Book 5 Audit Theory, Practice and Ethics - Arab Open University

B680 Certificate in Accounting Block 1 Financial Accounting

Book 5Audit Theory,Practice and EthicsPrepared for the course team by Philip Talbot(updated by Judy Day)

Certificate in Accounting

Course Team

Judy Day, Course Team and Block 1 ChairSally Aisbitt, Course Team MemberSam Cooper, Regional Co-ordinatorDevendra Kodwani, Block 3 ChairAngelika Luetzow, Course ManagerJean Rowe, Course Team AssistantSharon Slade, Regional ManagerJonathan Winship, Block 2 Chair

Authors

Sally Aisbitt

Haider Ali

David Barnes

Bernardo Batiz-Lazo

Mary Bowerman

Philip Cahill

Judy Day

Michael Dempsey

Nancy Finlay

Graham Francis

Stephen Little

Andrew Lymer

Clare Minchington

Sue Pearce

Alan Sangster

Philip Talbot

David Tyrrall

External Assessor

Professor Richard M.S. Wilson,

Loughborough University Business School

Subject Specific Assessors

Stephen Barr

David Crowther

Neil Marriott

Jayne Smith

Greg Stoner

Production

Paul Beeby, Project ManagerHolly Clements, Media AssistantLene Connolly, Print BuyerJonathan Davies, Graphic DesignerDiane Hopwood, CompositorJonathan Owen, Graphic ArtistDave Pilgrim, Web DeveloperNikki Smith, Assistant Print BuyerJill Somerscales, EditorGill MacIver, Media Assistant

Critical Readers

Vicki Amos, Ian Apps, Adrian Bolton,

Don Cooper, Michael Dempsey, Charles

Edwards, Mark Fenton-O’Creevy, Jayne

Hughes, Alva James, Archie McArthur, Kieran

McKenna, Elizabeth Porter, Charles Rush,

Steve Tossell, Peter Trowell and Christopher

Worthington.

Developmental Testers

David Attenborough, Mary Caffrey, John Copas,

Moira Deakins, Linda Hadfield, Lesley Messer,

Rawdon O’Connor and Brenda Peers-Ross.

Software

Software for the Course was designed, adapted and remains the property of EQL Ltd.

Accounting package software was designed, adapted and remains the property of Sage plc.

Other Course Material

The Course Team wishes to acknowledge use of existing course material from a number of OUBS courses.

The Open University, Walton Hall, Milton Keynes, MK7 6AA

First published 2001. Second edition 2002. Third edition 2006

Copyright # 2006 The Open University

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, transmitted or

utilised in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without

written permission from the publisher or a licence from the Copyright Licensing Agency Ltd. Details of such

licences (for reprographic reproduction) may be obtained from the Copyright Licensing Agency Ltd,

Saffron House, 6–10 Kirby Street, London EC1N 8TS; website http://www.cla.co.uk/

Edited and designed by The Open University.

Typeset in India by Alden Prepress Services, Chennai.

Printed and bound in the United Kingdom by Thanet Press Ltd, Margate, Kent.

ISBN 0 7492 1493 7

For further information on Open University Business School courses and the Certificate, Diploma and

MBA programmes, please contact the Course Sales Development Centre, The Open University,

PO Box 222, Walton Hall, Milton Keynes, MK7 6YY (Tel. 01908 653449).

oubs.open.ac.uk

3.2 b680_book5_e3i2_isbn0749214937

ContentsIntroduction 7

Objectives 10

This book and how to use it 11

Session 1 Audit theory, practice and ethics 12

Introduction 12

1.1 What constitutes a true and fair view? 15

1.2 The purpose and scope of auditing 17

1.3 The small company audit and the audit threshold 19

1.4 The audit expectations gap 20

1.5 Auditing theory: audit postulates 21

Summary 26

Session 2 Professional audit ethics and theAuditing Practices Board (APB) 27

Introduction 27

2.1 Business ethics 27

2.2 Due care, skill and competence 29

2.3 Rules of professional conduct 30

2.4 Auditing standards and the APB 32

Summary 38

Session 3 The audit appointment process –the auditor 39

Introduction 39

3.1 Who can become an auditor? 39

3.2 Who cannot become an auditor? 40

3.3 Appointing and removing the auditor and resignationof the auditor 41

Summary 45

Session 4 The audit appointment process –the client 46

Introduction 46

4.1 Client acceptance 46

4.2 Acceptance of the audit nomination 48

4.3 The rights and duties of the auditor 54

4.4 Defensive auditing 56

Summary 58

Session 5 Audit planning 60

Introduction 60

5.1 The audit plan 61

5.2 The audit programme 64

5.3 Audit risk 65

5.4 Using the audit risk model 68

5.5 The merits and demerits of risk-based auditing 69

5.6 Materiality in auditing 69

Summary 73

Session 6 Audit evidence and documentation 75

Introduction 75

6.1 Audit evidence 75

6.2 Audit documentation 78

6.3 The risk-based audit approach 81

6.4 Internal control 82

6.5 Testing the system 86

6.6 The management letter 86

Summary 87

Session 7 Corporate governance, auditcommittees and the auditor 88

Introduction 88

7.1 Corporate governance 88

7.2 What is an audit committee? 90

7.3 The Combined Code on Corporate Governance 91

7.4 The Turnbull Report 93

7.5 External audit and internal audit 103

7.6 Public sector auditing 108

7.7 Value for money auditing 118

Summary 122

Session 8 The audit report 124

Introduction 124

8.1 The statutory requirements 124

8.2 ISA 700: the auditors’ report on financial statements 125

8.3 The qualified audit report 131

Summary 136

Review 138

Useful website addresses 139

Further reading 140

Glossary 141

Suggested answers to self-assessed questions 143

Acknowledgements 160

IntroductionWelcome to the fifth book of B680 Certificate in Accounting.

The Certificate in Accounting comprises 16 books. The books areorganised into three groups, or blocks:

(1) Financial Accounting (Books 1–6);

(2) Costing, Management Accounting and Financial Management(Books 7–11);

(3) Managing Organisations (Books 12–16).

Books are the driving force in this course. Each book isself-contained and has a set of stated objectives found just after eachintroduction. You must keep the objectives in mind as you workthrough a book. Doing so enables you to assess whether you havemastered them.

There is no need to purchase any materials other than thoseprovided. A CD containing further material accompanies each ofthe 16 books. Some of the books make use of readings from othersources, such as magazine articles and extracts from books; someinvolve use of the World Wide Web.

Each book addresses a number of major topics, usually withsubtopics. After topics are introduced, you are asked to do anactivity, sometimes a reading, sometimes something else. Activitiesare a crucial component of studying a distributed learning course ofthis type. They are designed to reinforce your learning throughencouraging you to participate in the learning process. They shouldbe done when encountered in the text. They should never be left‘for later’ nor simply ignored while you read more of thetext. After each activity you will find a brief discussion of it, whichleads into the next part of the course.

Similar to all the books on the course, this one is intended to takeabout 24 hours (spread over two weeks) to complete. This study timeincludes time spent on the CD material, the activities, and anythingelse you are asked to do in the book. There are eight parts, orsessions, each of which is expected to take you around three hours tocomplete. Don’t worry if you find you are taking longer. There is nopenalty if you spend longer than expected.

In keeping with all the books, there is a self-assessed question at theend of each session. You will recall that they are intended to provideyou with an opportunity to see for yourself whether you haveunderstood the material you have just finished studying and/or todevelop further skills and techniques covered in the session. If youfind that you cannot complete a self-assessed question, goback over the material you have worked on since theprevious self-assessed question. Then try to answer theself-assessed question again. If you continue to have problems,contact your tutor.

Other self-assessed questions may appear in the middle of a session.These are called self-assessed questions rather than activitiesbecause the answers to them are at the back of the book.

All the material you willneed is provided.

Activities should be donewhen encountered in thetext.

You should expect tospend about 12 hours aweek studying the course.

End-of-session questionsare designed to let youcheck whether you haveunderstood the materialand met the learningobjectives of the session.

Answers to self-assessedquestions are at the endof each book.

INTRODUCTION

THE OPEN UNIVERSITY BUSINESS SCHOOL 7

The objective test at the end of this book is done on your PC usingthe CD software, which also provides the answer to each question.Remember that the objective test helps you assess whether you haveunderstood the material in the book. It is best to do this test as soonas you complete all the material and the last of the self-assessedquestions in the book.

You will often be asked to take careful notes of something you arereading or doing, such as when you use the electronic material onthe CD. This is important! You are not in a classroom being shownwhat notes to take. If you just look at the material you are readingand don’t take notes, you will find it very difficult later to learn thetopic, or even to remember anything specific about it. The effect onyour TMA and exam marks could be severe. So, please remember,when you are advised to take notes about something, do take goodnotes.

In order to help you assess whether you are using the electronicmaterial appropriately, the topics are sometimes repeated in thetext. When this happens, compare what is being said in the text tothe notes you took while working through the electronic material.You will find it worth the effort if you’ve learnt how to use theelectronic material properly in this book.

You will do best on this course if you do everything in the orderit is presented to you, so you’ll need to be careful about when thenon-text material and exercises occur. Some of the sessions includeelectronic material. Before you start each session, skim through it tosee what is coming and make sure you are ready for use of thetechnology when you reach it.

The overall aim of the course is to help prepare you for a career asan accountant working in or with organisations. You will, at thesame time, learn how to use and interpret accounting information.By the end of this book, you should have a clear understanding thataccountants act as collators and filterers of information for decisionmaking, of the needs of those who use accounting information, andof the role performed by accountants. You will also be aware of theimplications of wealth measurement for the preparation and use ofaccounting information, and of both the concepts and regulationswithin which accounting operates.

As you work through the book, always remember the overall aim ofthe course. Everything covered in the course should be read in thecontext of accounting, and its implication for the preparation anduse of accounting information. Doing so will enable you to keep thecontext of the material you cover at the forefront of your mind. Don’tbe afraid to question why something you read is relevant to thetheme of preparing you for a career as an accountant.

Bear in mind also that accounting does not exist for its own sake –there must be a reason why accounting is being done. As a result, asyou will discover later in this book, the role of accounting is definedwithin an organisational/societal context, thereby making it clearwhy accounting is being performed.

Each book ends with ashort test on thecomputer for you to checkyour progress.

Taking good notes is anessential element of thiscourse.

BOOK 5 AUDIT THEORY, PRACTICE AND ETHICS

THE OPEN UNIVERSITY BUSINESS SCHOOL8

You are going to meet many new terms and concepts. Don’t worry ifthey are not crystal clear to you at first. They will be revisited manytimes in the other books in this course. There is a Glossary of newterms at the end of each book and one covering the entire course inthe Study Guide. You should read through the Glossary as youcomplete each book and ensure you know where each item isintroduced in the text – a highlight pen can be useful for this –noting down any that you are unsure of so that you may discussthem with your tutor. (You may find it helpful to know that the firsttime a new term is introduced, it is highlighted in bold.)

This book builds on material in Books 1 to 4. You may find it helpfulto have all these books beside you while you work through this book.

Always, keep a notepad handy to jot down anything that you findunclear to discuss during your tutorials. Now, continue by readingthe Book 5 objectives.

Good luck in your continuing work on B680 Certificate inAccounting.

Each book contains aGlossary and any newterms are highlighted inbold when they are firstintroduced.

INTRODUCTION


ObjectivesBy the end of this book, you should be able to:

(1) explain what an audit is and why audits are necessary

(2) explain the relevance of both ethics and the Auditing PracticesBoard to auditing practice

(3) describe the regulations that govern the appointment,resignation and removal from office of an auditor

(4) describe the audit appointment process from the client’sperspective

(5) explain the process of audit planning, particularly in the contextof risk and materiality

(6) describe the importance of internal controls and the main formsof audit evidence and documentation

(7) describe the system of controls over corporate governance andhow it impacts on the work of the auditor

(8) explain the various forms of audit report available to the auditor.



This book and how touse itAudit is derived from the Latin word ‘audire’ to hear. The modernprocess of auditing has evolved from an ancient tradition that canbe traced to Egypt many years BC whereby the accounts of estatesof landowners were checked by having them called out to those inauthority by those who had put the accounts together. While youwork through this book, you will gain an understanding of someaudit theory and of how auditing is practised in the UK today. Youwill look at auditing in both the private and public sectors andyou will also consider the role of the internal auditor.

There is a lot of use of the Internet in this book. You will find a listof useful website addresses towards the end of the book. Sinceauditing practice is always evolving, these sites are also in aconstant state of change. You will find they offer some very usefulinformation on auditing-related matters relevant to this book and,in many cases, to your course as a whole.

Auditors are not perceived as being very popular

You will see towards the end of the book that you are asked toobtain a set of annual reports so that you can examine at first handsome auditors’ reports and other relevant items in those annualreports. These are usually freely available to members of the publicon request. Rather than waiting until you are on Session 8, you mayprefer to go now to Self-assessed Question 8.2 and apply for thereports.

THIS BOOK AND HOW TO USE IT


SESSION 1

Audit theory, practiceand ethics

Introduction

By the end of this session, you should be able to:

(1) explain what is meant by a ‘true and fair view’

(2) describe the purpose and scope of auditing

(3) explain the regulations relating to small company audits

(4) explain what is meant by the ‘audit expectations gap’

(5) explain the audit postulates.

This session introduces you to why audits are necessary and whatthe aim of the audit is. In Book 3, you encountered the term ‘trueand fair view’. By the end of this session, you’ll be familiar with andunderstand what is meant by a ‘true and fair view’.

Every limited company is required by law to prepare annualaccounts that report on the financial performance and activities ofthe company during the year. As you know, this period is referred toas the financial year. All limited companies must send (or ‘file’) acopy of a set of their accounts with the Registrar of Companies.

In the case of private limited companies the accountsmust bedelivered within tenmonths of the end of the company’s accountingperiod whereas public limited companies have sevenmonths withinwhich to comply. To satisfy these requirements all companies are requiredto keep accounting records to enable the final accounts to be prepared.The responsibility for the preparation of these accounts lies with thedirectors of the company. The accounting records in particularmust:

. show with reasonable accuracy at any time during the financialyear, the financial position of the company at that time and,

. enable the directors to ensure that any balance sheet preparedby them gives a true and fair view of the company’s profit or loss.

A failure by the directors to keep proper accounting records, or filethe accounts with the Registrar of Companies, is a criminal offencethat can lead to fines or even imprisonment of the directors.

The directors of companies are normally not the sole owners of thecompany. This phenomenon is known as the ‘divorce of ownership andmanagement’. The directors are appointed by the owners (i.e. theshareholders) tomanage the company on their behalf. The directors doso by fulfilling a duty of stewardship. Since the owners do notparticipate actively in the operationalmanagement of companies, theywant to know (as does the Registrar of Companies) that the financialstatements do present a true and fair view. In order to do so, anindependent person (the auditor) is appointed by the shareholders toexamine and confirmwhether the financial statements present a true



and fair view. That is, whether the financial statements fairly reflectthe performance and financial status of the company.

Accountants are often accused of ‘cooking the books’

This need to appoint an auditor is enforced by the Companies Act 1985:

. directors must account for the stewardship of the assets undertheir control to the shareholders

. the financial statements must be examined by independentauditors who must report to the shareholders on the degree ofreliance they should place on these financial statements.

Electronic Activity 1.0

Please open the electronic material on your PC and work throughSection 1.0, The auditor’s responsibilities.

Don’t forget to take good notes as youwork through the screens.(If you have not yet installed the material from the CD on your computer, youshould do so now. You’ll find the instructions for doing this in the B680Course File.)

AUDIT THEORY, PRACTICE AND ETHICS SESSION 1


The Auditing Practices Board (APB) originally defined the audit offinancial statements as:

an exercise whose objective is to enable auditors to express anopinion whether the financial statements give a true and fair view(or equivalent) of the entity’s affairs at the period end and of itsprofit or loss (or income and expenditure) for the period then endedand have been properly prepared in accordance with the applicablereporting framework (for example, relevant legislation andapplicable accounting standards) or where statutory or otherspecific requirements prescribe the term, whether the financialstatements present fairly.

APB Glossary of Terms issued March 1995

The auditor’s opinion on whether the financial statements do reflecta true and fair view is expressed in the audit report.

Internet Activity 1.1

Connect your computer to the Internet, open your web browser andnavigate to the APB’s website (via www.frc.org.uk/). Spend at least15 minutes looking through the site. Look only at the APB’s aims andobjectives, newsletters and publications (you will find links to these viathe site map). You may like to look at the Glossary of Terms found under‘Publications’ then ‘Auditing Standards’ and compare the most recentdefinition of the audit of financial statements found there (December2004) with that provided above.

Do not look at the exposure drafts at this time.

Is this site useful? How do you feel you may be able to make use of whatyou have found there? Write around 100 words on this.

Be sure to take good notes of what you find.



1.1 What constitutes a true and fairview?

You should now begin to sense what is meant by a ‘true and fairview’? Maybe not? Unfortunately, although the Companies Act 1985requires the financial statements to exhibit a true and fair view, itdoes not define what a true and fair view is!

Accounting truth is not the same as scientific truth. Accountingnumbers are often based on subjective judgement. It is most unlikelythat two accountants working independently on the same financialinformationwould produce an identical set of financial statements.They will, for example, have different views onmateriality – one willcheck differences of any amount between individual balances and otherevidence, another will ignore such differences below a certain amount.

The periodic depreciation charge on an asset will differ depending onwhether straight line or reducing balance is used; and it will depend onwhat residual value was set for the asset in question. Another examplerelates to compliance with accounting standards – recall the two TerrySmith readings fromBook 1 – the assessment concerning whether or notaccounting standards are being complied with is often subjective andthere is no guarantee that all accountants will agree with the view thatthere is or is not compliance in a particular case.Within this context, thedefinition of a ‘true and fair view’ is, understandably less obvious thanits literal interpretationmay suggest.


