. It indicates that there are risks inherent-in the consolidation process itself, for
example:
~

Consolidation adjustments are a major source of journal entries therefore procedures relating to the
detection of fraud may be relevant

Risks may arise from incomplete information to support adjustments between accounting frameworks

An important part of the work on the consolidation will be checking the consolidation adjustments.
Consolidation adjustments generally fall into two categories:
~
~

Permanent consolidation adjustments


Consolidation adjustments for the current year

The audit steps involved in the consolidation process may be summarised as follows:

562

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Compare the audited accounts of each subsidiary/associate to the consolidation schedules to ensure figures
have been transposed correctly.
Review the adjustments made on consolidation to ensure they are appropriate and comparable with the
previous year. This will involve:
~

Recording the dates and costs of acquisitions of subsidiaries and the assets acquired

Calculating goodwill and pre-acquisition reserves arising on consolidation

Preparing an overall reconciliation of movements on reserves and non-controlling interests

Adjust the individual subsidiary financial statements for differences in accounting policies compared to
the parent. This may include compliance with the accounting regulations of a different jurisdiction (e.g.
where the individual subsidiary is UK GAAP compliant and the group reports under BFRS)

3
For business combinations determine:
~

Whether combination has been appropriately treated as an acquisition

The appropriateness of the date used as the date of combination

The treatment of the results of investments acquired during the year

If acquisition accounting has been used, that the fair value or acquired assets and liabilities is
reasonable (to ascertainable market value by use of an expert)

Goodwill has been calculated correctly and if amortised, period of amortisation is reasonable

4
For disposals:
Agree the date used as the date for disposal to sales documentation
~

Review management accounts to ascertain whether the results of the investment have been included
up to the date of disposal, and whether figures used are reasonable

Step 5
Consider whether previous treatment of existing subsidiaries or associates is still correct
(consider level of influence, degree of support)

6
Verify the arithmetical accuracy of the consolidation workings by recalculating them

7
Review the consolidated accounts for compliance with the legislation, accounting standards and other
relevant regulations. Care will need to be taken where:
~

Group companies do not have coterminous accounting periods

Subsidiaries are not consolidated

Accounting policies of group members differ because foreign subsidiaries operate under different rules,
especially those located in developing countries

Elimination of intra-group balances, transactions and profits

Other important areas include:


~
~
~

~
~

~
~

Treatment of associates
Treatment of goodwill and intangible assets
Foreign currency translation
Taxation and deferred tax
Treatment of loss-making subsidiaries
Treatment of restrictions on distribution of profits of a subsidiary
Share options

The Institute of Chartered Accountants in England and Wales, March 2009

563

Advanced Stage- Advanced Audit and Assurance

Review the consolidated accounts to confirm that they give a true and fair view in the circumstances
(including subsequent event reviews from all subsidiaries updated to date of audit report on consolidated
accounts)
level;

Your firm is the auditor of Varma Industries, a limited company, which has a number of subsidiaries in your
country (and no overseas subsidiaries), some of which are audited by other firms of professional
accountants. You have been asked to consider the work which should be carried out to ensure that intragroup transactions and balances are correctly treated in the group accounts.

Requirement
(a)

Describe the audit work you would perform to check that intra-group balances agree, and to state
why intra-group balances should agree, and the consequences of them not agreeing.

(b)

Describe the audit work you would perform to verify that intra-group profit in inventory has been
correctly accounted for in the group accounts.

See Answer at the end of this chapter.

2.5

Overseas subsidiaries
The inclusion of one or more foreign subsidiaries within a group introduces additional risks including the
following:
~

Non-compliance with the accounting requirements of BAS 21

Potential misstatement due to the effects of high inflation

Possible difficulty in the parent being able to exercise control, for example due to political instability

Currency restrictions limiting payment of profits to the parent

There may be threats to going concern due to economic and/or political instability

Audit procedures
These would include the following:
~

Check that the balances of the subsidiary have been appropriately translated to the group reporting
currency:
Assets and liabilities at the closing rate at the end of the reporting period
Income and expenditure at the rate ruling at the transaction date. An average would be a
suitable alternative provided there have been no significant fluctuations.

564

Confirm consistency of treatment of the translation of equity (Closing rate or historic rate)

Check that the consolidation process has been performed correctly e.g. elimination of intra-group
balances

Check the basis of the calculation of the non-controlling interest

Confirm that goodwill has been translated at the closing rate

Check the disclosure of exchange differences as a separate component of equity

Assess whether disclosure requirements of BAS 21 have been satisfied

If the foreign operation is operating in a hyperinflationary economy confirm that the fmancial
statements have been adjusted under BAS 29 Financial Reporting in Hyperinflationary Economies before
they are translated and consolidated.

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Saturn Ltd trades in Bangladesh preparing accounts to 31 March annually. Several years ago Saturn Ltd
acquired 80% ofthe issued ordinary share capital of Venus Inc which trades in Zorgistan. This country is
experiencing hyperinflation and severe political instability as a result. The local currency is the zorg but
Venus Inc has adopted the US$ as its functional currency. The presentation currency of the group is Taka.
Venus Ltd is audited by a reputable local firm of auditors.

Requirement
Identify the issues the auditor would need to consider in respect of the audit of the Saturn group financial
statements for the year ended 31 March 20X7.
See Answer at the end of this chapter.

2.6

Other considerations in the group context


Other considerations include the following:

Related parties
Remember that when auditing a consolidation, the relevant related parties are those related to the
consolidated group. Transactions with consolidated subsidiaries need not be disclosed, as they are
incorporated in the financial statements.
The principal auditors are often requested to carry out the consolidation work even where the accounts of the
subsidiaries have been prepared by the client. In these circumstances the auditors are of course acting as
accountants and auditors and care must be taken to ensure that the audit function is carried out and evidenced.

Support (comfort) letters


It is sometimes the case that a subsidiary, when considered in isolation, does not appear to be a going
concern. In the context of group accounts, the parent and the subsidiary are seen to be a complete entity,
so if the group as a whole is a going concern, that is sufficient.
When auditing the incorporation of the single company into the group accounts however, the auditor will
need assurance that the subsidiary is a going concern.
In such a case, the auditor may request a 'support letter' from the director of the parent company. This
letter states that the intention of the parent is to continue to support the subsidiary, which makes it a going
concern. A support letter may be sufficient, appropriate audit evidence on this issue, but further evidence
would be bank guarantees.

Management representations
BSA 580 Management Representations makes the following comments about obtaining representations in a
group situation.
(a)

When the auditors have responsibility for reporting on group financial statements, where appropriate
they should obtain written confirmation of representations relating to specific matters regarding
both the group financial statements and the financial statements of the parent undertaking.

(b)

How they obtain these representations depends on the group's methods of delegation of management
control and authority.

The Institute of Chartered Accountants in England and Wales, March 2009

S6S

Advanced Stage -Advanced Audit and Assurance

2.7

Promoting best practice in group audits


The ICAEW Audit and Assurance faculty booklet Promoting best practice in group audits provides practical
guidance regarding the audit of groups. It recommends an eight point plan as follows:

Get organised

Start early and establish clear milestones


Provide very clear instructions and requirements for deliverables to other
auditors
Get audit committee and management buy-in to the audit process and
ensure they understand their responsibilities
Consider asking for information on planning and risk assessment, including
fraud risk, prior to the year end
Keep in regular contact with the key group parties
Use more telephone calls rather then relying solely on letters and email
Where appropriate visit other auditors and subsidiary management

Analyse the group


structure

Focus attention on more unusual corporate structures


If there were doubts about the group structure, verify it against publicly
available information
Consider whether to accept an engagement where the group auditor is
only directly responsible for a minority of the total group
Understand the accounting framework applicable to each component and
any local statutory reporting requirements

Focus on the quality of


the other auditors

For unrelated auditors or related auditors where the group auditor is


unable to rely on common policies and procedures consider:
~

Visiting the other auditor

Requesting that the other auditor completes a questionnaire or


representation

Obtaining confirmation from a relevant regulatory body

Discussing the other auditor with colleagues from their own firm

For other auditors based overseas consider whether they have enough
knowledge and experience of ISAs

Focus the group audit on


high risk areas

Focus attention on five warning signs:


~
~
~
~

Recently acquired components


Jurisdictions with underdeveloped financial reporting regimes
Components which are just 'below the radar'
Components have a history of reporting late
Components have had big swings in their profits

Consider risks arising from the consolidation process itself


Discuss fraud with other auditors and consider the following:

566

Business risks

How and where the group financial statements may be susceptible to


material misstatement due to fraud or error

How group management and component management could perpetrate


and conceal fraudulent financial reporting and how assets of the
components could be misappropriated

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

Understand internal
control across the group

Known factors affecting the group that may provide the incentive or
pressure for group or component management or others to commit
fraud or indicate a culture or environment that enables those people to
rationalise committing fraud

The risk that group or component management may override controls

Request details of material weaknesses in internal controls identified by


other auditors
Communicate material weaknesses in group-wide controls and significant
weaknesses in internal controls of components to group management

Ensure staff understand


the technical
complexities of group
audits and know when to
bring in specialist help

Plan early any specialist involvement, for example the use of a tax expert to
deal with international issues or a valuation expert for share options

Review other auditors'


working papers

Group and other auditors should co-operate unless prohibited by law


Get group management to obtain the consent of subsidiary management to
communicate with the group auditor to deal with concerns about client
confidentiality and sensitivity
Consider whether holding discussions with or visiting other auditors could
deal with secrecy and data-protection issues

Review and update


procedures and training

Provide formal training on group audits to supplement on-the-job


experience
Review standard questionnaires for effectiveness

2.8
2.8.1

Current developments: Revision of ISA 600


Introduction
The IAASB have issued a revised and updated version of ISA 600 Special considerations- Audit of group
financial statements (including the work of component auditors) in October 2007 as part of the Clarity Project.
The new ISA conforms to the requirements of other ISAs, for example, ISAs 220, 315 and 330, in respect of
the procedures required to accept the group audit, obtaining knowledge about the group and assessing risk.
The group auditor should gain an understanding of the group as a whole, and assess risks for the group as a
whole and for individually significant components. The group auditor has to ensure other auditors are
professionally qualified, meet quality control and ethical requirements and will allow the group auditor
access to working papers or components.

2.8.2

Objective
The stated objective of the ISA is to enable auditors to determine whether they can accept an
engagement as group auditor, to communicate clearly with component auditors about the scope and
timing of their work and obtain sufficient appropriate evidence to reduce the audit risk for the group
financial statements to an acceptably low level. This will be achieved by:
~

~
~

Determining what work should be carried out on the consolidation process


Determining what work should be carried out on the components
Establishing appropriate communication with other auditors
Evaluating audit evidence about the consolidation process and the components

The Institute of Chartered Accountants in England and Wales, March 2009

56 7

Advanced Stage- Advanced Audit and Assurance

2.8.3

Significant components
The ISA distinguishes between significant components and other components which are not
individually significant to the group financial statements.

Definition
Component. An entity or business activity for which group or component management prepares financial
information that should be included in the group financial statements.
Significant component. A component identified by the group engagement team (i) that is of individual
financial significance to the group, or (ii) that, due to its specific nature or circumstances, is likely to include
significant risks of material misstatement of the group financial statements.

The group auditor should be involved in the assessment of risk in relation to significant components.
If a component is financially significant to the group financial statements then the group auditor will require the
other auditors to carry out a full audit of that component, based on the materiality level the other auditors
have calculated for that component.
If a component is otherwise significant because it is likely to include significant risks of material
misstatement due to its nature or circumstances, the group auditors will require one of the following:
~

~
~

A full audit (using component materiality)


An audit of specified account balances relating to identified significant risks
Specif1ed audit procedures relating to identified significant risks.

Components not subject to these requirements will be subject to analytical review at a group level.
If audit work on:
~
~
~

Significant components
Group wide controls and the consolidation process
Analytical procedures performed at group level

does not give the group auditor sufficient appropriate audit evidence about the group financial statements,
the group auditor would request one of the three procedures outlined above (a full audit, an audit of
;specified account balances or specified audit procedures) or a review of other individually insignificant
components of group fmancial statements.

2.8.4

Consolidation
The group auditor will:

2.8.5

Obtain an understanding of group-wide controls and the consolidation process

Design and perform further audit procedures on the consolidation process to respond to the
assessed risks of material misstatement

Evaluate the appropriateness, completeness and accuracy of the adjustments and


reclassifications involved in the consolidation process.

Subsequent events
The group auditor will perform, or require the other auditors to perform, audit procedures designed to
identify subsequent events that may require adjustment to or disclosure in the financial statements of
significant components.

568

The Institute of Chartered Accountants in England and Wales, March 2009

BUSINESS STRUCTURES AND GLOBAL ENTERPRISES

3 Joint audits
Section overview

3.1

Both parties to a joint audit are responsible for the audit opinion

Both parties will have to assess the extent to which the other party can be relied on

Both parties are jointly liable in the event of litigation

Reasons for joint audits


In joint audits, more than one auditor is responsible for the audit opinion and it is made jointly.
The relationship between principal and other auditors discussed in the previous sections is not the same as
that between the auditors involved in a joint audit.

Definition
joint audit: One where two or more auditors are responsible for an audit engagement and jointly produce
an audit report to the client.

Two or more firms of accountants could act as joint auditors for a number of reasons.
(a)

Takeover. The holding company may insist that their auditors act jointly with those of the new
subsidiary.

(b)

Locational problems. A company operating from widely dispersed locations may find it convenient
to have joint auditors.

(c)

Political problems. Overseas subsidiaries may need to employ local auditors to satisfy the Jaws of
the country in which they operate. It is sometimes found that these local auditors act jointly with
those of the holding company.

(d)

Companies preferring to use local accountants, while at the same time enjoying the wider range of
services provided by a large national firm.

3.2 Accepting a joint audit


There are several practical points that must be borne in mind before accepting a joint audit. In particular it
will be necessary to assess the experience and standards of the other firm by looking at the audit
techniques used, by scrutinising their working papers and establishing whether they have had experience in
similar jobs.
Where there are joint auditors, the audit engagement should be explained in similar terms by each set of
auditors. The auditors should agree whether joint or separate letters should be sent to the client. Separate
letters would normally need to be sent where other services are provided.
Once a joint position has been accepted the programme to be adopted and the split of the detailed
work will have to be discussed.

3.3

Problems with joint audits


One of the major criticisms of joint audits is that they may be expensive. This is probably true, but if the
two firms have organised the work between them properly the difference should be minimal. Furthermore,

The Institute of Chartered Accountants in England and Wales, March 2009

569

chapter IS

Insolvency

Contents
Introduction

Topic List
I

Insolvency

The role of assurance

Role and liability of auditors and directors in winding up

Insolvency legislation

Summary and Self-test


Technical reference
Answers to Self-test
Answer to Interactive question

The Institute of Chartered Accountants in England and Wales, March 2009

599

INSOLVENCY

Insolvency
Section overview
~

1.1

A company is insolvent when it cannot pay its debts as they fall due

Factors affecting risks to stakeholders


A company is insolvent when it cannot pay its debts as they fall due. In practice it is difficult to
determine when that point is actually reached as the company may use stalling tactics to buy time.
However, directors who continue to allow the company to trade knowing it is insolvent will be guilty of
fraudulent trading. The nature and risks to stakeholders of actual or impending insolvency depend on the
following:
~
~

1.2
'--

The reason for the insolvency


The type of business
The position of the stakeholder in the distribution list

Reasons for insolvency


Insolvency may be brought on by a number of factors other than by a lack of long-term profitability alone. A
company which is overtrading i.e. attempting to grow too quickly, given the finance which is available may
find itself unable to meet its liabilities while at the same time appearing to be profitable. Similarly new
companies not expecting revenue streams for several months/years can only survive with a continuous
flow of finance, a problem which has brought about the end of many internet-based ventures.
A company which is insolvent due to overtrading may be easier to sell as a going concern (because it is
inherently profitable) than one which is insolvent due to a lack of profitability. Hence it may be more likely
that stakeholders recover their investments.

1.3

Type of business and value of assets


The break-up value of assets will be a crucial factor in an insolvency. A liquidator has the choice to sell a
company as a going concern or sell its assets. If assets have an inherent value regardless of whether the
company continues to exist, this may guarantee its demise in order to maximise the return to creditors and
investors.
Some types of company (e.g. manufacturing) may be relatively rich in tangible assets that can be sold for
their full market value. Of course, if the company is a specialist then its assets may be of little interest to the
outside world. Service companies are traditionally not asset rich, or rely on intangibles (repeat business,
quality of staff etc) which may be of no value at all if the company ceases to be a going concern.

I .4

Position of the stakeholder


The order of payment on insolvency is covered in section 4.1 0 of this chapter.

2 The role of assurance


. Section overview

The insolvency issue ~ffects the pr6iesslonal ~ccountant


'

'

'

- > >'

'

''

'',

'

irl the r~le of:

-'

~<:'

'-

Auditor
Provider of assurance services

The Institute of Chartered Accountants in England and Wales, March 2009

60 I

Advanced Stage- Advanced Audit and Assurance

2.1

The role of the auditor

2.1 .I

Going concern
In planning and performing audit procedures and in evaluating the results management's use of the going
concern assumption must be challenged. This is the case in all audits performed in accordance wrth BSAs.
Clearly this is judgemental and relates to a particular point in time, about the future outcome of events or
conditions which are inherently uncertain. Guidance for the auditor is provided in BSA 570 Going Concern.
This was covered in detail in Chapter 6 in the context of the audit process. The key points from this BSA to
remember are as follows:

Factors affecting going concern assessments


BSA 570 makes the following points
~

Uncertainty increases with the length of time forecasts are made or over which judgements extend

Any judgement about the future is based on information available at the time which the judgement is
made
The more complex the organisation, the more variables that management are required to make a
judgement about.

The BSA also provides examples of events or conditions, which may give rise to business risks, that
individually or collectively may cast doubt about the going concern assumption. These are categorised as
follows:
~

~
~

Financial factors
Operating factors
Other factors

Audit procedures
The following procedures might be employed when problem areas are identified including the following:

2.1.2

Review management's plans for future actions based on its going concern assessment

Gather sufficient appropriate evidence to confirm or dispel whether or not a material uncertainty
exists through carrying out audit procedures considered necessary, including considering the effect of
any plans of management and other mitigating factors

Seek written representations from management regarding its plans for future action

Accounting issues
Accounting treatments will be affected by the viability or otherwise of the business and the auditor will
need to take these into account. In particular the following issues will need to be addressed:

Provisions
One of the key aspects of corporate distress is the need to make provisions under BAS 37 Provisions,
Contingent Liabilities and Contingent Assets (e.g. for onerous contracts). The nature of such provisions makes
them extremely difficult to audit as the likelihood of economic benefits being transferred (and to an
the value of these benefits) will probably vary directly with the probability of insolvency occurring.

ext~nt

Impairment of assets
The auditor will need to consider the impact of going concern issues on the valuation of assets and in
particular whether factors indicate that assets have been impaired in accordance with BAS 36 Impairment
Assets. BAS 36 specifically includes the following as an external factor which should be considered when
assessing indications of impairment:
~

602

of

Significant changes with an adverse effect on the entity have taken place during the period, or will take
place in the near future, in the technological, market, economic or legal environment in which the
entity operates or in the market to which the asset is dedicated.

The Institute of Chartered Accountants in England and Wales, March 2009

INSOLVENCY

2.1.3

Reliance on an expert
In assessing going concern, auditors may need to place reliance on the work of an industry, or perhaps legal,
expert. The detail of BSA 620 Using the Work of an Expert was covered in Chapter 5. The relevance of this
issue here is in respect of asset valuations and the interpretation of legal documents.

2.2
2.2.1

Other assurance
Prospective financial information
In the context of insolvency the professional accountant may be asked to evaluate prospective financial
information. This topic is covered in detail in Chapter 7 of this text.

Gunthorpe Plumbing Supplies ('Gunthorpe') is a wholly owned subsidiary of Lucknow Builders Merchants
('Lucknow') and has been trading at a loss for a number of years. The recent bleak economic climate has led
the directors of Lucknow to decide to put Gunthorpe into liquidation and make all the employees
redundant, including its three directors.
The three directors of Gunthorpe have decided to form a new company, Gunthorpe Plumbing Supplies
(200 I) ('Gunthorpe (200 I)'), and use their redundancy pay and personal savings to purchase all the shares in
the company.
The board of directors of Lucknow have agreed to sell the following assets and liabilities of Gunthorpe to
the new company.
(a)

All the non-current assets except for one warehouse (see below)

(b)

Trading inventory, and

(c)

Trade receivables and payables

The price for the non-current assets has been agreed and the value of the trading inventories, receivables
and payables, will be confirmed at the date of transfer by an independent valuer.
The directors of Gunthorpe (200 I) propose to obtain additional finance in the form of a long term loan
from a merchant bank and working capital will be financed by a bank overdraft from their existing bankers.
The directors have asked you to assist-them in preparing a profit forecast and cash flow forecast for
submission to the two banks. They have provided you with copies of the detailed accounts of Gunthorpe
for the past five years, and they point out the following changes which, in their opinion, will enable the new
company to trade at a profit.
(a)

The substantial management charge imposed by Lucknow will disappear. However, additional costs will
have to be incurred for services which were provided by the parent company, such as maintaining the
accounting records and servicing the company's vehicles

(b)

Initially fewer staff will be employed

(c)

Only one of the company's two premises is being taken over- the premises which are not being taken
over will be sold by Lucknow on the open market.

The directors have provided you with the following brief details of Gunthorpe's trade. It currently has a
revenue of about CUI million and is a wholesaler of plumbing equipment (copper pipes, pipe connections,
water taps etc) which are sold mainly on credit to plumbers and builders. Trade discount is given to larger
customers. There are some cash sales to smaller customers, but these represent no more than I0% of total
sales.

The Institute of Chartered Accountants in England and Wales, March 2009

603

Advanced Stage- Advanced Audit and Assurance

Requirements
Describe the work you would perform to:
(a)

Verify that the value of items included in the profit forecast are reasonable

(b)

Verify that the value of items included in the cash flow forecast are reasonable.

See Answer at the end of this chapter.

2.2.2

Internal audit
The provision of an internal audit service could lead to the risk of insolvency being highlighted. Internal
audit is covered in Chapter 5 and Chapter 9 of this text.

3 Role and liability of auditors and directors in


winding up
SeCtion oye,.,.iew>.. .. . . .. . ,....:C\

...... . '':''n : ... j,,o,:~<. : ... , ,' l'F'"''

In real life, alidito~s are 9fter1 blarrjd,.for.i~:~.a~e~61<;1!!r l~~ses, . ...

..

The members of the .company;.t:.fi~ creditcn's o~l:he'Court.~iU n?r:ma[lyappoint anJn.solvency . ;


practitior1er Who wiHs~~ervise'th~ 1~ttli.6g.of'creditclrs:~ln sprhe.situ~tion~ flle~dir~et6rs .can alsc;: .,., .
'll)<tke thi(aep?i nti1i!!r1t,

3.1

,;: ;.~\::~?it"'..

I ~,'1'it~:~;:~:,:~;j;Itr;~:=:;.:;('.~..

. :. E
i

....r.. ;;~~ /

... ,.

Directors' responsibilities
Directors are responsible for safeguarding company assets. The directors can appoint a liquidator on
behalf of the shareholders, although it is usually the members themselves, the creditors or the Court who
will do this.
When a company is insolvent, steps should be taken by the directors to ensure that creditors are
protected.
An insolvency practitioner/receiver will be appointed to repay creditors, and they will assess the
reasons for the insolvency.

3.2

Directors' liability
If the directors knowingly enter into transactions when a company is insolvent, this could be classed as

wrongful trading.
This is one of the few situations where directors can be disqualified and sued personally for the
company's liabilities, the other situations involve fraud and money laundering.
Directors may also incur personal liability if the liquidator can establish that antecedent transactions
have occurred. These are transactions at an undervalue and preferential transactions, i.e. those that are
intended to prefer the interests of one creditor over the others.
These were covered in the Law study text at Knowledge level, but for the sake of completeness we
reproduce the material here.

Sec.-60: Nullification of certain transfersI)

604

The Court may, by order, nullify the transfer of any property of the debtor, whether made by the
debtor himself or by his legal representative or his heirs or administrator of other authorised
person within fifteen years immediately preceding the date of the order of adjudication, if the

The Institute of Chartered Accountants in England and Wales, March 2009

INSOLVENCY
Court is satisfied that the transfer was made to defeat any debt owned by the debtor. but the
nullification shall not be applicable to the following transfers, namely:a.
b.
c.

2)

A transfer in favour of a purchaser or encumbrance for a proper value consisting of


goods;
A transfer of a property acquired by way of inheritance.
A transfer made, at any time within six years immediately preceding the date of the order
of adjudication, in favour of a person who proves that at the time of transfer the debtor
was able to pay , without the aid of the transferred property all the claims made in the
bankruptcy proceeding.

Where an order under subsection (I) is made nullifying a transfer, the property shall form part of
Estate and shall stand vested in the Receiver or as the case may be in the court and accordingly
possession thereof shall be taken over immediately.

Sec. -61: Nullification of preferences


I) Wherea) A debtor transfers in any manner any of his property or makes any payment or incurs any obligation
in relation to his property, or allows himself to be affected by a judicial proceedings in favour of a
creditor at a time when he is unable to pay his debts as they become due, and
b) Such transfer or payment or obligation or the proceeding has the effect of giving any preference to
that creditor or surety or guarantor in relation to the debt due to that creditor; and
c) The debtor is adjudged bankrupt, or a reorganisation order is made, on a plaint presented within
one year after the date of such transfer or payment or obligation or initiation of the judicial
proceeding, the transfer or payment made or obligation incurred of the result of the proceeding
shall be deemed to be fraudulent and void as against the Receiver; and the Court shall nullify the
transfer, payment, obligation or the results of proceedings; and thereupon the Receiver shall
recover the property transferred or the payment made.
2) Provided that the Court shall not nullify any payment made to a creditor in the ordinary course of
business or to the extent that the creditor, being a regular supplier of goods or services to the
debtor provides additional goods or services on credit to the debtor after receipt of such payment.
This section shall not affect the rights of any person who, in good faith and for valuable consideration, has
acquired title through or under a creditor of the bankrupt.

3.3

Auditors' responsibilities
If a company becomes insolvent, there is a strong possibility that shareholders will suffer losses.
In this case, shareholders and creditors might look towards the auditors, and consider them to be
responsible for alerting them to potential going concern issues at the earliest opportunity.
This is another example of the expectation gap. It cannot be said that the auditors are completely free
from responsibility as it depends on the circumstances behind the insolvency. The extent of the auditor's
liability is covered in the next section.
As we have seen in section 2, as part of every audit, the auditor must review whether the company is a
going concern, normally meaning its survival in the foreseeable future of one year beyond the approval of
the accounts.

3.4

Auditors' liability
The reason for the insolvency must be ascertained in order to decide whether the auditor can face any
liability.
It might be the case that if the auditors should have identified going concern problems at the time of the
audit, the auditors might be accused of professional negligence.