Please open the electronic material on your PC and work throughSection 1.1, True and fair view, looking at examples of true and fair viewsinvolving financial statements.

Don’t forget to take good notes as you work through the screens.



Now the meaning of true and fair is a lot clearer, isn’t it? The twokey words in the phrase mean:

(1) true, in so far as the financial information is not false but factualand conforms to reality; that it complies with law and accountingstandards and that the accounts have been correctly extractedfrom the company’s books and records

(2) fair, in so far as the financial information is not subject todiscrimination and bias, and is in compliance with accountingstandards; the accounts should reflect the commercial substanceof the company’s underlying transactions.

A more recent legal opinion is that:

The court will infer from [the Companies Act] that accountswhich meet the true and fair view requirement will in generalfollow rather than depart from [accounting] standards and thatdeparture is sufficiently abnormal to require to be justified.These factors increase the likelihood ... that the courts will holdthat in general compliance with accounting standards isnecessary to meet a true and fair requirement.

Miss Mary Arden, Appendix, Accounting Standards Board, foreword toAccounting Standards

Activity 1.1

In order for financial statements to show a true and fair view, do theyhave to be completely correct, right down to the last penny?

Perhaps this example will help you. You are auditing a company and arenow looking at the Cash Book. You discover that the balance of money inthe bank is 3p more in the Cash Book than it is in the bank statement.You have checked every entry in the Cash Book with the entries in thebank statement. Still, the difference remains.

Think carefully about this. It is a far more contentious and important pointthan you might expect.

Of course, there must have been an error in the entries in either theCash Book or the bank. You would find it if you spent long enough.Auditors need to decide whether it is worth spending many hourslooking for differences like these. Most of them wouldn’t becausefinancial statements do not have to be 100% correct to reflect a trueand fair view.



Recall that a true and fair view means that the accounts havecomplied with UK statute and generally accepted accountingprinciples (UK GAAP, or IFRSs as appropriate). Errors, omissionsand misstatements may be present but these should not be material.This means that such things within the accounts will not misleadthe users of the accounts or materially misrepresent the financialposition of the company.

1.2 The purpose and scope ofauditing

In this section, we’ll look at the implications of the audit and thelegal framework within which it is conducted. You’ll become awareof the position of the small company audit and non-statutory audits.And, you’ll look at how the audit provides added value to thedifferent stakeholder groups.

The purpose of the audit

You’ve learnt that the Companies Act 1985 requires companies to beaudited. The auditor’s principal duty will be to report on the balancesheet and profit and loss account laid before the company in generalmeeting. The auditor’s duty is to consider whether:

. the accounts have been prepared in accordance with theCompanies Act 1985

. the balance sheet shows a true and fair view of the state of thecompany’s affairs at the end of the period, and the profit and lossaccount shows a true and fair view of the results for the period

. proper accounting records have been kept and proper returnsreceived from parts of the company not visited by the auditor

. the accounts are in agreement with the accounting records

. the directors’ report is consistent with the accounts.

Self-assessed Question 1.1

The reassurance of an independent audit will be of value not only to theshareholders but also to other stakeholders. Can you remember fromBook 1 any other groups that will be using audited financial statements?You’ve now learnt a lot more than you knew when you were studyingBook 1. See if you can use your new knowledge to produce a better listin the space below.



The scope of external audit

Large entities other than a traditional company also require anannual external audit. These entities include:

Entity Relevant legislation

Limited Companies Companies Act 1985

Building Societies Building Societies Act 1965

Trade Unions and Employers Associations Trade Union and Labour Relations(Consolidation) Act 1992

Housing Associations Various, according to the legal constitution ofthe housing association

Charities (some) Various, dependent on the nature of the charity

Unincorporated investment business Financial Services and Markets Act 2000

Solicitors and pension funds also have their own legislation, andpublic sector organisations have their own framework for externalaudit. We’ll cover the public sector later in this book.

Entities that do not have to endure an annual external audit – e.g.partnerships, sole traders and clubs – may still wish an independentauditor to examine their accounts. When this is done, it is known asa non-statutory audit.


Non-statutory audits obviously cost money. What reasons can you thinkof that would persuade a partnership to undergo a non-statutory audit?

Write a list of possible reasons in the space below.



1.3 The small company audit andthe audit threshold

Up until 1994, all UK companies were required to undergo thisstatutory audit. Many people felt this placed unnecessary financialand administrative burdens on small companies. In 1994, the ruleswere changed so that:

. companies with an annual turnover of less than £90 000 wouldbe exempt from the statutory audit

. companies with annual turnovers between £90 000 and £350 000would be exempt from the annual audit but this would bereplaced by an audit exemption report.

Those companies satisfying the turnover thresholds were alsoautomatically exempt from the statutory audit requirementproviding that:

. the company balance sheet total was not greater than £1.4million

. they are not public limited companies, part of a group structureor subject to statute-based regulatory regimes such as theFinancial Services and Markets Act 2000.

Initially, those companies qualifying under these rules could chooseto continue to have an external audit. If not, they had to provide anaudit exemption report to be filed along with their annual accountsat Companies House. The audit exemption report must confirm that:

. the company is entitled to claim exemption from the fullstatutory external audit process

. the company’s annual accounts have been prepared from thecompany’s accounting records in accordance with the relevantformat and disclosure requirements of the Companies Act.

The turnover threshold was raised to £350 000 (and audit exemptionreports were discontinued); then to £1 million. This is reviewed on aregular basis. At the time of writing, a company qualifies as smalland therefore does not need to have an audit if its turnover is£5.6 million or less, and its balance sheet total is £2.8 million or less.


(1) From the perspective of each of a range of stakeholders, what doyou think might be the arguments in favour of retaining the smallcompany audit threshold (and so exempting smaller companies fromthe need to have their financial statements audited) versus abolishingit? Enter each category of stakeholder under the first column andthen complete the table.



(2) What do you think the impact would be on small audit firms of raisingthe audit threshold?

Spend ten minutes writing answers to these two questions in the spaceprovided below.

1 Stakeholders In favour of retention Against retention

2

1.4 The audit expectations gap

The public perception of the role of the auditor and what theauditor actually does do not always coincide. This phenomenon iscalled the audit expectations gap. A common misconception is thatthe auditor’s primary duty is to discover fraud. As you know, theauditor’s duty is to express an opinion on the financial statementsas to whether these reflect a true and fair view.

An auditor is a watchdog, not a bloodhound



A famous case, Re Kingston Cotton Mill (1896), held that an auditoris a watchdog not a bloodhound. A later case, Fomento (SterlingArea) v. Selsdon Fountain Pen Co Ltd (1958) held that auditorsshould approach their work with:

an inquiring mind – not suspicious of dishonesty ... but suspectingthat someone may have made a mistake somewhere and that acheck must be made to ensure that there has been none.

In another case, Caparo Industries plc v. Dickman and Others(1990), it was upheld by the House of Lords that:

. auditors of a plc’s accounts owed no duty of care to members ofthe public at large who relied upon the accounts in deciding tobuy shares in the company

. a purchaser of further shares who relied on the auditors’ reportstood in the same position as any other investing member of thepublic to whom the auditor owed no duty

. the auditor’s duty is to ensure the accounts meet therequirements of the Companies Act 1985

. the auditor is contractually liable only to the company and itsshareholders.

Two other common misconceptions are:

n the auditor reports to the directors rather than to theshareholders – obviously, this is completely wrong, the auditorreports to the shareholders

n a qualified audit report is more favourable than an unqualifiedreport – in auditing, ‘qualified’ means that readers of thefinancial statements need to be aware of something affectingthe true and fair view.

1.5 Auditing theory: audit postulates

Auditing theory is used to justify and support practice. This has ledto the development of various postulates which are used as bases forreasoning.

Probably the best known postulates of auditing theory are thoseadvanced by Mautz and Sharaf (1961). They developed sevenpostulates:

(1) financial statements and financial data are verifiable

(2) there is no necessary conflict of interest between the auditor andthe management of the enterprise under audit

(3) the financial statements and other information submitted forverification are free from collusive and other irregularities andother unusual irregularities

(4) consistent application of generally accepted principles ofaccounting results in the fair presentation of the financialposition and the results of operations

(5) in the absence of clear evidence to the contrary, what has heldtrue in the past for the enterprise under examination will holdtrue for the future



(6) when examining financial data for the purpose of expressing anindependent opinion thereon, the auditor acts exclusively in thecapacity of an auditor

(7) the professional status of the independent auditor imposescommensurate professional obligations.

Audit postulates have been developed to enable auditors to carry out thepractical application of audits

Let’s draw on your existing accounting knowledge to consider eachof these postulates.

(1) Financial statements and financial data areverifiable

This affirms that all data in financial statements can be establishedby audit procedures to be true and fair. Thus, this statement is theequivalent of the auditor giving an unqualified report saying thatthe statements show a true and fair view.

The number of the items in the financial statements which can beverified exactly is quite small, i.e. cash, bank and loans balances.Mostother items cannot be verified exactly, e.g. the provision for doubtfuldebtors.




Why cannot the net debtors figure be established exactly? What shouldauditors do if they cannot verify any figure in the financial statements?

You may wish to review your earlier financial accounting notes beforeanswering this question.

(2) No audit and management conflict of interest

Usually, no conflict arises between the parties (the auditor and theclient company’s management) during an audit. The client’smanagement will be interested in ensuring the accuracy of thefinancial records for decision-making purposes and the audit assistsin this objective.


(1) Write down some things that could arise during an audit which wouldbring both parties into conflict.

(2) What should the auditor do if it is felt that the integrity of themanagement cannot be relied on?

(3) Absence of collusion, irregularities andsatisfactory internal controls

Postulates three and four are interrelated since both are concernedwith something called ‘internal control’. (You’ll be looking at thetopic of internal control in Session 6 but, in brief, internal controlsare procedures/safeguards included in the accounting informationsystem to prevent errors and abuse.)

Unfortunately, even the most sophisticated internal controls cannotprevent all forms of collusion. However, the auditor should notassume collusion because this would invalidate reliance on anyinternal controls.



Auditing standards state that, regardless of the assessed levels ofinherent and control risks, auditors should perform somesubstantive procedures on the material account balances andclasses of transactions.

In other words, even the presence of perceived adequate internalcontrol systems cannot eliminate the need to audit the accountbalances. Auditors must, therefore, examine and test sometransactions written into the books of account of the organisationbeing audited. They do so in order to ensure that the balances thatgo into the accounts are correct and that they exist.

(4) Consistent application of GAAP

Consistency in the preparation of financial statements is of primaryimportance. Accounting standards are designed to eliminateinconsistent accounting and creative accounting techniques.

(5) Past evidence holds true in the future

This postulate implies the going concern concept originally outlinedin SSAP 2 (see Book 1). Thus, previous accounting treatments foritems applied in the past should be acceptable in the future.However, it should be remembered there may exist certain areas ofthe accounts where previous difficulties may have been experiencedthat may recur.

Following the introduction of Statement of Auditing Standards 130(SAS 130), The Going Concern Basis in Financial Statements, theauditor’s responsibility for ensuring that a company really is a goingconcern increased. This SAS has now been replaced by InternationalStandard on Auditing 570 (ISA 570), Going concern, but this has notchanged the auditor’s responsibility in this area. Thus the auditorshould not assume the previous going concern status will be validfor the future, and thus profit levels, liquidity levels and cash flowforecasts will have to be considered. If the entity is not considered tobe a going concern then the accounts will have to be prepared on aliquidation basis – that is, valued at the amount the assets wouldrealise if they were sold.

(6) The auditor acts exclusively in an auditcapacity

This postulate is concerned with the auditor’s independence. Theprofessional accounting bodies have introduced codes of conduct toensure auditors remain independent.


Why do you think some auditors, especially those in small audit firms,may find it difficult to remain completely independent?



(7) Auditors’ professional status

UK auditors must be registered with a recognised supervisorybody – typically, one or other of the professional accounting bodies.The professional accounting bodies have their own codes of ethicsand behaviour that are rigorously enforced. Failure to act in aprofessional manner in their audit capacity can lead members toface disciplinary action and even suspension or dismissal from theirprofessional body as well as being liable to be sued for negligence bythe client.

Robertson: The Eighth Postulate

A further postulate was added later by Robertson. This states that:

. audited information is more useful than unaudited information.

You’ll remember considering this when we looked at the smallcompany audit threshold.

Activity 1.2

Can you cite any examples where audited information has proved notuseful?

Clearly, it will be remembered that if the audit opinion is that theaccounts show a true and fair view then there will be no materialmisstatements within them. Overwhelmingly, this is the case inpractice and the financial statements may be relied on by the usersof that financial information. However, from Book 1, you will recallsome of the examples in the two readings by Terry Smith concerningthe way in which accounting information can be manipulated.

Robertson’s postulate links auditing theory to agency theory, a topicthat is covered in more detail in Book 12.



Agency theory

As you know, auditors act as agents for the shareholders. Theauditor reassures the shareholders as to the true and fair view ofthe financial statements that present the financial effects of thestewardship of the company by its appointed managers during thelast accounting period. In relation to this:

. the cost of the audit is borne amongst all the shareholders

. it is impractical for each individual shareholder to check the accounts

. an audit enforces the fiduciary duties of stewardship on themanagers to act in the best interests of the shareholders.

Summary

You now know what is meant by a ‘true and fair view’, the purposeand scope of auditing and the regulations relating to small companyaudits. You also know what is meant by the ‘audit expectations gap’and should be aware of the manner in which the audit postulatesunderpin the auditing process.

You’ve now a self-assessed question to do. Be sure you havecompleted it and compared what you wrote with the suggestedanswer at the back of the book before you start Session 2,Professional audit ethics and the Auditing Practices Board (APB).


Connect your computer to the Internet, open your web browser andnavigate to the APB’s website via the FRC’s website (www.frc.org.uk/ ).Spend at least 15 minutes looking through the site. This time, look atthe APB’s work programme.




SESSION 2

Professional audit ethicsand the AuditingPractices Board (APB)

Introduction


(1) describe the professional and ethical framework within whichauditors operate

(2) explain what is meant by ‘due care, skill and competence’ in anaudit context

(3) explain the components of the rules of professional conduct

(4) describe the role and scope of the Auditing Practices Board andhow auditors must comply with professional audit standards.

In this session, you’ll be looking at ethics and at how they relate toauditing, and at the work and impact of the Auditing PracticesBoard on auditing practice.

Ethics are moral principles or rules of conduct in human society.This also extends to the business environment. Each of the majorchartered professional accounting bodies requires the observance ofa set of rules of conduct of that professional body as a condition ofmembership. Any member breaking these professional rules ofconduct may expect to be disciplined and ultimately expelled frommembership.

Let’s look first at what we mean by ‘business ethics’.

2.1 Business ethics

Business ethics refers to corporations behaving in accordance withthe rules of moral behaviour. Broadly, there are two opposingapproaches to ethics:

(1) saying that certain things are always morally right or wrong; forexample, this point of view would say that killing someone isalways wrong

(2) saying that we should weigh up the costs and benefits of eachaction before deciding whether it is morally right or wrong; thisapproach would say that killing people may be right or wrong, itwould depend on the circumstances, and that, sometimes, therights associated with killing can outweigh the wrongs.

In business, the first approach would lead to people saying, forexample, that selling cigarettes is wrong whereas the secondapproach would say that we have to weigh up the benefits of

Auditors have to abideby stringentprofessional ethics

PROFESSIONAL AUDIT ETHICS AND THE AUDITING PRACTICES BOARD (APB) SESSION 2


allowing the sale of cigarettes. For example, the benefits of freedomof action and job creation versus the costs of smokers dying.

Sometimes it is wrong to say that an action is ‘unethical’. It alldepends on the approach to ethics you adopt.

Having seen what ethics are, the next question is why are ethicsimportant in auditing?

Activity 2.1

Why do you think ethics are important in auditing?

Spend two minutes writing your thoughts in the space below.

One very obvious reason is that auditors have to assess whether thefinancial statements represent a true and fair view. To be able to dothis, they need to behave with integrity. However, auditors areneither asked nor expected to sit in ethical judgement on thecompanies that they audit.

Hence, if their client is pouring poisonous waste into a local river,this is not relevant to the work of the auditor (unless the companyhas failed to account for the fines it will incur!) and the auditorshould not comment on it in the audit report.

Activity 2.2

Now, consider what the auditor should do if this company promoted itselfas being ‘green’. That is, that it respected nature and the environmentand would do nothing to hurt either.

What do you think the auditor should do?

Spend two minutes writing your thoughts in the space below.



The short answer is, the auditor should do nothing. The longeranswer is, it depends ... a company that claims to be ‘green’ when itclearly isn’t may face large legal claims when the truth ‘gets out’.It may even face going out of business if the principal reason whypeople purchase its premium-priced products is that it is ‘green’.Normally, faced with a situation like this, the auditor wouldincrease the extent of the going concern aspects of the audit andwould seek additional assurances from the management concerninglitigation risks.

Another example would be where a company develops a new productthat it knows can damage the health of consumers. However, theproduct is not illegal, other companies also produce it, andconsumers do not know about the negative side effects. The decisionby the company as to whether or not it goes ahead with the productwill depend, to some extent, on the company’s ethical stance.

If it does not go ahead, it is adopting the first ethical approach – itis saying that it is always wrong to damage the health of consumers.If it does go ahead and sell the product, it is adopting the secondethical approach, that the benefits to the company outweigh thelong-term (health) costs to consumers.

If you think about this, you’ll identify a lot of companies that adoptthe second ethical approach. Cigarette manufacturers and gunmanufacturers are possible examples. Motor car manufacturers area less obvious possibility. Auditors have to audit all these and manyother companies, the products and practices of which can appearunethical to someone who adopts the first approach to ethics. Thekey thing external auditors have to remember is to set their ownethical stance aside and focus on the true and fair aspects of thefinancial statements.

Now, let’s look at how an auditor is meant to approach the job ofauditing a company.

2.2 Due care, skill and competence

Every accountant in public practice, including auditors, is obliged bythe law to provide services of appropriate quality. Thus, for example,the Supply of Goods and Services Act 1982 imposes a duty of care onthe accountant and auditor in providing client services.

The standard of work required of the auditors of a limited companyis not defined by the Companies Act 1985 and this has evolved fromcommon law. Generally speaking, the auditor will be expected todemonstrate due skill, care, diligence and expedition. However, asthe ACCA states in its professional guidance statement, ProfessionalLiability, how these are defined depends on the circumstances ofeach individual audit. Higher degrees of skill and care will beneeded when the audit work is of a specialised nature or wherenegligence is likely to cause substantial loss. As a further guide,when assessing the adequacy of an auditor’s work, reference will bemade to how far the auditor has complied with auditing standardsissued by the APB (Auditing Practices Board).



2.3 Rules of professional conduct

Figure 2.1 illustrates the interrelationship between the componentparts of professional conduct. Every professional body will have itsown professional ethics and behaviour required, not only of its fullyqualified members, but also of its student members.

rules of professional conduct

fundamentalprinciples

specific guidancestatements

confidentiality professional workintegrity, objectivity,independence

Figure 2.1 Rules of professional conduct

Let’s now consider each of these components.

Fundamental principles

Members of professional accounting bodies should always behavewith integrity in all of their professional, business and personalfinancial relationships. They should also behave objectively in alltheir professional and business judgements, and never accept workor perform work that they are not competent to undertake. Whenany professional work is undertaken it should be done with dueskill, care, diligence and expedition, and with proper regard fortechnical and professional standards. Members are required tobehave with courtesy and consideration towards all with whom theycome into contact.

Integrity, objectivity and independence

Specific guidance statements have three components of integrity,confidentiality and obtaining professional work. The ACCA guidancestatement on integrity states:

A member’s objectivity must be beyond question if he or she is toreport as an auditor. That objectivity can only be assured if themember is and is seen to be independent.

This means that the concept of independence is fundamental to theaudit. It is not enough that the auditor is independent, the auditormust be seen to be independent. Therefore, in attaining overallintegrity, objectivity and independence the auditor should not acceptclients if the auditor becomes unduly dependent on that client. Thisis measured in the percentage fee terms that such a clientcontributes to the overall recurring fee income of the firm. Thus aclient should not be accepted if:

. it contributes more than 15% of overall fee income or comes froma group of connected clients



. it is more than 10% of overall fee income from a public interestcompany (e.g. a public limited company).

Other means of ensuring independence are to avoid family andother personal relationships when accepting a client and avoidingany work where associated firms could exert external influences.The auditor should also avoid beneficial interests in shares or otherinvestments in the client or accept or grant loans to such clients oraccept gifts other than modest ones from his client.

Many audit firms also provide additional services to clients,especially smaller companies. Generally speaking it is acceptable toprovide these other services when it does not serve any executivefunction. It is also permissible for auditors to prepare the finalaccounts of a client but only for private companies. It is notpermissible to do so for public companies.

Activity 2.3

Can you think of any measures that could be introduced to foster greaterindependence of auditors?

Until quite recently, many auditors held office for considerableperiods without any changes in appointment. This led to accusationsof client and auditor relationships becoming too close. That is, thatthey became accustomed to one another and that auditors in thissituation might be susceptible to pressure from the client to go alongwith what the client wished when a less familiar relationship wouldhave avoided such overtures being made or condoned.

Following much criticism, it is now more common practice to changeauditors periodically. This has been helped by the introduction ofAudit Committees by many public listed companies arising out ofincreased corporate governance.

More radical proposals have suggested creating a State AuditingBoard, which would be similar to the Audit Commission in thepublic sector.

Confidentiality

The auditor should not make improper disclosures of confidentialinformation obtained during the course of his audit. The only timeswhen this is permissible are when the prior permission of the clienthas been obtained or where there is a right or duty to disclose thisinformation. (This arises when the auditor discovers that the clienthas committed treason, terrorism or is involved in drug trafficking.)



In addition, International Standard on Auditing 250 (ISA 250),Consideration of laws and regulations in an audit of financialstatements, requires that if the auditor discovers non-compliancewith law and regulation that impacts on the accounts, it should bedisclosed in the audit report.

As well as obligatory disclosures there may arise the need forvoluntary disclosures. This is permissible when disclosure isnecessary to protect the member’s interest. The process of law mayalso require voluntary disclosure where there is a public duty todisclose or where government bodies have to be informed.

Professional work

When the auditor seeks to obtain work he should not do so in anunprofessional manner. Audit firms are permitted to advertise butthis has to be within recognised advertising codes and standards. Itis not permissible to include disparaging remarks in this advertisingabout other audit firms. Approaching prospective clients includesdirect mailing but no follow up contact or ‘cold calling’ is allowed.

When the audit fee is negotiated it should clearly reflect the auditservices and audit time that will be provided. Using third parties tosecure clients and paying commissions to them is not allowed, nor isthe harassing of potential clients.


Please open the electronic material on your PC and work throughSection 2.3, Professional ethics.


2.4 Auditing standards and the APB

The Auditing Practices Board (APB) is the audit standard-settingbody in the UK and was established in 1991 replacing the AuditingPractices Committee (APC). In April 2002 the APB was replaced bythe current body, also named the Auditing Practices Board. It is partof the Financial Reporting Council.




Please open the electronic material on your PC and work throughSection 2.4, The Auditing Practices Board.


The objectives of the APB

The APB has adopted a structure of issuing compulsory Statementsof Auditing Standards (SASs) covering essential principles andprocedures, and explanatory material designed to assist ininterpretation and application.

Prior to December 2004, the APB issued SASs and as alreadynoted these have been replaced by International Standards onAuditing (UK and Ireland) (ISAs), which are mandatory for allaudits of financial statements for periods commencing on or after15 December 2004. ISAs are produced by the APB following thoseissued by the International Auditing and Assurance StandardsBoard (IAASB). The IAASB functions as an independent standardsetting body under the auspices of the International Federation ofAccountants (IFAC). Until 2002, the IAASB was known as theInternational Auditing Practices Committee.

The APB fulfils the following functions:

. to establish high standards of auditing

. to meet the developing needs of users of financial information and

. to ensure public confidence in the auditing process.

To meet these criteria, the APB:

n establishes and publishes statements of principles and procedureswith which auditors are required to comply in carrying outaudits; these are International Standards on Auditing

n offers other explanatory material in assisting auditors in theirapplication of ISAs; these are Practice notes and bulletinsand Statements of Investment Circular ReportingStandards (SIRs)

n participates in the development of statutes, regulations andaccounting standards that affect the audit profession; thisincludes the preparation and promulgation of ethical standards

n promotes the value and cost-effectiveness of audits



n consults with the users of accounts to ensure that the APBprovides prompt and effective responses to developing needs andissues

n advances the public perception and understanding of the rolesand responsibilities of auditors.

Activity 2.4

You’ve already met this last objective of the APB. Do you remember whatyou were looking at then?

The audit expectations gap.

APB pronouncements

The APB issued The Scope and Authority of APB Pronouncements(Revised) in December 2004. This is available on their website,which you can access via the FRC’s website www.frc.org.uk/. Youwill find this document by following the links to ‘Publications’ then‘Other’. It describes the new process by which APB pronouncementsare produced, and on page 9 (Appendix 1) there is a useful diagramshowing the structure of the various pronouncements. Apart fromthe ISAs, the APB issues Practice notes and bulletins andStatements of Investment Circular Reporting Standards.


Connect your computer to the Internet, open your web browser and oncemore navigate to the APB’s website (via www.frc.org.uk/ ). From withinthe site, obtain definitions for:

(1) ISAs

(2) Practice notes and bulletins

(3) SIRs




You can visit this site at any time to discover emerging topics andother useful information regarding the development of the UK auditprofession.

When the APB announced its intention to adopt ISAs and theInternational Standard on Quality Control (ISQC) issued by theInternational Auditing and Assurance Standards Board (IAASB),the APB explained that international standards were in the processof being significantly strengthened. The APB has contributedsubstantially to this work and believes that it results in improvedstandards for all audits. The IAASB has a Consultative AdvisoryGroup that consists of representatives from a wide variety oforganisations that have an interest in international auditing issues.

Where necessary, the APB has augmented the internationalstandards with additional standards and guidance to maintain therequirements and clarity of the UK and Irish SASs. This additionalmaterial has been distinguished from the original text of theinternational standards by the use of grey shading. The UKDepartment of Trade and Industry has observer status at APBmeetings, meaning that their representative is entitled to attendand speak, but not to vote. Thus the government has an input intothe APB’s work.

Do auditors need to follow ISAs?

In conducting any audit the APB assumes that the auditor willobserve the various ISAs. They are the audit equivalent of accountingstandards. By observing the ISAs and other pronouncements theauditor will be demonstrating best professional practice andtechnical competence. The APB has stated in its Scope and Authorityof APB Pronouncements (Revised):

Apparent failures by auditors to comply with APB standards areliable to be investigated by the relevant accountancy body. Auditorswho do not comply with auditing standards when performingcompany or other audits make themselves liable to regulatory actionwhich may include the withdrawal of registration and hence ofeligibility to perform company audits.

Auditors have to comply with professional and ethical guidelines or sufferdisciplinary action



Thus, a failure to observe these ISAs and other pronouncementscan have serious consequences for auditors, which can lead todisciplinary action from their professional body, which couldultimately lead to auditors no longer being allowed to practise asauditors. There will also be substantial damage to the auditors andtheir firms’ reputations.

You may wonder how the APB will discover incidences ofnon-compliance by audit firms. Well, one way is for clients orusers of accounts to complain to the APB. Another is that eachprofessional body actively monitors the performances of allregistered audit firms. In essence, auditors are audited! Thus, forexample, auditors of public interest entities will be periodicallyvisited by the Audit Inspection Unit (AIU) which reports directlyto the recently created (2005) Professional Oversight Board forAccountancy (itself a division of the Financial Reporting Council).The monitoring of audits that do not come within the scope of theAIU is the responsibility of individual professional bodies. Failureto meet the required standards can lead to disciplinary action.Those firms that regularly offend are visited more frequently.

What else does the APB do?

The APB regularly meets to review and develop responses tochanges in the business community which impact on audit practice.

The continuing work of the APB falls into the following categories:

. establishing auditing standards for the UK and Republic ofIreland

. developing guidance where additional guidance is considered tobe beneficial

. developing assurance standards to give guidance to auditors whoare providing assurance services other than the audit offinancial statements

. establishing ethical standards in relation to the independence,objectivity and integrity of external auditors and those providingassurance services

. assisting in the development of statutes, regulations andaccounting standards which have an impact on auditing bothdomestically and internationally

. contributing to efforts to advance public understanding of thework of auditors (including via the sponsorship of research).

Table 2.1 presents a list of ISAs. Reference to these ISAs will bemade throughout the remainder of this book.



Table 2.1 International Standards on Auditing (UK and Ireland) (ISAs)

Glossary of terms

International Standard on Quality Control (UK and Ireland) 1

200 Objective and general principles governing audit of financial statements

210 Terms of audit engagements

220 Quality control for audits of historical financial information

230 Audit documentation

240 The auditor’s responsibility to consider fraud in an audit of financial statements

250 Consideration of laws and regulations in an audit of financial statements

260 Communication of audit matters with those charged with governance

300 Planning an audit of financial statements

315 Obtaining an understanding of the entity and its environment and assessing the risks of materialmisstatement

320 Audit materiality

330 The auditor’s procedures in response to assessed risk

402 Audit considerations relating to entities using service organisations

500 Audit evidence

501 Audit evidence – additional considerations for specific items

505 External confirmations

510 Initial engagements – opening balances and continuing engagements – opening balances

520 Analytical procedures

530 Audit sampling and other means of testing

540 Audit of accounting estimates

545 Auditing fair value measurements and disclosures

550 Related parties

560 Subsequent events

570 Going concern

580 Management representations

600 Using the work of another auditor

610 Considering the work of internal audit

620 Using the work of an expert

700 The auditor’s report on financial statements

710 Comparatives

720 Other information in documents containing audited financial statements

The full text of ISAs can be found via the Financial Reporting Council’s website, www.frc.org.uk/ byfollowing the links to the Auditing Practices Board and then Publications.



Activity 2.5

It is noticeable from the above list that there is no specific ISA forcomputer auditing. There used to be a computer audit guideline issuedby the former ASC and there was an international accounting standardfor computer auditing at one time. Why do you think the current list ofISAs does not include one on computer auditing?

The APB has considered it unnecessary to issue a specific auditguideline since all the existing ISAs cover all the relevant areas thatwould be encountered with auditing financial statements which arekept and prepared by accounting software packages. Nonetheless,Practice notes and bulletins have been issued in this area. The Year2000 computer bug problem (when it was feared that the change toa new century would cause older computer systems to crash as theywould assume all dates related to the 1900s) was an example.

Summary

You should now be aware of the relationship between businessethics and the work of the auditor and be able to explain what ismeant by ‘due care, skill and competence’ in an audit context. You’vealso learnt about the rules of professional conduct relating toauditors, of the role and scope of the Auditing Practices Board, andof how auditors must comply with professional audit standards.

Now, you’ve a self-assessed question to do. Be sure you complete itand understand the answers provided before you start Session 3,The audit appointment process – the auditor.


Please return to the electronic material on your PC and completeSelf-assessed Question 2.1.



SESSION 3

The audit appointmentprocess – the auditor

Introduction


(1) explain who can become an auditor

(2) explain who cannot become an auditor

(3) describe the regulations relating to the appointment,resignation, and removal from office of an auditor.

The authority to approve someone as a company auditor is held byRecognised Supervisory Bodies (RSBs). Examples include theInstitute of Chartered Accountants in England and Wales (ICAEW),the Institute of Chartered Accountants of Scotland, and theAssociation of Chartered Certified Accountants (ACCA). The RSBsare themselves regulated in this matter by the Companies Act.

3.1 Who can become an auditor?

As well as being registered with an RSB, an auditor must be aqualified member of one of the following bodies:

. the Association of Chartered Certified Accountants (ACCA)

. the Institute of Chartered Accountants in England and Wales(ICAEW)

. the Institute of Chartered Accountants of Scotland (ICAS)

. the Institute of Chartered Accountants in Ireland (ICAI)

. the Association of Authorised Public Accountants (AAPA)

. the Association of International Accountants (AIA)

. the Chartered Institute of Public Finance and Accountancy(CIPFA) (public sector audits only)

. specially authorised on the grounds of having overseasqualifications, adequate knowledge and experience or pre-1947experience.

In reality, it is highly unlikely that there are still active auditorspractising with pre-1947 experience!

In summary, the RSBs approve individuals as company auditors andin order to gain that approval an individual must be a member ofone of the bodies listed above.

THE AUDIT APPOINTMENT PROCESS – THE AUDITOR SESSION 3



Why do you think a qualified member of the Chartered Institute ofManagement Accountants (CIMA) is not included in the above list ofapproved auditors?

Now, let’s use the electronic material to look at this in more detail.


Please open the electronic material on your PC and work throughSection 3.1, Who can be appointed as an auditor?


3.2 Who cannot become an auditor?

As you saw in the last electronic activity, officers and servants of acompany, or their partners or employees, cannot act as auditor of thatcompany. However, there is also the more obvious excluded group.


Can you suggest what is the more obvious group excluded from auditing?



All the criteria have been introduced to preserve the independenceand objectivity of the auditor.


What would you advise an auditor to do who became ineligible tocontinue in the role as a company auditor after work on the audit hadalready been commenced?

3.3 Appointing and removing theauditor and resignation ofthe auditor

As we’ve seen, most companies have to appoint an auditor annually.This is usually accomplished at the company’s Annual GeneralMeeting (AGM). This fulfils the statutory requirement prescribed bythe Companies Act 1985, whereby the members vote in the auditorto office from the conclusion of that AGM until the conclusion of thefollowing year’s AGM.

Strict rules govern the appointment of auditors



The reason the auditor is appointed at the end of the AGM is inorder to allow him to speak, if necessary, on the financial statementsbeing considered at the AGM for approval by the members. Thesame auditor is not necessarily reappointed at the next AGM, sincethe decision relies on the vote carried out at the AGM.


Please open the electronic material on your PC and work throughSection 3.3, Appointment, removal and resignation of an auditor.


Now, let’s build on that electronic activity by looking in more detailat these issues.

Appointment of the auditor

The appointment of the auditor is made by the directors of thecompany in the first year or when a casual vacancy arises. Thelatter arises when the auditor vacates office for some reason sometime during the term of the appointment.


Why do you think directors are allowed to appoint the auditors in theseinstances?

If no auditor is appointed, the Secretary of State for Trade andIndustry must be informed within one week and he or she willappoint the auditor instead.

In some cases relating to an audit appointment, the company mustgive a 28-day special notice for a resolution to be passed at acompany’s general meeting according to the Companies Act 1985.



This type of resolution arises when:

. the proposal is to appoint as auditor a person other than theretiring auditor

. to fill a casual vacancy in the office of the auditor

. to reappoint as auditor a retiring auditor who was appointed bythe directors to fill a casual vacancy.

On receipt of any such proposed resolution, the company mustimmediately send a copy of the resolution(s) to:

. the person whom it is intending to appoint

. the retiring auditor, if applicable

. the resigning auditor, if applicable, where a casual vacancy wascaused by a resignation.

Resignation of the auditor

The Companies Act 1985, s394, also provides that, if auditors resignfrom office, they must give an explanation of the reasonssurrounding their resignation. If the resignation is made during thetime of their office they must:

n deposit a written notice of their resignation at the registeredoffice of the company

n resignation is effective from the day the notice is received unlessthe auditors have specified some later date

n the auditors must state either that there are no circumstancesconnected with their resignation or give a detailed statement ofthe circumstances surrounding their departure.