The Institute of Chartered Accountants in England and Wales, March 2009

605

Advanced Stage -Advanced Audit and Assurance


The auditors will keep their working papers as evidence of their review and as evidence that professional
standards were followed.
If the auditors are found to be negligent, this in itself would not be sufficient grounds for a lawsuit against
them.
The claimant needs to also prove that they suffered a loss as a direct consequence of the alleged negligence.
This means that a creditor or shareholder must have suffered a loss.
Finally, it has to be proven that sufficient proximity existed between the auditor, and the claimant. This
means that the auditor must have known the third party would place reliance on the audit report for a
specific purpose. Previous case law has shown that the auditor is responsible to shareholders as a whole,
but not individual or groups of shareholders. For this reason it is rare that auditors are sued for
negligence following insolvency of a company.

Following the collapse of Enron, the audit firm of En ron, Arthur Andersen, collapsed. Senior management of
En ron have been since imprisoned for fraud. Allegations of fraud have also extended to the bankers of the
company, and many connected people were given long prison sentences.

4 Insolvency legislation
.
.
Section ~verview

lrisolv~ncyprocedures in Baf1glades~~re.~bverf1edby tne <;oinparii.e~.Act 1994 arid thE;ll~sbJven~


Act 1986, whiCh ~~t ou~ all theaetaile4 rules andproceCiures thatmustbeJollbwe'd by insolvency '
practitioners in the course of administering an insolvency;.
..
.
',>;

4.1

<'

'

'

Introduction
A company in difficulty or in crisis (an insolvent company) basically has a choice of two alternatives:
(I)
(2)

To carry on with the business, using statutory methods to help remedy the situation
To stop

A company which is heading towards insolvency can often be saved, using a variety of legal protections
from creditors until the problem is sorted out. The directors of a company can get into a lot of trouble if
they carry on trading through a company in serious financial difficulties, and their actions result in
creditors being defrauded.
However, alternative I does not have to mean carrying on as if everything is normal. It can mean seeking
help from the court or a qualified insolvency practitioner to put a plan together to save the
company and get it out of its poor financial position.
Unfortunately, many companies cannot be saved, and the members and directors are forced to take
alternative 2, to stop operating the business through the company. Liquidation, sometimes called 'winding
up', is when a company is formally dissolved and ceases to exist.

606

The Institute of Chartered Accountants in England and Wales, March 2009

INSOLVENCY

4.2

Liquidation
Definition
Liquidation means that the company must be dissolved and its affairs 'wound up', or brought to an end.
The assets are realised, debts are paid out of the proceeds, and any surplus amounts are returned to
members. Liquidation leads on to dissolution of the company. It is sometimes referred to as winding up.

4.2.1

Who decides to liquidate


There are three different methods of liquidation; compulsory, members' voluntary and creditors'
voluntary. Compulsory liquidation and creditors' voluntary liquidation are proceedings for insolvent
companies, and members' voluntary liquidation is for solvent companies.
The parties most likely to be involved in the decision to liquidate are:
~
~

The directors
The creditors
The members

The directors are best placed to know the financial position and difficulty that the company is in. The
creditors may become aware that the company is in financial difficulty when their invoices do not get paid
on a timely basis, or at all.
The members are likely to be the last people to know that the company is in financial difficulty, as they
rely on the directors to tell them. In public companies, there is a rule that the directors must call a general
meeting of members if the net assets of the company fall to half or less of the amount of its called-up share
capital. There is no such rule for private companies.

4.3

Role of the liquidator


A liquidator must be an authorised, qualified insolvency practitioner.
Whoever takes the decision to liquidate the company, once it has been taken, the company goes into the
control of a liquidator, who must be a qualified and authorised insolvency practitioner.
The liquidator also has a statutory duty to report to the Secretary of State where he feels that any
director of the insolvent company is unfit to be involved in the management of a company.

4.4

Common features of liquidations


Once insolvency procedures have commenced, share trading must cease, the company documents must
state that the company is in liquidation and the directors' power to manage ceases.
The following factors are true at the start of any liquidation:

4.5

No share dealings or changes in members are allowed

All company documents (e.g. invoices, letters, emails) and the website must state the company is in
liquidation

The directors' power to manage ceases

Voluntary liquidation
A winding up is voluntary where the decision to wind up is taken by the company members, although if
the company is insolvent, the creditors will be heavily involved in the proceedings.

The Institute of Chartered Accountants in England and Wales, March 2009

607

Advanced Stage- Advanced Audit and Assurance

4.5.1

Types of voluntary liquidation:


There are two types of voluntary liquidation:
~

A members' voluntary winding up, where the company is solvent and the members merely
decide to 'kill it off'

A creditors' voluntary winding up, where the company is insolvent and the members resolve to
wind up in consultation with creditors

The effect of the voluntary winding up being a creditors' one is that the creditors have a decisive
influence on the conduct of the liquidation.

4.5.2

Members' voluntary liquidation


In order to be a members' winding up, the directors must make a declaration of solvency. It is a criminal
offence to make a declaration of solvency without reasonable grounds.
The winding up commences on the passing of the resolution. A liquidator is usually appointed by the
same resolution (or a second resolution passed at the same time).
A voluntary winding up is a members' voluntary winding up only if the directors make a declaration of
solvency.
This is a statutory declaration that the directors have made full enquiry into the affairs of the company
and are of the opinion that it will be able to pay its debts, together with interest at the statutory rate
applicable on those debts, in full, within a specified period not exceeding 12 months.
If the liquidator later concludes that the company will be unable to pay its debts they must call a meeting of
creditors and lay before them a statement of assets and liabilities.
It is a criminal offence punishable by fine or imprisonment for a director to make a declaration of
solvency without having reasonable grounds for it- if the company proves to be insolvent they will have
to justify their previous declaration or be punished.
In a members' voluntary winding up the creditors play no part since the assumption is that their debts
will be paid in full.

4.5.3

Creditors' voluntary liquidation


When there is no declaration of solvency there is a creditors' voluntary winding up.
To commence a creditors' voluntary winding up the directors convene a general meeting of members to
pass a special resolution (private companies may pass a written resolution with a 75% majority). They
must also convene a meeting of creditors.
One of the directors presides at the creditors' meeting and lays before it a full statement of the company's
affairs and a list of creditors with the amounts owing to them. The meeting may nominate a liquidator.

4.6

Compulsory liquidation
A creditor may apply to the court to wind up the company, primarily if the company is unable to pay its
debts. There are statutory tests to prove that a company is unable to pay its debts.

4.6.1

Company unable to pay its debts


A creditor who petitions on the grounds of the company's insolvency must show that the company is
unable to pay its debts. There are three permitted ways to do that.

4.6.2

Effects of an order for compulsory liquidation


The assets of the company may remain the company's legal property but under the liquidator's control
unless the court by order vests the assets in the liquidator. The business of the company may continue but

608

The Institute of Chartered Accountants in England and Wales, March 2009

INSOLVENCY
it is the liquidator's duty to continue it with a view only to realisation, for instance by sale as a going
concern.
Within 21 days of the making of the order for winding up (or of the appointment of a provisional liquidator)
a statement of affairs must be delivered to the liquidator (official receiver) verified by one or more
directors and by the secretary (and possibly by other persons). The statement shows the assets and
liabilities of the company and includes a list of creditors with particulars of any security.
The liquidator may require that any officers or employees concerned in the recent management of the
company shall join in submitting the statement of affairs.

4.6.3

Investigations by the official receiver


The official receiver must investigate
~

The causes of the failure of the company, and


Generally the promotion, formation, business dealings and affairs of the company.

The official receiver may report to the court on the results.

4. 7

(a)

The official receiver may require the public examination in open court of those believed to be
implicated (a much-feared sanction).

(b)

The official receiver may apply to the court for public examination where half the creditors or threequarters of the shareholders (in value in either case) so request.

Chapter I I in the US
In the United States, the most common procedure for an ailing company is Chapter I I Bankruptcy, similar
to administration in the UK. This gives the company an opportunity to reorganise and emerge from
bankruptcy. Management are able to stay in charge while negotiating an outcome with creditors. At the
time of writing the fall out from the sub-prime lending problem in the US is causing a number of financial
services companies in the US to file under Chapter II, the most notable being Lehman Brothers Bank.

4.8

Order of payment on insolvency


Sec.-75: Priority of debts etc.1)

At the time of distribution of the Estate I prior to the payment of dividends to creditors, there shall be
paid first the administrative expenses including the necessary expenses incurred by the Receiver and
thereafter the Receiver's fee under section 66( I). or, as the case may be, section 74 (3) and then the
other dividends shall, subject to sub-section (2), be paid in the following order of priority:a.

All taxes and other debts of a like nature due to the Government;

b.

All wages or salaries, not exceeding Tk2,000 due to any clerk, servant, labourer, or workmen
in respect of services rendered to the debtor during the period of 6 months immediately
before the date of filing the Plaint;

c.

All bank debts;

d.

All unsecured claim;

e.

Any subordinated claim;

2)

Where the Estate, after paying the debts specified in clauses (a) and (b) of sub-section (I), is not
sufficient to pay all bank-debts in full and at least 50% of all unsecured claims, the priority given to
bank-debts shall abate to the extent so far as may be necessary to ensure that the payments to be
made in respect of unsecured claim is at least of 50% of the bank debts.

3)

The debts or claims of each class specified in sub-section (I) shall rank equally between themselves,
and shall be paid in full, unless the Estate is insufficient to meet them, and if the Estate's is sufficient,
they shall abate in equal proportions between themselves.

The Institute of Chartered Accountants in England and Wales, March 2009

609

Advanced Stage -Advanced Audit and Assurance


4)

If after the retention of the sums necessary for the administration expense and the Receiver's fee, all
the debts and claims specified in subsection (I) shall be paid forthwith in consideration of the
sufficiency of the Estate.

5)

Where the debtor is a partnership firm, the partnership property shall be applicable in the first
instance in payment of the debts of the firm and if the Estate derived from such property is not
sufficient for such payment, the personal property of each partner shall be applicable in payment of his
debts and liabilities in relation to the firm.

6)

Where, after application of the personal property or, as the case may be, of the partnership property
in pursuance of sub-section (i), there remains a surplus, it shall be dealt with as part of the partnership
property and shall be divisible among the partners in proportion to the rights and interests of each
partner in the partnership.

7)

Subject to the foregoing provisions of this section, all debts entered in the schedule shall be paid
rateably according to the amounts of such debts respectively and without any preference.

8)

Where there is any surplus after payment of all expenses, fees, debts and claims, it shall be applied in
payment of interest, calculating from the date on which the debtor is adjudged bankrupt, at a rate of
not exceeding six per cent per annum on all debts include in the schedule.

4. 9 Sec.-66: Fees of Receiver etc.I)

Subject to the approval of the Court and the provision of section 64(3) (b), the Receiver shall be
entitled to take from the sale proceeds of the assets realised out of the Estate a fee ofa.

an amount not exceeding I0% of the first Tk I0, I0,000 or part thereof;

b.

5% of the amount in excess of Tk I0, I0,000 but not exceeding Tk2,00,00,000; and

c.

I % of any amount in excess of Tk2, 00, 00,000.

2)

A Receiver shall also be entitled to the reimbursement of all expenses actually incurred by him in
realizing and distributing the assets of the Estate or any part thereof, including the expense for giving
reward under section 71 (4).
Where the Receiver, pursuant to section 55, sells a property for the benefit of the secured creditor or
jointly for the benefit of the secured creditor and the Estate, he shall ordinarily be entitled to a fee, subject
to the approval of the Court and the provisions of sections 54(3) (b), of not more than 4% of the value of
such property sold, and the remaining portion of the sale proceeds, after deducting the amount spent on
the expense of the sale, shall be included in the Estate.

6I0

The Institute of Chartered Accountants in England and Wales, March 2009

INSOLVENCY

Summary and Self-test

Summary

Order of Payment
Liquidation fees
All taxes, other dues to
Government
All wages or salaries, not
exceeding Tk2,000
All bank debts
All unsecured claims
Any subordinated claims
Shareholders

Directors Responsibility
- Wrongful trading: knowingly
entering into transactions when
company is insolvent
- Can be personally liable

Role of Auditor
- Difficult to give

assurance on prospective
financial information
Consider ethical position
when accepting

Preferences
-Treating creditors unfairly

Auditor Responsibility
Consider going concern basis
-Use financial and operating
indicators as required
Consider disclosure of material
uncertainty about going concern

The Institute of Chartered Accountants in England and Wales, March 2009

61 I

chapter 4

Planning and risk assessment

Introduction

Topic List
I

The modern audit process

Process of planning

Understanding the entity

Business risk model

5
6

Audit risk model

Analytical procedures

8
9

Materiality

10

Other audit methodologies

Creative accounting

Responding to assessed risks

Summary and Self-test


Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

III

PLANNING AND RISK ASSESSMENT

The modern audit process

1.1

Overview
Whilst there may be variations between specific procedures adopted by individual firms the modern audit
process is a well-defined methodology designed to enable the auditor to obtain sufficient, appropriate
evidence.
This process can be summarised in a number of key stages:

7
In this chapter we will consider stages 1-4. In Chapter 5 we will consider stage 5, and in Chapter 6, stages 6
and 7. However it is important not to view the audit as a series of discrete stages and individual pieces of
audit work. For example, it can be argued that all audit procedures which provide evidence are risk
assessment procedures whether they are conducted during planning, control evaluation, substantive testing
or completion. The modern audit process will adopt a strategy where complimentary evidence is acquired
and evaluated from a range of sources. The process is repeated until the auditor has obtained sufficient,
appropriate audit evidence which is adequate to form an opinion.

The Institute of Chartered Accountants in England and Wales, March 2009

I 13

Advanced Stage - Advanced Audit and Assurance

2 Process of planning

2.1

Introduction
Auditors are required to plan their work to ensure that attention is paid to the correct areas of the audit,
and the work is carried out in an effective manner.
In order to produce this plan the auditor must:
~

Understand the business, its control environment, its control procedures and its accounting system

Assess the risk of material misstatement

Determine materiality

Develop an audit strategy setting out in general terms how the audit is to be carried out and the type
of approach to be adopted.

Produce an audit plan which details specific procedures to be carried out to implement the strategy
taking into account all the evidence and information collected to date.

You have already covered planning and risk assessment issues in your earlier studies and the relevant BSAs
which include:

of Audit Engagements
BSA 300 Planning an Audit of Financial Statements
BSA 315 Obtaining an understanding of the Entity and Its Environment and Assessing the Risks of Material
BSA 21 0 Terms

Misstatement
BSA 320 Audit Materiality
BSA 330 The Auditor's Procedures in Response to Assessed Risks
A number of issues are developed in the remainder of this chapter, however it is assumed that you are
already familiar with the basic requirements of the above BSAs. A summary of these and other related BSAs
can be found in the technical reference section at the end of the chapter for revision purposes.

3 Understanding the entity

3.1

Procedures
BSA 315 states that 'the auditor should obtain an understanding of the entity and its environment, including
its internal control, sufficient to identify and assess the risks of material misstatement of the financial
statements whether due to fraud or error, and sufficient to design and perform further audit procedures'.

I I4

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

-----

""'\

Understand and identify risks


arising from the entity and its
~ environment, Including relevant
internal controls
Assertions: BSA 500

i.

Classes of transactions

Discuss risks amongst engagement


~ team

Occurrence; Completeness;
Accuracy; Cut-off; Classification

i.
Identify risk of material
misstatement at the financial
~
statement and assertion levels

Account balances

M
I;xistence; Rights and obligations;
Completeness; Valuation and
allocation

Evaluate the design and


determine the.lmplementatlon
of controls relevant to the audit
and for risks Which cannot be
reduced to an ~cceptable level
\.with substantive procedures only

Presentation and disclosure


Occurrence and rights and
obligation; Completeness:
... Classification and understandability;
Accuracy and valuation

i.
Determine Whether any risks. are
so
significant that they require
~
special audit COfiSideratlon
'-------"

Source: /CAE.W Audit and Assurance Faculty:


BSA 315 sets out various methods by which the auditors may obtain this understanding:
~
~

~
~
~

Inquiries of management and others within the entity


Analytical procedures
Observation and inspection
Audit team discussion of the susceptibility of the financial statements to material misstatement
Prior period knowledge {subject to certain requirements)

The auditors must use a combination of the top three techniques, and must engage in the discussion for
every audit. The auditor may use his prior period knowledge, but must carry out procedures to ensure that
there have not been changes in the year meaning that it is no longer valid.
The BSA sets out a number of areas of the entity and its environment that the auditor should gain an
understanding of. These are summarised as follows:
~

~
~

~
~

Nature of the entity


Industry, regulatory and other external factors
Objectives, strategies and relating business risks
Measurement and review of the company's performance
Internal control

The purpose of obtaining the understanding is to assess the risks of material misstatement in the
financial statements for the current audit. The BSA says that 'the auditor should identify and assess the risks
of material misstatement at the financial statement level, and at the assertion level for classes of
transactions, account balances and disclosures'. It requires the auditor to take the following steps:

Step I
Identify risks throughout the process of obtaining an understanding of the entity

The Institute of Chartered Accountants In England and Wales, March 2009

I IS

Advanced Stage- Advanced Audit and Assurance

Step 2
Relate the risks to what can go wrong at the assertion level

Step 3
Consider whether the risks are of a magnitude that could result in a material misstatement

Step 4
Consider the likelihood of the risks causing a material misstatement
Notice therefore that the stages of the planning process often take place simultaneously rather being
performed in sequence. For example, as the auditor learns more about the business certain risks will come
to light as a result. So the auditor is both gaining an understanding of the business and identifying risk by
adopting the same procedures. We will look at risk specifically in sections 4 and 5 of this chapter.

Worl<ed example: Ocl<ey Ltd


The audit team at Ockey Ltd has been carrying out procedures to obtain an understanding of the entity. In
the course of making inquiries about the inventory system, they have discovered that Ockey Ltd designs
and produces tableware to order for a number of high street stores. It also makes a number of standard
lines of tableware, which it sells to wholesalers. By the terms of its contracts with the high street stores, it
is not entitled to sell unsold inventory designed for them to wholesalers. Ockey Ltd regularly produces I0%
more than the high street stores have ordered, in order to ensure that they meet requirements when the
stores do their quality control check. Certain stores have more stringent control requirements than others
and regularly reject some of the inventory.
The knowledge above suggests two risks, one that the company may have obsolescent inventory, and
another that if their production quality standards are insufficiently high, they could run the risk of losing
custom.
We shall look at each of these risks in turn and relate them to the assertion level.

Inventory
If certain items of the inventory are obsolescent due to the fact that it has been produced in excess of the
customer's requirement and there is no other available market for the inventory, then there is a risk that
inventory as a whole in the financial statements will not be carried at the appropriate value. Given that
inventory is likely to be a material balance in the statement of financial position of a manufacturing company,
and the value could be up to I0% of the total value, this has the capacity to be a material misstatement.
The factors that will contribute to the likelihood of these risks causing a misstatement are matters such as:
~

~
~

Whether management regularly review inventory levels and scrap items that are obsolescent
Whether such items are identified and scrapped at the inventory count
Whether such items can be put back into production and changed so that they are saleable

losing custom
The long term risk of losing custom is a risk that in the future the company will not be able to operate (a
going concern risk). It could have an impact on the financial statements, if sales were attributed to them
that they dispute, revenue and receivables could be overstated, that is, not carried at the correct value.
However, it appears less likely that this would be a material problem in either area, as the problem is likely
to be restricted to a few number of customers, and only a few number of sales to those customers.
Again, review of the company's controls over the recording of sales and the debt collection procedures of
the company would indicate how likely these risks to the financial statements are to materialise.
Some risks identified may be significant risks (indicated by the following factors), in which case they
present special audit considerations for the auditors.

I I6

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT


~
~

Risk of fraud
Its relationship with recent developments
The d~gree of subjectivity in the financial information

The fact that it is an unusual transaction


~

It is a significant transaction with a related party


The complexity of the transaction

Routine, non-complex transactions are less likely to give rise to significant risk than unusual transactions or
matters of director judgement because the latter are likely to have more management intervention,
complex accounting principles or calculations, greater manual intervention or there is a lower opportunity
for control procedures to be followed.
When auditors identify a significant risk, if they have not done so already, they should evaluate the design
and implementation of the entity's controls in that area.

3.2

Industries and processes


During the initial planning phase, the audit firm will need to obtain information about the specific nature of
the entity being audited and the different business processes within the entity itself.

3.2.1

Industry
The type of entity being audited will also have a significant impact on the audit plan. For example:

Little or no inventory

Complex costing systems to allocate costs to


inventory and work in progress

Focus on salaried employees

Many production staff based paid on hours worked


including various overtime and incentive schemes

Payment by commission

May have payment by piece rates

Relatively little investment in plant and equipment;


office space main building cost

Large investment in plant and equipment; office


space relatively small in comparison to production
facilities

------------------------Sales dependent on services provided


Sales dependent on products sold

An understanding and appreciation of these differences will assist the auditor in identifying risk areas and in
developing an appropriate audit approach.
From the auditor's point-of-view, the different entities will result in a different audit approach for each
entity. For example, the lack of inventory in service industries will obviously mean h~ss time will be devoted
to that area. Conversely, the use of complicated costing systems will require use of specialist computerauditors to identify, record and test various computerised systems.

3.2.2

Business processes
From the comments above, it is also possible to identify the different business processes that the auditor
will need to focus on. The five main processes are summarised in the diagram below.

The Institute of Chartered Accountants in England and Wales, March 2009

I 17

Advanced Stage - Advanced Audit and Assurance

Financing
Obtaining capital by borrowing
or third parti~s i~vesting in the
company

Purchasing
Acquiring goods to support
prod!Jcti~n and sales.of
company's own products

Revenue
Generating revenue through .
sales of goods and obtaining
cash from debtors

Inventory management
Process of accu111ulating and
illocating costs to Inventory
and work-in~progress
An understanding of each process focuses the auditor's attention on specific parts of the business.

Financing

Verification of new share issues I confirming current account and loan balances
and where necessary bank support for the business.

Purchasing

Audit of the purchases transaction cycle and payables balance.

Human resources

Audit of wages and salaries including bonuses linked to production or


commission on sales.

Inventory
management

Audit of work-in-progress systems including year-end inventory valuation and


identification of inventory below cost price.

Revenue

Audit of sales transaction cycle and receivables balance.

The actual audit approach will depend partly on the audit methodology used which we will look at later in
this chapter.

4 Business risk model

4.1

Business risk
Business risk is the risk arising to entities that they will not achieve their objectives. It includes risks at all
levels of the business.
Business risks can be classified into 3 categories:
~
~
~

I 18

Financial risks
Operating risks
Compliance risks

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Definitions
Financial Risks- are those risks arising from the company's financial activities (e.g. investment risks) or
the financial consequences of operations (e.g.-receivables risks).
Examples: going concern, market risk, overtrading, credit risk, interest rate risk, currency risk, cost of
capital, treasury risks.

Operating Risks -are those risks arising from the operations of the business.
Examples: loss of orders; loss of key personnel; physical damage to assets; poor brand management;
technological change; stock-outs; business processes unaligned to objectives.

Compliance Risks- are those risks arising from non-compliance with: laws, regulations, policies
procedures and contracts.
Examples: breach of company law, non compliance with accounting standards; listing rules; taxation; health
and safety; environmental regulations; litigation risk against client.

Business risk may be caused by many factors, or combination of factors including the following:
~
~

~
~
~
~
~
~
~

~
~

~
~
~
~
~

Complex environment
Dynamic environment
Competitors' actions
Inappropriate strategic decision making
Operating gearing
Financial gearing
Lack of diversification
Susceptibility to currency fluctuations
Inadequate actual or contingent financial resources
Dependence on one or few customers
Regulatory change or violation
Adequacy and reliability of suppliers
Over-trading
Developing inappropriate technology
Macro-economic instability
Poor management

Clearly different risks will impact upon businesses in different ways. Moreover, even within one company,
different stakeholders may be affected differently. For example:

4.2

Few risks may affect debt-holders who have good security

One company may not be diversified but shareholders, who hold diversified portfolios, my be- they
would therefore view risk differently from other stakeholders

Directors who determine business strategy may take decisions more in line with their own risk
preferences, rather than those of other stakeholders to whom they are accountable

Business risk management


Most working environments now have some form of risk management system. In Chapter 3 we discussed
the Turnbull guidelines that highlight its importance. Typically the process of risk management for the
business is as follows:
~
~

Identify significant risks which could prevent the business achieving its objectives
Provide a framework to ensure that the business can meet its objectives
Review the objectives and framework regularly to ensure that objectives are met

The Institute of Chartered Accountants in England and Wales, March 2009

I I9

Advanced Stage- Advanced Audit and Assurance


In practice each of these stages is complex. These are covered in the Business Analysis text so we will not
cover them in detail here. However, you should note the following as being particularly relevant to the
auditor:

4.2.1

Risk profiling
One means of assessing business risk is to consider two particular aspects:
(I)

Consequences- the consequences to the organisation if a particular event or scenario takes place

(2)

Likelihood- the probability that a particular event or scenario will occur

These can then be applied in a consequences/likelihood matrix as demonstrated below.


Likelihood

Low
High
Impact

Low

Consider ac:tion
. (cost/beciefit)

<

~-

Periodic review .

This method of risk assessment can be used by both the business and the auditor alike.

4.2.2

Risk responses
The following are some examples of strategies which a company may adopt in respect of risk management.

4.3
4.3.1

Accept the risk- If the likelihood and impact of a risk are within tolerable boundaries then the risk
may be accepted without any mitigation procedures. Alternatively, a higher level of risk may be
tolerated if it is associated with a higher level of return.

Transfer the risk to a third party- For example, altering contractual terms to shift the
consequences of failure. Alternatively, the risk of holding high levels of inventory can be transferred to
suppliers by adopting a just-in-time strategy. Frequently however, this merely changes the form of the
risk rather than removing it altogether as there is now a risk that supplies will not arrive on time.

Eliminate the risk- For example, foreign currency risks can often be eliminated by hedging, but
there is an associated cost. Alternatively, it may involve adopting an exit strategy.

Control the risk- Perhaps by building controls into an operation or process.

Limit the risk- Perhaps by adopting a stop-loss policy.

Sharing the risk with another party- Examples include a joint venture, joint and several liability,
franchising, licensing.

Insure against risk- Many types of adverse events can be insured against.

Audit methodology: business risk model


Principle behind the model
BSA 315 requires that auditors consider the entity's process for assessing its own business risks, and
the impact that this might have on the audit in terms of material misstatements. Auditors consider:
~
~

What factors lead to the problems which may cause material misstatements?
What can the audit contribute to the business pursuing its goals?

The business risk audit approach tries to mirror the risk management steps that have been taken by the
directors. In this way, the auditor will seek to establish that the financial statement objectives have been
met, through an investigation into whether all the other business objectives have been met by the directors.
The application of the business risk model (BRM) is therefore related to the client's:

I 20

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT


.,
.,
.,
.,
.,

Objectives
Business strategy
Risk management procedures
Industry environment
Economic environment

This approach to the audit has been called a 'top-down' approach, because it starts with the business and
its objectives and works back down to the financial statements, rather than working up from the financial
statements which has historically been the approach to audit involving detailed tests of transactions and
balances. The BRM therefore looks at the 'big risks' that may significantly threaten the valuation, profitability
or even the going concern of the business. Those who support this approach argue that the key audit risks
are more likely to relate to the failure of the company's strategy than the misstatement of a transaction.
The BRM does not, however, seek to replace the more traditional audit risk model (see section 5). Rather,
it seeks to expand it by taking a different perspective of risk. Instead of viewing risk from the perspective of
the financial statements, it views it from the client's penpective in terms of its objectives and business
environment. In this way the context and underlying economic events which financial statements record are
taken into account.
In particular, the BRM focuses on a company's critical business processes, which are those processes that
are key to the way a business operates and determines its success. (For example the process of
development of new vehicles may be key to the success of a car manufacturer). We looked at business
processes in section 3.2.2. Supporters of the BRM argue that it is only by understanding how the entity
conducts its business and the underlying strategy that one can understand the risks associated with
how those activities are recorded in the financial statements.
A key element in the application of the BRM is that, having identified relevant business risks, they need to
be specifically linked to control risks and ultimately to the risk of financial reporting misstatement.
The following table demonstrates the way in which business risks can have implications for the financial
statements and therefore the audit.