Which stakeholders do you think would specifically be interested in thereasons surrounding the resignation of the auditors?

As well as depositing this resignation notice, the auditors mayrequest the company to convene an extraordinary general meetingin order that these circumstances can be brought to the attention ofthe members. If this is the case, then the meeting must take placewithin 28 days of the notice convening the meeting. The auditorscan require the company to:

. circulate their written resignation circumstances to the membersor, if this proves impractical, it can be read out at theextraordinary general meeting (the company could apply to thecourt again if it believes needless publicity is being pursued)



. the resigning auditors can still attend and receive notices aboutforthcoming company meetings at which either their vacantoffice is to be filled or at which their office would have normallyfinished; they also have the right to be heard at such a meetingon any part of the business which concerns them as formerauditors.

Removing the auditor

The authority to remove an auditor is given to the shareholders ingeneral meeting by the Companies Act 1985.


Why do you think it is the shareholders rather than the directors who aregiven the right of removing the auditor?

To remove the auditors from office requires the passing of anordinary resolution of which a special notice has been given. Theauditors should be given a copy of this notice. If the resolution issuccessful, the Registrar of Companies has to be informed within14 days. The auditors are allowed to make representations as towhy they should retain their office. The resolution to be consideredshould state that audit representations have been received and acopy of these representations should be sent to the members. If thishas not been done due to pressure of time, the auditor can havethese representations read out at the meeting.

Auditors who are removed from office also have the right to:

. receive all notices relating to the general meeting at which theiroffice would have expired

. receive all notices relating to any general meeting at which it isproposed to fill the casual vacancy caused by their removal

. attend any general meeting at which it is proposed to fill thecasual vacancy caused by their removal

. speak at such meetings on any part of the business whichconcerns them as former auditors.



Summary

You now know who can and cannot be appointed an auditor and theregulations relating to the appointment, resignation, and removalfrom office of an auditor. In the next session, we’ll look at the formalprocesses the auditor will have to perform before accepting a newclient.

Now, you’ve a self-assessed question to do. It contains fourquestions. Be sure you have answered them all and that you agreewith the answers before you start Session 4, The audit appointmentprocess – the client.


Please return to the electronic material on your PC and completeSelf-assessed Question 3.7.



SESSION 4

The audit appointmentprocess – the client

Introduction


(1) explain the formal processes the auditor will have to performbefore accepting a new client

(2) describe the contents of a typical audit engagement letter

(3) describe the rights and duties of an auditor

(4) explain what is meant by ‘defensive auditing’ and why it isbecoming increasingly common.

We’ve now considered how the auditor is appointed or removed bythe client company and what criteria the auditor has to fulfil to takeup office. However, before the auditors accept a new appointmentthey should conduct a client screening review.

4.1 Client acceptance

The audit firm will have to consider whether to accept the clientbased on the following criteria:

. whether the audit firm is competent to accept the audit

. references in respect of the prospective client

. communications with the present auditors if they exist.

Audit competence

It may seem strange that this should be considered by a qualifiedauditor! The prospective client may be involved in a specialisedbusiness area such as the provision of financial services or it may bea public sector client that requires distinctive knowledge that theaudit firm does not possess. The pragmatic issue of having sufficientaudit resources to take on a new client should also be decided.

Client references

Before accepting the audit appointment, the auditor should makeenquiries about the prospective client. This will be undertaken inorder to consider and assess the risk attached to the client withregard to the business being a going concern, the financial controlsoperating within the business, the accounting policies adopted, andthe integrity and knowledge of the current management team.




How would you find out this information before accepting a new client?

Communicating with previous auditors

The prospective auditors will find it beneficial to enter intocommunication with the previous auditors. Before communicatingwith the outgoing auditors, the new auditors should inform theclient that they have a professional duty to communicate with thecurrent auditors in order to obtain information that may assist indeciding whether or not to accept the nomination.


What do you think the prospective new auditors should do if the clientrefuses permission to contact the outgoing auditors?

Audit independence

Professional independence is fundamental to the auditor’s approach,which, as we have seen, is characterised by integrity and objectivity.However, conflicts of interest between the auditor and the client canarise from:

. personal relationships

. financial involvement with or in the affairs of the client

. preparation of accounting records

. provision of other services to the client

. dependence on one client.

THE AUDIT APPOINTMENT PROCESS – THE CLIENT SESSION 4


If auditors consider themselves not to be independent, theappointment must be declined.

The Consultative Committee of Accountancy Bodies (CCAB)Statement 1 Professional Independence made the followingrecommendations:

n conflict should be avoided as far as possible by not accepting anyappointment or assignment in which conflict seems likely to occur

n an audit practice should ensure that it does not have a client inwhich a partner or his spouse or infant child is a beneficialholder of shares

n an audit practice should not make a loan to a client or guaranteesuch a loan and should not receive from a client a loan or guarantee

n audit partners should not accept from clients goods or services orundue hospitality

n an audit practice should not participate in the preparation of theaccounting records of a public company

n care should be taken when providing other services for the clientnot to participate in any function other than as auditor which mightplace the auditor in the position of officer or servant of the company

n an audit practice should endeavour to ensure that the recurringfees paid by one client do not exceed 15% of the gross fees of theaudit practice.

4.2 Acceptance of the auditnomination

Once all of these criteria have been met the prospective newauditors may then accept the nomination. They must:

. ensure that the outgoing auditor’s departure complies with therequirements of the Companies Act 1985

. ensure that the new appointment is properly conducted

. send out a letter of engagement to the directors of the company.

The engagement letter

The engagement letter details the contract between the auditorsand the client. ISA 210 covers this topic. The objective of theengagement letter is to define the auditors’ responsibilities towardsthe client and minimise the possibility of misunderstanding betweenboth parties. It is a written document which should be signed byboth the auditors and the client. A copy of the engagement lettershould be retained by both parties. The directors or the company’saudit committee normally agree it on behalf of the client, and itshould be agreed on and signed before the audit commences.

The engagement letter remains effective until the auditappointment ceases. However, the terms of the engagement lettermay be changed during the course of the audit if circumstancesdemand. If this is the case a new engagement letter should bedrafted, agreed and retained by both parties.



Activity 4.1

An example of an engagement letter is shown over the next few pages.

Spend at least 30 minutes reading through it carefully, identifying andnoting the major items referred to within it.

ISA 210 suggests that a typical engagement letter may cover someor all of the following points:

. arrangements regarding the planning and performance of theaudit

. expectations that management will supply written confirmationconcerning representations made in connection with the audit

. a request for the client to confirm the terms of the engagementby acknowledging receipt of the engagement letter

. a description of any other letters or reports the auditor expectsto issue to the client

. how fees are computed and any billing arrangements.

If relevant, it is suggested that the letter could also include:

. arrangements concerning the involvement of other auditors andexperts in some aspects of the audit

. arrangements concerning the involvement of internal auditorsand other client staff

. arrangements to be made with any predecessor auditor

. any applicable restriction of the auditor’s liability

. reference to any further agreements between the auditor and theclient.


What circumstances do you think could arise to require the redrafting ofan engagement letter?



[Audit Firm]

The Board of Directors,

[Potential Client]

[address]

Our ref:

[date]

Dear Sirs,

Audit Engagements

The purpose of this letter is to set out the basis on which we (are to) act asauditors of the company (and its subsidiary undertakings) and the respectiveareas of responsibility of the directors and of ourselves.

1 Responsibilities of directors and auditors

1.1 As directors of the above company, you are responsible for ensuringthat the company maintains proper accounting records and forpreparing financial statements which give a true and fair view andhave been prepared in accordance with the Companies Act 1985. Youare also responsible for making available to us, as and when required,all the company’s accounting records and all other relevant records andrelated information, including minutes of all management andshareholders’ meetings.

1.2 We have a statutory responsibility to report to the members whether inour opinion the financial statements give a true and fair view andwhether they have been properly prepared in accordance with theCompanies Act 1985. In arriving at our opinion, we are required toconsider the following matters, and to report on any in respect of whichwe are not satisfied.

(a) whether proper accounting records have been kept by the company;(and proper returns adequate for our audit have been received frombranches not visited by us;)

(b) whether the company’s balance sheet and profit and loss accountare in agreement with the accounting records and returns;

(c) whether we have obtained all the information and explanationswhich we consider necessary for the purpose of our audit; and

(d) whether the information given in the directors’ report is consistentwith the financial statements.

Cont...



In addition, there are certain other matters which, according to thecircumstances, may need to be dealt with in our report. For example, wherethe financial statements do not give details of directors’ remuneration or oftheir transactions with the company, the Companies Act 1985 requires us todisclose such matters in our report.

1.3 We have a professional responsibility to report if the financialstatements do not comply in any material respect with applicableaccounting standards, unless in our opinion the non-compliance isjustified in the circumstances. In determining whether or not thedeparture is justified we consider:

(a) whether the departure is required in order for the financialstatements to give a true and fair view; and

(b) whether adequate disclosure has been made concerning thedeparture.

1.4 Our professional responsibilities also include:

. including in our report a description of the directors’ responsibilitiesfor the financial statements where the financial statements oraccompanying information do not include such a description; and

. considering whether other information in documents containingaudited financial statements is consistent with those financialstatements.

2 Scope of audit

2.1 Our audit will be conducted in accordance with the Auditing Standardsissued by the Auditing Practices Board, and will include such tests oftransactions and of the existence, ownership and valuation of assetsand liabilities as we consider necessary. We shall obtain anunderstanding of the accounting and internal control systems in orderto assess their adequacy as a basis for the preparation of the financialstatements and to establish whether the proper accounting recordshave been maintained by the company. We shall expect to obtain suchappropriate evidence as we consider sufficient to enable us to drawreasonable conclusions therefrom.

2.2 The nature and extent of our procedures will vary according to ourassessment of the company’s accounting system and, where we wish toplace reliance on it, the internal control system, and may cover anyaspect of the business’s operations that we consider appropriate. Ouraudit is not designed to identify all significant weaknesses in thecompany’s systems but, if such weaknesses come to our notice duringthe course of our audit which we think should be brought to yourattention we shall report them to you. Any such report may not beprovided to third parties without our prior written consent. Suchconsent will be granted only on the basis that such reports are notprepared with the interests of anyone other than the company in mindand that we accept no duty or responsibility to any other party asconcerns the reports.

Cont...



2.3 As part of our normal audit procedures, we may request you to providewritten confirmation of certain oral representations which we havereceived from you during the course of the audit on matters having amaterial effect on the financial statements. In connection with therepresentations and the supply of information to us generally, we drawyour attention to section 389A of the Companies Act 1985 under whichit is an offence for an officer of the company to mislead the auditors.

2.4 In order to assist us with the examination of your financial statements,we shall request sight of all documents or statements, including thechairman’s statement, operating and financial review and the directors’report, which are due to be issued with the financial statements. Weare also entitled to attend all general meetings of the company and toreceive notice of all such meetings.

2.5 The responsibility for safeguarding the assets of the company and forthe prevention and detection of fraud, error and non-compliance withlaw or regulations rests with yourselves. However, we shall endeavourto plan our audit so that we have a reasonable expectation of detectingmaterial misstatements in the financial statements of accountingrecords (including those resulting from fraud, error or non-compliancewith law or regulations), but our examination should not be relied uponto disclose all such material misstatements or frauds, errors orinstances of non-compliance as may exist.

2.6 We shall not be treated as having notice, for the purposes of our auditresponsibilities, of information provided to members of our firm otherthan those engaged on the audit (for example, information provided inconnection with accounting, taxation and other services).

3 Other Services

You have asked us to provide other professional services in respect of[...] The terms under which we provide these services are dealt with ina separate letter. We will also agree in a separate letter of engagementthe provision of any services relating to investment business advice asdefined by the Financial Services and Markets Act 2000.

4 Fees

Our fees are computed on the basis of the time spent on your affairs bythe partners and our staff and on the levels of skill and responsibilityinvolved. Unless otherwise agreed, our fees will be billed at appropriateintervals during the course of the year and will be due on presentation.

5 Complaints

We aim to provide you with a fully satisfactory service and [PARTNER]as engagement partner will seek to ensure that this is so. If, however,you are unable to deal with any difficulty through her/him pleasecontact our senior partner. We undertake to look into any complaintspromptly and to do what we can to resolve the position. If you are stillnot satisfied, you may of course take up the matter with[PROFESSIONAL BODY] by whom we are regulated for auditpurposes.

Cont...



6 Applicable Law

This [engagement letter] shall be governed by, and construed inaccordance with [English] law. The Courts of [England] shall haveexclusive jurisdiction in relation to any claim, dispute or differenceconcerning the [engagement letter] and any matter arising from it.Each party irrevocably waives any right it may have to object to anaction being brought in those Courts, to claim that the action has beenbrought in an inconvenient forum, or to claim that those Courts do nothave jurisdiction.

7 Agreement of Terms

Once it has been agreed, this letter will remain effective, from oneaudit appointment to another, until it is replaced. We shall be gratefulif you could confirm in writing your agreement to these terms bysigning and returning the enclosed copy of this letter, or letting usknow if they are not in accordance with your understanding of ourterms of agreement.

Yours faithfully,

We agree to the terms of this letter.

- - - - - - - - - - - - - - - - - - - - - - - - - - - -

Signed for and on behalf of

Date - - - - - - - - - - - - - - - - - - - - - - -

(Source: SAS 140 Engagement Letters)



The engagement letter has become increasingly detailed andlengthy, contributing to what has been termed defensive auditing(which we’ll be looking at in Section 4.4).

4.3 The rights and duties of theauditor

The rights and duties of the auditors once they have accepted officeare derived from the Companies Act 1985. We have already seenwhat these were when we considered what a true and fair viewconstituted.

In order for the auditors to express an opinion on whether theclient’s accounts demonstrate a true and fair view, the auditors needto be able to exercise their statutory rights, as detailed in the nextelectronic activity.

A right to require from the company’s officers such information andexplanations as they think necessary for the performance of their audit duties




Please open the electronic material on your PC and work throughSection 4.3, The rights of auditors.


Table 4.1 The rights of auditors

Companies Act Section Statutory Right Rights in Detail

S389A(1) Access to records A right of access at all times to thebooks and vouchers of the company

S389A(1) Information andexplanations

A right to require from the company’sofficers such information andexplanations as they think necessaryfor the performance of their audit duties

S390(1)(a) and (b) Attendance at and noticesof general meetings

A right to attend any general meetingsof the company and to receive allnotices of any communications relatingto such business which any memberof the company is entitled to receive

S381B(2)/(4) Rights in relation to writtenresolutions

A right to receive a copy of any writtenresolution proposed and where awritten resolution concerning them isproposed to requisition, attend and beheard at any general meeting

S390(1)(c) Right to speak at generalmeetings

A right to be heard at generalmeetings which they attend on anypart of the business that concernsthem as auditors

S253 Right to require laying ofthe accounts

A right to give notice in writing requiringthat a general meeting be held for thepurpose of laying the accounts andreports before the company

Source: HMSO (1985) The Rights of Auditors



4.4 Defensive auditing

An article in the financial press reported that

BDO Stoy Hayward has been fined £150,000 with £600,000 costs bythe Joint Disciplinary Scheme for an appalling catalogue of errorsas auditor of Astra Holdings.

Accountancy Age, August 20, 1998

The incidence of several high-profile corporate scandals, e.g. BCCIand Barings, and the attendant accusations of auditor negligencehave reflected badly on the UK auditing profession. There have alsobeen high-profile scandals internationally. The most notorious ofthese, which led to the collapse of the US-based company Enron,also led to the demise of its auditors, Arthur Andersen. It is notsurprising, therefore, that auditors are attempting to disassociatethemselves from such public criticism. (The problem is made moredifficult by the existence of the audit expectation gap you learntabout in Section 1.4.) In addition, the resulting legal costs andconsequences arising can have a huge impact.

Auditors are also becoming increasingly aware of the activities ofthe Financial Reporting Review Panel, where both the preparersand auditors of the accounts are open to investigation by the Panelregarding the accounting treatment and the disclosures applied.Both parties who contravene the provisions of the Act can suffersevere financial penalties and embarrassing adverse publicity.

In addition, government pressure on the professional accountancybodies has led to the former Joint Disciplinary Scheme (which onlycovered the ICAEW and the ICAS, the other professional bodieshaving their own disciplinary arrangements) being replaced by theAccountancy Investigation and Discipline Board (AIDB). The AIDBcomes under the aegis of the Financial Reporting Council, and hasthe power to discipline accountants and auditors from CIMA,CIPFA, ICAEW, ICAS and ACCA.

The accumulation of these pressures has led to a more circumspect,and cautionary approach to conducting audits or, as it has beentermed, to the widespread adoption of a ‘defensive auditing’attitude. This has manifested itself in several ways:

. greater care concerning client relationships

. increasingly prescriptive accounting and auditing standards

. more detailed engagement letters – look at the length of theengagement letter you read in Activity 4.1!

In terms of client relationships, auditors are now far more guardedwith any advice they offer, and will often resort to seeking legaladvice as a safeguard before responding to the most innocuous ofenquiries. This, in turn, slows down the audit process and, from theclients’ perspective, diminishes the service they receive whileincreasing its costs to them.



Auditors have become more guarded in recent years in offering opinionsoutside their audit remit

Preparers of the financial statements have always been permittedthe choice of alternative methods of presentation within the UKfinancial framework in order to give a true and fair view. This willcontinue to be the case under IFRSs. Inevitably, most preparershave selected the option that presents the entity in the mostfavourable manner. Auditors, on the other hand, will elect for themost technically correct option.

In the current auditing climate, the auditors’ opinion will prevail.Previously if the auditors had not considered the matter to befundamental to the true and fair view, they would often havefollowed the client’s wishes. The new audit stance has convincedmany clients that auditors are both uncommercial andunsympathetic to their wishes.

Thus, increasing tension has arisen between clients and auditorswith the former alleging that a lesser service is now being offered.

The activities of the ASB and the IASB have also influenced thesituation with the development of more prescriptive accountingstandards. This approach has been favoured by auditors since itremoves the degree of choice available in the preparation offinancial statements. By necessity, this reduces the work of theauditor who no longer has to exercise such a wide professionaljudgement as previously, and reduces the risk of litigation againstthe auditors.



The implication of these shifts in the audit environment is thatthe audit profession will increasingly seek to minimise its riskexposure, and will adopt an increasingly cautious approach inorder to do so.

Small audit firms and defensive auditing

Although the major audit scandals involve the large audit firms,the smaller audit firms have also felt their impact. Such firmshave fewer staff, and financial resources, and so the impact oflitigation is proportionately that much greater. Probably thegreatest area of risk for the small practitioner is in the area ofbusiness advice coupled with Capital Gains Tax. If this fallsoutside their normal experience, such audit firms should seekspecialist advice where previously they would have relied on theirown in-house expertise.

A frequent criticism levelled at small audit firms is that theyhave failed to properly plan and record the audit workundertaken, or to adhere strictly to the auditing standards. Manysmall audit firms now consider conducting either a hot review orcold review as appropriate. A hot review is a review usuallycarried out on perceived high-risk assignments by an individualnot involved in the audit prior to the audit report being signed.A cold review is a quality control procedure carried out aftercompletion of the audit.

Summary

You now know about the formal processes an auditor will have toperform before accepting a new client, including the content of atypical engagement letter. You have learnt about the rights andduties of an auditor and of the growing move towards defensiveauditing. In the next session, you’ll be looking at the preparationsmade before an audit.

Now, you’ve a self-assessed question to do. Be sure you havecompleted it and compared what you wrote with the suggestedanswer at the back of the book before you start Session 5, Auditplanning.


Connect your computer to the Internet, open your web browser andsearch for information concerning the Barings scandal. (Do not use anapostrophe.)

If you experience difficulties in finding anything on this topic, you mayfind what you are looking for if you search instead on the name‘Nick Leeson’.



Spend at least 30 minutes looking for this information and writing yourown notes on what occurred.




SESSION 5

Audit planning

Introduction


(1) explain the need to carefully plan an audit before attemptingany testing of the system and balances

(2) explain the difference between the audit plan and the auditprogramme

(3) explain what the implications of risk are for the conduct of theaudit and the way auditors can minimise audit risk

(4) explain how to use the audit risk model

(5) describe the merits and demerits of adopting risk-based auditing

(6) explain materiality in the context of audit planning.

In order that the audit is effective and efficient, it should be plannedprior to the start of the audit. In planning the audit, the auditor will beguided by ISA 300, Planning an audit of financial statements andISA 315,Obtaining an understanding of the entity and its environmentand assessing the risks of material misstatement. ISA 300 requires that:

The auditor should plan the audit so that the engagement will beperformed in an effective manner.

The overall strategic approach to the audit will be composedthrough the audit plan while a more detailed audit approach willbe accomplished through an audit programme.


Why do you think the auditor should spend time planning the audit? Isthis a waste of valuable audit time that could be spent checking thefinancial statements?



5.1 The audit plan

The audit planning exercise should be a formal exercise that iscarefully prepared. ISA 300 states that:

The auditor should develop an audit plan for the audit in order toreduce audit risk to an acceptably low level.

The audit plan should be documented to serve as a record of theproper planning and performance of the audit procedures. This planshould be kept on the audit files and retained as audit evidence.The following matters should be considered by the auditor informulating the audit plan:

. knowledge of the entity’s business

. risk and materiality

. the nature and the timing and extent of audit procedures

. the co-ordination, direction, supervision and review of the audit

. other matters.

The plan itself should remain flexible and be capable of modificationto accommodate any findings during the course of the audit whichcould alter the emphasis of the audit. The standard says that:

The overall audit strategy and the audit plan should be updatedand changed as necessary during the course of the audit.

We shall now consider these areas in more detail.

Knowledge of the entity’s business

ISA 315 says that:

The auditor should obtain an understanding of the entity and itsenvironment, including its internal control, sufficient to identifyand assess the risks of material misstatement of the financialstatements whether due to fraud or error, and sufficient to designand perform further audit procedures.

This understanding will be accumulated in three stages:

(1) prior to the acceptance of an audit engagement

(2) following the acceptance of the audit engagement

(3) updating knowledge for succeeding periods.

AUDIT PLANNING SESSION 5



Prior to commencing a new audit, how would an auditor beginassembling knowledge of the business?

Different sources where this knowledge can be obtained include:

. previous experience with the client and the industry

. visiting the client’s premises

. discussions with the client’s staff

. discussions with other auditors and with legal advisers who haveprovided services to the client within the industry

. discussions with knowledgeable people outside the entity

. publications relating to the industry

. legislation and regulations that may significantly affect theclient

. any documents produced by the client

. any professional literature giving industry-specific guidance.


Which documents produced by the client would be of use to the auditorin obtaining a knowledge of the business?

Risk and materiality

Having obtained a thorough knowledge and understanding of thebusiness, the auditors will now seek to apply that knowledge. Theywill use this to assess the risk associated with the audit to identifypotential problem areas. The auditor will also set the materialitylevel. (You’ll be looking at both these topics in more detail later inthis session.)



The nature, timing and extent of procedures

Audit work may be conducted both before and after the end of theaccounting period. The auditors will have to consider how and towhat extent to apply compliance and substantive testing during thecourse of that work. The majority of contemporary accountingsystems, even in small businesses, are computerised and so theauditor may have to consider how to use Information Technology orapply Computer Assisted Auditing Techniques (CAATs) during thecourse of the audit.

The client, especially if it is a publicly listed company, may wellhave an internal audit function. This requirement has been stronglyrecommended by a series of corporate governance reports beginningwith the Cadbury Report (1990) to the Turnbull Report (1999) ondirectors’ responsibilities for internal control.

In the public sector, there is a statutory requirement for internalaudit sections and also in building societies. The presence of aninternal audit section can influence the external audit plan. (You’llbe looking at internal audit in detail in Session 7.)

The close-down procedures for the client’s end-of-year accounts,whether any work needs to carried out prior to this, and what auditevidence is required to minimise the audit risks will all have to beconsidered.


Can you think of any work that the auditor will need to do at the year endthat affects one of the current assets?

Co-ordination, direction, supervision and review

A primary requirement of the audit is ensuring not only that thereare audit staff available to do the audit at the designated time, butalso that they have the expertise to carry out the work. This workmay be complicated if the client operates at different sites –especially if these are geographically dispersed. The audit staff donot all have to be qualified accountants to perform the audit work.There will be part-qualified staff at various levels of theirprofessional studies in the audit team but the audit team manageris usually a fully qualified accountant.

The members of the audit team are normally allocated the workaccording to their experience, level of qualification and abilities.This work is closely supervised and monitored by the audit manager



and audit partners. Before the audit commences, the audit staff arenormally briefed by the audit manager or partner about theforthcoming audit and the audit team’s duties and responsibilities.It may be that specialised audit experts, such as computer auditors,may have to be included in the audit team or that internal auditorsmay be contributing to the overall audit process.

Other matters

In this final section of the audit plan, the auditors will have toconsider whether there are any regulatory requirements relevant tothe engagement. Thus, for example, if the client is engaged infinancial services, the auditors will have to abide by the FinancialServices Act 1986 whereby the audit appointment is governed by theFinancial Services Authority (formerly the Securities InvestmentBoard). The auditors will have to evaluate whether the client is agoing concern and the nature of any other reports to be made to orabout the client.

5.2 The audit programme

As previously explained, once the audit plan has been constructedthen this can be developed in more detail. The audit programme will,in effect, act as a series of instructions for the audit team to carryout the audit work. Thus each auditor will be given certain tasks tocarry out and these will be allocated a timetable that may be in auditdays or even hours. The progress against the plan will be monitoredby the audit manager and this acts as a means of control and can actas a record for the proper carrying out of the audit work.

ISA 300 states that:

The audit plan is more detailed than the audit strategy andincludes the nature, timing and extent of audit procedures to beperformed by engagement team members in order to obtainsufficient appropriate audit evidence to reduce audit risk to anacceptably low level. Documentation of the audit plan also serves asa record of the proper planning and performance of the auditprocedures that can be reviewed and approved prior to theperformance of further audit procedures.

It should be emphasised that the audit plan and programme are notirrevocable. Not everything can be planned for and unforeseen itemscan arise. Therefore, the audit plan may need modifying but if thisproves to be the case then these changes should be documented andkept on the audit files. The standard says:

A record of the significant changes to the overall strategy and theaudit plan, and resulting changes to the planned nature, timingand extent of audit procedures, explains the overall strategy andaudit plan finally adopted for the audit and demonstrates theappropriate response to significant changes occurring during theaudit.



5.3 Audit risk

Audit risk is defined as the risk that the auditor may give aninappropriate audit opinion on the financial statements. The auditorwill be guided in his risk assessment exercise by observing ISA 315and ISA 330, The auditor’s procedures in response to assessed risk.

These explain that auditors should:

. obtain an understanding of the entity and its environment,including internal control systems, sufficient to identify anyrisks of material misstatement of the financial statements

. use their professional judgement in assessing the likelihood ofsuch risks

. design and perform further audit procedures in response to thisrisk assessment

. remain alert for any indications that material misstatementsmay have occurred

. follow up any such indications rigorously.

Audit risk refers to auditors underrating any or all of the componentsof risk within the audit. Auditors need to avoid inherent risk byadjusting the audit to reflect the level of that risk.

Auditors will take precautions to prevent the risk of forming aninappropriate audit option



The components of audit risk

Overall audit risk is comprised of three distinct parts. Let’s use theelectronic material to introduce this topic.


Please open the electronic material on your PC and work throughSection 5.3, Audit risk.


Now, let’s consider each of these elements in turn and theirimplications for the overall audit risk.

Inherent risk

This can be defined as the susceptibility of an account balance orclass of transactions to material misstatement either individually orwhen aggregated with misstatements in other balances or classes,irrespective of internal controls. The auditors should use theirprofessional judgement and all available knowledge to assess theinherent risk. The inherent risk assessment should be properlydocumented by the auditor and supporting reasons given forjustifying the level of inherent risk. ISA 315 explains that auditorsshould consider the risk of material misstatement at both the levelof the financial statements (entity level) and at the level of classes oftransactions and account balances.

At the entity level the auditors will have to consider theimplications of the following:

. the integrity of the managers

. the experience and knowledge of the management

. any unusual pressures being exerted on the managers anddirectors

. the nature of the entity’s business

. any factors influencing the client’s industrial or commercialsector.



At the accounting or class transaction level the auditor will have tobe aware of:

. how susceptible the financial statements are to misstatement

. the complexity of the underlying class of transactions

. the degree of judgement involved in determining accountbalances

. the susceptibility to loss or misappropriation of assets

. the quality of the client’s accounting systems

. the completion of unusual and complex transactions particularlythose occurring at or near the financial year end

. any transactions not subjected to ordinary processing.


Why should there be ‘a degree of judgement involved in determiningaccount balances’? How will the auditor identify and approach thesebalances?

Control risk

This is defined as the risk that a misstatement that could occur inan account balance or class of transactions which could be material,and would not be prevented or detected and corrected on a timelybasis by the accounting and internal control systems, eitherindividually or when aggregated with other misstatements.

ISA 330 says that if the auditor believes that there is a significantrisk of material misstatement then in order to be able to rely on theoperating effectiveness of controls intended to mitigate that riskthe operating effectiveness of those controls should be tested in thecurrent period. The standard also says that:

The more the auditor relies on the operating effectiveness of controlsin the assessment of risk, the greater is the extent of the auditor’stests of controls.

What this standard is saying is, ‘how far can the auditor rely on theclient’s accounting system and internal controls to deliver thecorrect balances in the accounts?’. If the answer is that the client’ssystems are operating effectively then the control risk is low andvice versa.



Detection risk

This is defined as the risk that the auditors will fail to detectexisting material misstatements from their substantive tests onaccount balances and classes of transactions, either individually orwhen aggregated with other misstatements.

ISA 330 on substantive tests states that:

Substantive procedures are performed in order to detect materialmisstatements at the assertion level, and include tests of details ofclasses of transactions, account balances, and disclosures andsubstantive analytical procedures. The auditor plans and performssubstantive procedures to be responsive to the related assessment ofthe risk of material misstatement.

Even if the client’s accounting systems are rated very highly thenthe auditor should not abandon substantive procedures. This isbecause control and inherent risk can never be assessed at a lowenough level. When both inherent and control risks remain high,the auditor should consider whether substantive procedures canfurnish sufficient evidence to reduce detection risk, and thusoverall audit risk to an acceptably low level. If detection risk cannotbe reduced to such a level then this should be reflected in the auditreport. If the auditors discover serious system weaknesses duringthe course of their audit then they should communicate these to theclient’s management in accordance with ISA 260, Communication ofaudit matters with those charged with governance.

5.4 Using the audit risk model

The audit risk model is usually expressed as:

audit risk = inherent risk 6 control risk6 detection risk.

That is

AR = IR6 CR 6 DR.

First, the auditors have to determine the level of acceptable overallaudit risk (AR) in the model. This should be acceptably low and 5%is normally considered acceptable:

5% = IR6 CR 6 DR.

In principle, the auditors can set detection risk, i.e. DR, as low asthey choose but, to eliminate this risk altogether, they would have toperform a test on every transaction! This is impracticable. Themodel is useful though because it permits the auditor to setquantitative values on inherent and control risks to allow forincreased amounts of detection risk and thus a lower level of auditsubstantive testing. This in practice means less audit testing ifthese two risks are low and vice versa.

Example

The auditors have set an overall acceptable audit risk of 5%.Inherent risk is assessed at 100%, because it is a new client,



and control risk at 30%, because the client appears to haveeffective internal controls. (Maximum risk is assessed at 1 andlower levels between 0 and 1. Greater risk is usually attachedto smaller entities with less sophisticated controls.) Thus:

0.05 = 1 6 0.36 DR,

DR = 0.051 0.3

= 0.1666 or 17%.

Therefore, if the maximum tolerable audit risk is to be keptat 5% then it follows that the auditors require an 83%(100% – 17%) confidence or assurance level from theirsubstantive testing. (You will be looking at these statisticalterms in Book 10. You will also find them explained in yoursupplementary materials. Substantive testing will be coveredin detail in Session 6.)

5.5 The merits and demerits ofrisk-based auditing

The major merits attached to risk-based auditing are that:

. it reduces ‘under auditing’ and ‘over auditing’, i.e. too much ortoo little testing of balances and transactions

. the results are rational and defensible, which will be of specialvalue if the auditors are called on to support their opinion incourt.

The major demerits attached to the model are that:

n it is difficult to quantify inherent risk since it relies onindividual audit judgement

n effective use of the model requires large numbers of transactionsand balances to allow for valid statistical conclusions to beformed; thus, the risk model is inappropriate for many smallaudits

n it is a mechanistic approach that is used at the expense ofindividual audit experience and knowledge.

5.6 Materiality in auditing

What is materiality? You’ll recall from earlier in this book thatfinancial statements should not be considered as being one hundredper cent accurate down to the last penny in order to present a trueand fair view! The auditor’s opinion that a set of accounts present atrue and fair view, amongst other matters implies that they containno material errors. Consequently, this means that any errors thatare contained in the accounts are insignificant to the extent thatthey would not distort the overall financial position of the company.Thus, any user of the financial statements would not be misled.



Establishing the level of materiality


Please open the electronic material on your PC and work throughSection 5.6, Materiality.


The problem facing the auditor in establishing the level ofmateriality is that materiality is unique to each audit since itpossesses both a qualitative and quantitative effect. To assist themin deciding the level of materiality, the auditors should refer toISA 320, Audit materiality. It states that the auditor should alwaysconsider materiality and its relationship with audit risk whenconducting an audit. It further states that:

The objective of an audit of financial statements is to enable theauditor to express an opinion whether the financial statements areprepared, in all material respects, in accordance with an applicablefinancial reporting framework. The assessment of what is materialis a matter of professional judgment.

Remember what you learnt earlier, materiality is both aquantitative and qualitative measurement.


Entity A and entity B both have overstated their monthly net profits by£100. Entity A’s stated net profit is £1000 and entity B’s stated net profitis £100 000.

Which do you consider to be a material misstatement?



You should now realise there is no set figure for materiality andthe auditor will use his professional judgement and expertise toestablish the materiality level in each audit. This level may bemodified during the course of the audit depending on the results ofinitial audit testing of the client’s systems (see Figure 5.1 above).

However, small errors should not be totally dismissed as irrelevant.The auditor should consider the risk of whether these small errorswill recur and thus, when aggregated, become material. This isknown as creeping materiality.


In evaluating whether the financial statements are prepared, in allmaterial respects, in accordance with an applicable financialreporting framework, the auditor should assess whether theaggregate of uncorrected misstatements that have been identifiedduring the audit is material.

In the UK and Ireland the auditor ordinarily evaluates whether thefinancial statements give a true and fair view.

Generally speaking audit practice has evolved the followingbenchmarks for materiality levels:

. profit after tax 5%

. gross profit 0.5%–1%

. turnover 0.5%–1%

plan materiality level

apply planning materiality to auditobjectives and accounts balances

test all items against auditplanning materiality levels

sample test remaining items againstthe tolerable level of error

final materiality level set, based on theaudit tests carried out above and on

the final financial statements

review the materialitylevel and consider the

requirements forfurther audit tests

actual errors found

actual errors comparedto items and balances

actual errors found

Figure 5.1 Audit materiality



. total assets 1%–2%

. net assets 2%–5%.

Audit work and materiality and evaluation


In designing the audit plan, the auditor establishes anacceptable materiality level so as to detect quantitatively materialmisstatements. However both the amount (quantity) and nature(quality) of misstatements need to be considered.