Economic pressures causing reduced unit sales and


eroding margins.

Inventory values (BAS 2)


Going concern

Economic pressures resulting in demands for


extended credit

Receivables recoverability

Product quality issues related to inadequate


control over supply chain and transportation
damage.

Inventory values - net realisable value and


inventory returns

Customer dissatisfaction related to inability to


meet order requirements.

Going concern

Customer dissatisfaction related to invoicing


errors and transportation damage.

Receivables valuation

Unacceptable service response call rate related to


poor product quality

Going concern
Litigation - provisions and contingencies
Inventories - net realisable value

Out of date IT systems affecting management's


ability to make informed decisions.

Anywhere

Extensive use of freelance and contract labour


resulting in issues regarding their employment
status

Employees' Nl (May be understated if


freelancers/contract workers are deemed to be
employees)
Fines - provisions and contingencies

The Institute of Chartered Accountants in England and Wales, March 2009

I 21

Advanced Stage - Advanced Audit and Assurance

Interactive question I: Business risk

[Difficulty level: Easy]

State what category of business risk each of the risks in the above table falls under.

See Answer at the end of this chapter.

Interactive question 2: Financial risk

[Difficulty level: Exam standard]

On I january 20X8 a steel production company has significant steel inventories with a total value of
CU20 million.
To protect the inventory from changes in value, the entity enters into a futures contract on a commodities
exchange to fix the selling price in 18 months' time. This is the first time that the entity has entered into
this type of transaction.
Requirements
(i)

Identify the business risk in this situation

(ii)

Identify the issues which the auditor would need to consider

See Answer at the end of this chapter.

4.3.2

Application
There is no auditing standard covering the BRM, so its application may vary significantly from audit firm to
audit firm. The following are, however, some common themes relevant to its application
Identifying business risks
The techniques and models used by the auditor to identify key business risks are likely to parallel those
used by management. These models are included in the brought forward material from Professional Stage
Business Management and may briefly be summarised as set out below.
~

Porter's five forces model - Examines the forces affecting an industry's competitive environment
(customers, suppliers, competitors, new entrants, substitutes).

Porter's value chain- Relates a company's resource profile to its strategic performance in obtaining
competitive advantage.

PEST (or PESTEL) analysis- Considers the impact of external forces upon the company. (PEST is
Political, Economic, Social, Technological. PESTEL adds Environmental and Legal.)

SWOT analysis - Considers the internal and external factors affecting the position of the business
(strengths, weaknesses, opportunities, threats}.

Evaluating risk management procedures


An entity should have a system of monitoring risk management procedures to ensure that they are working
effectively. Auditors need to place a reliance not only on the risk management procedures themselves but
the manner in which such procedures are monitored and controlled.

I 22

The Institute of Chartered Accountants in England and Wales, March 2009

,__

PLANNING AND RISK ASSESSMENT

The system of monitoring is likely to vary from company to company depending upon the risk management
procedures in place and the nature and scale of the risks being faced. Typical risk monitoring procedures
may, however, included.
~

Formalised reporting from line management


Internal audit reviews
External audit/assurance/consulting reviews
Embedded risk management procedures
Appropriate planning procedures
Control risk self assessment (CRSA) (allocate responsibility to department manager for risk control)

~
~
~

A key point is that controls for mitigating risk should be embedded into the processes and culture
which are used to achieve an organisation's objectives. A series of occasional or one-off exercises are
unlikely to be effective. As such it should be a part of normal and regular internal reporting procedures.

Impact on audit procedures


This can be summarised as follows:

Tests of controls

As the auditor pays greater attention to the high level controls used by
directors to manage business risks, controls testing will be focused on items
such as the control environment and corporate governance than the detailed
procedural controls tested under traditional approaches.

Analytical
procedures

Analytical procedures are used more heavily in a business risk approach as


they are consistent with the auditor's desire to understand the entity's
business rather than to prove the figures in the financial statements.

Detailed testing

The combination of the above two factors, particularly the higher use of
analytical procedures will result in a lower requirement for detailed testing,
substantive testing will not be eliminated completely.

Interactive question 3: Audit procedures

[Difficulty level: Intermediate]

You are using the business risk model in the statutory audit of a major international pharmaceutical
company.
You are told that the key determinant of profitability is the development of new types of drug, which are
superior to those of competitors. This is achieved by significant investment in R&D. You are also informed,
however, that such drugs may take as many as I0 years before gaining regulatory approval for use. One
major R&D project is a joint venture with another pharmaceutical company.

Requirements
Outline
(a)

The key risks facing the company

(b)

Controls that management might use to mitigate such risks

(c)

Audit work to be carried out in respect of such risks

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

I 23

Advanced Stage- Advanced Audit and Assurance

4.3.3

Benefits of the business risk model


The following benefits may arise from the use of the BRM.

4.3.4

Audit effectiveness and efficiency- Understanding of the business and its environment enables
identification of the key risks facing the client at the planning stage such that auditing procedures can
be designed as an appropriate response.

Added value client service- Viewing risk from the perspective of the client's business can place
the auditor in a good position to "add value" to the entity's risk management procedures and assist in
the development of a business strategy in a changing environment.

Corporate governance- By focusing on wider issues of governance, rather than merely internal
financial controls, the BRM emphasises a broader understanding of the relationships between
stakeholders, the relative risks that they incur and the role of financial information in facilitating such
relationships.

Engagement risk- Engagement risk is the risk to the audit firm arising from a particular audit
engagement (e.g. litigation risk, reputation effect). It is argued that adoption of the BRM better enables
audit firms to assess and control engagement risk by enhancing an understanding of the factors that
are most likely to give rise to such risks.

Enhanced understanding of the financial statements -An understanding of the business


context will enhance the auditor's interpretation of the financial statements. Thus, for example, in
carrying out analytical review procedures, the BRM may give rise to a greater understanding of the
patterns that should emerge in the financial statements based upon an improved understanding of the
underlying business events.

Assurance assignments- The BRM lends itself to many assurance assignments where
methodologies may be enhanced by its application.

Turnbull report- Listed companies are required to report upon their risk management procedures.
The adoption of the BRM will enable a greater understanding by the auditor of such procedures and
he would thus be better placed to review their application.

Limitations of the business risk model


The extent to which reliance can, or should, be placed upon the BRM is limited by a number of factors as
explained below.
~

Risk can seldom be eliminated completely and additional risk may be desirable from the client's
perspective if it is accompanied by an improved return.

Business risks may be unforeseen, and indeed unforeseeable, thus other tools are also necessary to
assess risk

Certain key risks to companies and auditors may fall largely outside the BRM. An example might be
creative accounting, which can have significant consequences but can at best only be partially
understood and detected by the BRM.

If too many "added value" strategic services are carried out for a client an auditor's independence may
be threatened.

In applying the business risk model, it has been found that it is frequently difficult to quantify how
financial statement assertions are affected by the business risks that have been identified. As a
consequence, the identification of business risks does not always clearly assess risks that may directly
affect the audit opinion.

Interactive question 4: Identifying business risks

[Difficulty level: Exam standard]

KidsStuff Ltd imports children's toys from a supplier in the Far East into its warehouse in Liverpool and
distributes them to retailers throughout the UK. The company was set up by Joseph Cooper 40 years ago
and is managed by Joseph and his two sons. The company had experienced reasonable growth until the last
five years, but recent performance has been poor and the company now relies on a substantial overdraft.

124

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND R!SK ASSESSMENT

Joseph feels that the decline is due in part to the competitiveness of the market and the trend towards
computer games. KidsStuff Ltd does not have a strong market presence in this area but this is currently
being addressed by Joseph's son, Neil, who is confident that performance has improved.
You have received the following e-mail from the engagement partner.
From

Allan Partner

To

Audrey Senior

Subject KidsStuff Ltd


I know you are about to start work on your planning of this audit. Can you make sure that you specifically
identify the business risks faced by KidsStuff Ltd and set out the effect of those on the audit. Can you also
make a list of the further information you need in order to plan the audit so that I can request it from the
directors.
Requirement
Respond to the engagement partner's e-mail.

See Answer at the end of this chapter.

5 Audit risk model

5.1

Audit risk
Definition
Audit risk: is the risk that auditors may give an inappropriate opinion on the financial statements. Audit
risk has two key components; risk of material misstatement in financial statements (financial statement risk)
and the risk of the auditor not detecting the material misstatements in financial statements (detection risk).
Financial statement risk breaks down into inherent risk and control risk.
Inherent risk: is the susceptibility of an account balance or class of transactions to material misstatement,
either individually or when aggregated with misstatements in other balances or classes, irrespective of
related internal controls.

The Institute of Chartered Accountants in England and Wales, March 2009

125

Advanced Stage- Advanced Audit and Assurance


Control risk: is the risk that a misstatement
~

Could occur in an account balance or class of transactions

Could be material, either individually or when aggregated with misstatements in other balances or
classes, and

Would not be prevented, or detected and corrected on a timely basis, by the accounting and internal
control systems.

Detection risk: is the risk that the auditor's procedures do not detect a misstatement that exists in an
assertion that could be material, individually or when aggregated with other misstatements.

Point to note
The terms 'inherent risk', 'control risk' and 'detection risk' are key to understanding the audit risk model.

5.2

Audit methodology: the audit risk model


The audit risk model (ARM) expresses the relationship between the different components of risk as follows:
AR

= IR X CR X DR

In using this model the auditor will follow 3 key steps:


The auditor will set a planned level of audit risk for each account balance or class of transaction

Inherent risk and control risk are assessed, either separately or in combination. This will involve an
assessment of business risk and the risk of material misstatement (due to fraud or error)

Detection risk is then set at an appropriate level by 'solving' the audit risk equation.

This approach can be demonstrated as follows:

Very low

High

Low

Low

High

Low

High

Moderate

Low

Moderate

- ---- ...... _. __ ._."

Moderate

High

This model will then assist in the determination of the extent and type of procedures to be performed. For
example, the higher the assessment of inherent and control risk, the lower the assessment of detection risk
resulting in more evidence being obtained from the performance of substantive procedures.
Point to note

126

One of the criticisms of the ARM is the 'compensatory' approach it takes. In the table above, high
inherent and control risk is compensated for by low detection risk. Arguments have been put forward
(for example in the KPMG publication 'The 21" Century Public Company Audit') that evidence should
be complementary rather than compensatory.

Inherent risk and control risk are either 'high' or 'low' in the above table. This 'all or nothing'
approach is adopted by some audit firms. Thus, for instance, where there is a significant risk event
with respect to an audit area, then the inherent risk would always be deemed to be high. Other audit
firms may see risk as a spectrum with, for instance, an intermediate rating of 'moderate risk' where
there would be some reliance gained from inherent assurance, despite there being some measure of
risk observed.

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

5.2.1

The risk assessment process


This can be summarised as follows:
Perform risk assessment procedures
to obtain an understanding of the

entity and Its environment, IJ1Ciudlng


,.
internal control

,.

'r

"

'

'

Identify bu!Jihelll r:l~ ~~,!nay .


.. result In

materfai misstatementS

. in the fi~an~iatst.aten.1eriU

EValuate'tlle"ehtlty's fesf)()ns~s t6

.thi:J$e busrness riskS and obtain


.evidence oftherr Jmpleme~tatlol'l

Ass~s ~e .rl~k, of ro;tterlai misstatement


~t the
teV.1
t:he
. }audltpri;c!ed~res that a~. necessary

assertion

and ct8tennrni;

bt$ecf on tflat risk I:Uessmen~

(Source: Auditing and Assurance Services International Edition. Aasmund Eilifsen, William F. Messier jr,
Steven M. Glover, Douglas F. Prawitt)

Point to note
Notice the relationship between business risk (which we looked at in detail above) and audit risk.
Business risk includes all risks facing the business. In other words, inherent audit risk may include
business risks.
In response to business risk, the directors institute a system of controls. These will include controls to mitigate
against the financial aspect of the business risk. These are the controls that audit control risk incorporates.
Therefore, although audit risk is very financial statements focused, business risk does form part of the
inherent risk associated with the financial statements, (i.e. is part of financial statement risk) not least,
because if the risks materialise, the going concern basis of the financial statements could be affected. The
following illustrates the link between business risk and financial statement risk:

5.2.2

Computer viruses could lead to significant loss of


sales

Uncertainties over going concern may not be fully


disclosed

Breaches of data protection law and other


regulations could result in the company suffering
financial penalties

Provisions relating to breaches of regulations may


be omitted or understated

The business may suffer losses from credit card


fraud

Losses arising from frauds may not be recognised


in the financial statements

Inherent risk
As we saw in section 5.1 financial statement risk is made up of:
~
~

Inherent risk
Control risk

The Institute of Chartered Accountants in England and Wales, March 200,9

127

Advanced Stage- Advanced Audit and Assurance

Inherent risk is the risk that items will be misstated due to characteristics of those items, such as the fact
they are estimates or that they are important items in the accounts. The auditors must use their
professional judgement and the understanding of the entity they have gained to assess inherent risk. If no
such information or knowledge is available then the inherent risk is high.

Integrity and attitude to risk of directors and

Domination by a single individual can cause problems

management

Management experience and knowledge


- -----

----

Changes in management and quality of financial


management

-------------

Unusual pressures on management

Examples include tight reporting deadlines, or market


or financing expectations

Nature of business

Potential problems include technological


obsolescence or over-dependence on single product

-------------------------------Competitive conditions, regulatory requirements,

Industry factors

technology developments, changes in customer


demand

Information technology

Problems include lack of supporting documentation,


concentration of expertise in a few people, potential
for unauthorised access

Financial statement accounts prone to


misstatement

Accounts which require adjustment in previous


period or require high degree of estimation
---Accounts which require expert valuations or are
subjects of current professional discussion

------------------------

Complex accounts

----------------------Cash, inventory, portable non-current assets

Assets at risk of being lost or stolen


Quality of accounting systems
----------- - - - - - - High volume transactions

Unusual transactions

(computers)
------------------- -------------------
Strength of individual departments (sales, purchases,
cash etc)
Accounting system may have problems coping
Transactions for large amounts, with unusual names,
not settled promptly (particularly important if they
occur at period-end)
Transactions that do not go through the system, that
relate to specific clients or processed by certain
individuals

Staff

I 28

Staff changes or areas of low morale

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Interactive question 5: fnherent risks from financial reporting policies


[Difficulty level: Exam standard]
Fonesforall is a mobile phone network provider with its own retail outlets. It is currently offering the
following package for CU30 per month:
ZX4 mobile phone handset
12 month subscription to the network
300 'free' call minutes per month (for 12 months)
500 'free' texts per month (for 12 months)
Any unused call minutes or texts may be carried forward to the following month.
The fair value of this package is estimated to be CUSOO.
Requirement
Identify the risks associated with the treatment of revenue in relation to this package in the financial
statements of Fonesforall.

See Answer at the end of the chapter.

5.2.3

Control risk
Control risk is the risk that client controls fail to detect material misstatements. A preliminary
assessment of control risk at the planning stage of the audit is required to determine the level of
controls and substantive testing to be carried out.
In this respect, a key initial audit question is "how does management control the business?" An understanding of
this issue is a key element in an initial assessment of control risk.
Substantive and reliance strategies
For an ongoing client, the auditor will already have significant information on file regarding the control
systems at the audit client. The audit strategy will therefore focus on updating this control information.
For a new client, a judgement on audit strategy will normally be deferred until after a more detailed
understanding of internal control is obtained. For the new client, the auditor will obtain information on
the control systems and then perform an initial testing of those controls to determine whether or not
they are working correctly. Where these risk assessment procedures indicate that controls are not working
correctly, then it is unlikely that the auditor will place reliance on those controls, as CR will be set to
maximum. Substantive procedures will be used instead. However, if the risk assessment procedures
indicate that controls are working correctly, then some reliance will be placed on internal controls. CR
may be set only as either 'high' or 'low' in an all or nothing approach, as previously noted. Alternatively
there may be a possibility of setting control risk to an intermediate amount(s) within some firms' audit
methodologies.
So, providing an initial determination of the nature, timing and extent of audit procedures, two possible
audit strategies are normally identified:
~

Substantive strategy- focusing on substantive testing, (i.e. tests of details and analytical procedures);
and

Reliance strategy -focusing on tests of controls and reliance from inherent assurance.

The Institute of Chartered Accountants in England and Wales, March 2009

129

Advanced Stage -Advanced Audit and Assurance

Points to note
I.

There will not be one strategy for the entire audit. Each business process or specific audit assertion
will be allocated its own strategy. Similarly, each audit assertion may be allocated a different "mix" of
reliance and substantive strategy.

2.

Auditing Standards do require some substantive testing for each material class of transactions, account
balances and disclosure, so the audit strategy for any one assertion will never be completely a reliance strategy.

3.

It is possible, however (but unusual) that substantive testing may comprise entirely of analytical
procedures, without any tests of details being carried out.

An auditor is more likely to follow a reliance strategy where:


~

An entity uses electronic data interchange to initiate orders; there will be no paper
documentation to verify.

An entity provides electronic services to its customers e.g. an Internet Service Provider or telephone
company. No physical goods are produced with all information being collected and billing carried out
electronically.
The test is for understatement

An auditor is more likely to follow a substantive strategy where:


~
~
~
~

There are no controls available for a specific audit assertion


The controls are assessed as ineffective
It is inefficient to test the effectiveness of the controls
The test is for overstatement

Whichever strategy is chosen, the auditor will document the reasons for choosing that strategy and then
perform detailed auditing procedures in accordance with that strategy.

Control environment
Within an entity, the control system works within the control environment. A poor control
environment implies that the control system itself will also be poor, because the entity does not place
sufficient emphasis on having a good control environment.
So, the control environment sets the philosophy of an entity effectively influencing the "control
consciousness" of directors and employees.
Factors affecting the control environment include:

130

Communication and
enforcement of integrity
and ethical values

An organisation should try to maintain the integrity and ethical standing


of the employees. Membership of a professional body helps enforce
ethical standards for professional staff. Ethics in other areas are maintained
by ensuring rules do not encourage unethical conduct (e.g. unrealistically
high sales targets to earn commissions).

Commitment to
competence

Each job should have a job description showing the standards expected in
that job. Employees should then be hired with the competences to carry
out the job without compromising on the quality of work produced.

Involvement of those
charged with governance

Those charged with governance should take an active role in ensuring


ethical standards are maintained. For example, the audit committee should
ensure that directors carry out their duties correctly in the context of the
audit. Similarly, those charged with governance must ensure appropriate
independence from the company they are governing.

Management philosophy

Management should set the example of following ethical and quality


standards. Where management establish a risk management system and
regularly discuss the effect of risks on an organisation then the auditor will
gain confidence that the overall control environment is effective.

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT


Structure of the
organisation

The structure of the organisation should ensure authority is delegated


appropriately so that lower management levels can implement appropriate
risk management procedures. However, responsibility for risk management
overall is maintained by the board.

Reporting hierarchy

Within the organisation's hierarchy, each level of management has


responsibilities for risk included in their job description. There should also
be a clear reporting system so that objectives for risk management are
communicated down the hierarchy, while identified risks are communicated
back up the hierarchy for action.

HR policies and
procedures

HR policies should have appropriate policies for ensuring the integrity of


staff, both for new employees and for continued training and development.

From a review of these factors, the auditor will form an opinion on the effectiveness of the control
environment. The auditor will also consider the means by which the entity monitors controls e.g. by the
internal audit department (see Chapter 9). This then in turn affects the opinion on how well the internal
control systems will be implemented and operated.
Control risk will also increase where specific events occur within an organisation. Events that tend to
increase control risk include:

Use of new technology


New or substantially amended information systems
Hiring of new personnel, especially into key management roles
Changes to the regulatory or operating environment
Significant growth in the organisation
Restructuring of the company or group
Expansion of overseas operations

Worl<ed example: Xerox

-,

The case
Xerox was, and still is, a significant supplier of office equipment, based mainly in the USA. In the 1990s, the
company found its main USA sales base declining due to foreign competition. However, there was a
management incentive scheme in place that would provide $35million in bonuses if the share price
increased to more than $60. Rather than lose this source of income, various managers in Xerox decided to
artificially increase r~venue.
In the main scheme (there was a smaller scheme involving movements in reserves not reported here), short
term rental contracts were re-classified as long term leases. Under accounting regulations, short term
rentals could only be counted as revenue in the year that they were earned (and many short term rentals
went on for many years) whereas long-term leases could be counted wholly as revenue in the year the lease
was taken out. The re-classification therefore meant that revenue from future rental periods was
recognised much earlier, increasing revenue, profit and also the share price. The managers were therefore
not creating fictitious income (as in some fraudulent cases) but simply recognising future income earlier.
The share price of Xerox did reach $60 share in 1999, enabling managers to claim the bonuses. However,
the scheme was detected by the Securities and Exchange Commission and investigated in 2002. The result
was a fine on Xerox of $1 0 million with the six executives involved in the case also paying fines in total of
$22 million.
It was argued by the SEC that "the numbers have gotten so large that it's akin to auditors driving past Mt Everest
and saying they never saw it". The auditors had recognised that the revenue recognition policy was "halfbaked revenue recognition", but the senior partner on the audit was replaced when he started to raise
concerns. The auditors were also investigated by the SEC.
Implications
The Xerox case identifies weaknesses in the control environment as well as the ethical values of the
executives carrying out the scheme. Remember that a good control environment needs senior management

The Institute of Chartered Accountants in England and Wales, March 2009

13 I

Advanced Stage - Advanced Audit and Assurance


commitment, which was not the case in Xerox. The case also identifies that control systems are susceptible
to management override - so if management decide to amend the financial statements, there may be little
that employees can do - possibly apart from Whistle-blowing with the potential adverse consequences of
that decision. Note that the audit partner was replaced in this case.

Control activities
Having assessed the control environment, the auditor will then identify and assess the control activities
carried out by management. Control activities in this context are the policies and procedures that help

ensure management's directives are carried out.


Control activities that the auditor will investigate include:

Physical
controls

Controls to ensure the security of assets including data files and computer programs
(e.g. not simply tangible assets such as company motor vehicles).

Segregation
of duties

Segregation of the authorisation of transactions, recording of transactions and custody


of any related assets. For example, employees receiving cash should not be responsible
for recording that cash in the receivables' ledger- teeming and lading could occur.

Performance
reviews

Reviews to check the performance of individuals are carried out on a regular basis. The
review includes comparing actual performance against agreed standards and budgets
and accounting/obtaining reasons for any variances.

Information
processing
controls

These are controls to check the completeness, accuracy and authorisation of the
processing of transactions. Two types of controls are generally recognised:
~

General controls - over the information processing environment as a whole, for


example to ensure the security of data processing operations and maintenance of
adequate backup facilities.

Application controls - over the processing of individual transactions again ensuring


the completeness and accuracy of recording.
--------------------------------------Where the auditor is satisfied regarding the ability of the control environment to process transactions
correctly and control activities to identify weaknesses in that processing, then control risk can be set to a
low figure. Obviously, where the control environment is weak, and control activities are missing, then
control risk will be set to a higher level.

Control activities for transaction assertions


Within each class of transactions, the auditor will ensure that specific audit assertions have been achieved
(see Chapter 5 for a revision of audit assertions). Remember that for each assertion, a different "mix" of
control and substantive procedures may be used.
For each of the audit assertions relevant to transaction testing, specific control activities are normally
available. The assertions and control activities are summarised below:

~-

I 32

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Occurrence

Completeness

Transactions and events that have been


recorded have occurred and pertain to
the entity

All transactions and events that should


have been recorded have been recorded

-All transactions and events are properly


authorised

Segregation of duties

Daily I monthly reconciliation of


subsidiary records with an
independent review

Prenumbering of documents (with


completeness of numbering
confirmed)

Segregation of duties

Prenumbering of documents (with


completeness of numbering
confirmed)

Daily I monthly reconciliation of


subsidiary records with an
independent review

---~~-~----------,,--~--

Authorisation
\

Accuracy

~--

Cut-off

Classification

Authorisation of transactions at
important control points

Amounts and other data relating to


recorded transactions and events have
been recorded appropriately

Internal confirmation of amounts and


calculations

Monthly reconciliation of subsidiary


records by an independent person

Transactions and events have been


recorded in the correct accounting
period

Procedures for the prompt recording


of transactions

Transactions and events have been


recorded in the proper accounts

~--~

,:

Internal verification of cut-off at year


end

Agreeing transactions against chart of


accounts

Internal verification of the accuracy of


posting

_,~

Monitoring controls
The auditor should also assess the means by which management monitors internal control over financial
reporting. In many entities internal auditors fulfil this function. You have studied BSA 61 0 Considering the
Work of Internal Audit in your earlier studies. A brief revision of BSA 610 can be found in Chapter 9.

5.2.4

Detection risk
Detection risk is the risk that audit procedures will fail to detect material errors. Detection risk relates to
the inability of the auditors to examine all evidence. Audit evidence is usually persuasive rather than
conclusive so some detection risk is usually present, allowing the auditors to seek 'reasonable confidence'.
The auditor's inherent and control risk assessments influence the nature, timing and extent of
substantive procedures required to reduce detection risk and thereby audit risk.

The lnstiwte of Chartered Accountants in England and Wales, March 2009

133

,,

Advanced Stage- Advanced Audit and Assurance

Interactive question 6: Audit risk

[Difficulty level: Intermediate]

Forsythia is a small limited company offering garden landscaping services. It is partly owned by three
business associates, Mr Rose, Mr White and Mr Grass, who each hold I0% of the shares. The major
shareholder is the parent company, Poppy Ltd. This company owns shares in 20 different companies, which
operate in a variety of industries. One of them is a garden centre, and Forsythia regularly trades with it.
Poppy Ltd is in turn wholly owned by a parent, White Holdings Ltd.
The management structure at Forsythia is simple. Of the three non-corporate shareholders, only Mr Rose
has any involvement in management. He runs the day to day operations of the company (marketing, sales,
purchasing etc) although the company employs two landscape gardeners to actually carry out projects. The
accounts department employs a purchase clerk and a sales clerk, who deal with all aspects of their function.
The sales clerk is Mr Rose's daughter, Justine. Mr Rose authorises and produces the payroll. The company
ledgers are kept on Mr Rose's personal computer. Two weeks after the year end, the sales ledger records
were severely damaged by a virus. Justine has a single print out of the balances as at year end, which shows
the total owed by each customer.
Forsythia owns the equipment which the gardeners use and they pay them a salary and a bonus based on
performance. Mr Rose is remunerated entirely on a commission basis relating to sales and, as a shareholder
he receives dividends annually, which are substantial.
Forsythia does not carry any inventories. When materials are required for a project, they are purchased on
behalf of the client and charged directly to them. Most customers pay within the 60 day credit period, or
take up the extended credit period which Forsythia offer. However, there are a number of accounts that
appear to have been outstanding for a significant period.
Justine and her father do not appear to have a very good working relationship. She does not live at home
and her salary is not significant. However, she appears to have recently purchased a sports car, which is not
a company car.
The audit partner has recently accepted the audit of Forsythia as a new client. You have been assigned the
task of planning the first audit.