The materiality level should be set by the auditor in the planningstage and modified as circumstances demand. The need for any suchmodification will depend on whether circumstances change in thecourse of the audit, or a need for modification may arise as a resultof changes in the auditors’ knowledge during the course of the audit.

The level of misstatements discovered by the auditors should beconsidered against the acceptable or tolerable levels of errorsdetermined when establishing the materiality levels. If the tolerablelevels of error are exceeded, the auditors will carry out further audittesting to reduce the audit risk or ask the directors of the entity tomodify the financial statements. If the directors refuse to modify theaccounts, the auditors should qualify the final audit report.

The auditor and fraud

We saw in Session 1 that it is not a primary duty of the auditor todiscover fraud. Although it is the case that the auditor’s primaryduty is the expression of an opinion as to whether the financialstatements comply with relevant legislation and give a true and fairview, ISAs have given the issue of fraud in the context of planningand performing an audit more emphasis than the law has done upto now.

ISA 240, The auditor’s responsibility to consider fraud in an audit offinancial statements, says that:

In planning and performing the audit to reduce audit risk to anacceptably low level, the auditor should consider the risks ofmaterial misstatements in the financial statements due to fraud.

In referring to fraud the ISA is here referring to an intentional act,involving the use of deception, that causes a material misstatementin the financial statements. The ISA goes on to note that theprimary responsibility for the prevention and detection of fraud inthe context of financial reporting rests with those responsible for thegovernance of an entity, and its management. So far as theresponsibility of the auditor is concerned, the ISA has this to say:

An auditor conducting an audit in accordance with ISAs (UK andIreland) obtains reasonable assurance that the financial statementstaken as a whole are free from material misstatement, whethercaused by fraud or error. An auditor cannot obtain absoluteassurance that material misstatements in the financial statementswill be detected because of such factors as the use of judgment, theuse of testing, the inherent limitations of internal control and thefact that much of the audit evidence available to the auditor ispersuasive rather than conclusive in nature.



Thus, it is the responsibility of the auditors to:

... maintain an attitude of professional skepticism throughout theaudit, recognizing the possibility that a material misstatement dueto fraud could exist ...

If the auditors, after undertaking appropriate risk assessmentprocedures, consider that one or more fraud risk factors are present,they should design and perform further audit procedures asnecessary. In other words, the auditors should include an explicitconsideration of the risk of fraud as part of their audit planningprocedures.

Summary

You should now understand the need to plan an audit carefullybefore attempting any testing of the system and balances. Youshould also be aware of the relationship difference between theaudit plan and the audit programme. You’ve looked at risk andmateriality in the audit context and have been introduced to amodel for assessing audit risk. You should also now be able toexplain the advantages and disadvantages of adopting risk-basedauditing.

You’ve now a self-assessed question to do. Be sure you havecompleted it and compared what you wrote with the suggestedanswer at the back of the book before you start Session 6, Auditevidence and documentation.


Connect your computer to the Internet, open your web browser andspend ten minutes searching for information concerning ‘computerassisted auditing techniques’. (This may be spelt with a hyphen,i.e. computer-assisted auditing techniques. Do not use the abbreviationCAATs.)

If you find it difficult to find any information on this topic, you should lookat the ABREMA (Activity Based Risk Evaluation Model of Auditing) site atwww.abrema.net/abrema/index.html

Spend another 20 minutes looking through the information you havefound and writing your own notes on the topic.




SESSION 6

Audit evidence anddocumentation

Introduction


(1) describe the different types and quality of evidence available tothe auditors to formulate their opinion

(2) describe the main forms of audit documentation and their uses

(3) describe two ways of conducting a risk-based audit

(4) explain the importance of internal controls and their relevanceto the conduct of audit testing

(5) explain the difference between compliance testing andsubstantive testing

(6) explain what a management letter is.

You’ll remember by now that the ultimate objective of the auditprocess is for the auditor to form an opinion on the financialstatements. This is achieved by audit testing of the systems and theaccounts. Arising out of this audit testing, audit evidence will beaccumulated by the auditor. It is on this evidence that the auditopinion will be based.

6.1 Audit evidence

In forming their opinion, the auditors will be guided by ISA 500,Audit evidence. This states that:

The auditor should obtain sufficient appropriate audit evidenceto be able to draw reasonable conclusions on which to base theaudit opinion.

Audit evidence will comprise client source documents, accountingrecords, and other corroborative information from other sources.Assembling the audit evidence can be accomplished through avariety of means. Usually this is done through a mixture of audittesting of internal controls and balances, as well as an evaluation ofthe accounting system’s capabilities to produce the final financialstatements.

Sufficient and appropriate evidence

The audit standard requires the audit evidence to be sufficient andappropriate.

AUDIT EVIDENCE AND DOCUMENTATION SESSION 6


Audit evidence has to be sufficient and appropriate to form an auditopinion

Both of these concepts are interrelated and will apply to complianceand substantive testing. Sufficiency will be a measure of thequantity of evidence and appropriateness will be related to thequality and reliability of the audit evidence.

Audit evidence is normally persuasive (i.e. it points you towards aconclusion) rather than conclusive (i.e. it proves something),and will be derived from different sources. If the audit evidencefrom all sources tells the same story, it should normally lead tothe same overall conclusion. The auditors are required toexercise their professional judgement when determining whatconstitutes sufficient evidence. They will be influenced in thisexercise by:

. the assessment of the nature and degree of risk of misstatementat both the financial statement level and the account balance orclass of transaction level

. the nature of the accounting and internal control systems,including the control environment

. the materiality of the item being examined

. the experience gained during the previous audits and theauditors’ knowledge of the business and industry

. the findings from the audit procedures, and from audit workcarried out in the course of preparing the financial statements,including indications of fraud and error

. the source and reliability of information available.

The reliability of the audit evidence can be gauged from the tableoverleaf.



More reliable audit evidence Less reliable audit evidence

External sources From the entity’s records

The entity’s records if strong internalcontrols are present

The entity’s records if weakinternal controls are present

If directly obtained by the auditor Obtained by or from the entity

Documents and writtenrepresentations

Oral representations

Original documents Photocopies, telexes, faxes

If sufficient and appropriate evidence cannot be obtained, theauditor should qualify his report.

Substantive procedures evidence

The auditing standard states that:

... substantive procedures for material classes of transactions,account balances and disclosures, are always required to obtainsufficient appropriate audit evidence.

and

... when substantive procedures alone do not provide sufficient auditevidence, the auditor is required to perform tests of controls toobtain audit evidence about their operating effectiveness.

The audit evidence is usually obtained to support each financialstatement assertion and can be derived from more than one methodof audit testing. As you’ve just seen, the reliability of this evidence isinfluenced by its source.

Techniques of obtaining audit evidence

There is a combination of techniques available to the auditor inorder to obtain the appropriate audit evidence:

Audit technique Example

Inspection Reviewing and examining documentary recordsor tangible assets

Observation Observing a stock count

Enquiry Seeking information formally or informally, orallyor in writing; sending a bank letter, interviewingthe finance director

Transaction testing Processing transactions to verify that they havebeen correctly recorded

Computation Checking totals in the accounting records;computing accounting ratios

Analytical review Comparing actual results with budgets and pastresults; using accounting ratios



6.2 Audit documentation

In assembling the audit evidence, the auditors will need to keepmeticulous records of their work. In this they will be guided byISA 230, Documentation, which states that:

The auditor should record in the working papers information onplanning the audit, the nature, timing and extent of the auditprocedures performed and the results thereof, and the conclusionsdrawn from the audit evidence obtained.

... the auditor should record in the working papers the auditor’sreasoning on all significant matters which require the exercise ofjudgment, and the auditor’s conclusions thereon.

There is no prescribed format for working papers and eachindividual audit firm will have its methods. However, it will beinfluenced by such measures as:

. the nature of the engagement

. the form of the auditor’s report

. the nature and complexity of the auditor’s report

. the nature and effectiveness of the client’s accounting andinternal control systems

. the needs of direction, supervision and review of the work of theaudit team

. the specific method and technology the auditors employ.

The auditing standard discusses standardised working papers. Itstates that:

Working papers are designed and organized to meet thecircumstances and the auditor’s needs for each individual audit.The use of standardized working papers (for example, checklists,specimen letters, standardized organization of working papers) mayimprove the efficiency with which such working papers are preparedand reviewed. They facilitate the delegation of work whilstproviding a means to control its quality.

What should be included in the working papers?

The ISA provides a list of items that may be included in a set ofaudit working papers. These comprise:

n information concerning the legal and organisational structure ofthe entity

n extracts or copies of important legal documents, agreements andminutes

n information concerning the industry, economic environment andlegislative environment within which the entity operates

n extracts from the entity’s internal control manual

n evidence of the audit planning process and any changes

n evidence of the auditors’ consideration of the work of internalaudit and their conclusions thereon

n analyses of transactions and balances

n analyses of significant ratios and trends



n the identified and assessed risks of material misstatements atthe financial statement and the assertion level

n a record of the nature, timing and extent of audit proceduresundertaken and the results of such procedures

n evidence that the work performed by assistants was supervisedand reviewed

n an indication as to who performed the audit procedures andwhen they were performed

n details of procedures regarding the components whose financialstatements are audited by other auditors

n copies of communications with other auditors, experts and otherthird parties

n copies of letters or notes concerning audit matters communicatedto or discussed with management or those charged withgovernance, including the terms of the engagement and materialweaknesses in internal control

n letters of representation received from the entity

n conclusions reached by the auditor concerning significant aspectsof the audit, including how exceptions and unusual matters, ifany, disclosed by the auditor’s procedures were resolved ortreated

n copies of the financial statements and auditor’s report.

The working papers should record who carried out the audit workand when, and by whom it was reviewed. In recurring audits, theworking papers may be conveniently split between permanent files(updated with new information of continuing importance) andcurrent files (information relating primarily to the audit of a singleperiod). The permanent file usually contains all the backgroundinformation relevant to the audit – e.g. the letter of engagement,copies of past financial statements, management letters, and anyaudit qualification details. The current file contains all the workingpapers relating to the current year’s audit – e.g. schedule of work,details of tests performed, etc.

Confidentiality, custody and ownership

The working papers are, and remain, the property of the auditors,not the client. Insofar as it does not undermine their independenceor the validity of the audit process, the auditors may choose torelease these to the client. Auditors must observe ethical guidelineson the confidentiality of these working papers. The auditor shouldnever disclose any of this information to third parties without priorpermission of the client. The auditing standard states:

The auditor should adopt appropriate procedures for maintainingthe confidentiality and safe custody of the working papers and forretaining them for a sufficient period to meet the needs of thepractice and in accordance with legal and professionalrequirements of record retention.



Quality control procedures

International Standard on Quality Control 1 (ISQC 1) says that:

The firm should establish a system of quality control designed toprovide it with reasonable assurance that the firm and its personnelcomply with professional standards and regulatory and legalrequirements, and that reports issued by the firm or engagementpartners are appropriate in the circumstances.

There is also an ISA on quality control, ISA 220, Quality control foraudits of historical financial information. This states that:

The engagement team should implement quality control proceduresthat are applicable to the individual audit engagement.

Every audit firm is encouraged to establish quality controlprocedures within the practice. These procedures should becontinually monitored to ensure that the audits undertaken havecomplied with auditing standards. These quality procedures shouldbe familiar and understood by all the audit staff.

ISQC 1 and ISA 220 both refer to the supervision and review ofwork delegated to less experienced members of the audit team. Theyboth state that:

It is important that all members of the engagement teamunderstand the objectives of the work they are to perform.Appropriate team-working and training are necessary to assist lessexperienced members of the engagement team to clearly understandthe objectives of the assigned work.

In addition, ISA 300, Planning an audit of financial statements, saysthat:

The auditor should plan the nature, timing and extent of directionand supervision of engagement team members and review of theirwork.


You are attempting to obtain evidence to substantiate the value andexistence of a client’s stock. The client’s management has told you thatthey have performed the stocktake and calculated the value so there isno need to worry!

What would be your reaction?



6.3 The risk-based audit approach

There are two alternative ways to a risk-based approach to theaudit. These are the vouching approach and the systems-basedapproach. Let’s look at each of these in turn.

The vouching approach

This is the traditional audit approach. It seeks to verify atransaction from its inception to its completion. It is the process ofmatching documentary evidence with the details recorded inaccounting records and provides evidence as to the completeness,validity or accuracy of an account balance or underlying class oftransaction. It can also involve the physical verification of theexistence, consumption or purchase of an item by vouching it(i.e. tracing it physically, step-by-step) into and through thefinancial records, checking at each stage that the correct entry wasmade.

Use of this approach is largely confined to small company audits,when the number of transactions is lower and/or where there is anabsence of, or weak, internal controls. For example, in the course ofauditing an organisation in which the internal controls surrounding,say, debtors is poor, it might be necessary to rely on a pure vouchingapproach.

The systems-based approach

This is a procedural approach to the audit – see Figure 6.1.It aims to maximise the audit resources by concentrating onthose areas which potentially could provide incorrect balancesand thus, ultimately, fail to satisfy the true and fair viewrequirement. This approach can be broken down into thefollowing processes:

. ascertain and record the systems in operation

. identify the internal controls in operation

. evaluate the effectiveness of these internal controls

. determine the extent to which reliance is to be placed on thesystem to ensure effective planning and management ofresources to provide information.



The auditor has a choice of options for his approach

In approaching the audit in this manner, the auditor will makereference to ISA 315, Obtaining an understanding of the entity andits environment and assessing the risks of material misstatement.The ISA states that:

The auditor should obtain an understanding of internal controlrelevant to the audit.

6.4 Internal control

So far, numerous references have been made to internal control but whatis it? Every organisation will have some form of internal control that willvary in sophistication according to the needs of the organisation.Internal control was defined in a former UK standard on auditing, SAS300, Accounting Systems and Internal Control as:

‘Internal control system’ comprises the control environment andcontrol procedures. It includes all the policies and procedures(internal controls) adopted by the directors and management of anentity to assist in achieving their objective of ensuring, as far aspracticable, the orderly and efficient conduct of its business,including adherence to internal policies, the safeguarding of assets,the prevention and detection of fraud and error, the accuracy andcompleteness of the accounting records, and the timely preparationof reliable financial information. Internal controls may beincorporated within computerised accounting systems. However, theinternal control system extends beyond those matters which relatedirectly to the accounting system.



The definition of internal control in ISA 315 is not as detailed as thedefinition in SAS 300. ISA 315 focuses more on the purpose of aninternal control system and says that:

Internal control is the process designed and effected by thosecharged with governance, management, and other personnel toprovide reasonable assurance about the achievement of the entity’sobjectives with regards to reliability of financial reporting,effectiveness and efficiency of operations and compliance withapplicable laws and regulations. It follows that internal control isdesigned and implemented to address identified business risks thatthreaten the achievement of any of these objectives.

The ISA discusses the following areas:

(a) the control environment

(b) the entity’s risk assessment process

(c) the information system, including the related business processes,relevant to financial reporting and communication

(d) control activities

(e) monitoring of controls.

effective

ineffective

ineffective

effective

management letteraudit report

reduced substantive testing increased substantive testing

determine theaudit approach

ascertain the relevantinternal controls

record the systemand internal controls

confirm system andevaluate internal controls

compliance tests

final review

Figure 6.1 The systems-based audit process




Can you identify simple financial and non-financial internal controls youcould expect to find in any organisation?

Internal controls can be broken down into eight separate componentseach of which the auditor will consider. Internal control can be seento comprise:

Type of control Example

Segregation of duties The same person should not be responsible forordering goods and making payments for thosegoods

Organisation There should be clearly-defined lines ofreporting with an organisation chart present

Authorisation andapproval

The authority to sign cheques should berestricted to senior staff and limits imposed

Physical Locking cash up at night in a safe

Supervision Periodic reviews of the ledgers by managers

Personnel Competent and trustworthy staff

Arithmetic andaccounting

Regular control account reconciliations

Management Review of the management accounts, internalaudit

This is best remembered through the mnemonic ‘SOAPSPAM’!

It is, however, important to recognise another aspect of internalcontrol, process controls. These are included under the arithmeticand accounting control listed above. Another way of looking at thesecomponents which specifically refers to process controls is one based



on the underlying nature of the internal controls. That is, from theperspective of whether they are environmental or proceduralcontrols:

Environmentalcontrols

Example

Management andPersonnel

Internal audit and proper training

Organisation Proper delegation

Segregation The same person should not be responsible forordering goods and making payments for thosegoods

Supervision Periodic reviews of the ledgers by managers

Physical Locking cash up at night in a safe; computerhardware security

This is best remembered through the mnemonic ‘MOSSP’.

Proceduralcontrols

Example

Process Computerisation – use of check digits andcontrol totals

Manual – reconciliation checks

Authorisation The authority to sign cheques should berestricted to senior staff and limits imposed

Arithmetic Invoices should be checked for accuracy beforepayment is authorised

This is best remembered through the mnemonic ‘PAA’.

Remember that both versions (SOAPSPAM and MOSSP+PAA)relate to the same thing: internal controls; and that both listsencompass the same list of internal controls. The two lists differonly in the basis of their presentation, not in the internal controlsthat they contain.

It should be realised that it is the directors who are responsible forthe internal controls, not the auditors. Also, the operation ofinternal controls should not be disproportionate to the potential lossthat could result from their absence. Thus, smaller entities inparticular cannot afford sophisticated internal controls. Even then,the possibility remains for human error since no system is foolproof,especially when collusion is involved. The auditors should reviewthe systems every time they do the audit because the organisationmay change and the internal controls may become redundant orinadequate between audits.



6.5 Testing the system

Before testing the system, the auditor must record the system. Thiscan be done through a combination of system or narrative notes,and/or by flow-charting the system (i.e. recording the system indiagrammatic form). This will form part of the audit evidence andwill be retained on the audit files. Having recorded the system, theauditor must then perform a walk through test. This involvesfollowing a transaction through the system to ensure that it iscorrectly treated according to the system the auditor has identifiedand recorded. The purpose of this is to confirm that the systemoperates in the way that has been recorded.

If this indicates that the controls are effective, the auditorundertakes compliance testing. (Note: there is no pointconducting compliance tests on ineffective controls: the auditorwould move straight on to more extensive substantive tests.) Thisinvolves testing the internal controls in operation and evaluatingtheir effectiveness. If the internal controls are effective, they willprevent errors occurring and rectify these accordingly. For exampleregular bank reconciliations will pick up mispostings and errors inthe cashbook, and adjust these accordingly. If this is the case, theauditor can place greater reliance on the system producing accuratebalances for posting into the final financial statements andvice versa.

Once the compliance testing has been completed, the auditorperforms substantive tests. A substantive test is:

A test to prove the accuracy and integrity of a transaction.

In other words, the auditor is attempting to find out whether thefigures appearing in the accounts are accurate. If the evaluation ofthe internal controls showed them to be effective, the auditor willneed to perform only a limited amount of substantive testing. Onthe other hand, if the internal controls were assessed as being weakor ineffective, far more substantive testing has to be done in order tominimise the risk of incorrect balances remaining undetected.

6.6 The management letter

If the auditors discover significant internal control weaknesses, theywill bring these to the attention of the client’s management with amanagement letter. This should be as soon as it becomes apparentthat it will be necessary, not at the end of the audit.

The management letter is an important form of communicationbetween the auditor and management. Informing the managementof the discovered weaknesses quickly will have the benefit of havingthese corrected swiftly and may help a qualified audit report to beavoided. Management letters are retained by the auditor as auditevidence and retained on the audit files. They are very usefulevidence to have available when planning and conducting futureaudits of the same client.



Summary

You now know the different types and quality of evidence availableto the auditors to formulate their opinion, and how to obtain it. Youhave also learnt about the main forms of audit documentation andtheir uses, and of two ways of conducting a risk-based audit. Youhave been introduced to the importance of internal controls andtheir relevance to the conduct of audit testing. Finally, you shouldnow understand the difference between compliance testing andsubstantive testing, and be aware of the difference between amanagement letter and a letter of engagement.

You’ve now a self-assessed question to do. Be sure you havecompleted it and compared what you wrote with the suggestedanswer at the back of the book before you start Session 7, Corporategovernance, audit committees and the auditor.


Connect your computer to the Internet, open your web browser andsearch for information concerning ‘substantive tests’ and ‘compliancetests’. Enter these two terms in separate searches, include all invertedcommas and tell the search engine you are looking for a phrase.

Spend 15 minutes looking for information about each of these termsand writing your own notes on each of them.

Be sure to take good notes of what you find. Being able to distinguishbetween these two forms of audit tests is important.



SESSION 7

Corporate governance,audit committees andthe auditor

Introduction


(1) describe the contents of the Cadbury Report’s Code of BestPractice

(2) explain the role of an audit committee

(3) describe the Combined Code which forms part of the ListingRules for UK stock exchange listed companies

(4) explain how the Turnbull Report extended the Combined Codefurther by specifically addressing the provisions that deal withinternal control

(5) explain the difference between internal and external audit andhow they can complement each other

(6) describe the similarities and differences between public sectoraudits and commercial audits

(7) explain what VFM constitutes and the difficulties the auditorfaces in conducting a VFM audit.

This session starts by reintroducing you to developments inpromoting the accountability of the board of directors. The process ofimproving corporate governance has impacted on the role of theauditor. You will be able to appreciate how these advancements caninfluence the audit. You’ll then look at the differences betweenexternal and internal auditing and the links between them, at thedifferences between public sector audits and commercial audits, and,finally, at value for money auditing.

7.1 Corporate governance

Do you recall looking at this topic in Book 1? If not, have another lookat it in Book 1 before reading further in this book. It shouldn’t takelong, and will help you to better understand the rest of this session.

Following numerous corporate scandals and company collapses inthe UK corporate sector in the late 1980s and beyond – you’llremember some of these from the two readings in Book 1 – it wasrealised that changes to existing practices were required.

There followed a series of investigations and reports in the area ofcorporate governance. (Corporate governance is essentially theaccountability of directors.) As you know, there’s a divorce between



ownership and management in most large modern companies. Thedirectors are accountable to the shareholders via the annual reportand at the AGM. In principle, if the shareholders are dissatisfiedwith the performance of a director, that director can be replaced bya vote of members at the AGM.

In practice, this has proved very difficult to achieve because of theinability of small shareholders to organise themselves effectivelyand because the larger shareholders now tend to be the directorsand the institutional investors. To compound this problem, manydirectors at that time were awarding themselves lucrative paypackages and other benefits with rolling contracts which effectivelyprevented their dismissal from office.

As you know, the first report on corporate governance was that ofthe 1991 Committee on the Financial Aspects of CorporateGovernance, chaired by Sir Adrian Cadbury and better known asthe ‘Cadbury Report’. The committee issued a ‘Code of BestPractice’, which, amongst other matters, mentions the role ofinternal control, internal audit and audit committees.

Cadbury and the audit committee

In the recommendations for improved reporting and controls, theCadbury Committee suggested that:

. the board of directors should ensure that an objective andprofessional relationship is maintained with the auditors

. the board of directors should establish an audit committee of atleast three non-executive directors with written terms ofreference to deal clearly with the audit committee’s authorityand duties

. the board of directors should explain its responsibility forpreparing the accounts next to a statement by the auditors abouttheir reporting responsibilities

. the board of directors should report on the effectiveness of thecompany’s system of internal control

. the board of directors should report that the business is a goingconcern with supporting suggestions or qualifications asnecessary.

Thus, the directors would be collectively responsible for compliancewith the Code of Best Practice. In relation to internal controls, anaudit committee would be responsible for determining whether asystem of effective internal controls exists. In order to achieve this,it would have to work closely with both external and internalauditors.

Cadbury states the following about the relationship between theinternal auditor and the audit committee:

Where an internal audit function exists, the audit committee shouldensure that it is adequately resourced and has appropriate standingin the company. The internal audit programme should be reviewedby the audit committee and the head of internal audit shouldnormally attend its meetings.

CORPORATE GOVERNANCE, AUDIT COMMITTEES AND THE AUDITOR SESSION 7


An internal audit function is well placed to undertakeinvestigations on behalf of the audit committee and to follow up anysuspicion of fraud. It is essential that heads of internal auditshould have unrestricted access to the chairman of the auditcommittee in order to ensure the independence of the position.

7.2 What is an audit committee?

There is no legal requirement for a UK company to have an auditcommittee although these have been commonplace in the USAfor some time now. However, as you will see in the next section,under the combined code, all UK listed companies are required tohave one.

The audit committee is another important means to improveinternal control, promote the accountability of directors, andenhance audit coverage. The audit committee will usually seek tomaximise its objectivity and independence by consisting mainly ofnon-executive directors and having the head of internal audit reportto it rather than to the finance director.


What is a non-executive director? How do non-executive directorsenhance objectivity and independence?

The audit committee will meet as frequently as the needs of thecompany demand. Generally speaking it will meet at least quarterly.The workload of the audit committee will comprise:

. reviewing the financial statements to ensure compliance withaccounting standards and statutory requirements, and theacceptability of significant adjustments and changes toaccounting policies and practices

. reviewing the work of the external auditors, including thenature and scope of the audit, the audit fee, and the auditfindings, their management letter and management’s response

. reviewing the planned work of internal audit, its major findingsand management responses thereto and the relationshipbetween internal and external audit

. making recommendations to the board of the company as aresult of the committee’s review of the internal controlarrangements.



Audit committees: some reservations

The introduction and operation of audit committees has not beenachieved without criticism. The major reservations against thestructure and practices of audit committees are that:

n they are merely symbolic, creating the appearance of effectiveinternal controls

n in the USA, the history of audit committees is not encouragingin preventing corporate scandals

n the successful operation of an audit committee is reliant onthe attitudes and interaction of individuals and the time available

n they are not a cure for the overall deficiencies in corporategovernance

n powerful chairmen and chief executives are still capable ofoverriding the wishes of non-executive directors

n the unavailability of sufficient numbers of suitably qualifiednon-executive directors.

Audit committees are an important part of corporate governance

However, proponents of audit committees point out that in everycase these weaknesses have more to do with how committees are setup than with the concept of audit committees itself.

7.3 The Combined Code onCorporate Governance

After Cadbury there were two further reports, the GreenburyReport on executive pay and the Hampel Report which is sometimesreferred to as ‘Cadbury II’. The major benefits arising from thesedifferent reports were combined in the 1998 London Stock ExchangePrinciples of Good Governance and Code of Best Practice.

The Combined Code was updated in 2003 as a result of two furtherreports in the area of corporate governance, the Higgs Review,which looked at the role and effectiveness of non-executive directors,and the Smith Report, which reviewed the role of audit committees.



The revised Combined Code was published by the FinancialReporting Council, and the Financial Services Authority (theregulator for companies listed on UK stock exchanges) has adoptedit as part of its Listing Rules. The provisions of this Combined Codeare mandatory for all listed UK companies and it requires acompany to make a disclosure in two parts:

(1) a statement as to how it has applied the Principles of theCombined Code enabling shareholders to evaluate how properlythese principles have been applied

(2) a statement as to whether or not it has complied with theProvisions of the Combined Code throughout the accountingperiod; non- or part-compliance within the period must bedivulged with supporting reasons.

Auditors are required to include a review of compliance with theCode in the audit.

The major changes to accountability and audit compared to Cadburyare given in the following table.

Combined Code Cadbury

The board is responsible forpresenting a balancedunderstandable assessment ofinterim and other price sensitivereports as well as statutory reports

New provision

Directors to review theeffectiveness of all companyinternal controls and report to theshareholders

Required directors to report on theeffectiveness of internal financialcontrols

The audit committee to becomposed of non-executivedirectors and the majority to beindependent and named in theannual report and accounts

Recommended at least three non-executive directors; all members didnot have to be non-executivedirectors or named in the annualreport


What qualities do you think a Non-Executive Director should bring to anaudit committee?

Now, let’s look at another report on this topic.



7.4 The Turnbull Report

In 1999, an ICAEW committee under the chairmanship of Sir NigelTurnbull took the provisions of the Combined Code further byspecifically addressing the provisions that deal with internal control.The report focussed on a risk-based approach to the establishmentof a system of internal controls and the review of its effectiveness.It suggested that the approach to be adopted should be treated as aseparate exercise to meet regulatory requirements. The TurnbullReport’s guidance is now included in the Combined Code.

We have already considered internal controls. Turnbull extendsthis further. These enhanced internal controls should minimisethe risks that are significant to the objectives of the organisation,with a view to safeguarding the company’s assets and increasingshareholder value. The board of directors should regularly ensurethat appropriate procedures are in place to monitor risks, andthat the internal control system is effective in reducing the risksto an acceptable level. This includes not only financial but alsooperational risks and compliance with laws and regulations, aswell as the safeguarding of assets. In arriving at what itconsiders to be a sound system of internal control, the board ofdirectors should consider:

. the nature and extent of risks that are considered acceptable

. the threat of risks becoming reality

. what the company’s ability is to reduce the incidence and impacton the business should the risks become a reality

. the costs and benefits of the relevant controls.

The internal control system will be considered to be sound only tothe extent that it provides reasonable assurance that a company willnot be hindered by reasonably foreseeable occurrences, either inpursuing its business objectives or in the orderly and legitimateconduct of its business. The characteristics that the board ofdirectors needs to consider when assessing internal control aregrouped under the criteria:

n the control environment

n risk assessment

n control activities

n information and communications

n monitoring.

The requirement to review the effectiveness of the internal controlsis the responsibility of the directors. Some of these functions couldbe delegated to other board committees but the full board shouldform its own opinion after due and careful enquiry. The auditcommittee will normally consider the financial internal controls andcould be used for a wider review of other internal controls. Turnbullrecognised the importance of internal audit as part of the overallinternal control function. If this function does not exist, the board ofdirectors is recommended to review annually the need forestablishing one.



In order to provide a meaningful high-level comment on thecompany’s approach and procedures, the board should include aStatement of Internal Control in its annual report. In explaininghow a sound system of internal control has been maintained andhow this has been reviewed the board should:

n state that there is an ongoing process for identification,evaluation and management of key risks that is regularlyreviewed by the board

n explain how the board has reviewed the effectiveness of theprocess.

If the board cannot offer any explanations then it should state thisfact and explain any necessary action that it is taking. Thedisclosure should include an acknowledgement of the board’sresponsibility for the system of internal control together with anexplanation that such a system can provide only reasonable and notabsolute assurance.

If a material failure in the internal control system has occurred, theboard should disclose this and describe the corrective action takenor explanations as to why this is not necessary.

To the extent that the Corporate Governance statement refers tothat part of the Combined Code with which compliance can beconfirmed objectively, the external auditors of listed companies arerequired by the Listing Rules to review the statement. Thisrequirement also covers the specific statements on the going concernand internal controls.

The Financial Reporting Council has been reviewing the TurnbullReport’s guidance and, at the time of writing, was consulting onwhether to recommend updates to the report’s provisions.

The APB has issued Audit Bulletin 2004/03, which brought togetherall of the APB’s guidance on corporate governance. The bulletinprovides specimen opinion paragraphs that demonstrate howauditors should incorporate corporate governance matters in theirreport on the financial statements. Some examples are shown belowin Figures 7.1–7.3.

You should regularly visit the website of the Auditing PracticesBoard (via the website of the Financial Reporting Council atwww.frc.org.uk/) to follow any future developments in this area. Thewebsites of the professional accounting bodies and major accountingfirms are also well worth a visit, as they produce reports andcommentaries on this issue from time to time. You will also find auseful section on the Financial Reporting Council’s website devotedto corporate governance.



Scottish Power plc

Independent Auditors’ Report to the members of ScottishPower plc

We have audited the Accounts which comprise the AccountingPolicies and Definitions, the Group Profit and Loss Account,the Statement of Total Recognised Gains and Losses, theReconciliation of Movements in Shareholders’ Funds, the GroupCash Flow Statement, the Reconciliation of Net Cash Flow toMovement in Net Debt, the Group Balance Sheet, the Statementof Principal Subsidiary Undertakings and Other Investments,the Company Balance Sheet and the related notes. We have alsoaudited the disclosures required by Part 3 of Schedule 7A to theCompanies Act 1985 contained in the Remuneration Report ofthe Directors (‘the auditable part’).

Respective responsibilities of directors and auditors

The directors’ responsibilities for preparing the Annual Report& Accounts in accordance with applicable United Kingdom lawand accounting standards are set out in the statement ofdirectors’ responsibilities. The directors are also responsible forpreparing the Remuneration Report of the Directors.

Our responsibility is to audit the Accounts and the auditablepart of the Remuneration Report of the Directors inaccordance with relevant legal and regulatory requirementsand United Kingdom Auditing Standards issued by theAuditing Practices Board. This report, including the opinion,has been prepared for and only for the company’s members asa body in accordance with Section 235 of the Companies Act1985 and for no other purpose. We do not, in giving thisopinion, accept or assume responsibility for any other purposeor to any other person to whom this report is shown or intowhose hands it may come save where expressly agreed by ourprior consent in writing.

We report to you our opinion as to whether the Accountsgive a true and fair view and whether the Accounts andthe auditable part of the Remuneration Report of theDirectors have been properly prepared in accordance withthe Companies Act 1985. We also report to you if, in ouropinion, the Report of the Directors is not consistent withthe Accounts, if the company has not kept proper accountingrecords, if we have not received all the information andexplanations we require for our audit, or if informationspecified by law regarding directors’ remuneration andtransactions is not disclosed.

We read the other information contained in the Annual Report& Accounts and consider the implications for our report if webecome aware of any apparent misstatements or materialinconsistencies with the Accounts. The other informationcomprises only the Chairman’s Statement, the Chief Executive’sReview, the Business Review, the Financial Review, the Risk



Factors, the Corporate Governance statement, and theunaudited part of the Remuneration Report of the Directors.

We review whether the corporate governance statement reflectsthe company’s compliance with the nine provisions of the 2003FRC Combined Code specified for our review by the ListingRules of the Financial Services Authority, and we report if itdoes not. We are not required to consider whether the board’sstatements on internal control cover all risks and controls, or toform an opinion on the effectiveness of the company’s or group’scorporate governance procedures or its risk and controlprocedures.

Basis of audit opinion

We conducted our audit in accordance with Auditing Standardsissued by the Auditing Practices Board. An audit includesexamination, on a test basis, of evidence relevant to theamounts and disclosures in the Accounts and the auditable partof the Remuneration Report of the Directors. It also includes anassessment of the significant estimates and judgements madeby the directors in the preparation of the Accounts, and ofwhether the accounting policies are appropriate to the group’scircumstances, consistently applied and adequately disclosed.We planned and performed our audit so as to obtain all theinformation and explanations which we considered necessary inorder to provide us with sufficient evidence to give reasonableassurance that the Accounts and the auditable part of theRemuneration Report of the Directors are free from materialmisstatement, whether caused by fraud or other irregularity orerror. In forming our opinion we also evaluated the overalladequacy of the presentation of information in the Accounts.

Opinion

In our opinion:

. the Accounts give a true and fair view of the state of affairsof the company and the group at 31 March 2005 and of theloss and cash flows of the group for the year then ended;

. the Accounts have been properly prepared in accordancewith the Companies Act 1985; and

. those parts of the Remuneration Report of the Directorsrequired by Part 3 of Schedule 7A to the Companies Act1985 have been properly prepared in accordance with theCompanies Act 1985.

PricewaterhouseCoopers LLP

Chartered Accountants and Registered Auditors

Glasgow

24 May 2005

Notes:

(a) The maintenance and integrity of the Scottish Power plcwebsite is the responsibility of the directors; the work



carried out by the auditors does not involve consideration ofthese matters and, accordingly, the auditors accept noresponsibility for any changes that may have occurred tothe Accounts since they were initially presented on thewebsite.