Requirement
Identify and explain the audit risks arising from the above scenario.

See Answer at the end of this chapter.

6 Creative accounting

134

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

6.1

Introduction
One of the factors affecting the overall level of financial statement risk is the potential for creative
accounting.
Directors have choices and they may exercise those choices to recognise values that do not reflect
economic reality. A prime example is the choice of the cost model when an asset's fair value is significantly
higher than cost. (note: if an asset's fair value and value in use were lower than cost, then an impairment
would be required under BAS 36 and directors would not have the discretion to disclose at cost}.
Directors are more likely to make use of their discretion to mislead financial statement users if they have
the opportunity (e.g. imprecise accounting regulations, weak auditors) and incentives (e.g. approaching
the breach of a debt covenant, an impending take-over, profit-based bonus) to do so.

6.2 The nature of creative accounting


Definition
Creative accounting: The active manipulation of accounting results for the purpose of creating an altered
impression of the underlying financial position or performance of an enterprise by using accounting rules
and guidance in a spirit other than that which was intended when the rules were written.

This well-documented practice is a potential problem for auditors in assessing the underlying performance
and position of a company and recent evidence suggest that it is one of the major issues facing financial
reporting.
Accounting measures involve a degree of subjectivity, choice and judgement and it would be wrong to
describe all such activity as creative accounting. Moreover, creative accounting normally falls within
permitted regulation and is not therefore illegal. It is thus ofte'l a question of fine judgement as to when
creative accounting is of such an extent that it becomes misleading.
The spectrum of creative accounting practices may include the following (commencing with the most
legitimate}:
~

Exercise of normal accounting policy choice within the rules permitted by regulation(e.g. FIFO or
average cost for inventory valuation).

Exercise of a degree of estimation, judgement or prediction by a company within reasonable


bounds (e.g. non-current asset lives).

Judgement concerning the nature or classification of a cost (e.g. expensing or capitalising costs).

Systematic selection of legitimate policy choices and estimations to alter the perception of the
position or performance of the business in a uniform direction.

Systematic selection of policy choice and estimations that fall on the margin of permitted
regulation (or are not subject to regulation) in order to alter materially the perception of the
performance or position of the business.

Setting up of artificial transactions to create circumstances where material accounting


misrepresentation can take place.

Fraudulent activities.

It can thus be a matter of fine judgement for an auditor as to where within this spectrum creative
accounting becomes unacceptable.
Companies may also seek to manipulate the perception of their performance and position by altering
underlying transactions, rather than just the way they are recorded. Accounting regulation seeks to limit the
effects of this behaviour in a number of ways as previously discussed. Nevertheless, while it may seek to
report faithfully transactions that actually take place, it cannot regulate for transactions which do not take

The Institute of Chartered Accountants in England and Wales, March 2009

135

Advanced Stage- Advanced Audit and Assurance


place, or which are delayed in order to manipulate the perception of performance or position. These might
include:
~
~
~

6.3

Deferring discretionary expenditure (e.g. maintenance costs, R&D)


Changing the timing of the sale of investments or other assets
Delaying investment or financing decisions.

Causes of creative accounting - opportunity


The causes of creative accounting have two key elements:
(i)
(ii)

Opportunity
Incentives

Where these two elements both exist then the risks of creative accounting taking place are
greatest. This section looks at opportunity. The following section looks at incentives.
It is important for the auditor to be aware of the causes of creative accounting in order to highlight the
circumstances, where there is the greatest risk or incentives for creative accounting to take place.
The causes of opportunity for creative accounting include the following:
~

Subjectivity- areas of subjectivity lend themselves to a greater degree of choice, judgement and
uncertainty.

Complexity- complex industries and transactions are difficult to regulate precisely and give more
scope for manipulation.

Inadequate corporate governance- inadequate or inappropriate controls over directors may


permit greater discretion.

Insufficiently independent auditors- auditors may come under increased managerial pressure to
approve creative accounting practices.

6.4

Imprecise regulations -where regulations are imprecise or inadequate, companies have greater
scope to exercise discretion, and auditors have a poor benchmark to challenge the selected accounting
procedures.

Inadequate sources of information- where reliable sources of audit evidence exist (e.g. to
challenge management estimations) the scope for effeetive manipulation is more limited.

Inadequate penalties- where creative accounting is discovered to have misled users, the penalties
for the company, and for the directors, are regarded by some as inadequate to provide sufficient
disincentives.

Causes of creative accounting- incentives


The following have been put forward as incentives for companies/managers engaging in creative accounting:
~

Income smoothing- companies normally prefer to show a steady trend of growth in profits, rather
than volatility with significant rises and falls. Income smoothing techniques (e.g. declaring higher
provisions or deferring income recognition in good years) contribute to reducing volatility in reported
earnings.

Achieving forecasts- where forecasts of future profits have been made, reported earnings may be
manipulated to tie in with these forecasts.

I 36

Profit enhancement- this is where current year earnings are boosted to enhance the short-term
perception of performance.

Maintain or boost share price- where markets can be made to believe that increased earnings
represents improved underlying commercial performance, then share price may rise, or at least be
higher than it would be in the absence of creative accounting.

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT


~

Accounting based contracts- where accounting based contracts exist (e.g. loan covenants, profit
related pay) then any accounting policy that falls within the terms of the contract may significantly
impact upon the consequences of that contract. For example, the breach of a gearing based debt
covenant may be avoided by the use of off-balance sheet financing.

Incentives for directors- there may be personal incentives for directors to enhance profit in order
to enhance their remuneration. Examples might include: bonuses based upon EPS, or share incentive
schemes and share option schemes that require a given EPS before they become operative. Directors
may also benefit more indirectly from creative accounting by increasing the security of their position.

Taxation- where accounting practices coincide with taxation regulations there may be an incentive
to reduce profit in order to reduce taxation. In these circumstances, however, it may necessary to
convince not only the auditor, but also NBR..

Regulated industries -where an industry is currently, or potentially, regulated then there may an
incentive to engage in creative accounting to reduce profit in order to influence the decisions of the
regulator. This may include utilities where regulators may curtail prices if it is perceived that excessive
profits are being earned. It may also be relevant to avoid a reference to the Competition Commission.

Internal accounting- a company as a whole may have reason to move profits from division to
division (or subsidiary to subsidiary) in order to affect tax calculations or justify the closure/expansion
of a particular department.

losses - companies making losses may be under greater pressure to enhance reported performance.

Commercial pressures- where companies have particular commercial pressures to enhance the
perception of the company there is increased risk of creative accounting. For example, a take-over bid,
or the raising of new finance.

Thus, a range of stakeholders may have incentives to engage in creative accounting. In particular, however,
an appropriate degree of professional scepticism should be applied where benefits arise for directors, as
they are also the group responsible for implementing creative accounting practices.

6.5

The consequences of creative accounting


It is important for the auditor to understand the consequences of creative accounting as:
~

It enables an understanding of the motivations and reasons for the company's directors to
engage in the practice. (For instance, the existence and nature of debt covenant that mat be affected
by creative accounting)

It enhances the understanding of whether the practice is material i.e. whether it would
reasonably influence the decisions.

It enables an understanding of the continued impact of a particular creative accounting


practice in future years' financial statements and whether the impact will be sustainable year on
year.

The consequences of creative accounting depend crucially upon whether or not it is disclosed.

Overt creative accounting refers to practices, which may change reported profits or the statement of
financial position, but that are disclosed externally to financial statements users. Examples may include:
~

~
~

Not depreciating non current assets


Capitalising development costs
Significant provisioning
Changing depreciation policy

Covert creative accounting refers to practices that are used to enhance profitability or asset values but
are not disclosed. Examples might be:
~

~
~

The timing of revenue recognition on complex long-term transactions


The treatment of overhead allocations
Many decisions to capitalise or expense cash outlays

The Institute of Chartered Accountants in England and Wales, March 2009

13 7

Advanced Stage- Advanced Audit and Assurance

As a result, such covert practices are not readily identifiable by outside users, who are thus unable, in some
cases, to distinguish increases in reported earnings arising as a result of accounting manipulation, from those
arising from improvements in substantive underlying transactions. The potential consequences of covert
creative accounting (e.g. for share prices movements) are therefore likely to be more substantial than for
overt creative accounting.

6.6

Sustainability
Some creative accounting practices are sustainable in the long term while others may only serve to enhance
the current year's profit, but only with the effect that future profits are correspondingly reduced.
Sustainable practices may include:
~

Income smoothing- assuming it is smoothed at a normal level of profitability it may be sustained


indefinitely.

Off-balance-sheet financing

Unsustainable practices include:

6. 7

Capitalisation of expenses -if, for instance, annual development costs are inappropriately
capitalised and amortised over ten years then, after that period, assuming constant expenditure, the
profit will be equivalent for either write off or amortisation policies (though not the statement of
financial position) as there will be I 0 amounts of I0% amortisation recognised in profit or loss.

Revenue recognition- bringing forward the recognition of revenues may initially enhance profit,
but at the cost of reducing future profits.

Some specific consequences


Share prices effects
Where creative accounting practices are disclosed then one would expect that, in a semi strong efficient
market, investors would see through the manipulation and correctly price shares, with creative accounting
having little effect. However:
~

The market may not always be efficient

Accounting-based contracts may be affected

Complex series of transactions may mean that markets may fail to appreciate fully the impact of
creative accounting

Covert creative accounting is likely to include all the above effects but in addition, even where the market is
semi strong efficient, it cannot always 'see through' the creative accounting and shares could be mispriced.
This may result in shareholders suffering an undue loss.
Recent revelations regarding creative accounting have resulted in significant falls in the share prices of the
companies concerned providing evidence of previous mispricing. However, shares prices also fell in other
companies, as markets generally placed less trust on reported earnings and the perceived auditors as being
unable to prevent creative accounting.
Accounting based contracts
Whether creative accounting is covert or overt, it can affect the application of accounting based contracts,
so long as the selected accounting treatment falls within the terms of that contract. Typically, a restrictive
covenant on gearing, or interest cover, may be avoided by enhancing equity or earnings. This may benefit
one stakeholder (e.g. shareholders) but disadvantage another (e.g. debtholders).

I38

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

6.8

Red flags and detection


The best detection techniques for creative accounting are a good knowledge of financial reporting
regulations and a good understanding of the business. There may, however, be more general techniques and
indicators that can suggest that a company is engaging in creative accounting practice. These include:
~

Cash flows - Operating cash flows are systematically out of line with reported operating profits over
time.

Reported income and taxable income- Is financial reporting income significantly out of line with
taxable income with inadequate explanation or disclosure?

Acquisitions- Where a significant number of acquisitions have taken place there is increased scope
for many creative accounting practices.

Financial statement trends - Indicators include: unusual trends, comparing revenue and EPS
growth, atypical year end transactions, flipping between conservatism and aggressive accounting from
year to year, level of provisions compared to profit indicating smoothing, EPS trend, timing of
recognition of exceptional items.

Ratios- Ageing analyses revealing old inventories or receivables, declining gross profit margins but
increased net profit margins, inventories/receivables increasing more than sales, gearing changes.

Accounting policies -Consider if there is the minimum disclosure required by regulation, changes
in accounting policies, examine areas of judgement and discretion. Consider risk areas of off-balance
sheet refinancing, revenue recognition, capitalisation of expenses, significant accounting estimates.

Changes of accounting policies and estimates- Is the nature, effect and purpose of these .
changes adequately explained and disclosed?

Management- Estimations proved unreliable in the past, minimal explanations provided.


Actual and estimated results- Culture of always satisfying external earnings forecasts, absence of

- "" i~

profit warnings, inadequate or late profit warnings leading to 'surprises', interim financial statements
out of line with year end financial statements.
~

Incentives- Management rewarded on reported earnings, profit-orientated culture exists, other


reporting pressures e.g. a take-over.

Audit qualifications- Are they unexpected and are any auditors adjustments specified in the audit
report significant?

Related Party Transactions- Are these material and how far are the directors affected?

The above is not a comprehensive list, but merely includes some main factors. Also, it is not suggested that
the above practices necessarily mean there is creative accounting, but where a number of these factors
exist simultaneously, then the auditor should be put 'on enquiry' to make further investigations.

6.9

Examples of creative accounting techniques


A number of examples of creative accounting have been given above and throughout these learning
materials in the context of their application. The following list draws some of these together and provides
some further examples under some key headings. The list is not meant to be comprehensive.

6.9.1

Timing of operating expenses


~
~

~
~
~
~

Under provisioning in poor years


Over provisioning in good years
Manipulation of reserves
Aggressive capitalisation of costs
Optimistic asset lives
Accelerating expenses in good years
Increased write downs and write offs in good years
Exceptional gains timed to offset exceptional losses

The Institute of Chartered Accountants in England and Wales, March 2009

139

Advanced Stage- Advanced Audit and Assurance

6.9.2

Revenue recognition
~
~

~
~
~
~
~

6.9.3

Premature recognition of revenues


Recording out-of period revenue
Recognition of revenue of service contracts prior to the service being performed
Recognition of sales prior to physical movement of goods.
Front-end recognition of sales that should be spread over more than one accounting period
Percentage of completion estimates in construction industry
Cut-off misapplied.

Off-balance-sheet financing
In some circumstances transactions may be structured in order to allow a particular accounting treatment
(e.g. making a finance lease appear to be an operating lease) rather than presenting the fairest view. This is
one of the primary reasons for the large quantity of disclosure standards (as against valuation standards) in
previous years.

6.1 0 Some specific examples


Several areas of opportunity exist for the creative accountant because so much choice exists within
accounting guidance. The more obvious areas (e.g. choice of depreciation rate/method, the use of
provisions, revaluations etc) have been so well documented that they ought to be relatively easy to spot.
However, more subtle methods exist. For example, a group with foreign operations will need to retranslate
the results of overseas subsidiaries in order to prepare group accounts. There is a requirement according
to lAS 21 that the functional currency should be determined for each entity. While companies cannot
choose this currency there may be instances where the facts are unclear and companies can manipulate the
selection to produce favourable foreign currency gains or minimise currency losses.
A further example involves allocating joint costs between long-term contracts in such a way that no
contract appears to be loss-making, thus avoiding an immediate provision for the entire loss.
Some actual cases of creative accounting illustrate further instances where creative practices were not fully
appreciated until they had been in operation for some time.

Worked example: WorldCom


"WorldCom's dodge was relatively simple. In 2001 and 2002 the company pretended that $3.8bn in normal
operating expenses -in fact routine maintenance- qualified as investment. That allowed the company to
spread the cost over a number of years, instead of having to account for it all at once. Unsurprisingly it
made profits look much better than they were. It also artificially inflated the company's value".

BBC NEWS Online: Business: 26 June 2002

Worl<ed example: Xerox


"Xerox treads a well-trodden path in its restatement of earnings. The premature recognition of revenues is,
along with improper manipulation of reserves, one of the most frequent instances of earnings
management ... Revenue recognition issues make up more than half the accounting lawsuits in the US.
Classic cases include internet auction houses that claimed the full sales price of items sold on their sites as
revenue, rather than merely the auctioneer's commission. Software companies have also come to grief after
prematurely recording (income) from service contracts bundled with their software packages.
Xerox did it with photocopiers."

140

Financial Times: 29/30 June 2002

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

6.1 I

Performance measurement and creative accounting


Any performance measures used should act as an incentive to managers to aim for corporate objectives. If
it is assumed that a company's primary objective is to maximise shareholder value (it may not be), then
managerial incentives must ensure that the manager gains when the shareholder gains.
If profit is used, either internally or externally, as a measure of performance then it is likely to fail to
capture the objective of wealth maximization. Moreover, if a target is set as a measure of performance
people will respond to that target - but you may wish they had not. In the case of accounting measures it
may be that directors will respond by increasing profit - but only by using creative accounting. Strathearn's
Law becomes applicable here- "when a measure becomes a target it ceases to be a good measure". The
following case of the nail factory in Soviet Russia provides a stark example of targets, perverse incentives
and manipulation that could apply in principle to many financial headline targets set for companies.

Worked example: The Soviet Russian nail factory


There is a much repeated, but probably apocryphal, story that a nail factory in Soviet Russia was given a
new performance target based upon the number of nails it produced each month. In the first month, all of
its nails were half a centimetre long.
In the second month, the incentive scheme was changed to a measure performance based upon the weight
of nails produced, thereby acknowledging that larger nails took more time to manufacture.
The factory responded by producing one gigantic nail!

.,...,

7 Analytical procedures

7 .I

Use of analytical procedures


There are a number of occasions and assignments when an auditor will wish to adopt an analytical
procedures approach. Examples include:
~
~
~

Review
Assurance engagements
Prospective financial information

In terms of its use during the audit the auditor must comply with BSA 520 Analytical Procedures. As you
should be aware from your earlier studies this states that analytical procedures are used as follows:
~

As risk assessment procedures to obtain an understanding of the entity and its environment

As substantive procedures

At or near the end of the audit when forming an overall conclusion as to whether the financial
statements as a whole are consistent with the auditor's understanding of the entity.

Point to note
BSA 520 requires the use of analytical procedures for the first and third purposes listed above. They may
also be used as substantive procedures and are commonly used in practice in this way.
We will look at analytical procedures in more detail in Chapter 5, as although the aim of the procedures is
different at each of the three key stages of the audit there are many common features in their application.

The Institute of Chartered Accountants in England and Wales, March 2009

141

Advanced Stage- Advanced Audit and Assurance

8 Materiality

8.1

Revision of materiality
Definition
Materiality: 'Information is material if its omission or misstatement could influence the economic decisions
of users taken on the basis of the financial statements. Materiality depends on the size of the item or error
judged in the particular circumstances of its omission or misstatement. Thus, materiality provides a
threshold or cut-off point rather than being a primary qualitative characteristic which information must have
if it is to be useful.' (BSA 320)

Materiality criteria
An item might be material due to its
Nature

Given the definition of materiality that an item would affect the readers of the
financial statements, some items might by their nature affect readers. Examples
include transactions related to directors, such as remuneration or contracts with
the company.

Value

Some items will be significant in the financial statements by virtue of their size, for
example, if the company had bought a piece of land with a value which comprised
three-quarters of the asset value of the company, that would be material. That is why
materiality is often expressed in terms of percentages (of assets, of profits).

Impact

Some items may by chance have a significant impact on financial statements,


for example, a proposed journal which is not material in itself could convert a profit
into a loss. The difference between a small profit and a small loss could be material to
some readers.

Although there are general guidelines on how materiality might be calculated in practice, the calculation
involves the application of judgement. It should also be reassessed throughout the course of the audit as
more information becomes available.

142

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

8.2 Applying materiality


The application of materiality to an audit can be summarised in 3 key steps:
Steps in Applying Materiality on an Audit
Step I

Establish a preliminary judgement


about materiality

Step 2

Step 3

Estimate likely misstatements and


compare totals to the preliminary
Judgement about materiality

Steps I and 2 would normally be performed as part of the planning process. Step 3 is normally performed
as part of the review stage of the audit when the auditor evaluates the audit evidence.

\.

8.2.1

Preliminary judgement
Materiality considerations during audit planning are extremely important. The assessment of materiality
at this stage should be based on the most recent and reliable financial information and will help to
determine an effective and efficient audit approach. Materiality assessment will help the auditors to:
~

Determine the amount of audit work necessary to facilitate audit efficiency and effectiveness
Put audit risk in context

Decide whether to use sampling techniques


Determine the applicability of accounting standards which normally apply only to material items
Evaluate uncorrected misstatements during the audit

Evaluate what level of error is likely to lead to a qualified audit opinion

In specifying materiality, an auditor should establish a base (or bases) to which a percentage factor is
applied. The following bases are typically used:

Total revenue
Gross profit
Profit before tax

5.0%

Total assets

0.5%

Equity

1.0%

The resulting balance would then be adjusted for any relevant qualitative factors including:
~
~
~

~
~
~

~
~

Whether it is a first-year engagement


Weaknesses in controls
Material misstatements in prior years
Risk of fraud
Significant management turnover
Unusually high market pressures
Sensitivity of covenants in loan agreements to changes in the financial statements
Affect of changes in results to earnings trends.

The Institute of Chartered Accountants in England and Wales, March 2009

143

Advanced Stage -Advanced Audit and Assurance

8.2.2

Tolerable misstatement
Determining the tolerable misstatement involves the allocation of planning materiality to:
~

An account balance or
Class of transaction

As with overall materiality both quantitative and qualitative factors will be taken into accourtt.
Quantitative benchmarks include:
~
~

2-15% of the account (but never greater than materiality)


50-75% of planning materiality

Point to note
These approaches result in a combined tolerable misstatement greater than the overall planning materiality
set. However, it would be inefficient for the auditor to simply allocate the planning materiality
proportionately to each account balance as this would lead to low tolerable misstatement levels which in
turn would result in more extensive testing.
Qualitative factors would also be taken into account. These include:
~

~
~

8.2.3

Size ofthe account


Complexity of the account
Impact of changes in the account to key performance indicators
Impact of changes in the account to published forecasts

Estimation of likely misstatements


Towards the end of the audit the auditor will aggregate the misstatements from each account balance or
class of transaction (including both known and likely misstatements) and compare this with the preliminary
assessment of materiality. Where additional information has come to light the preliminary assessment of
materiality may need to be revised. If this is the case the circumstances should be adequately
documented. Comparison of the aggregated misstatements and materiality will determine whether the
financial statements require adjustment.

8.3

Problems with materiality


As discussed above, materiality is a matter of judgement for the auditor. Therefore, prescriptive rules will
not always be helpful when assessing materiality. A significant risk of prescriptive rules is that a
significant matter, which falls outside the boundaries of the rules, could be overlooked, leading to a
material misstatement in the financial statements.
The percentage guidelines of assets and profits that are commonly used for materiality (e.g. those referred
to in section 8.2.1) must be handled with care. The auditor must bear in mind the focus of the company
being audited.
In some companies, post tax profit is the key figure in the financial statements, as the level of dividend is
the most important factor in the accounts.
In owner managed businesses, if owners are paid a salary and are indifferent to dividends, the key profit
figure stands higher in the statement of comprehensive income, say at gross profit level. Alternatively in
this situation, the auditor should consider a figure that does not appear on the statement of comprehensive
income: profit before directors' salaries and benefits.
Some companies are driven by assets rather than the need for profits. In such examples, higher
materiality might need to be applied to assets. In some companies, say charities, costs are the driving
factor, and materiality might be considered in relation to these.
While rules or guidelines are helpful to auditors when assessing materiality, they must always keep in mind
the nature of the business they are dealing with. Materiality must be tailored to the business and the
anticipated user of financial statements, or it is not truly materiality.

144

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Interactive question 7: Materiality(!)

(Difficulty level; Easy]

You are the manager responsible for the audit of Albreda Ltd. The draft consolidated financial statements
for the year ended 30 September 20X6 show revenue of CU42.2 million (20X5 CU41.8 million), profit
before taxation of CU 1.8 million (20X5 CU2.2 million) and total assets of CU30.7 million (20X5 CU23.4
million). In September 20X6, the management board announced plans to cease offering 'home delivery'
services from the end of the month. These sales amounted to CU0.6 million for the year to 30 September 20X6
(2005 CU0.8 million). A provision of CU0.2 million has been made at 30 September 20X6 for the compensation of
redundant employees (mainly delivery van drivers).
Requirement
Comment upon the materiality of these two issues.
See Answer at the end of this chapter.

Interactive question 8: Materiality (2)

[Difficulty level: Exam standard]

You are the auditor of Oscar Ltd and are in the process of planning the audit for the year ended 31
December 20X8. In the past the audit of this company has been straightforward. The following information
is available:

20XB
CU'OOO
1,800
2,010
10

Total assets
Total revenue
Profit before tax

20X7
CU'OOO
1,750
1,900
300

Materiality has been calculated by a colleague as follows:


Profit before

tax

= CUI 0,000 x 5% = CU500

Requirement
Comment on the suitability of the planning materiality figure.
See Answer at the end of this chapter.

8.4
8.4.1

Current developments
Audit materiality
Internationally, there is currently an exposure draft of BSA 320 (Revised and Redrafted) Materiality in Planning
and Performing an Audit in issue. The key issues in relation to this exposure draft are:
(a)

Definition of materiality. The ED makes clear that the definition of materiality used by the auditors
should be the same as the definition in the applicable reporting framework. (For example, the
definition in current BSA 320 is the same as in BAS 1.)

(b)

Users. The ED indicates that it is reasonable for the auditor to assume that users:
~

Have a reasonable knowledge of the business and economic activities and accounting and a
willingness to study the information in the financial statements with reasonable diligence

Understand that financial statements are prepared and audited to levels of materiality

Recognise the uncertainties inherent in the measurement of amounts based on the use of
estimates, judgment and the consideration of future events

Make reasonable economic decisions on the basis of the information in the financial statements

The Institute of Chartered Accountants in England and Wales, March 2009

145

Advanced Stage - Advanced Audit and Assurance

8.4.2

(c)

Materiality and audit risk. The link between materiality and audit risk is emphasised.

(d)

Percentage benchmarks. The ED provides more guidance on the use of percentage benchmarks
for calculating materiality.

Evaluation of misstatements identified during an audit


The international exposure draft of BSA 450 (Redrafted) Evaluation of Misstatements Identified During the
Audit explains how materiality is applied in evaluating misstatements identified during the audit. The key
points are as follows:
(a)

Misstatements. Misstatements identified during the audit should be accumulated.

(b)

Considerations. In the light of identified misstatements the auditor should consider whether the
overall audit strategy and plan need to be revised.

(c)

Reporting. The ED requires auditors to communicate all discovered misstatements to management

(d)

Evaluation. The ED sets out that establishing a materiality level does not mean some matters should
be ignored in overall review. Materiality levels used in planning and performing the audit are
reassessed based on the actual financial results

9 Responding to assessed risks

:;l,f}"lif,~~~~~~~~;r~r
As a result of the auditor's risk assessment and assessment of materiality an audit strategy will be
developed in response. BSA 330 makes the following points in this context which you should be familiar
with.

9 .I

Overall responses
The auditor should determine overall responses to address the risks of material misstatement at the
financial statement level. This may include:
~

Emphasising to the audit team the need to maintain professional scepticism in gathering and
evaluating audit evidence

Assigning more experienced staff, those with special skills or using experts

Providing more supervision

Incorporating additional elements of unpredictability in the selection of further audit procedures

The auditor may also make general changes to the nature, timing or extent of audit procedures, for
example, by performing substantive procedures at the period end instead of at an interim date. These
decisions will take into account the auditor's assessment and understanding of the control environment.

9.2 Audit procedures responsive to risks of material misstatement at


the assertion level
The auditor is required to design and perform procedures which will address the risks identified. The ISA
emphasises the link between further audit procedures and the risk assessment process. Factors
which the auditor will consider include:

146

The significance of the risk

The likelihood that a material misstatement will occur

The characteristics of the class of transaction, account balance or disclosure involved

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT


~

The nature of the specific controls used by the entity and in particular whether they are manual or
automated

Whether the auditor expects to obtain audit evidence to determine if the entity's controls are
effective in preventing, or detecting and correcting, material misstatements.

The auditor will then determine the nature, timing and extent of further audit procedures. We will
look at this aspect of the audit in detail in Chapter 5.

9.3

Evaluating the sufficiency and appropriateness of audit evidence


obtained
Based on the audit procedures performed and the evidence obtained, the auditor should conclude whether
sufficient, appropriate audit evidence has been obtained to reduce to an acceptably low level the risk of
material misstatement. Whilst this will be considered by the auditor throughout the audit it is particular
relevance at the review stage of the audit. We will consider this in more detail in Chapter 6.

9.4

Documentation
The BSA emphasises the need to document the link between the audit procedures and the assessed risks.
These matters should be recorded in accordance with BSA 230 Audit Documentation with which you should
be familiar from your earlier studies.

10 Other audit methodologies

I0.1

Introduction
In this chapter we have looked in detail at the business risk model and the audit risk model. However there
are a number of other audit approaches which may be adopted.

I0.2
'--

Systems audit
An auditor may predominantly test controls and systems, but substantive testing can never be eliminated
entirely. It is always used in conjunction with another approach.
You should be familiar with the systems and controls approach to auditing, from your previous studies.
Management are required to institute a system of controls which is capable of fulfilling their duty of

safeguarding the assets of the shareholders.


Auditors assess the system of controls put in place by the directors and ascertain whether they believe it is
effective enough for them to be able to rely on it for the purposes of their audit.
If they believe that the system is effective, they carry out tests of controls to ensure that the control system
operates as it is supposed to. If they believe that the control system is ineffective, they assess control risk as
high and undertake higher levels of substantive testing.
The key control objectives and procedures over the main cycles of sales, purchases and wages were studied
at length in your previous studies. If you do not feel confident in what they are, you should go back to your
learning materials in these areas and revise them now.

The Institute of Chartered Accountants in England and Wales, March 2009

147

Advanced Stage- Advanced Audit and Assurance


An auditor may choose predominantly to carry out substantive tests on the transactions and balances of the
business in the relevant period, but if internal control systems are particularly weak then no amount of
substantive testing may give adequate assurance (e.g. if point of sales controls over cash receipts are
inadequate, then substantive testing may never detect material understatement of revenues).
Two approaches to substantive testing are:
~
~

I0.3

The transaction cycle approach


The balance sheet approach

Transaction cycle approach


Cycle testing is in some ways closely linked to systems testing, because it is based on the same systems.
When auditors take a cycle approach, they test the transactions which have occurred, resulting in the
entries in the statement of comprehensive income (for example, sales transactions, inventory purchases,
asset purchases, wages payments, other expenses).
They would select a sample of transactions and test that each transaction was valid and complete and
processed correctly throughout the cycle. In other words, they substantiate the transactions which appear
in the financial statements.
The key business cycles are outlined below. Remember that you know what the processes should be in the
cycle (you have assessed the system and controls previously), under this approach, you are ensuring that
individual transactions were processed correctly. Hence, the cycles outlined below should correspond to
the controls processes you are already aware of.

Sales cycle

~Take

omern~

Receive
payment

Document
order

Make
order

You should be aware of the


controls over recording
and accounting _

148

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Purchases cycle
~

You should be aware


of controls over ordering

Raise

'"""'''"0~ .

/
Supplier will
extend credit in

Send

Purchasmg
department

pl:~toffi

rnl"

Rec/lvz

eany on
production

Raise goods
received note

\
Record and
account for invoice

Accounts /
~partment
match

"

You should be aware of controls


over accounting and recording

GRN to invoice

The auditor should be able to find an audit trail for each transaction, for example in the purchases cycle:
~

Requisition
Invoice
Order
Ledger and daybook entries

GRN

Payment in cashbook/cheque stub

~
~

I0.4

Balance sheet approach


An alternative to the cycles (or transactions) approach to auditing is to take the balance sheet approach.
This is the most common approach to the substantive part of the audit, after controls have been tested.
The statement of financial position (balance sheet) shows a snapshot of the financial position of the business
at a point in time. It follows that if it is fairly stated and the previous snapshot was fairly stated then it is
reasonable to undertake lower level testing on the transactions which connect the two snapshots, for
example, analytical procedures.
Under this approach, therefore, the auditors seek to concentrate efforts on substantiating the closing
position in the year, shown in the statement of financial position, having determined that the closing position
from the previous year (also substantiated) has been correctly transferred to be the opening position in the
current year.
You should be aware of the financial statement assertions and the substantive tests in relation to the major
items on the statement of financial position from your previous studies. We will also review these in more
detail in Chapter 5.

The Institute of Chartered Accountants in England and Wales, March 2009

149

Advanced Stage- Advanced Audit and Assurance

10.4.1

Relationship with business risk approach


The substantive element of an audit undertaken under a business risk approach is restricted due to the high
use of analytical procedures. However, the element of substantive testing which remains in a business risk
approach can be undertaken under the balance sheet approach.
In some cases, particularly small companies, the business risks may be strongly connected to the fact that
management is concentrated on one person. Another feature of small companies may be that their
statement of financial position is uncomplicated and contains one or two material items, for example,
receivables or inventory.
When this is the case, it is often more cost-effective to undertake a highly substantive balance
sheet audit than to undertake a business risk assessment, as it is relatively simple to obtain the
assurance required about the financial statements from taking that approach.

I 0.4.2

Limitations of the balance sheet approach


When not undertaken in conjunction with a risk based approach or systems testing, the level of detailed
testing can be high in a balance sheet approach, rendering it costly.

I SO

The Institute of Chartered Accountants in England and Wales, March 2009

PLANNING AND RISK ASSESSMENT

Summary and Self-test

Summary

Financial. :rtsk .

operating nsk
Compliance risk

The Institute of Chartered Accountants in England and Wales, March 2009

IS I

chapter 5

Audit evidence

Introduction

Topic list
I
Risk and assertions
2
Sufficient appropriate audit evidence
3
Sources of audit confidence
4
Audit procedures
Analytical procedures
5
6
Provisions and contingencies
7
Audit of accounting estimates
8
Related parties
9
Management representations
I0
Opening balances
II
Service organisations
Appendix I
Appendix 2
Summary and Self-test
Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

179

AUDIT EVIDENCE

I Risk and assertions


Seci;iQn ovetview
. Exidente is
"

1.1

obtafn~ io re~pe~;tof'~a,ch ;tSsertio~


,~~~4 ~y th~ atiditor
'

~'

~~-

'

',

'

'

'/

Introduction
As we have seen audit work is about reducing risk- the risk that the financial statements will include
material misstatements. At the most basic level, the financial statements simply consist of information
about the:
~
~

~
~

Revenues
Costs
Assets
Liabilities and
Capital

of the entity. These items will have certain attributes if they are included correctly in the financial
statements. These attributes are referred to as financial statement assertions.

1.2

Financial statement assertions


Definition
Financial statement assertions: are the representations of the directors that are embodied in the
financial statements. By approving the financial statements, the directors are making representations about
the information therein. These representations or assertions may be described in general terms in a
number of ways.

For example, if the statement of financial position includes a figure for freehold land and buildings the
directors are asserting that:

The property concerned exists

It is either owned by the company outright or else the company has suitable rights over it

Its value is correctly calculated

There are no other items, of a similar nature, which ought to be included but which have been
omitted

It is disclosed in the financial statements in a way which is not misleading and is in accordance with the
relevant 'reporting framework' e.g. international accounting standards

BSA 500 Audit Evidence states that 'the auditor should use assertions for classes of transactions, account
balances, and presentation and disclosures in sufficient detail to form the basis for the assessment of
risks of material misstatement and the design and performance of further audit procedures'. It gives
examples of assertions in these areas. Depending on the nature of the balance, certain assertions will be
more relevant than others.

The Institute of Chartered Accountants in England and Wales, March 2009

18 I

Advanced Stage- Advanced Audit and Assurance

Assertions about
classes of
transactions and
events for the
period under audit

Occurrence: transactions and events that have been recorded have occurred and
pertain to the entity.
Completeness: all transactions and events that should have been recorded have
been recorded.
Accuracy: amounts and other data relating to recorded transactions and events
have been recorded appropriately.
Cut-off: transactions and events have been recorded in the correct accounting
period.
Classification: transactions and events have been recorded in the proper accounts.

Assertions about
account balances
at the period end

Existence: assets, liabilities and equity interests exist.


Rights and obligations: the entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
Completeness: all assets, liabilities and equity interests that should have been
recorded have been recorded.
Valuation and allocation: assets, liabilities, and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded.

Assertions about
presentation and
disclosure

Occurrence and rights and obligations: disclosed events, transactions and other
matters have occurred and pertain to the entity.
Completeness: all disclosures that should have been included in the financial
statements have been included.
Classification and understandability: financial information is appropriately
presented and described, and disclosures are clearly expressed.
Accuracy and valuation: financial and other information are disclosed fairly and at
appropriate amounts.

1.2.1

A summary
We have seen that there are 13 assertions applying in different ways to different items in the financial
statements.
You can summarise them in the following four questions:
~
~

~
~

Should it be in the accounts at all?


Is it included at the right amount?
Are there any more?
Has it been properly disclosed and presented?

The following table shows how the assertions fit with these questions:

Should it be in the
accounts at all?

Occurrence

Existence

Occurrence

Cut-off

Rights and obligations

Rights and obligations

Is it included at the right


amount!

Accuracy

Valuation

Accuracy and
measurement

Are there any more?

Completeness

Completeness
-------------Allocation

Completeness

---~

----~

Is it properly disclosed
and presented?

182

Classification

The Institute of Chartered Accountants in England and Wales, March 2009

---~"---~---~,----~-

Classification and
understandability

AUDIT EVIDENCE

Interactive question I: Financial statement assertions (I)

[Difficulty level: Easy]

Requirement
Complete the table below
(i)

Identifying tests to satisfy the four key questions

(ii)

Identify the financial statement assertions that these tests will satisfy

assets

accounts at all?
Is it included at the right
amount?

i Inspect invoices/contracts
Check depreciation

Valuation
Valuation

Are there any more?

Is it properly disclosed and i


presented?

Receivables

Should it be in the

Are there any more?


Is it properly disclosed and
presented?
Should it be in the
accounts at all1
Is it included at the right
amount?
Are there any more?

Inventory
Is it included at the right
amount?
, Are there any more?
Is it properly disclosed and
presented?

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

183

Advanced Stage -Advanced Audit and Assurance

Interactive question 2: Financial statements assertions (2)


[Difficulty level: Exam standard]

Requirement
For the points 1-3 below identify and explain the most relevant financial statement assertions. Assume that
the year end is 31 December 20X7 in each case.
(I)

Fine Ltd is proposing to award share options to 5 directors. The proposal is to issue I00,000 options
to each of the 5 individuals on I September 20X7 (the grant date} at an exercise price of CU7 per
share. The scheme participants will need to have been with the company for at least three years
before being able to exercise their options. It is believed that all the directors will satisfy this
condition. Other relevant information is as follows:
I September 20X7

31 December 20X7

cu

cu

Price per share

7.00

8.20 (estimated)

Fair value of each option

3.00

5.70 (estimated)

(2)

Wigwam Ltd has purchased goods worth CU750,000 from Teepee Ltd on an arm's length basis.
Wigwam owns 40% of the ordinary share capital in Teepee.

(3)

Deakin Ltd issued I0,000 6% convertible bonds at par value of CUI 0 on I January 20X7. On this date
the market interest rate for similar debt without the option to convert was I0%. Each bond is
convertible into 4 ordinary shares on 31 December 20X9.

See Answer at the end of this chapter.

2 Sufficient appropriate audit evidence

2.1

Importance
BSA 500 states that the auditor should obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the audit opinion.
The importance of obtaining sufficient, appropriate audit evidence can be demonstrated in the Arthur
Andersen audit of Mattei Inc.

Worl<ed example: Mattei Inc


Th!s is a complex case but in simple terms Mattei Inc inflated its reported earnings by using a technique
which came to be known as 'bill and hold'. This involved billing customers for future sales. Whilst the sale
was recorded immediately (with invoices often prepared without the knowledge of the customer) the
merchandise was not shipped. To support these sales Mattei produced false sales orders, invoices and bills
of lading. The bills of lading were signed by employees as both themselves and the carrying company. They
were then stamped 'bill and hold'. Problems which arose when the goods were actually sold were dealt
with by making other fraudulent entries in the books.
When Arthur Andersen audited accounts receivable they sent accounts receivable confirmations to
customers. These were returned with many substantial discrepancies due to the 'bill and hold' entries. As
part of the reconciliation process the auditors reviewed copies of bills of lading to serve as confirmation

184

The Institute of Chartered Accountants in England and Wales, March 2009

__

AUDIT EVIDENCE

that the goods had been shipped. However, the auditors did not question the term 'bill and hold' even
though it was clearly stamped on the documents and did not appear to notice that the same individual had
signed as both representatives of Mattei Inc and the shipping company. A number of entries were
questioned and the audit senior who reviewed the working papers noted that additional explanations were
required but no further investigation actually took place.

Source: Principles of Auditing: An Introduction to International Standards on Auditing by Rick Hayes, Roger Dassen,
Arnold Schilder, Phillip Wallage Second Edition published by Pearson Education Umited 2005

2.2

Sufficient and appropriate evidence


'Sufficiency' and 'appropriateness' are interrelated and apply to both tests of controls and substantive
procedures.
Sufficient evidence relates to the quantity of evidence gathered. However it is not simply a question of
'more is better' as different sources can be more or less persuasive. Broadly speaking however it is possible
to say that the greater the risk of misstatement, the greater the quantity of evidence required.
However the standards are clear that if the auditor decides to perform more comprehensive testing e.g. by
selecting a bigger sample the extra work must contribute to the reduction of risk.
Appropriateness relates to the quality of evidence. BSA 500 amplifies this term by saying that evidence
should be:
~
~

Relevant
Reliable

Relevance is normally measured by reference to the financial statements assertions.


Reliability is influenced by the source and nature of the evidence however you should be familiar
with the following generalisations from your earlier studies:
~

Audit evidence is more reliable when it is obtained from independent sources outside the entity

Audit evidence that is generated internally is more reliable when the related controls imposed by the
entity are effective

Audit evidence obtained directly by the auditor (for example, observation of the application of a
control) is more reliable than audit evidence obtained indirectly or by inference (for example,
inquiry about the application of a control)

Documentary evidence is more reliable, whether paper, electronic or other medium (for
example a written record of a meeting is more reliable than a subsequent oral representation of the
matters discussed)
Original documents are more reliable than photocopies or faxes.

Interactive question 3: Audit evidence- revision

[Difficulty level: Easy]

'The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions
on which to base the audit opinion.'
(BSA 500.2)
Discuss the extent to which each of the following sources of audit evidence is sufficient and appropriate.
(a)

Oral representation by management in respect of the completeness of sales where the majority of
transactions are conducted on a cash basis

(b)

Flowcharts of the accounting and control system prepared by a company's internal audit department

(c)

Year-end suppliers' statements

The Institute of Chartered Accountants in England and Wales, March 2009

185

Advanced Stage -Advanced Audit and Assurance


(d)

Physical inspection of a non-current asset by an auditor, and

(e)

Comparison of revenue and expenditure items for the current period with corresponding information
for earlier periods.

See Answer at the end ofthis chapter.

2.3

Triangulation
Forming an audit opinion is a question of using professional judgement at all times and judgements have
to be made about the nature, the quality and the mix of evidence gathered. It is also essential that individual
items of evidence are not simply viewed in isolation but instead support other evidence and are supported
by other evidence. This approach views evidence from different sources as predominantly complementary,
rather than compensatory. This strategy of acquiring and evaluating complementary evidence from a
range of sources is referred to as triangulation in The 2/'1 Century Public Company Audit: Conceptual
Bements of KPMG's Global Audit Methodology. This approach is an application of the general principle that
evidence obtained from different sources, that presents a consistent picture, is mutually strengthening and
gives greater reliance than merely increasing the amount of evidence from a single source. The consequence
of over-reliance on one specific type and source of evidence can be seen in the case of the collapse of
Parmalat.

Worked example: Over reliance on confirmations


One of the largest examples of over-reliance on one type of audit confirmation was the Parmalat collapse of
2003.
Parmalat Finanziaria Spa is an Italian-based company. Its main operating subsidiary Parmalat Spa dealt with
dairy produce around the world. On 24 December 2003 Parmalat Spa filed for bankruptcy. How could this
happen to a company that employed 36,000 employees, operated in 30 countries and was Italy's biggest
food maker? The answer is simply forged documentation!
Parmalat allegedly had 3.95 billion worth of cash and marketable securities in an account at the Bank of
America but under the name of Bonlat Financing Corporation. In 2002 Grant Thornton, the auditors of
Bonlat, had requested confirmation of the balances from Bank of America. Three months later a reply was
received by post not by fax confirming the balance. It later transpired that this letter was a forgery and Bank
of America confirmed this in a press release. The Parmalat CEO left Italy on the day of this press release.
The 3.95 billion worth of cash and securities simply did not exist.
' than simply one (forged) letter should have been obtained for the
In retrospect, additional evidence rather
cash balance. The case shows that even external confirmations and letters from other auditors should be
treated with some scepticism where the amounts involved are very material.

Source: Principles of Auditing An Introduction to International Standards on Auditing


by Hayes, Dassen, Schilder and Wallage second edition 2005
Pearson Education Umited

186

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

3 Sources of audit confidence


~... Section ov:eeyiew. ' .

< ; . . .

;~~ _-~ ~ -~~~~tt~s-~f-~~~~~!=~9~~d~.~~ei~~~~~1C';t~:::::


T~$~9~j:ontr(,l~:. . _::-.,-~ ; /~;~u~~tarJ~~ve.; P,~oce~ur~.s :; ~- , :">;J/

3.1

Tests of controls: revision


You will have tovered tests of controls in your earlier studies. The following section provides a
summary of the key points.
Testing of controls means obtaining sufficient audit evidence about the operating effectiveness of the
controls in preventing or detecting and correcting material misstatements.
Evidence will be required to show that:
~

Controls were applied at relevant times during the year, and

That those controls were applied consistently (e.g. because controls were performed by different
people or in different locations).

Tests of control may include the following.


(a)

Inspection of documents supporting controls or events to gain audit evidence that internal controls
have operated properly, e.g. verifying that a transaction has been authorised

(b)

Inquiries about internal controls which leave no audit trail, e.g. determining who actually performs
each function not merely who is supposed to perform it

(c)

Reperformance of control procedures, e.g. reconciliation of bank accounts, to ensure they were
correctly performed by the entity

(d)

Examination of evidence of management views, e.g. minutes of management meetings

(e)

Testing of internal controls operating on computerised systems or over the overall information
technology function, e.g. access controls

(f)

Observation of controls to consider the manner in which the control is being operated

Auditors should consider:


~

~
~

How controls were applied


The consistency with which they were applied during the period
By whom they were applied

Tests of controls are distinguished from substantive tests which are designed to detect material
misstatements in the financial statements.
Deviations in the operation of controls {caused by change of staff etc) may increase control risk and tests of
control may need to be modified to confirm effective operation during and after any change.
Audit procedures will include the test of control and then other procedures (e.g. substantive and/or
analytical procedures) to confirm the operating effectiveness of that control. Overall, audit procedures may
be limited where automated processing is involved as control errors are less likely e.g. computers tend to
make less mistakes than humans after a given procedure has been correctly programmed).
The use of computer assisted audit techniques (CAATs} is referred to in Chapter I I of this Study Manual.

3.1.1

Relationship between tests of controls and risk assessment procedures


Testing of controls should not be confused with risk assessment procedures which were performed earlier
in the audit to assess the design and implementation of controls. However, in some situations risk

The Institute of Chartered Accountants in England and Wales, March 2009

187

Advanced Stage- Advanced Audit and Assurance


assessment procedures may provide persuasive evidence on the operation of controls. For example,
management review of budgets and investigation of variances on a regular basis, is indicative that controls
over sales and pu[chases are operating effectively.

3.1.2

Conclude on the achieved level of control risk


When control testing is complete, residual audit risk to be obtained from substantive testing must be
determined. The auditor will use:
~
~

The achieved level of control risk, and


The assessed level of inherent risk

to determine the remaining detection risk. This detection risk is then used to decide the nature and
timing of the remaining substantive testing.

3.2

Substantive procedures
BSA 330 The Auditor's Procedures in Response to Assessed Risks states that irrespective of the assessed risk of
material misstatement, the auditor should design and perform substantive procedures for each material
class of transactions, account balance and disclosure.
There are two key types of substantive procedure:
~

Substantive analytical procedures. These are generally more applicable to large volumes of
transactions that tend to be predictable over time. We will look at these in detail in section 5.

Tests of details. These are ordinarily more appropriate to obtain audit evidence regarding certain
assertions about account balances. We will see how these are applied to key aspects of the financial
statements as we work through the remainder of the chapter.

4 Audit procedures

The procedures used are selected according to the nature of the balance being audited and the assertion
being considered.

4.1

Types of procedure
Auditors obtain evidence by using one or more of the following procedures.

4.1.1

Inquiry

Definition
Inquiry: means gathering information from knowledgeable persons both within and external to the entity
being audited.

188

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

Examples
Inquiry includes obtaining responses to formal written questions through to asking informal questions in
relation to specific audit assertions. The response to inquiries provides the auditor with information that
was not previously possessed or may corroborate information obtained from other sources. The strength
of the evidence depends on the knowledge and integrity of the source. Where the result of inquiry is
different from other evidence obtained, then reasons for that difference must be sought and the
information reconciled.

Business focus
Common uses of inquiry are:
~

Management representations -where management have information not available from any other
source

Asking employees about the internal control systems and effectiveness of the controls they are
operating

Remember it is not normally sufficient to accept inquiry evidence by itself- some corroboration will be
sought. The USA court case of Escott et al. v Bar Chris Corporation ( 1968) ruled that the auditor was
negligent in not following up answers to management inquiries. The judge indicated that the auditor was too
easily satisfied with glib answers and that these should have been checked with additional investigation.

4.1.2

Observation

Definition
Observation: involves looking at a procedure or process being performed by others.

Examples
Observation is not normally a procedure to be relied on by itself. For example, the auditor may observe a
non-current asset, such as a motor vehicle. However, this will only proof the vehicle exists; other
assertions such as rights and obligations will rely on other evidence such as invoices and valuation possibly
on the use of specialist valuers or documentation.

Business focus
Observation is commonly used in the business processes of inventory management. After inventory has
been purchased, an organisation holds raw materials, work-in-progress and finished goods in its warehouses
and factories. Observation is used to determine that the inventory exists, it is valued correctly (looking for
old and slow moving inventory) and that inventory is complete in the organisation's books. Note the link to
audit assertions here.
Additionally, the auditor will be observing the internal control systems over inventory, particularly in
respect to perpetual inventory checking and any specific procedures for year-end inventory counting. You
should be familiar with the audit procedures in respect of attendance at an inventory count from your
assurance studies.
Observation may also be used in the human resource business process. The auditor will observe employees
operating specific controls with the internal control system to determine the effectiveness of application of
those controls, as well as the ability of the employee to operate the control. However, the act of observing
the employee limits the effectiveness of the evidence obtained; many employees will amend their work
practices when they identify the auditor observing them.

The Institute of Chartered Accountants in England and Wales, March 2009

189

Advanced Stage -Advanced Audit and Assurance

4.1.3

Inspection

Definition
Inspection: means the examination of records, documents or tangible assets.
Examples
By carrying out inspection procedures, the auditor is substantiating information that is, or should be, in the
financial statements. For example, inspection of a bank statement confirms the bank balance for the bank
reconciliation which in turn confirms the cash book figure for the financial statements.

Business focus
Inspection assists with the audit of most business processes. For example:
~

Financing: inspection of loan agreements to confirm the term and repayment details (part of the
completeness of disclosure in the financial statements)

Purchasing: Inspection of purchase orders to ensure that the order is valid and belongs to the
company (occurrence assertion amongst others)

Human resources: Inspection of pay and overtime schedules as part of wages audit

Inventory management: Inspection of the work-in-progress ledger confirming cost allocation to specific
items of work-in-progress (valuation assertion)

Revenue: Inspection of sales invoices to ensure that the correct customer has been invoiced with the
correct amount of sales (completeness and accuracy assertions)

Inspection of assets that are recorded in the accounting records confirms existence, gives evidence of
valuation, but does not confirm rights and obligations
Confirmation that assets seen are recorded in accounting records gives evidence of completeness
Confirmation to documentation of items recorded in accounting records confirms that an asset exists or a
transaction occurred. Confirmation that items recorded in supporting documentation are recorded in
accounting records tests completeness
Cut-off can be verified by inspecting the reverse population, that is, checking transactions recorded after
the end of the reporting period to supporting documentation to confirm that they occurred after the end
of the reporting period
Inspection also provides evidence of valuation/measurement, rights and obligations and the nature of
items (presentation and disclosure). It can also be used to compare documents (and hence test
consistency of audit evidence) and confirm authorisation

4.1.4

Recalculation

Definition
Recalculation: means checking the arithmetical accuracy of source documents and accounting records.
Examples
Recalculation obviously relates to financial information. It is deemed to be a reliable source of audit
evidence because it is carried out by the auditor.

190

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

Business focus
Recalculation relates to most business processes. For example:
~

~
~

Financing: calculation of interest payments


Purchasing: accuracy of purchase orders and invoices
Inventory management: valuation of work-in-progress
Revenue: re-calculation of sales invoices

Recalculation is particularly effective when carried out using computer assisted audit techniques
(CAATs) as the computer can perform the whole of the inventory calculation (for example) in a short time
period.

4.1.5

Confirmation
Definition
Confirmation: is the response to an inquiry from a third party to corroborate information in the
accounting records of an audit client.
Examples
A typical example of confirmation evidence is obtaining a response from a debtors' circularisation (see
below for revision on this area). The evidence obtained is highly persuasive as it comes from an
independent external source.

Key characteristics of any confirmation are:


~

Information is requested by the auditor

The request and response is in writing and is sent direct to the auditor

The response is from an independent third party

The confirmation is positive - as response is expected - as compared to negative where a non-reply is


assumed to confirm information provided to the third party.

Business focus
Confirmations are normally used in the following business processes:
~
~

4.1.6

Financing: agreement of bank balances, loan amounts outstanding etc (see Appendix).
Inventory: confirmation of inventory held at third parties
Revenue: confirmation of amounts due from debtors and payable to creditors (see Appendix).

Analytical procedures
We will look at these in section 5.

4.2 Application of procedures to specific areas of the financial


statements
You should be familiar with the basic principles behind the audit of key balances in the financial statements
from your Assurance studies. This section demonstrates the application of these principles, looking in
particular at non-current assets.

The Institute of Chartered Accountants in England and Wales, March 2009

I9I

Advanced Stage- Advanced Audit and Assurance

4.2.1

Tangible assets
The major risks of misstatement in the financial statements are due to:
~

Expenses being capitalised as non-current assets (existence assertion)

Tangible assets being carried at the wrong cost or valuation (valuation assertion)

Tangible assets being carried at the wrong cost or valuation due to charging inappropriate
depreciation, or not depreciating (valuation assertion)

Tangible assets being carried at the wrong cost or valuation due to impairment reviews not being
carried out appropriately (valuation assertion)

Interactive question 4: Audit procedures revision of tangible assets


[Difficulty level: Intermediate]
Your firm acts as auditors to Xantippe Ltd, a manufacturer of industrial components. You have been
presented with the financial statements for the year to 31 December 20X6, which include the following
information in connection with property, plant and equipment.
At
31 December

At

I january

20X6
Cost
Freehold property
Plant and machinery
Motor vehicles

cu

80,000
438,000
40,500
558,500

At

I january

20X6
Depreciation
Freehold property
Plant and machinery
Motor vehicles

cu

8,000
139,500
20,000
167,500

Additions

Disposals

62,000
13,000
75,000

(10,000)

cu

Charge
for
year

cu

1,600
47,000
10,200
58,800

cu

(10,000)

20X6

cu

80,000
490,000
53,500
623,500

At
31 December

Disposals

cu

(3,000)
(3,000)

20X6

cu

9,600
183,500
30,200
223,300

Requirements
(a)

Explain the factors that should be considered in determining an approach to the audit of property,
plant and equipment of Xantippe Ltd.

(b)

State the procedures you would perform in order to reach a conclusion on property, plant and
equipment in the financial statements of Xantippe Ltd for the year ended 31 December 20X6

See Answer at the end of this chapter.

Impairment of non-current assets


An asset is impaired when its carrying amount (depreciated cost or depreciated valuation) exceeds its
recoverable amount. Management are required to determine if there is any indication that the assets
are impaired.
The auditors will consider whether there are any indicators of impairment when carrying out risk
assessment procedures. They will use the same impairment criteria laid out in BAS 36 Impairment of Assets
as management do. If the auditors believe that impairment is indicated, they should request that management
show them the impairment review that has been carried out. If no impairment review has been carried out,
then the auditors should discuss the need for one with management, and if necessary, qualify their report on
grounds of disagreement (not conforming with BAS 36) if management refuse to carry out an impairment
review.

192

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

If an impairment review has been carried out, then the auditors should audit that impairment review.
Management will have estimated whether the recoverable amount of the asset/cash generating unit is lower
than the carrying amount.
For auditors, the key issue is that recoverable amount requires estimation. As estimation is
subjective, this makes it a risky area for auditors.
Management have to determine if recoverable amount is higher than carrying amount. It may not have been
necessary for them to estimate both fair value and value in use, because if one is higher than carrying
amount, then the asset is not impaired. If it is not possible to make a reliable estimate of net realisable
value, then it is necessary to calculate value in use. Net realisable value is only calculable if there is a
active market for the goods, and would therefore be audited in the same way as fair value (the audit of
fair values is dealt with in detail in Chapter 12). Costs to sell such as taxes can be recalculated by applying
the appropriate tax rate to the fair value itself. Delivery costs can be verified by comparing costs to
published rates by delivery companies, for example, on the internet.
If management have calculated the value in use of an asset or cash-generating unit, then the auditors will
have to audit that calculation. The following procedures will be relevant.

Value in use
~

Obtain management's calculation of value in use

Reperform calculation to ensure that it is mathematically correct


Compare the cash flow projects to recent budgets and projections approved by the board to ensure
that they are realistic

Calculate/obtain from analysts the long term average growth rate for the products and ensure that the
growth rates assumed in the calculation of value in use do not exceed it

Refer to competitors' published information to compare how much similar assets are valued at by
companies trading in similar conditions

Compare to previous calculations of value in use to ensure that all relevant costs of maintaining the
asset have been included

Ensure that the cost/income from disposal of the asset at the end of its life has been included

Review calculation to ensure cash flows from financing activities and income tax have been excluded

Compare discount rate used to published market rates to ensure that it correctly reflects the return
expected by the market

If the asset is impaired and has been written down to recoverable amount, the auditors should review the
financial statements to ensure that the write down has been carried out correctly and that the BAS 36
disclosures have been made correctly.

Held for sale assets


BFRS 5 Non-current Assets Held for Sale and Discontinued Operations requires that assets which meet the
criteria 'held for sale' are shown at the lower of carrying amount and fair value less costs to sell,
and that held for sale assets are classified separately on the statement of financial position and the results
of discontinued operations are presented separately on the statement of comprehensive income.
The criteria for held for sale assets are:
(a)

The asset must be available for immediate sale in the present condition

(b)

The sale must be highly probable. This is indicated by:


(i)
(ii)
(iii)
(iv)

Management being committed to a plan to sell the asset


An active programme to locate a buyer initiated
Sale price reasonable in comparison with current fair value
Expectation that sale will be completed within a year

The Institute of Chartered Accountants in England and Wales, March 2009

193

Advanced Stage- Advanced Audit and Assurance


Audit procedures to ensure assets meet the criteria include:
~
~
~
~

~
~

Enquiries/written representations from management concerning intentions


Review minutes of management for evidence of firm plan to sell
Ascertain whether appropriate real estate agent appointed (by reviewing contract between the parties)
Review of sale particulars
Comparison of sale price per sale particulars to fair
Ask real estate agent of likelihood of completion within a year

Interactive question 5: Audit procedures- held for sale assets


[Difficulty level: Exam standard]
Robinson Ltd has a balance of CU250,000 in respect of assets classified as held for sale in the financial
statements for the year ended 31 December 20X7. This is in respect of 2 assets as follows:
CU70,000 relates to production machinery used for a product which is to be withdrawn. Production
will be run down until the end of January 20X8 so that outstanding orders can be completed. The
plant will then be serviced and uninstalled in early February.
2

CU 180,000 relates to a piece of land which was classified as held for sale on I October. (You should
assume that the BFRS 5 criteria are satisfied.) On this date the land's fair value was estimated to be
CU21 0,000 with costs to advertise the asset as being available for sale estimated at CU6,000. The
CU 180,000 represents the carrying value of the land on the basis that it is lower than fair value less
costs to sell. Robinson Ltd has adopted a revaluation policy for land.

Requirement
For each of the above assets:
(I)

Identify the key audit issue

(2)

State the audit procedures which would be performed to address this issue

See Answer at the end of this chapter.

4.2.2

Intangible assets
Accounting guidance for intangibles is given in BAS 38 Intangible Assets and BFRS 3 Business Combinations.
The types of assets you are likely to encounter under this heading include:
~
~
~
~
~

Patents
Licences
Trademarks
Development costs
Goodwill

The major risks of misstatement in the financial statements are due to:
~

Expenses being capitalised as non-current assets (existence assertion)

Intangible assets being carried at the wrong cost or valuation (valuation assertion)

Intangible assets being carried at the wrong cost or valuation due to charging inappropriate
depreciation, or not depreciating (valuation assertion)

Intangible assets being carried at the wrong cost or valuation due to impairment reviews not being
carried out appropriately (valuation assertion)

In order to address these the auditor should carry out the following procedures:

194

The Institute of Chartered Accountants in England and Wales, March 2009

"--

AUDIT EVIDENCE
Completeness
~

Prepare analysis of movements on cost and amortisation accounts

Rights and obligations


~
~

Obtain confirmation of all patents and trademarks held by a patent agent


Verify payment of annual renewal fees

Valuation
~

Review specialist valuations of intangible assets, considering:


Qualifications of valuer
Scope of work
Assumptions and methods used

Confirm carried down balances represent continuing value, which are proper charges to future
operations

Additions (rights and obligations, valuation and completeness)

\ ..

Inspect purchase agreements, assignments and supporting documentation for intangible assets acquired
in period

Confirm purchases have been authorised

Verify amounts capitalised of patents developed by the company with supporting costing records

Amortisation
~

Review amortisation
Check computation
Confirm that rates used are reasonable

Income from intangibles


~

Review sales returns and statistics to verify the reasonableness of income derived from patents,
trademarks, licences etc

'
Examine audited accounts of third party sales covered by a patent, licence or trademark owned
by
the company

5 Analytical procedures

ri~:~,l~1t~~t~"';i1;''~~~~~;1f2:
.,--

: . ~ . - . :~il~r~i~~~ pr?c<f~i-~~;:~ay .
"''"' '

5.1

,~, :','1~/:>::, :,~~-~,7:

Use of analytical procedures


As we saw in Chapter 4 analytical procedures are used throughout the audit. BSA 520 Analytical Procedures
requires that analytical procedures are used:
~

As risk assessment procedures to obtain an understanding of the entity and its environment

At or near the end of the audit when forming an overall conclusion as to whether the financial
statements as a whole are consistent with the auditor's understanding of the entity

Analytical procedures may also be used as substantive procedures.


Auditors should not normally rely on analytical procedures alone in respect of material balances but should
combine them with tests of detail. However, BSA 330 para 53 permits that, in some circumstances,
substantive testing may consist only of analytical procedures.

The Institute of Chartered Accountants in England and Wales, March 2009

I 95

Advanced Stage - Advanced Audit and Assurance


Nevertheless, some tests of detail are required in areas where significant risks have been identified at the
planning stage.

5.2

Practical techniques
Ratio analysis is one of the key techniques which the auditor will use when performing analytical
procedures. You have looked at the relevant ratios in detail in your Assurance studies. A brief summary is
provided below.

5.2.1

Ratio analysis
When carrying out analytical procedures, auditors should remember that every industry is different and
each company within an industry differs in certain aspects.
Important
accounting ratios

I
I

Gross profit margins, in total and by product, area and months/quarter (if
possible)
Receivables ratio (average collection period)
Inventory turnover ratio (inventory divided into cost of sales)
Current ratio (current assets to current liabilities)

Quick or acid test ratio (liquid assets to current liabilities)


Gearing ratio (debt capital to equity capital)

1
I
Return on capital employed (profit before tax to total assets less current
jl
I
liabilities)
~--------------------~-------------------------------------------------------~
I Related items
Payables and purchases
/
Inventory and cost of sales
Non current assets and depreciation, repairs and maintenance expense
Intangible assets and amortisation
Loans and interest expense
Investments and investment income
Receivables and bad debt expense
Receivables and sales

Ratios mean very little when used in isolation. They should be calculated for previous periods and for
comparable companies. The permanent file should contain a section with summarised accounts and the
chosen ratios for prior years.
In addition to looking at the more usual ratios the auditors should consider examining other ratios that
may be relevant to the particular client's business, such as revenue per passenger mile for an airline
operator client, or fees per partner for a professional office.

5.2.2

Other techniques
Other analytical techniques include:
(a)

Simple comparisons
A simple year on year comparison could provide very persuasive evidence that an expense such as
rent is correctly stated, providing that the auditor has sufficient knowledge of the business, for
example knowing that the same premises have been leased year on year and that there has been no
rent review.

196

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

(b)

Examining related accounts


Examining related accounts in conjunction with each other could provide evidence that balance is fairly
stated. Often revenue and expense accounts are related to asset and liability accounts and
comparisons should be made to ensure relationships are reasonable.

(c)

Reasonableness tests
These involve calculating expected value of an item and comparing it with its actual value, for
example, for straight-line depreciation.
(Cost+ Additions- Disposals) x Depreciation%= Recognised in profit or loss
This may include the comparison of non-financial as well as financial information.
For example, in making an estimate of employee costs, probably for one specific department, such as
manufacturing, the auditor might use information about the number of employees in the department,
as well as rates of pay increases.

(d)

Trend analysis
This is a sophisticated statistical technique that can be used to compare this period with the previous
period. Information technology can be used in trend analysis, to enable auditors to see trends
graphically with relative ease and speed.
Methods of trend analysis include:
Scattergraphs
Bar graphs
Pie charts
Any other visual representations
Time series analysis
Statistical regression
Time series analysis involves techniques such as eliminating seasonal fluctuations from sets of figures,
so that underlying trends can be analysed. This is illustrated below.

Example
Sales

Months
June

December

June

Line (I) in the diagram shows the actual sales made by a business. There is a clear seasonal fluctuation
before Christmas. Line (2) shows a level of sales with 'expected seasonal fluctuations' having been stripped
out.

The Institute of Chartered Accountants in England and Wales, March 2009

197

Advanced Stage- Advanced Audit and Assurance


In this analysis the seasonal fluctuations have been estimated. This analysis is useful however, because the
estimate is likely to be based on past performance, so that the conclusion from this is that there might be a
problem:
~
~

5.3

Sales are below the levels of previous years


Sales are below expectation

Analytical procedures as risk assessment procedures


Analytical procedures should be carried out at the planning stage of the audit because:
~
~
~

It is a tool which assists in the identification of risk


The result helps the auditor to plan the audit approach
It is required by BSA 520

The benefits of adopting this technique are that:


~

5.3.1

It helps to focus on the key priorities as it is a 'top down' procedure


It is an efficient procedure, due to its focus on key priorities

Technique
Although we are specifically considering analytical procedures as risk assessment procedures the basic
techniques adopted throughout the audit are very similar. The key stages in the process are as follows:
~
~
~

Interpretation
Investigation
Corroboration

When potential problem areas have been identified one of the key questions to ask is 'why'?
The statement of comprehensive income
To apply this in more detail think about the client's statement of comprehensive income.
The key question must be:
Why did the client make more (or less) money this year?
Profit before tax

Overheads

More customers
Different customers
More spend per customer
New outlets
One offs
Fraud & Error
~

~
~

198

Different products
Different suppliers
Different markets
One offs
Fraud & Error

Changes in revenue;
Changes in margins;
Changes in overheads.

The Institute of Chartered Accountants in England and Wales, March 2009

Strategic decisions
Market forces
One offs
Fraud & Error

AUDIT EVIDENCE
Changes in revenue must depend on changes in:
~
~

Volumes; or
Prices;

or perhaps a combination of the two.


Changes in margins must have something to do with changes in:
~
~
~

Selling prices;
Cost prices;
Product mix.

Changes in overheads will need to be identified line by line, but you might like to consider the different
impacts of changes in:
~

Fixed; and
Variable overheads.

The boxes at the bottom of the diagram give some suggestions for the reasons why. The suggestions are
not intended to be exhaustive, but they should give you a good basis for an answer to an analytical review
type question.
A similar approach needs to be taken both to statement of financial position areas and those efficiency
ratios which link statement of financial position figures to the performance ratios.

5.3.2

Financial and non-financial factors


BSA 520 stresses the need to consider the use of non financial information e.g. employee numbers,
available selling space etc. Non-financial performance indicators can be found within the financial statements.
In particular an operating and financial review, or possibly the chairman's statement may serve as
useful indicators as they attempt to comment on both the past and the future of the company. Care must
be taken however, in assessing the reliability of this information as indicators may have been selected to
ensure a positive message is conveyed.

Interactive question 6: Analytical procedures (I)

[Difficulty level: Easy]

You are planning the audit of Darwin Ltd for the year ended 31 December 20X7. You are currently
engaged in the interim audit during November 20X7. The company manufactures and distributes light
fittings for both internal and external use. Approximately 40% of revenue is generated from overseas
customers.
You have been provided with the following operating information
I 0 months to 31 October
20X7

I 0 months to 31 October
20X6

Year to 31 December
20X6

27,187
16,040
11,147
5,437
5,709
41%
21%
5,160

23,516
14,966
8,550
4,938
3,612
36%
15%
4,320

27,Q68
17,175
9,892
5,678
4,214
37%
16%
4,080

cuooo

Revenue
Cost of sales
Gross profit
Operating expenses
Operating profit
Gross profit margin
Operating profit margin
Inventories

cuooo

cuooo

Requirement
Based on the operating information identify and explain the potential audit risks.

See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

I 99

Advanced Stage - Advanced Audit and Assurance

Interactive question 7: Analytical procedures (2)

(Difficulty level: Intermediate]

Libby Ltd is a ladies fashion retailer operating a chain of shops in the South East of England from a head
office in Guildford. Your firm has been the auditor of Libby Ltd for some years.
During the current year one shop was closed and the product range of the remaining eight shops was
extended to include accessories and footwear.
The company has a computerised accounting system and the audit manager is keen to ensure that the audit
is as efficient as possible.
As senior in charge of the audit you are currently planning the audit work for trade payables and you have
obtained draft financial statements from the client.
Extracts from the draft financial statements:
Year ended 31 March

Draft 20X7

Aaua/20X6

Revenue
Gross profit

8,173
1,717

5,650
1,352

Statement of financial position

Draft

Statement of comprehensive income

cuooo

cuooo

Year ended 31 March

Non current assets


Current assets
Trade payables
Other payables

Aaual

cuooo

cuooo

2,799
1,746
991
514

2,616
1,127
718
460

Requirements
(a)

State what observations you can draw from the extracts from the draft financial statements and how
they may affect your audit of trade payables.

(b)

Indicate how audit software could be used in the audit of trade payables to achieve a more efficient
audit.

See Answer at the end of this chapter.

5.4 Analytical procedures as substantive procedures


5.4.1

Factors to consider
There are a number of factors which the auditors should consider when deciding whether to use analytical
procedures as substantive procedures. You will have covered these in your Assurance studies. A brief
reminder of those identified by BSA 520 is given below.

200

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

The plausibility and predictability


of the relationships identified for
comparison and evaluation

The strong relationship between certain selling expenses and


revenue in many businesses where the sales force is paid by
commission

The objectives of the analytical


procedures and the extent to which
their results are reliable

Where there are common relationships between items such


as gross profit and revenue, where there are constant or
known profit margins and limited changes in the mix of goods
sold.
One-off large transactions may be less appropriate to
analytical procedures than large numbers of small, similar
transactions

The detail to which information can


be analysed

Analytical procedures may be more effective when applied to


financial information or individual sections of an operation
such as individual factories or shops

The availability of information

Financial: budgets or forecasts


Non-financial: e.g. the number of units produced or sold

The relevance of the information


available

Whether the budgets are established as results to be


expected rather than as tough targets {which may well not be
achieved}

The comparability of the


information available

Comparisons with average performance in an industry may


be of little value if a large number of companies differ
significantly from the average

The knowledge gained during

The effectiveness of the accounting and internal controls

previous audits

The types of problems giving rise to accounting adjustments


in prior periods

Factors which should also be considered when determining the reliance that the auditors should place on
the results of substantive analytical procedures are:

Other audit procedures directed


towards the same financial statements
assertions

Other procedures auditors undertake in reviewing the


collectability of receivables, such as the review of subsequent
cash receipts, may confirm or dispel questions arising from
the application of analytical procedures to a profit of
customers' accounts which lists for how long monies have
been owed

The accuracy with which the


expected results of analytical
procedures can be predicted

Auditors normally expect greater consistency in comparing


the relationship of gross profit to sales from one period to
another than in comparing expenditure which may or may
not be made within a period, such as research or advertising

The frequency with which a


relationship is observed

A pattern repeated monthly as opposed to annually

Reliance on the results of analytical procedures depends on the auditor's assessment of the risk that the
procedures may identify relationships (between data) do exist, whereas a material misstatement exists (that
is, the relationships, in fact, do not exist). It depends also on the results of investigations that auditors have
made if substantive analytical procedures have highlighted significant fluctuations or unexpected
relationships.

The Institute of Chartered Accountants in England and Wales, March 2009

20 I

Advanced Stage - Advanced Audit and Assurance

5.4.2

Substantive analytical procedures


In practical terms, the use of substantive analytical procedures involves four distinct steps:
~

Firstly, formulate expectations

Secondly, compare expected value with the actual recorded amount

Thirdly, obtain possible reasons for variance between expected value and recorded amount

Fourthly, evaluate impact of any unresolved differences between the expected and recorded
amounts on the audit and financial statements.

Each of these steps is explained below.


Formulate expectations
The auditor develops an expectation of figures in the financial statements using prior year financial
statements, budgets, industry information etc. The expectation should be developed so that any material
difference between this and the actual values in the financial statements indicates a potential misstatement.
To carry out this procedure, the auditor will need access to industry data and environmental factors
affecting that industry. Access to the financial statements is not required at this time as this could prejudice
the expectations of the auditor.
Example
Confirming the accuracy of salary expense in the statement of comprehensive income.
The prior year salary figure can be obtained from the prior year financial statements. This year's salary can
be estimated using the average number of employees (from personnel records} and the average salary again
from personnel records. Changes in number of staff can be checked as reasonably accurate from knowledge
of the industry sector (expanding or declining?) and initial knowledge of the client's business (expanding or
contracting?). Average number of employees multiplied by average salary should give an approximate salary
cost for the financial statements.
Compare expected value with the actual recorded amount
The auditor compares the expected value with the actual amount in the financial statements. In making this
comparison, the auditor must decide the amount of deviation will be allowed between the expected and
actual figures- in other words set a materiality limit. If the difference between the two figures exceeds this
materiality threshold then further investigation will be required in an attempt to explain the difference. If
the difference is below the materiality threshold then no further investigation will be necessary.
The actual salary expense in the statement of comprehensive income can be found. Assuming that salary
cost does not involve overtime, then the estimated amount and the actual should be relatively close materiality is likely to be set at say 10% difference between the two figures.
Obtain possible reasons for variances
The auditor attempts to identify reasons for the difference between the expected figure and the actual
figure in the financial statements. The level of investigation depends to some extent on the accuracy of the
auditor's expected figure. If the expected figure is precise, then more investigation will be expected.
Conversely, if the expected figure has larger element of imprecision, then it is less likely that any difference
is due to misstatement and therefore less investigation work will be performed.
Corroboration of any difference will normally start by obtaining management representations. However,
these representations should be treated with scepticism due to the inherent problem of reliability of this
source of evidence. Evidence from other sources will be required to ensure management representations
are accurate.
If the expected and actual salary expenses are more than I0% different, then further work is needed to
determine why this is the case. Initial discussions with management may highlight areas where costs will be
different, e.g. expansion in the last month of the year may skew the average number of managers to a larger
number than expected. Or a salary increase late in the year may also inflate expectations of average salary.
These management representations will be checked back in detail to the salary records.

202

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE
Evaluate impact of any unresolved differences
Finally, the auditor will evaluate the impact of any unresolved differences on audit work and the financial
statements. A large difference may mean that additional substantive testing is required on the account
balance to determine its accuracy. Any small remaining difference may be ignored as immaterial.
Hopefully, differences in expected and actual salaries will be resolved and any remaining residual difference
will be immaterial. However, where differences remain, additional substantive testing of the salaries figure
will be required.

5.5

Analytical procedures at the completion stage


The steps for carrying out analytical procedures at the completion stage of the audit are very similar to
those used as part of the risk assessment process at the planning stage, but they are applied in a different
way:
~

Interpretation
The individual carrying out the analytical procedures, reads through the financial statements and
interprets them, considering the absolute figures themselves and the relevant ratios.
Investigation
When analytical procedures are used as risk assessment procedures or as a substantive procedure the
aim is to identify potential problems. The problems are then investigated during fieldwork by making
enquiries and gathering audit evidence.
At the completion stage the reviewer will expect to find the answers to the issues raised by the
review on the audit file.

Corroboration
Should those answers not be on the file, then further work will need to be performed.

From a practical point of view it is worth remembering the following:

5.6

For the smaller client the working papers supporting the final analytical procedures may well simply be
an update of the work done at the planning stage

For the larger client the review becomes much more of a specific exercise

The financial statements used for the analytical procedures need to incorporate any adjustments made
as a result of the audit

Any problems identified by the procedures that indicate that the financial statements should be
amended need to be actioned.

Analytical review and other engagements


In this section we have been looking at the role of analytical procedures in the audit process. However the
skills and techniques involved may be applied to other aspects of the professional accountants work.

Interactive question 8: Analytical procedures (3)

[Difficulty level: Exam standard]

Harrison Ltd is a small jewellers based in Hatton Garden in London. Over the years it has built up an
impressive client portfolio, and boasts names from high society as regular customers.
Harrison Ltd now needs to restructure its long-term and short-term financing in order to facilitate future
growth, and has provided your firm with the following data to make an assessment of its liquidity. The firm
is also looking to re-evaluate its performance measures and is seeking advice on what might be the most
appropriate non-financial performance measures.
The following is an extract from the financial information provided by Harrison Ltd for the year ended 30
September 20X4.

The Institute of Chartered Accountants in England and Wales, March 2009

203

Advanced Stage- Advanced Audit and Assurance


Revenue
Purchases
Cost of sales

CU2.0m
CUI.2m
CUI.5m

cu

Non-current assets
Inventory
Receivables
Cash
Payables

550,000
300,000
150,000
100,000
(100,000)
1,000,000

Ordinary shares of 25p each


Reserves
7% preference shares of CUI each
15% unsecured loan stock
Payables

250,000
350,000
250,000
150,000
1,000,000

cu

The ordinary shares are currently quoted at 125p each, the loan stock is trading at CUSS per CUI 00
nominal, and the preference shares at 65p each.

Requirement
Advise the company.

See Answer at the end of this chapter.

6 Provisions and contingencies

6.1

Audit procedures
You should be familiar with the definitions of a provision and a contingent liability and contingent asset from
BAS 37 Provisions, Contingent Liabilities and Contingent Assets. As you will see below much of the audit work is
focused on ensuring that the recognition and treatment of these items is in accordance with financial
reporting standards.
The audit tests that should be carried out on provisions and contingent assets and liabilities are as follows.
~

Obtain details of all provisions which have been included in the accounts and all contingencies
that have been disclosed

Obtain a detailed analysis of all provisions showing opening balances, movements and closing
balances

Determine for each material provision whether the company has a present obligation as a
result of past events by:
Review of correspondence relating to the item
Discussion with the directors, have they created a valid expectation in other parties that they
will discharge the obligation?

204

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE
~

Determine for each material provision whether it is probable that a transfer of economic
benefits will be required to settle the obligation by:
Checking whether any payments have been made after the end of the reporting period in
respect of the item
Review of correspondence with solicitors, banks, customers, insurance company and suppliers
both pre and post year end
Sending a letter to the solicitor to obtain their views (where relevant)
Discussing the position of similar past provisions with the directors. Were these provisions
eventually settled1
Considering the likelihood of reimbursement

Recalculate all provisions made

Compare the amount provided with any post year end payments and with any amount paid in the
past for similar items

In the event that it is not possible to estimate the amount of the provision, check that this
contingent liability is disclosed in the accounts

Consider the nature of the client's business. Would you expect to see any other provisions, for
example, warranties1
Consider whether disclosures of provisions, contingent liabilities and contingent assets are
correct and sufficient

6.2
6.2.1

Procedures regarding litigation and claims


Introduction
BSA 50 I Audit vidence - Additional Considerations for Specific Items provides guidance on a number of areas,
the key issues being:
~
~

Attendance at physical inventory counting


Procedures regarding litigation and claims

Attendance at an inventory count has been covered in detail in Assurance. A summary of the procedures
regarding litigation and claims is provided below.

6.2.2

Litigation and claims


Litigation and claims involving the entity may have a material effect on the financial statements, and so will
require adjustment to or disclosure in those financial statements.
The auditor should carry out procedures in order to become aware of any litigation and claims involving
the entity which may have a material effect on the financial statements.
Such procedures would include the following:
~

Make appropriate inquiries of management including obtaining representations

Review board minutes and correspondence with the entity's lawyers

Examine legal expense account

Use any information obtained regarding the entity's business including information obtained from
discussions with any in-house legal department

When litigation or claims have been identified or when the auditor believes they may exist, the auditor
should seek direct communication with the entity's lawyers.
This will help to obtain sufficient appropriate audit evidence as to whether potential material litigation
and claims are known and management's estimates of the financial implications, including costs, are reliable.

The Institute of Chartered Accountants in England and Wales, March 2009

205

Advanced Stage- Advanced Audit and Assurance

Form of the Jetter


The letter, which should be prepared by management and sent by the auditor, should request the lawyer to
communicate directly with the auditor.
If it is thought unlikely that the lawyer will respond to a general enquiry, the letter should specify the
following.
(a)

A list of litigation and claims

(b)

Management's assessment ofthe outcome of the litigation or claim and its estimate of the financial
implications, including costs involved

(c)

A request that the lawyer confirm the reasonableness of management's assessments and provide the
auditor with further information if the list is considered by the lawyer to be incomplete or incorrect

The auditors must consider these matters up to the date of their report and so a further, updating
letter may be necessary.
A meeting between the auditors and the lawyer may be required, for example where a complex matter
arises, or where there is a disagreement between management and the lawyer. Such meetings should take
place only with the permission of management, and preferably with a management representative present.
If management refuses to give the auditor permission to communicate with the entity's lawyers, this would
be a scope limitation and should ordinarily lead to a qualified opinion or a disclaimer of opinion.
If the lawyer refuses to respond as required and the auditor can find no alternative sufficient evidence, a

limitation of scope may lead to a qualified opinion or a disclaimer of opinion.

Interactive question 9: Contingencies

(Difficulty level: Intermediate]

In February 20X7 the directors of Newthorpe Engineering Ltd suspended the managing director. At a
disciplinary hearing held by the company on 17 March 20X7 the managing director was dismissed for gross
misconduct, and it was decided the managing director's salary should stop from that date and no
redundancy or compensation payments should be made.
The managing director has claimed unfair dismissal and is taking legal action against the company to obtain
compensation for loss of his employment. The managing director says he has a service contract with the
company which would entitle him to two years' salary at the date of dismissal.
The financial statements for the year ended 30 April 20X7 record the resignation of the director. However,
they do not mention his dismissal and no provis'1on for any damages has been included in the financial
statements.

Requirements
(a)

State how contingent liabilities should be disclosed in financial statements according to BAS 37
Provisions, Contingent Uabilities and Contingent Assets.

(b)

Describe the audit work you will carry out to determine whether the company will have to pay
damages to the director for unfair dismissal, and the amount of damages and costs which should be
included in the financial statements.
Note. Assume the amounts you are auditing are material.

See Answer at the end of this chapter.

206

The Institute of Chartered Accountants in England and Wales, March 2009

--

AUDIT EVIDENCE

7 Audit of accounting estimates

BSA 540 Audit of Accounting Estimates provides guidance on the audit of accounting estimates contained in
financial statements and requires auditors to obtain sufficient, appropriate audit evidence regarding
accounting estimates.

Definition
An accounting estimate: is an approximation of the amount of an item in the absence of a precise means
of measurement.

The BSA gives the following examples.


~

Allowances to reduce inventory and receivables to their estimated realisable value

Depreciation and amortisation to allocate the cost of non-current assets over their estimated useful
lives

Accrued revenue

Deferred tax

Provision for a loss from a lawsuit

Losses on construction contracts in progress

Provision to meet warranty claims

Directors and management are responsible for making accounting estimates included in the financial
statements. These estimates are often made in conditions of uncertainty regarding the outcome of events
and involve the use of judgement. The risk of a material misstatement therefore increases when
accounting estimates are involved.
Audit evidence supporting accounting estimates is generally less than conclusive and so auditors need
to exercise greater judgement than in other areas of an audit.
Accounting estimates may be produced as part of the routine operations of the accounting system, or may
be a non-routine procedure at the period-end. Where, as is frequently the case, a formula based on past
experience is used to calculate the estimate, it should be reviewed regularly by management (e.g. actual vs.
estimate in prior periods).
If there is no objective data to assess the item, or if it is surrounded by uncertainty, the auditors should
consider the implications for their report.

7 .I

Audit procedures
Auditors should gain an understanding of the procedures and methods used by management to make
accounting estimates to gain evidence of whether estimates are reasonable given the circumstances and
appropriately disclosed if necessary. It will also aid the auditors' planning of their own procedures.

The Institute of Chartered Accountants in England and Wales, March 2009

207

Advanced Stage- Advanced Audit and Assurance


This BSA says that the auditor should adopt one or a combination of the following approaches in the audit
of an accounting estimate:

7.1.1

(a)

Review and test the process used by management or the directors to develop the estimate

(b)

Use an independent estimate for comparison with that prepared by management or the
directors or

(c)

Review subsequent events which confirm the estimate made

Review and testing the process


The auditors will carry out the following steps.
~

Consider whether data is accurate, complete and reliable

Seek appropriate evidence from outside client (for example, industry sales projections to confirm
internal estimates of future sales orders)

Check whether data is appropriately analysed and projected (for example, age analysis of debtors)

Evaluate whether base used for assumptions is appropriate

Evaluate whether assumptions are reasonable in light of prior period results

Consider whether formulae used remain appropriate

Consider whether assumptions are consistent


With those used for other accounting estimates
With management's plans

Consider whether expert opinion is required if estimates are complex

Test calculations involved in the estimate considering:


Complexity of calculation
Procedures and methods used by the client
Materiality of estimate

Compare previous estimates with actual results, aiming to obtain evidence about
General reliability of the client's estimating procedures
Whether adjustments to estimating formulae will be required
Whether differences between previous estimates and actual figures ought to be disclosed

7.1.2

Consider management's approval procedures, confirming it is performed by the appropriate level of


management and evidenced

Use of an independent estimate


The auditors may seek evidence from sources outside the entity. Such an estimate (made or obtained by
the auditors) may be compared with the accounting estimate. The auditors should evaluate the data,
consider the assumptions and test the calculation procedures used to develop the independent estimate.
Prior period independent assessments and actual results could also be compared.

7.1.3

Review of subsequent events


The auditors should review transactions or events after the period-end which may reduce or even remove
the need to test accounting estimates (as described above). Subsequent events are discussed in detail in
Chapter 6.

208

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

7.2

Evaluation of results of audit procedures


'The auditor should make a final assessment of the reasonableness of the accounting estimate
based on the auditor's understanding of the entity and its environment and whether the estimates
are consistent with other audit evidence obtained during the audit.'
Auditors must assess the differences between the amount of an estimate supported by evidence and the
estimate calculated by management. If the auditors believe that the difference is unreasonable then an
adjustment should be made. If the directors or management refuse to revise the estimate, then the
difference is considered a misstatement and will be treated as such.

7.3
7.3.1

Deferred tax
Accounting treatment: reminder
Deferred tax is the tax attributable to temporary differences. Where a company has a tax reduction
in the current period, by accelerated capital allowances for example, a provision for the tax charge is
made in the statement of financial position.
The provision is made is because over the course of the asset's life, the tax allowances will reduce until the
depreciation charged in the accounts is higher than the allowances. This will result in taxable profit being
higher than reported profit and the company will be 'suffering higher tax' in this period.

As part of the planning process, if the client receives tax services from the firm, the auditor should
consult the tax department as to the company's future tax plans, to ascertain whether they expect a
deferred tax liability to arise. This will assist any analytical review they carry out on the deferred tax
provision.

7.3.2

Audit procedures
The following procedures will be relevant:
Obtain a copy of the deferred tax workings and the corporation tax computation
Check the arithmetical accuracy of the deferred tax working
Agree the figures used to calculate timing differences to those on the tax computation and the
financial statements
Consider the assumptions made in the light of your knowledge of the business and any other evidence
gathered during the course of the audit to ensure reasonableness
Agree the opening position on the deferred tax account to the prior year financial statements
Review the basis of the provision to ensure:
It is line with accounting practice under BAS 12/ncome Taxes
It is suitably comparable to practice in previous years
Any changes in accounting policy have been disclosed

7.4 Construction contracts


7.4.1

Accounting treatment: reminder


Definition
Construction contract: A contract specifically negotiated for the construction of an asset or a
combination of assets that are closely interrelated or interdependent in terms of their design, technology
and function or their ultimate purpose or use.

The Institute of Chartered Accountants in England and Wales, March 2009

209

Advanced Stage- Advanced Audit and Assurance


The accounting treatment is as follows:

7.4.2

Recognise contract revenue as revenue in the accounting period in which the work is performed.

Recognise contract costs as an expense in the accounting period in which the work to which they
relate is performed.

Any expected excess of total contract costs over total contract revenue should be recognised as an
expense immediately.

Any costs incurred which relate to future activity should be recognised as an asset if it is probable
that they will be recovered (often called contract work in progress, that is, amounts due from the
customer).

Where amounts have been recognised as contract revenue, but their collectability from the
customer becomes doubtful, such amounts should be recognised as an expense, not a deduction from
revenue.

Audit procedures
The following procedures will be relevant:
~

Determine whether the outcome of the contract can be measured reliably, in particular the
assessment of the directors that payment will be received under the contract

Where this is not the case confirm that revenue is recognised only to the extent that costs are
recoverable

Check the calculation of the overall expected outcome for the project i.e. profitable/loss making

Agree total revenue to sales contract

Obtain details of costs incurred and agree to supporting documentation

Review the calculation of costs to complete and assess the validity of any assumptions made by
management. Where possible compare the overall expected profitability with other similar projects.

Assess the basis on which profit is recognised e.g. stage of completion method. Establish the way
in which the stage of completion has been measured e.g. by surveyor and determine whether it
appears reasonable

Where the stage of completion is based on costs incurred to date assess whether they fairly
represent the stage of completion (i.e. they do not represent inefficiencies)

Confirm that any costs accounted for as contract work in progress are recoverable under the
contract

Assess the likelihood of recovery of revenue recognised but not yet received (may represent a bad
debt)

Interactive question I 0: Construction contracts

[Difficulty level: Intermediate]

Construction Ltd has entered into a fixed price contract to construct an office block. Construction
commenced on I September 20X6 and is expected to take 36 months. You are auditing the financial
statements for the year ended 31 December 20X7.
The contract price is made up as follows:

cuooo
Contract price
Incentive payment if completed on time

600
__1Q

640
Total contract costs at the end of 20X6 were estimated to be CU470,000. At the end of 20X7 this estimate
has increased to CU570,000 due to extra costs incurred to rectify a number of construction faults.

21 0

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE
At the end of 20X6 the contract was assessed as being 30% complete and at the end of 20X7 60%
complete. Draft financial statements show that the following amounts have been recognised:
lOX?

Revenue
Profit

20X6

cuooo

cuooo

192

192
51

42

Requirement
For the year ended 31 December 20X7:
(I)

Identify the audit issues you would need to consider

(2)

List the audit procedures you would perform

See Answer at the end of this chapter.

-~-

7 .S

Current developments
The IMSB has issued ISA 540 (Revised and Redrafted) Auditing Accounting Estimates, Including Fair Value
Accounting Estimates, and Related Disclosures as part of the Clarity Project (see Chapter I). This standard
combines two former standards, still in use in Bangladesh, BSA 540 Audit of Accounting Estimates and BSA
545 Auditing Fair Value Measurements and Disclosures (see Chapter 12) as similar issues and risks arise in both
cases. Its specific requirements stress:
~

The need to understand how management make estimates

Focus must be on figures with a high level of estimation uncertainty as well as estimates with a high
risk of material misstatement, and

If management has not considered a range of outcomes the auditors should consider whether to
calculate their own reasonable range of outcomes

More detailed requirements include the following:


~

The auditor shall obtain an understanding of the following as part of the process of understanding the
business:
The requirements of the applicable financial reporting framework.
The means by which the management identifies transactions, events and conditions that may give
rise to the accounting estimates.
How management makes the accounting estimate.
This means that the auditor must have a sound knowledge of the accounting requirements relevant to
the entity and when fair value is allowed, for example, BAS 16 allows fair value provided 'it can be
measured reliably'.

The auditor should evaluate the degree of estimation uncertainty associated with the accounting
estimate and assess whether this gives rise to significant risks.

Based on the assessed risks the auditor will determine whether the financial reporting framework has
been properly applied and whether methods for making estimates are appropriate and have been
applied consistently.

The Institute of Chartered Accountants in England and Wales, March 2009

21 I

Advanced Stage- Advanced Audit and Assurance


~

The auditor will also:


Determine whether events occurring up to the date of the audit report provide evidence
regarding the accounting estimate
Test how management made the accounting estimate
Test the operating effectiveness of controls together with appropriate substantive procedures
Develop a point estimate or a range to evaluate the management's point estimate.

For accounting estimates which give rise to significant risks the auditor should also evaluate the
following:
How management has considered alternative assumptions or outcomes
Whether the significant assumptions used are reasonable
Management intent to carry out specific courses of action and its ability to do so, where these
affect the accounting estimate
Management's decision to recognise, or to not recognise the accounting estimate
The selected measurement basis

The possibility of management bias must be considered by the auditor

Written representations will be obtained from management as to whether management believes that
significant assumptions used in making accounting estimates are reasonable.

8 Related parties

8.1

Introduction
The need for enhanced reporting on related party transactions was highlighted by many DTI investigations
into company failures. Transactions with related parties may have been concealed from auditors or
inaccurate information given. Hence the financial statements and audit report may have failed to disclose
relevant information. Thus, in line with the continued importance of reporting all information to
stakeholders, BAS 24 Related Pany Disclosures and BSA 550 Related Parties were developed.

8.2

Key issues
Readers of financial statements normally assume that transactions reflected in financial statements are made
with independent parties unless told otherwise.
Readers will also normally assume that a company is owned by a number of shareholders and is not
subject to control or significant influence by any one person or company unless told otherwise, e.g.
through disclosure of identity of parent company and significant shareholdings disclosure.
Where a company does business with "related parties", for instance with shareholders or directors, these
assumptions may not be valid.

21 2

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

8.3
8.3.1

The audit of related parties


Scope
BSA 550 provides guidance on the auditor's responsibilities and audit procedures regarding related parties
and transactions with such parties.
BSA 550 is applicable whether or not BAS 24 is a requirement of the reporting framework for the entity
concerned. BSA 550 therefore applies to private companies in Bangladesh as well as listed companies.
Despite this, BSA 550 uses some definitions taken from BAS 24 and thus there is some overlap between the
two standards.

8.3.2

Responsibilities
Management is responsible for the identification of related parties and the disclosure of transactions with
such parties. Management should set up appropriate internal controls to ensure that related parties are
identified and disclosed along with any related party transactions.
The auditor needs to obtain appropriate audit evidence regarding the assertions by management in respect
of related parties. This involves an understanding of the entity and its environment to identify events,
transactions and practices with respect to related parties.

8.3.3
' ---

Risks
The following audit risks may arise from a failure to discover a related party.
~

Failure to comply with BAS 24

There may be a misstatement in the financial statements - transactions may be on a non-arm's length
basis and thus may result in assets, liabilities, profit or loss being overstated or understated.

The reliance on a source of audit evidence may be misjudged. An auditor may rely on what is
perceived to be third party evidence when in fact it is from a related party. More generally, reliance on
management assurances may be affected if the auditor were made aware of non-disclosure of a related
party.

The motivations of related parties may be outside normal business motivations and thus may be
misunderstood by the auditor if there is non-disclosure. In the extreme this may amount to fraud.

The risk of failure to detect a related party transaction (RPT) may depend upon the following.
~

Whether there has been no charge made for a RPT (i.e. a zero cost transaction)

Where disclosure would be sensitive for directors or have adverse consequences for the company

Where the company has no systematic system for detecting RPTs

Where RPTs are not with a party that the auditor could reasonably expect to know is a related party
RPTs from an earlier period have remained as an unsettled balance

8.3.4

Management have concealed, or failed to disclose fully, related parties or transactions with such
parties

Audit testing
The planning stage
In planning the audit the auditor needs to consider the risk of undisclosed related party transactions.
This is a difficult area because BAS 24 does not have consideration for materiality. Thus, even small RPTs
should be disclosed by a company. Indeed, related party relationships where there is control (e.g. a
subsidiary) need to be disclosed even where there are no transactions with this party.

The detailed testing stage


The auditors should ask the directors, who are responsible for the proper preparation of the financial
statements (which will include full disclosure of related parties), for a list of related parties and consider if

The Institute of Chartered Accountants in England and Wales, March 2009

21 3

Advanced Stage- Advanced Audit and Assurance


this is complete. The whole audit team should be aware of the list. For example, an entry in the cash-book
may give an indication of a related party, so it needs to be picked up by the person auditing cash and bank.
Where related party transactions are discovered then the auditor should check that the appropriate
disclosures are made in the financial statements. Any disclosures should include information that is needed
for a proper understanding of the transaction and this would include whether the transaction was or was
not at a market rate.
The review stage
Written representations should always be requested from directors. The auditor should consider the
completeness of these representations having reviewed the accounting records, together with other audit
evidence available, in order to reach a conclusion on the adequacy of related party disclosures.
The following diagram provides a summary of some key audit considerations and procedures with respect
to related parties:

-------- ------

Steps

Related parties

Practical procedures

Plan/perform audit to obtain


sufficient evidence re disclosure
of RPTs
Assess risk, that undisclosed
RPTs may exist
Review info re material RPTs
from directors for completeness

To identify material RPTs review


minutes, accounting records (esp
large/unusual transactions near
year end), bank/loan
confirmations, investment
transactions
Substantive procedures to
identify RPs

Be alert for evidence of other


RPTs

Ask management whether


could be undisclosed RPTs

Obtain sufficient appropriate


evidence that

Review previous year work


papers for known RPs

RPTs are properly recorded


and disclosed in financial
statements
Disclosure re control are
properly stated

Obtain directors'
representations
Consider implications for report
where
insufficient evidence
inadequate disclosure

Review shareholder records


Enquire of other/previous
auditors
Review invoices and
correspondence from
solicitors
Features of transactions which
may indicate previously
unidentified RPs
Abnormal terms of trade
No logical business reason
Substance over form
Non-routine
approval/processing
Unusual transactions

21 4

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

Point to note
The law regarding transactions with directors was covered in Chapter I of this Study Manual.

8.4

Current developments
In july 2008 the IAASB issued ISA 550 (Revised and Redrafted) Related Parties as part of its Clarity Project
The overall aim of the revised ISA is to enhance the auditor's consideration of related parties and related
party transactions establishing an approach that requires the auditor to assess the risks of misstatement and
design audit tests to address these. In particular the ISA includes the following:
~

Clearer responsibilities for the auditor with a distinction being made between circumstances where
the accounting framework includes disclosure and other reporting requirements for related parties
and circumstances where either there are no such requirements or they are inadequate

Clearer distinction between the work performed by the auditor to identify the risks of material
misstatement from related party transactions and the procedures taken to address those risks

It provides a definition of a related party which is to be used as a minimum level for audit purposes
where the applicable financial reporting framework establishes minimal or no related party
requirements

Definition
Related party: A party that is either:
(a)

A related party as defined in the applicable financial reporting framework; or

(b)

Where the applicable financial reporting framework establishes minimal or no related party
requirements:
(i)

A person or other entity that has control or significant influence, directly or indirectly through
one or more intermediaries, over the reporting entity

(ii)

Another entity over which the reporting entity has control or significant influence, directly or
indirectly through one or more intermediaries; or

(iii) Another entity that is under common control with the reporting entity through having:
~

Common controlling ownership;

Owners who are close family members; or

Common key management.

However, entities that are under common control by a state (i.e. a national, regional or local
government) are not considered related unless they engage in significant transactions or share
resources to a significant extent with one another.

The Institute of Chartered Accountants in England and Wales, March 2009

2I5

Advanced Stage - Advanced Audit and Assurance

9 Management representations

9 .I

Representations
The auditors receive many representations during the audit, both unsolicited and in response to specific
questions. Some of these representations may be critical to obtaining sufficient appropriate audit evidence.
Representations may also be required for general matters, e.g. full availability of accounting records.
BSA 580 Management Representations covers this area.
The auditor should obtain appropriate representations from management. Written confirmation of
appropriate representations from management, should be obtained before the audit report is issued.

Definition
Management: comprises officers and those who also perform senior managerial functions.

9.2 Acknowledgement by management of their responsibility for the


financial statements
The auditor should obtain evidence that management acknowledges its responsibility for the fair
presentation of the financial statements in accordance with the applicable financial reporting framework and
has approved the financial statements.
This is normally done when the auditors receive a signed copy of the financial statements which incorporate
a relevant statement of management responsibilities. Alternatively, the auditors may obtain such evidence
from:
~

Relevant minutes of meetings of the board of directors or similar body, or by attending such a
meeting

A written representation from management

The audit should obtain written representations from management that:

9.3

(a)

It acknowledges its responsibility for the design and implementation of internal control to prevent and
detect error; and

(b)

It believes the effects of those uncorrected financial statement misstatements aggregated by the
auditor are immaterial, both individually and in the aggregate, to the financial statements taken as a
whole. A summary of such items should be included in or attached to the written representation.

Representations by management as audit evidence


In addition to representations relating to responsibility for the financial statements, the auditors may wish
to rely on management representations as audit evidence.

216

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE
The auditor should obtain written representations from management on matters material to the
financial statements when other sufficient appropriate audit evidence cannot be reasonably

expected to exist.
Written confirmation of oral representations avoids confusion and disagreement. Such matters should
be discussed with those responsible for giving the written confirmation, to ensure that they understand
what they are confirming. Written confirmations are normally required of appropriately senior
management. Only matters which are material to the financial statements should be included.
When the auditors receive such representations they should:
~

Seek corroborative audit evidence from sources inside or outside the entity

Evaluate whether the representations made by management appear reasonable and are consistent
with other audit evidence obtained, including other representations

Consider whether the individuals making the representations can be expected to be wellinformed on the particular matters

The BSA then makes a very important point.


'Representations by management cannot be a substitute for other audit evidence. If the auditor
is unable to obtain sufficient appropriate audit evidence regarding a matter which has, or may have, a
material effect on the financial statements and such audit evidence is expected to be available, this will
constitute a limitation in the scope of the audit, even if a representation from management has been
received on the matter.'
There are instances where management representations may be the only audit evidence available.
~

Knowledge of the facts is confined to management, for example, the facts are a matter of
management intention.

The matter is principally one of judgement or opinion, for example, the trading position of a
particular customer.

There may be occasions when the representations received do not agree with other audit evidence obtained.
If a representation by management is contradicted by other audit evidence, the auditor should investigate
the circumstances and, when necessary, consider whether it casts doubt on the reliability of other
representations made by management.
Investigations of such situations will normally begin with further enquires of management; the
representations may have been misunderstood or, alternatively, the other evidence misinterpreted. If
explanations are insufficient or unforthcoming, then further audit procedures may be required.

9.4

Documentation of representations by management


The auditors should include in audit working papers evidence of management's representations in
the form of a summary of oral discussions with management or written representations from management.
A written representation is better audit evidence than an oral representation and can take the form of:
~

A representation letter from management

A letter from the auditors outlining the auditors' understanding of management's representations, duly
acknowledged and confirmed by management

Relevant minutes of meetings of the board of directors or similar body or a signed copy of the financial
statements

Point to note
A signed copy of the financial statements for a company may be sufficient evidence of the directors'
acknowledgement of their collective responsibility for the preparation of the financial statements where it
incorporates a statement to that effect. A signed copy of the financial statements, however, is not, by itself,
sufficient appropriate evidence to confirm other representations given to the auditor as it does not,
ordinarily, clearly identify and explain the specific separate representations.

The Institute of Chartered Accountants in England and Wales, March 2009

21 7

Advanced Stage- Advanced Audit and Assurance

9.5

Basic elements of a management representation letter


A management representation letter should:
~
~
~

Be addressed to the auditors


Contain specified information
Be appropriately dated and signed by those with specific relevant knowledge

The letter will usually be dated on the day the financial statements are approved, but if there is any
significant delay between the representation letter and the date of the auditors' report, then the auditors
should consider the need to obtain further representations.
A management representation letter is usually signed by the members of management who have primary
responsibility for the entity and its fmancial aspects (that is, the senior executive officer and the senior
financial officer) based on the best of their knowledge and belief.

An example of a management representation letter is provided in an appendix to the BSA. It


is not a standard letter, and representations will vary from one period to the next and from
one company to another.

9.6

Actions if management refuses to provide representations


If management refuses to provide written representation that the auditor considers necessary, this
constitutes a limitation of scope for their report and the auditor should express a qualified opinion or a
disclaimer of opinion.
In these circumstances, the auditors should consider whether it is appropriate to rely on other
representations made by management during the audit.

9. 7

Usefulness of letters of representation


The usefulness of these letters has been called into question as a result of the Barings Bank case. The
auditors of the Singapore part of the Barings group for which the 'rogue trader' Nick Leeson worked until
its collapse, tried to limit their liability in the case by claiming that they had relied on representations from
the company's management which turned out to be untrue.
The judge said that because the auditors were unable to show that the director concerned had been
reckless, negligent or dishonest in signing the letter, they (the auditors) would lose their case. He added
that if they had been able to demonstrate these things they would have won.

9.8

Current developments
In April 2008 the IAASB issued ISA 580 (Revised and Redrafted) Written Representations as part of its Clarity
Project. The main points to note are as follows:
~

The auditor is required to determine the relevant parties from whom representations should be
sought (individuals other than management/those charged with governance may have specialised
knowledge)

Written representations can be general (i.e. about the premises on which the audit is based) and
specific. The content of the general representations in relation to the financial statements and internal
control is specified by the ISA and includes the following:
Management has fulfilled its responsibility for the preparation of the financial statements
Management has provided the auditor with all relevant information
All transactions have been recorded and reflected in the financial statements

218

The auditor may decide that it may be more effective if written representations were limited to
matters above threshold limits

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE

Interactive question II: Management representations


[Difficulty level: Intermediate]
You are an audit manager reviewing the completed audit file of Leaf Oil Ltd.
(a)

There have been no events subsequent to the period end requiring adjustment in the financial
statements.

(b)

The company has revalued 2 properties in the year. The directors believe that the property market is
going to boom next year, so have decided to revalue the other 2 properties then.

(c)

The directors confirm that the company owns 75% of the newly formed company, Subsidiary Ltd, at
the year end.

(d)

The directors confirmed that the 500 gallons of oil in Warehouse B belong to Flower Oil Co.

Requirement
Comment on whether you would expect to see these matters referred to in the management
representation letter.

See Answer at the end of this chapter.

I 0 Opening balances

I0.1

Audit procedures
Opening balances are those account balances which exist at the beginning of the period. Opening
balances are based upon the closing balances of the prior period and reflect the effects of:
~
~

Transactions of prior periods


Accounting policies applied to the prior period

BSA 51 0 Initial Engagements - Opening Balances and Continuing Engagements - Opening Balances provides
guidance on opening balances:
~
~

I0.2

When the financial statements of an entity are audited for the first time
When the financial statements for the prior period were audited by another auditor

Initial engagements
For initial audit engagements, the auditor should obtain sufficient appropriate audit evidence that:
(a)

the opening balances do not contain misstatements that materially affect the current

period's financial statements;


(b)

the prior period's closing balances have been correctly brought forward to the current
period or, when appropriate, have been restated; and

The Institute of Chartered Accountants in England and Wales, March 2009

219

Advanced Stage - Advanced Audit and Assurance


(c)

appropriate accounting policies are consistently applied or changes in accounting policies have
been properly accounted for and adequately disclosed.

In addition, the auditor should carry out the above on continuing engagements. Appropriate and sufficient
audit evidence is required on opening balances and this depends on matters such as the following.
~

The accounting policies followed by the entity

Whether the prior period's financial statements were audited and, if so, whether the auditors'
report was modified

The nature of the accounts and the risk of their misstatement in the current period's financial
statements

The materiality of the opening balances relative to the current period's financial statements

The auditor must consider whether opening balances reflect the application of appropriate
accounting policies and that those policies are consistently applied in the current period's financial
statements. When there are any changes in the accounting policies or application thereof, the auditor
should consider whether they are appropriate and properly accounted for and adequately disclosed.

I 0.3

Prior period balances audited


When the prior period's financial statements were audited by another auditor, the current auditor may be
able to obtain sufficient, appropriate audit evidence regarding opening balances by reviewing the
predecessor auditor's working papers.
In these circumstances, the current auditor would also consider the professional competence and
independence of the predecessor auditor. If the prior period's audit report was modified, the auditor
would pay particular attention in the current period to the matter which resulted in the modification.
Before communicating with the predecessor auditor, the current auditor must consider the relevant parts
of the Ethical Code.
Where the prior period balances were audited by the current auditor, and an unqualified opinion was given,
procedures relating to opening balances must ensure balances have been appropriately brought forward and
accounting policies have been consistently applied. If a qualified opinion was given, the auditors must ensure
that the matter has been resolved and dealt with in the current financial statements.

I 0.4

Prior period balances not audited


When the prior period's fmancial statements were not audited or when the auditor is not able to be
satisfied by using the procedures described above, the auditor must perform other procedures such as
those discussed below.
For current assets and liabilities some audit evidence can usually be obtained as part of the current
period's audit procedures. For example, the collection (payment) of opening receivables (payables)
during the current period will provide some audit evidence of their existence, rights and obligations,
completeness and valuation at the beginning of the period.
In the case of inventories, however, it is more difficult for the auditor to be satisfied as to inventory on
hand at the beginning of the period. Therefore, additional procedures will usually be necessary such as:
~

Observing a current physical inventory count and reconciling it back to the opening inventory
quantities

Testing the valuation of the opening inventory items

Testing gross profit and cut-off

A combination of these procedures may provide sufficient appropriate audit evidence.

220

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT EVIDENCE
For non-current assets and liabilities, the audit will ordinarily examine the records underlying the
opening balances. In certain cases, the auditor may be able to obtain confirmation of opening balances with
third parties, for example, for long-term debt and investments. In other cases, the auditor may need to
carry out additional audit procedures.

I 0.5

Audit conclusion and reporting


If, after performing procedures including those set out above, the auditor is unable to obtain sufficient
appropriate evidence concerning opening balances, the auditor's report should include:
(a)

A qualified opinion;

(b)

A disclaimer of opinion; or

(c)

In those jurisdictions where it is permitted, an opinion which is qualified or disclaimed regarding the
results of operations and unqualified regarding financial position.

If the opening balances contain misstatements which could materially affect the current period's financial
statements, the auditor should inform management, and any predecessor auditor.
If the effect of the misstatement is not properly accounted for and adequately disclosed, the auditor should
express a qualified opinion or an adverse opinion, as appropriate.
The report will also be modified if accounting policies are not consistently applied.
If the current period's accounting policies have not been consistently applied in relation to the opening
balances and if the change has not been properly accounted for and adequately disclosed, the auditor should
express a qualified opinion or an adverse opinion as appropriate.
If the prior period auditor's report was modified, the auditor should consider the effect on the current
period's financial statements. For example, if there was a scope limitation, such as one due to the
inability to determine opening inventory in the prior period, the auditor may not need to qualify or disclaim
the current period's audit opinion. The BSA finishes by stating that if a modification regarding the prior
period's financial statements remains relevant and material to the current period's financial statements, the
auditor should modify the current auditor's report accordingly.
Note: If the prior period was not audited there may also need to be a limitation of scope qualification with
respect to comparative figures.

II

Service organisations

Definition
A service organisation is an organisation that provides services to another organisation.

BSA 402 Audit Considerations Relating to Entities Using Service Organisations provides guidance to auditors
whose client uses such an organisation. It describes the auditor reports from the service organisation's
auditors which the client's auditors may obtain. It states that 'the auditor should consider how an entity's

The Institute of Chartered Accountants in England and Wales, March 2009

221

Advanced Stage - Advanced Audit and Assurance


use of a service organisation affects the entity's internal control so as to assess the risk of material
misstatement and to design and perform further audit procedures.'
A client may use a service organisation such as one that executes transactions and maintains related
accountability or records transactions and processes related data (e.g. a computer systems service
organisation).

I I .I

Considerations of the client auditor


A service organisation may establish and execute policies and procedures that affect a client organisation's
accounting and internal control systems. These policies and procedures are physically and operationally
separate from the client organisation.
(a)

When the services provided by the service organisation are limited to recording and processing
client transactions and the client retains authorisation and maintenance of accountability, the client
may be able to implement effective policies and procedures within its organisation.

(b)

When the service organisation executes the client's transactions and maintains accountability,
the client may deem it necessary to rely on policies and procedures at the service organisation.

The BSA states, 'the auditor should determine the significance of service organisation activities to the client
and the relevance to the audit'.
The BSA lists the following activities as relevant activities (this is not an exhaustive list):
~
~
~
~

Maintenance of accounting records


Other finance functions
Management of assets
Undertaking or making arrangements for transactions as agents of the user entity

The BSA requires the auditor to understand the terms of the agreement between the service organisation
and the user entity. The following should be obtained and documented:
(a)

The contractual terms which apply to relevant activities undertaken by service organisations

(b)

The way that the user entity monitors those activities so as to ensure that it meets its fiduciary and
other legal responsibilities

The BSA requires the auditor to consider:

222

Whether the terms contain an adequate specification of the information to be provided to the user
entity and responsibilities for initiating transactions relating to the activity undertaken by the service
organisation.

The way that accounting records relating to relevant activities are maintained

Whether the user entity has a right to access accounting records prepared by the service organisation
concerning the activities undertaken, and relevant underlying information held by it, and the conditions
in which such access may be sought.

Whether the terms take proper account of any applicable requirements of regulatory bodies
concerning the form of records to be maintained, or access to them.

The nature of relevant performance standards.

The way in which the user entity monitors performance of relevant activities and the extent to which
its monitoring process relies on controls operated by the service organisation.

Whether the service organisation has agreed to indemnify the user entity in the event of a
performance failure.

Whether the contractual terms permit the user entity auditors access to sources of audit evidence
including accounting records of the user entity and the information necessary for the conduct of the
audit.

The Institute of Chartered Accountants in England and Wales, March 2009

~UDIT

EVIDENCE

In obtaining an understanding of the entity, the auditor will also consider:


~

The nature of the services provided by the service organisation.

The terms of contract and relationship between the client and the service organisation.

The extent to which the client's accounting and internal control systems interact with the
systems at the service organisation.

The entity's internal controls relevant to the service organisation activities include:
~

The service organisation's capability and financial strength, including the possible effect of the
failure of the service organisation on the client.

Information about the service organisation such as that reflected in user and technical manuals.

Information available on general controls and computer systems controls relevant to the client's
applications.

If this leads the auditor to decide that the control risk assessment will not be affected by controls at the
service organisation, further consideration of this BSA is unnecessary. However, if he concludes that risk is
affected, further audit procedures should be carried out.
The client auditor should also consider the existence of third-party reports from service organisation
auditors, internal auditors, or regulatory agencies as a means of providing information about the accounting
and internal control systems of the service organisation and about its operation and effectiveness.
The BSA states that 'if the client auditor concludes that the activities of the service organisation are
significant to the entity and relevant to the audit, the auditor should obtain a sufficient understanding of the
entity and its environment, including its internal control, to identify and assess the risks of material
misstatement and design further audit procedures in response to the assessed risk.'
If information is insufficient, the client auditor should consider asking the service organisation to have its
auditor perform such procedures as to supply the necessary information, or the need to visit the service
organisation to obtain the information. A client auditor wishing to visit a service organisation may advise the
client to request the service organisation to give the client auditor access to the necessary information.

I 1.2

Obtaining audit evidence


The BSA states that 'based on their understanding of the aspects of the user entity's accounting system and
control environment relating to relevant activities, user entity auditors should:
(a)

Assess whether sufficient appropriate audit evidence concerning the relevant financial statement
assessment is available from records held at the user entity; and if not

(b)

Determine effective procedures to obtain evidence necessary for the audit, either by direct access to
records kept by service organisations or through information obtained from the service organisations
or their auditors'

It also outlines a series of audit procedures:


~

Inspecting records and documents held by the user entity

Establishing the effectiveness of controls

Obtaining representations to confirm balances and transactions from the service organisation

Performing analytical review on the records maintained by the user entity, or the returns received
from the service organisation

Inspecting records and documents held by the service organisation

Requesting specified procedures re-performed by the service organisation and the user entity's
internal audit department

Reviewing information from the service organisation or its auditors concerning the design and
operation of its control systems

The Institute of Chartered Accountants in England and Wales, March 2009

223

Advanced Stage- Advanced Audit and Assurance

I I .3

Service organisation auditor's reports


The BSA says 'when using a service organisation auditor's report, the client auditor should consider the
nature and content of that report. If the client auditor uses the report of a service organisation auditor, the
auditor should consider making inquiries concerning that auditor's professional competence in the context
of the specific assignment undertaken by the service organisation auditor'.
The report of the service organisation auditor will ordinarily be one of two types.
(a)

Report on suitability of design. This is the basic report.

(b)

Re.port on suitability of design and operating effectiveness. This will contain the same as a
report on design, plus an opinion by the service organisation auditor that the accounting and internal
control systems are operating effectively based on the results from the tests of control.

While reports on design may be useful to a client auditor in gaining the required understanding of the
accounting and internal control systems, an auditor would not use such reports as a basis for reducing the
assessment of control risk.
By contrast a report on operating effectiveness may provide such a basis since tests of control have been
performed. If this type of report may be used as evidence to support a lower control risk assessment, a
client auditor would have to consider whether the controls tested by the service organisation auditor are
relevant to the client's transactions (significant assertions in the client's financial statements) and whether
the service organisation auditor's tests of controls and the results are adequate.
The auditor of a service organisation may be engaged to perform substantive procedures that are of use
to a client auditor. Such engagements may involve the performance of procedures agreed upon by the client
and its auditor and by the service organisation and its auditor.

224

The Institute of Chartered Accountants in England and Wales, March 2009

chapter 6

Audit completion
and reporting

rev1ew

Introduction

Topic list
I

Review and audit completion

Subsequent events

Going concern

Comparatives

Internal reporting

External reporting- the audit report

Other reporting responsibilities

Appendix
Summary and Self-test
Technical reference
Answers to Self-test
Answers to Interactive questions

The Institute of Chartered Accountants in England and Wales, March 2009

269

AUDIT COMPLETION- REVIEW AND REPORTING

Review and audit completion

1.1

Introduction
Auditing initially may be carried out in components, with opinions being formed on elements of the financial
statements in isolation. However, it is essential that auditors step back from the detail and assess the
financial statements as a whole, based on knowledge accumulated during the audit process. In particular the
following procedures will need to be performed at the review and completion stage of the audit
~
~
~
~
~

Consider governance issues


Review the financial statements
Perform completion procedures
Report to the board
Prepare the audit report

Review and reporting issues have been covered in the Assurance and Audit and Assurance Study Manuals at
the Professional level. Therefore you should be familiar with the following BSAs which are relevant to this
stage of the audit:
BSA 260 Communication

of Audit Matters with Those Charged with Governance

BSA 520 Analytical Procedures


BSA 560 Subsequent E.vents
BSA 570 Going Concern
BSA 700 The Auditor's Report on Financial Statements
BSA 71 0 Comparatives
BSA 720 Other Information in Documents Containing Audited Financial Statements
In the remainder of this chapter we will look at a number of key aspects of these BSAs in more detail. A
summary is also provided in the technical reference at the end of the chapter.

1.2
1.2.1

Governance issues
Quality control
We have looked at the importance of quality control in Chapter I of this Study Manual. However, quality
control is an important consideration throughout the audit and not just in the initial acceptance of a client
and planning of the engagement. In particular for the audit of listed entities BSA 220 Quality Control for Audits
of Historical Financial Information states that the auditor's report should not be issued until the completion of
the engagement quality control review. This includes ensuring that:
~
~
~
~

~
~
~

The work has been carried out in accordance with professional and regulatory requirements
Significant matters are given further consideration
Appropriate consultations have taken place and been documented
Where appropriate the planned work is revised
The work performed supports the conclusions
The evidence obtained supports the audit opinion
The objectives of the audit have been achieved

The Institute of Chartered Accountants in England and Wales, March 2009

271

Advanced Stage - Advanced Audit and Assurance


In addition under Sarbanes-Oxley a concurring or second partner review should be performed by another
partner not associated with the audit or by an independent reviewer (see Chapter 3 for more details of the
Sarbanes-Oxley Act).

1.2.2

Governance evidence
Important governance evidence will be obtained from the following sources:
~
~
~

Management representation letters


Information about contingent liabilities and commitments
Information about related parties

These sources of evidence are dealt with in Chapter 5.

1.3
1.3.1

Financial statement review


Introduction
Once the bulk of the substantive procedures have been carried out, the auditors will have a draft set of
financial statements which should be supported by appropriate and sufficient audit evidence. At the
beginning of the end of the audit process, it is usual for the auditors to undertake an overall review of the
financial statements. This review, in conjunction with the conclusions drawn from the other audit evidence
obtained, gives the auditors a reasonable basis for their opinion on the financial statements. It should
be carried out by a senior member of the audit team, with appropriate skills and experience.

1.3.2

Compliance with accounting regulations


The auditors should consider whether:
(a)

The information presented in the financial statements is in accordance with local/national


statutory requirements.

(b)

The accounting policies employed are in accordance with accounting standards, properly disclosed,
consistently applied and appropriate to the entity.

An important consideration in assessing the presentation of the financial statements is the adequacy of
disclosure. In addition to the basic Companies Act requirements and compliance with accounting standards
the entity may also need to satisfy the requirements of the Sarbanes-Oxley.
When examining the accounting policies, auditors should consider:
~

Policies commonly adopted in particular industries

Policies for which there is substantial authoritative support

Whether any departures from applicable accounting standards are necessary for the financial
statements to give a true and fair view

Whether the financial statements reflect the substance of the underlying transactions and not merely
their form

When compliance with local/national statutory requirements and accounting standards is considered, the
auditors may find it useful to use a checklist.

272

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT COMPLETION- REVIEW AND REPORTING

1.3.3

Review for consistency and reasonableness


The auditors should consider whether the financial statements are consistent with their knowledge of the
entity's business and with the results of other audit procedures, and the manner of disclosure is fair. The
principal considerations are as follows.

"--

1.3.4

(a)

Whether the financial statements adequately reflect the information and explanations previously
obtained and conclusions previously reached during the course of the audit.

(b)

Whether it reveals any new factors which may affect the presentation of, or disclosure in, the
financial statements.

(c)

Whether analytical procedures applied when completing the audit, such as comparing the information
in the financial statements with other pertinent data, produce results which assist in arriving at the
overall conclusion as to whether the financial statements as a whole are consistent with their
knowledge of the entity's business.

(d)

Whether the presentation adopted in the financial statements may have been unduly influenced by
the directors' desire to present matters in a favourable or unfavourable light.

(e)

The potential impact on the financial statements of the aggregate of uncorrected misstatements
(including those arising from bias in making accounting estimates) identified during the course of the
audit.

Analytical procedures
In Chapter 5 we have discussed how analytical review procedures are used as part of the overall
review procedures at the end of an audit. Remember the areas that the analytical review at the final stage
must cover.
~
~

~
~
~

~
~
~
~

Important accounting ratios


Related items
Changes in products; customers
Price and mix changes
Wages changes
Variances
Trends in production and sales
Changes in material and labour content of production
Other items of expenditure
Variations caused by industry or economy factors

As at other stages, significant fluctuations and unexpected relationships must be investigated and
documented.

1.3.5
'--

Summarising errors
During the course of the audit, errors will be discovered which may be material or immaterial to the
financial statements. It is very likely that the client will adjust the financial statements to take account of
these during the course of the audit. At the end of the audit, however, some errors may still be outstanding
and the auditors will summarise these unadjusted errors. An example is provided below.

The Institute of Chartered Accountants in England and Wales, March 2009

273

Advanced Stage - Advanced Audit and Assurance

[Q]

Worked example: Schedule of unadjusted errors


Income
Statement

(current period)
Dr
Cr
(a) ABC Ltd debt unprovided
(b) Opening/ closing inventory
under-valued*
(c) Closing inventory undervalued
(d) Opening unaccrued expenses
Telephone*
Electricity*
(e) Closing unaccrued expenses
Telephone
Electricity
(f) Obsolete inventory write off
Total
*Cancelling items

cu

cu

10,470

Statement of
financial position
(current period)
Dr
Cr

cu

21,540

427
1,128
2,528
36,093
21,540

14,553

cu

10,470

Income
Statement

(prior period)
Cr
Dr

cu

4,523

21,540

21,540
34,105

34,105

453
905

453
905

35,463

35,463

453
905
34,105

453
905
34,105

cu

Statement of
financial position
(prior period)
Cr
Dr

cu

4,523

21,540

453
905

453
905
427
1,128
2,528
36,093
21,540

cu

\',___

3,211
9,092

21,540

21,540

3,211
9,092

14,553

The summary of errors will not only list errors from the current year (adjustments (c) and (e)), but also
those in the previous year(s). This will allow errors to be highlighted which are reversals of errors in the
previous year. For example in this instance last year's closing inventory was undervalued by CU21,540
(adjustment (b)). Inventory in the prior year statement of financial position should be increased (DR) and
profits increased (CR). At the start of the current accounting period the closing inventory adjustment is
reversed out so that the net effect on the cumulative position is zero. This also applies to the adjustment to
last year's accrued expenses (adjustment (d)).Cumulative errors may also be shown, which have increased
from year to year for example adjustments (a) and (f). It is normal to show both the statement of financial
position and the income statement effect, as in the example given here. This may also be extended to the
entire statement of comprehensive income.

1.3.6

Evaluating the effect of misstatements


BSA 320 Audit Materiality states that in evaluating whether the financial statements are prepared in all
material respects, in accordance with an applicable financial reporting framework, the auditor should assess
whether the aggregate of uncorrected misstatements that have been identified during the audit is

material.
The aggregate of uncorrected misstatements comprises:
(a)

Specific misstatements identified by the auditors, including the net effect of uncorrected
misstatements identified during the audit of the previous period if they affect the current period's
financial statements

(b)

Their best estimate of other misstatements which cannot be quantified specifically (i.e. projected
errors)

If the auditors consider that the aggregate of misstatements may be material, they must consider reducing
audit risk by extending audit procedures or requesting management to adjust the financial statements
(which management may wish to do anyway).

27 4

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT COMPLETION -REVIEW AND REPORTING


If the aggregate of the uncorrected misstatements that the auditors have identified approaches the
materiality level, the auditors should consider whether it is likely that undetected misstatements, when
taken with aggregated uncorrected misstatements, could exceed the materiality level. Thus, as aggregate
uncorrected misstatements approach the materiality level the auditors should consider reducing the risk by:
~

Performing additional audit procedures or


By requesting management to adjust the financial statements for identified misstatements

The schedule will be used by the audit manager and partner to decide whether the client should be
requested to make adjustments to the financial statements to correct the errors.

2 Subsequent events

2.1

Events after the reporting period


In accordance with BSA 560 subsequent events include:
~
~

Events occurring between the period end and the date of the auditor's report
Facts discovered after the date of the auditor's report

BAS I0 Events after the Reporting Period deals with the treatment in financial statement of events, favourable
and unfavourable, occurring after the period end. It identifies two types of event:
~
~

Those that provide further evidence of conditions that existed at the period end
Those that are indicative of conditions that arose subsequent to the period end

The extent of the auditor's responsibility for subsequent events depends on when the event is identified.

2.2

Events occurring up to the date of the auditor's report


The auditor should perform procedures designed to obtain sufficient appropriate audit evidence that
all events up to the date of the auditor's report that may require adjustment of, or disclosure in, the
financial statements have been identified.
These procedures should be applied to any matters examined during the audit which may be susceptible to
change after the year end. They are in addition to tests on specific transactions after the period end, e.g.
cut-off tests.
The BSA lists procedures to identify subsequent events which may require adjustment or disclosure. They
should be performed as near as possible to the date of the auditor's report.

Enquiries of
management

Status of items involving subjective judgement/accounted for using


preliminary data
New commitments, borrowings or guarantees
Sales or destruction of assets
Issues of shares/debentures or changes in business structure
Developments involving risk areas, provisions and contingencies
Unusual accounting adjustments
Major events (e.g. going concern problems) affecting appropriateness of
accounting policies for estimates

The Institute of Chartered Accountants in England and Wales, March 2009

275

Advanced Stage- Advanced Audit and Assurance

Other procedures

Consider procedures of management for identifying subsequent events


Read minutes of general board/committee meetings
Review latest accounting records and financial information

Reviews and updates of these procedures may be required, depending on the length of the time between
the procedures and the signing of the auditor's report and the susceptibility of the items to change over
time.
When the auditor becomes aware of events which materially affect the financial statements, the auditor
should consider whether such events are properly accounted for and adequately disclosed in the
financial statements.

2.3

Facts discovered after the date of the auditor's report but before
the financial statements are issued
The financial statements are the management's responsibility. They should therefore inform the
auditors of any material subsequent events between the date of the auditor's report and the date
the financial statements are issued. The auditors do not have any obligation to perform procedures,
or make enquires regarding the financial statements after the date of their report.
When, after the date of the auditor's report but before the financial statements are issued, the auditor
becomes aware of a fact which may materially affect the financial statements, the auditor should:
~
~

Consider whether the financial statements need amendment


Discuss the matter with the management
Take action appropriate in the circumstances.

When the financial statements are amended, the auditors should:


~
~
~

Extend the procedures discussed above to the date of their new report
Carry out any other appropriate procedures
Issue a new audit report dated the day it is signed.

The situation may arise where the statements are not amended but the auditors feel that they should be.
If the auditor's report has not been released to the entity, the auditor should express a qualified
opinion or an adverse opinion.
If the auditor's report has already been issued to the entity then the auditor should notify those who
are ultimately responsible for the entity (the management or possibly a holding company in a group), not to
issue the financial statements or auditor's reports to third parties. If they have already been so issued, the
auditor must take steps to prevent the reliance on the auditor's report. The action taken will depend
on the auditor's legal rights and obligations and the advice of the auditor's lawyer.

2.4

Facts discovered after the financial statements have been issued


Auditors have no obligations to perform procedures or make enquiries regarding the financial statements
after they have been issued. In Bangladesh, this includes the period up until the financial statements are
laid before members at the AGM.
When, after the financial statements have been issued, the auditor becomes aware of a fact which existed at
the date of the auditor's report and which, if known at that date, may have caused the auditor to modify the
auditor's report, the auditor should consider whether the financial statements need revision, should discuss
the matter with management, and should take the action as appropriate in the circumstances.

27 6

The Institute of Chartered Accountants in England and Wales, March 2009

'-..-

AUDIT COMPLETION- REVIEW AND REPORTING


The BSA gives the appropriate procedures which the auditors should undertake when management revises
the financial statements.
(a)

Carry out the audit procedures necessary in the circumstances

(b)

Review the steps taken by management to ensure that anyone in receipt of the previously issued
financial statements together with the auditor's report thereon is informed of the situation

(c)

Issue a new report on the revised financial statements

The new auditor's report should include an emphasis of a matter paragraph referring to a note to the
financial statements that more extensively discusses the reason for the revision of the previously issued
financial statements and to the earlier report issued by the auditor.
In our opinion, the revised financial statements give a true and fair view (or 'present fairly, in all material
respects'), as at the date the original financial statements were approved, of the financial position of the
company as of December 31, 20X I , and of the results of its operations and its cash flows for the year then
ended in accordance with [relevant national legislation].
In our opinion the original financial statements for the year to December 31, 20X I, failed to comply with
[relevant national standards or legislation].
Date

AUDITOR

Address
Where local regulations allow the auditor to restrict the audit procedures on the financial statements to
the effects of the subsequent event which caused the revision, the new auditor's report should contain a
statement to that effect.
Where the management does not revise the financial statements but the auditors feel they should be
revised, or if the management does not intend to take steps to ensure anyone in receipt of the previously
issued financial statements is informed of the situation, then the auditors should consider steps to take, on a
timely basis, to prevent reliance on their report. The actions taken will depend on the auditor's legal rights
and obligations (for example, to contact the shareholders directly) and legal advice received.

Interactive question I: Subsequent events

[Difficulty level: Intermediate]

You are the auditor of Extraction Ltd, an oil company. You have recently concluded the audit for the year
ended 31 December 20X7 and the audit report was signed on 28 March 20X8. The financial statements
were also authorised for issue on this date. On the I" of April you are informed that the company has
identified a major oil leak which has caused significant environmental damage.

Requirement
Identify and explain the implications of the information regarding the oil spill.
See Answer at the end of this chapter.

The Institute of Chartered Accountants in England and Wales, March 2009

277

Advanced Stage- Advanced Audit and Assurance

3 Going concern

3.1

Reporting consequences
Under the 'going concern assumption' an entity is ordinarily viewed as continuing in business for the
foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading or seeking
protection from creditors pursuant to laws or regulations. Accordingly assets and liabilities are recorded on
the basis that the entity will be able to realise its assets and discharge its liabilities in the normal course

of business.
If however, management determines that it intends to or has no realistic alternative but to liquidate the
entity or cease trading then the financial statements should not be prepared on the going concern
basis. This is specified by BAS I0 Events After the Reporting Period. The entity should instead adopt a basis of
preparation that is considered more appropriate in the circumstances, although no specific guidance is
provided in BAS I0. In practice the most obvious method is break-up value. Specific accounting
consequences will include the need to consider:
~
~

Impairment of assets
Recognition of provisions e.g. for onerous contracts

Disclosure of the change of basis of preparation should be provided in accordance with BAS I Preparation

of Financial Statements. In addition the directors of listed companies must report specifically on the going
concern status of the company under the Combined Code and further commentary will be included within
the Operating and Financial Review.

3.2

Financial risk
The possibility of a business not being a going concern is one of the financial risks to which a business is
exposed. Financial risks are those risks arising from the financial activities of the company, for example:
~
~

Raising capital
The capital structure
Financial consequences of an operation e.g. operating in an overseas environment

As a consequence of the original capital structure or subsequent operation, there may be a risk due to a
shortage of finance or an inability to manage finance in accordance with a company's day-to-day
requirements.
BSA 570 identifies the presence of financial risk in the following circumstances

(a)

278

Financial indications
~

Net liabilities or net current liability position

Necessary borrowing facilities have not been agreed

Fixed-term borrowings approaching maturity without realistic prospects of renewal or


repayment, or excessive reliance on short-term borrowings

Major debt repayment falling due where refinancing is necessary to the entity's continued
existence

The Institute of Chartered Accountants in England and Wales, March 2009

AUDIT COMPLETION -REVIEW AND REPORTING

(b)

Major restructuring of debt

Indications of withdrawal of financial support by creditors

Negative operating cash flows indicated by historical or prospective financial statements

Adverse key financial ratios

Substantial operating losses or significant deterioration in the value of assets used to generate
cash flows

Major losses or cash flow problems which have arisen since the end of the reporting period

Arrears or discontinuance of dividends

Inability to pay creditors on due dates

Inability to comply with terms of loan agreements

Reduction in normal terms of trade credit by suppliers

Change from credit to cash-on-delivery transactions with suppliers

Inability to obtain financing for essential new product development or other essential investments

Substantial sales of non-current assets not intended to be replaced

Operating indications
Loss of key management without replacement
~

Loss of key staff without replacement

Loss of a major market, franchises, license, or principal supplier


Labour difficulties or shortages of important supplies

(c)

Fundamental changes in the market or technology to which the entity is unable to adapt
adequately

Excessive dependence on a few product lines where the market is depressed

Technical devel