(b) Legislation in the United Kingdom governing thepreparation and dissemination of financial statements maydiffer from legislation in other jurisdictions.

Figure 7.1 Extract from audit report of Scottish Power plc

Dixons Group plc

Statement of directors’ responsibilities

The directors are required by UK company law to preparefinancial statements which give a true and fair view of the stateof affairs of the Company and the Group for each financialperiod as at the end of the financial period and of the profit orloss of the Group for that period. In preparing the financialstatements, suitable accounting policies have been used andapplied consistently, and reasonable and prudent judgementsand estimates have been made. Applicable accountingstandards have been followed. The financial statements havebeen prepared on the going concern basis.

The directors are also responsible for maintaining adequateaccounting records and sufficient internal controls to safeguardthe assets of the Company and the Group and to prevent anddetect fraud or any other irregularities.

Independent auditors’ report to the members of DixonsGroup plc

We have audited the financial statements of Dixons Groupplc for the 52 weeks ended 30 April 2005 which comprisethe consolidated profit and loss account, the statement oftotal recognised gains and losses, the balance sheets, theconsolidated cash flow statement and the related notes 1 to 33.These financial statements have been prepared under theaccounting policies set out therein. We have also audited theinformation in the part of the directors’ Remuneration Reportthat is described as having been audited.

This report is made solely to the Company’s members, as abody, in accordance with Section 235 of the Companies Act1985. Our audit work has been undertaken so that we mightstate to the Company’s members those matters we are requiredto state to them in an auditors’ report and for no other purpose.To the fullest extent permitted by law, we do not accept orassume responsibility to anyone other than the Company andthe Company’s members as a body, for our audit work, for thisreport, or for the opinions we have formed.




As described in the statement of directors’ responsibilities, theCompany’s directors are responsible for the preparation of thefinancial statements in accordance with applicable UK law andaccounting standards. They are also responsible for thepreparation of the other information contained in the annualreport including the directors’ Remuneration Report. Ourresponsibility is to audit the financial statements and the partof the directors’ Remuneration Report described as having beenaudited in accordance with relevant UK legal and regulatoryrequirements and auditing standards.

We report to you our opinion as to whether the financialstatements give a true and fair view and whether the financialstatements and the part of the directors’ Remuneration Reportdescribed as having been audited have been properly preparedin accordance with the Companies Act 1985. We also report if,in our opinion, the directors’ report is not consistent with thefinancial statements, if the Company has not kept properaccounting records, if we have not received all the informationand explanations we require for our audit, or if informationspecified by law regarding directors’ remuneration andtransactions with the Company and other members of theGroup is not disclosed.

We review whether the corporate governance statement reflectsthe Company’s compliance with the nine provisions of theCombined Code issued by the Financial Reporting Council inJuly 2003 specified for our review by the Listing Rules of theFinancial Services Authority and we report if it does not. Weare not required to consider whether the Board’s statementson internal control cover all risks and controls, or to forman opinion on the effectiveness of the Group’s corporategovernance procedures or its risk and control procedures.

We read other information contained in the annual reportand consider whether it is consistent with the auditedfinancial statements. This other information comprises theDirectors’ Report, the Chairman’s Statement, the ChiefExecutive’s Review, the Operating and Financial Review, theCorporate Responsibility Review, the Corporate GovernanceStatement, the Audit Committee Report, the NominationsCommittee Report, the unaudited part of the directors’Remuneration Report, Five Year Record and the FinancialInformation prepared under International Financial ReportingStandards. We consider the implications for our report if webecome aware of any apparent misstatements or materialinconsistencies with the financial statements.


We conducted our audit in accordance with UK auditingstandards issued by the Auditing Practices Board. An auditincludes examination, on a test basis, of evidence relevant tothe amounts and disclosures in the financial statements. It alsoincludes an assessment of the significant estimates and



judgements made by the directors in the preparation of thefinancial statements and of whether the accounting policies areappropriate to the Company’s and the Group’s circumstances,consistently applied and adequately disclosed. We planned andperformed our audit so as to obtain all the information andexplanations which we considered necessary in order to provideus with sufficient evidence to give reasonable assurance thatthe financial statements are free from material misstatement,whether caused by fraud or other irregularity or error. Informing our opinion, we also evaluated the overall adequacy ofthe presentation of information in the financial statements andthe part of the directors’ Remuneration Report described ashaving been audited.

Opinion

In our opinion:

. the financial statements give a true and fair view of thestate of affairs of the Company and the Group as at 30 April2005 and of the profit of the Group for the 52 weeks thenended; and

. the financial statements and the part of the directors’Remuneration Report described as having been auditedhave been properly prepared in accordance with theCompanies Act 1985.

Deloitte & Touche LLP


London

22 June 2005

Figure 7.2 Extract from the audit report of Dixon Group plc

Public sector directors also have to disclose their responsibilities foreffective internal control just as their private sector counterpartsdo (see the example overleaf ).



Guy’s and St Thomas’ NHS Foundation Trust –Annual Report and Accounts 2004/05

Statement on internal control 2004/05

1 Scope of responsibility

As Accounting Officer and Chief Executive of this Trust, I haveresponsibility for maintaining a sound system of internalcontrol that supports the achievement of the organisation’spolicies, aims and objectives. I also have responsibility forsafeguarding the public funds and the organisation’s assets forwhich I am responsible as set out in the NHS Foundation TrustAccounting Officer Memorandum.

The Guy’s and St Thomas’ NHS Foundation Trust (TheTrust) has a range of mechanisms in place to facilitateeffective working with key partners. The Trust is a memberof the Lambeth Health and Social Care Partnership Board,the Southwark Partnership Board and the Lambeth andSouthwark Chief Executives Group. The Trust also meetsregularly on a bi-lateral basis with our key health partners:Lambeth and Southwark PCTs, the South London andMaudsley NHS Trust and King’s College Hospital NHS Trust,as well as with King’s College London, our principalacademic partner. Members of our Members’ Council includepatients and staff as well as representatives of all our keypartners.

The Trust has been subject to Monitor’s (the independentregulator for Foundation Trusts) interim monitoring frameworksince July 1 2004 when it was granted Foundation Trust status.For the 2005/06 financial year the Trust will be subject toMonitor’s Compliance Framework which requires an AnnualReport, an Annual Plan and quarterly monitoring reports.

2 The purpose of the system of internal control

The system of internal control is designed to manage risk to areasonable level rather than to eliminate all risk of failure toachieve policies, aims and objectives; it can therefore onlyprovide reasonable and not absolute assurance of effectiveness.The system of internal control is based on an ongoing processdesigned to:

. identify and prioritise the risks to the achievement of theorganisation’s policies, aims and objectives;

. evaluate the likelihood of those risks being realised and theimpact should they be realised, and to manage themefficiently, effectively and economically.

The system of internal control referred to in this statement hasbeen in place since July 1 2004 when the [organisation] wasgranted Foundation Trust status up to the year ended March31 2005 and the date of approval of the annual report andaccounts.



3 Capacity to handle risk

The Trust has in place a Risk Management Policy and Strategywhich makes it clear that while I have overall responsibility forrisk management, responsibility for specific risk managementareas has been delegated to the Trust Management Executive.Risk management is a core component of the job descriptions ofsenior management.

A range of risk management training is provided to staffand there are policies in place to describe their roles andresponsibilities in relation to the identification andmanagement of risk. All relevant policies are available onthe intranet. The Trust learns from good practice througha range of mechanisms including clinical supervision andreflective practice, individual and peer reviews, performancemanagement, continuing professional developmentprogrammes, clinical audit and application of evidence basedpractice.

4 The risk and control framework

The Risk Management Policy and Strategy sets out the keyresponsibilities for managing risk within the organisation,including the way in which the risk is identified, evaluated andcontrolled.

A traditional risk assessment matrix is used to ensure aconsistent approach is taken to assessing and responding torisks and incidents. All staff are responsible for responding toincidents, hazards, complaints and near misses in accordancewith the appropriate policy. Risk groups are responsible fordeveloping and maintaining local risk registers and overseeingthe management of adverse incidents. Management teams areresponsible for reviewing risk action plans and ensuring theyare implemented through business planning and otherestablished routes. The Assurance and Risk and Audit andFinancial Performance sub-committees of the Board areresponsible for monitoring and reviewing risk processes.

The Trust has a Board Assurance Framework (BAF) whichsets out the principal risks to delivery of key priorities andobjectives. The risks to achieving these priorities andobjectives have been identified and there are actionsunderway accordingly. The Executive Director with delegatedresponsibility and accountability for managing and monitoringeach individual risk is clearly identified. The BAF identifiesthe assurances available to the Board in relation to theachievement of the Trust’s key priorities and objectives,the principal risks to these objectives and the effectiveness ofthe operation of key controls. The Board has required thedevelopment and implementation of action plans for gaps incontrol and assurance that the BAF identifies as requiringaction. The types of gaps in control include existing capacity,training, policies, procedures and systems. The gaps inassurance include reporting mechanisms, comprehensivenessand data collection methods.



Mechanisms and processes in place for working with partnersare used to explore potential risk which may impact upon otherorganisations and public stakeholders.

5 Review of effectiveness

As Accounting Officer, I have responsibility for reviewing theeffectiveness of the system of internal control. My review isinformed in a number of ways. The Head of Internal Auditprovides me with an opinion on the overall arrangements forgaining assurance through the Assurance Framework and onthe controls reviewed as part of the internal audit work.

Executive managers within the organisation who haveresponsibility for the development and maintenance ofthe system of internal control provide me with assurance.The Assurance Framework itself provides me with evidencethat the effectiveness of controls that manage the risks to theorganisation achieving its principal objectives [has] beenreviewed. My review is also informed by assurances from othersources which include external audit and accreditation andpatient/staff surveys.

I have been advised on the implications of the result of myreview of the effectiveness of the system of internal control bythe Assurance and Risk sub-committee of the Trust Board ofDirectors. A plan to ensure continuous improvement of thesystem is in place.

The Trust Board of Directors has reviewed the BoardAssurance Framework twice during 2004/05. It has alsoreviewed its Board sub-committee structure to enhance lines ofreporting and accountability. The Trust Management Executiveand the Assurance and sub-committee have provided the Boardof Directors with reports on risk management, performancemanagement and clinical governance.

The Audit and Financial Performance sub-committee hasprovided the Board of Directors with an independent andobjective review of financial and corporate governance, andinternal financial control within the Trust. The sub-committeehas received reports from external and internal audit. Internalaudit have reviewed and reported upon control, governanceand risk management processes, based on an audit planapproved by the sub-committee. The work included identifyingand evaluating controls and testing their effectiveness, inaccordance with NHS Internal Audit Standards. Where scopefor improvement was found, recommendations were made andappropriate action plans agreed with management.

Sir Jonathan Michael

Chief Executive June 30 2005

Figure 7.3 Extract from the annual report of Guy’s and St Thomas’ NHSFoundation Trust



The public sector is also achieving enhanced internal controls onwhich the auditors have to report.


Independent Auditor’s report

to the Board of Governors of Guy’s and St Thomas’ NHSFoundation Trust

Respective responsibilities of Directors and auditor

I review the Directors’ statement on internal control. I report ifit does not meet requirements of the NHS Foundation TrustManual for Accounts 2004/05 or if the statement is misleadingor inconsistent with other information I am aware of from myaudit of the financial statements. I am not required to consider,nor have I considered, whether the Directors’ statement oninternal control covers all risks and controls. I am also notrequired to form an opinion on the effectiveness of the Trust’scorporate governance procedures or its risk and controlprocedures. My review was not performed for any purposeconnected with any specific transaction and should not be reliedupon for any such purpose.

Sue Exton

District Auditor June 30 2005

1st Floor, Millbank Tower

Officer of the Audit Commission

Millbank, London SW1P 4HQ

Figure 7.4 Extract from the Independent Auditor’s report to the Board ofGovernors of Guy’s and St Thomas’ NHS Foundation Trust

7.5 External audit and internalaudit

As part of their internal financial control mechanisms, largecompanies may wish to introduce a specific management controlfunction known as internal audit. The Institute of Internal Auditorsdefine internal audit as:

an independent, objective assurance and consulting activitydesigned to add value and improve an organisation’s operations.It helps an organisation accomplish its objectives by bringing asystematic, disciplined approach to evaluate and improve theeffectiveness of risk management, control, and governanceprocesses.



In the public sector, it is a statutory requirement that organisationsmaintain an internal audit function. The increasing demands ofcorporate governance have raised the profile of internal audit morerecently. If an internal function does exist, the external auditor mayliaise with those involved in order to maximise audit coverage.


Why do you think that most companies have previously not had aninternal audit function?

What does internal audit do?

The establishment of an internal function is a discretionarymanagement function and management determines the role ofinternal audit. Thus, its role can be either very narrowly focusedor wide ranging and the functions of internal audit can include:

. ensuring the adequacy of internal controls

. reviewing the reliability of records

. preventing fraud, waste and extravagance

. enforcing management decisions

. undertaking ad hoc investigations

. securing the asset base

. substituting for the external auditors under their supervision

. undertaking value for money (VFM) exercises

. undertaking statutory duties where they exist.

The requirements of the Combined Code have had a major impacton the role of the internal auditor, resulting in both a widening ofthe role of internal audit to encompass managing the whole of thebusiness risks and in an increase in the status of the internalauditor.

External audit and internal compared

It is essential that you fully understand the differences between thetwo types of auditor, external and internal, before we proceed anyfurther. Try not to be confused about the roles of the two auditors.You need to be aware of how they complement each other and wherethey diverge. Table 7.1 summarises the major differences.



Table 7.1 Internal and external audit compared

Area of difference Internal audit External audit

Appointment By management By the members or theSecretary of State

Status Employees Agents

Finance Internally paid Paid by fee

Reporting lines To management oraudit committee

To members

Legislation None except inpublic sector

Companies Act 1985

Independence Non-operational Set by statute

Internal controls All Financial

Information supplied To assistmanagement

Support financialstatements

Workload Continuous review Annual

Scope Determined bymanagement

Set by statute

Techniques Appraisingmanagement

Appraising financialstatements

The relationship between the different auditors

The external auditor may choose to make use of the internal auditfunction during the course of the audit. The external auditor willrefer to ISA 610, Considering the work of internal audit.

The effective combination of external and internal audit ...



If they wish to rely on some of the specific internal audit workfor the purpose of the external audit of the financial statements, theexternal auditors should obtain a sufficient understanding of theinternal audit activities to assist them in planning the audit anddeveloping an effective audit approach. This may help in modifyingthe external audit plan. To do this, the external auditor should assessthe internal audit function. In particular, the external auditor isrequired to consider internal audit according to the following criteria:

. organisational status

. scope or function

. technical competence

. due professional care.


Explain what specific items you think the external auditor should considerwithin the above criteria.

Evaluating specific internal audit work

The timing of any liaison between the external and internal auditorsshould be agreed in advance and be a regular occurrence throughoutthe audit. The use of internal audit work to reduce the overallexternal audit workload should be evaluated to confirm that it isadequate for external audit purposes.

This evaluation of the internal work requires that the followingcriteria are considered:

. the work is performed by persons having adequate technicaltraining and proficiency

. the work of assistants is properly supervised, reviewed anddocumented

. sufficient appropriate audit evidence is obtained to afforda reasonable basis for conclusions reached

. the conclusions reached are appropriate in the circumstances

. any reports prepared by internal audit are consistent with theresults of the work performed

. any exceptions or unusual matters disclosed by internal auditare properly resolved



. amendments to the external audit programme are required as aresult of matters identified by internal audit work

. there is a need to test the work of internal audit to confirm itsadequacy.


Do you think that once internal audit work has been found to besatisfactory that there is no further need to review its work in the future?

Reading 7.1

Read Performance Auditing by Charles Rush. You will find this in theB680 Supplementary Readings. While you do, take careful notes of whatit has to say. You should find it an extremely useful source of additionalinformation on many of the topics covered in this book, not just thoserelating to internal auditing. Although the reading refers to SASs(page 36) rather than ISAs, this does not affect its general messages.

When you’ve finished reading it, spend ten minutes writing a summaryof what you have read. Overall, you should expect to spend about anhour on reading, taking notes, and writing your summary.

Conclusion

Although external auditors may choose to make extensive use of theinternal audit function, it is important to remember that theycannot devolve any of their statutory duties. Thus, the externalauditor will always retain full responsibility for the audit.



ISA 610 states:

The external auditor has sole responsibility for the audit opinionexpressed, and that responsibility is not reduced by any use made ofinternal auditing. All judgments relating to the financialstatements are those of the external auditor.

While the external auditor has sole responsibility for the auditopinion expressed and for determining the nature, timing andextent of external audit procedures, certain parts of internal auditwork may be useful to the external auditor.

Now, let’s look at auditing in the public sector.

7.6 Public sector auditing

This session will give you an overview of the audit requirements ofthe major public sector organisations. You will be acquainted withthe similarities and differences between public sector andcommercial audits.

The public sector comprises a number of different organisationsgoverned by different statutes. Each organisation is subject to anannual external audit in order to be publicly accountable to thetaxpayer for the expenditure of government funds. The public sectoraudit is wider ranging than the private sector audit. This is becausethe audit has to attest that:

. expenditure incurred has been legal – that is, within the proper,authorised, and statutory powers of the organisation

. controls exist and operate to prevent corrupt practice, fraud, andmaladministration

. arrangements exist to secure value for money (VFM).

The major public sector external audits

The number of public sector audits has declined significantly followingthe shift towards privatisation of public sector bodies since the 1970s.The remaining major public sector external audits are summarised below.

Entity/Audit National AuditOffice

AuditCommission

Private SectorAudit Firms

CentralGovernmentDepartments

All

Quangos Majority Minority

LocalGovernment

Majority* Minority*

HealthAuthorities

Rights ofaccessand inspection

Majority Minority

*The split at the time of writing is 75% to 25% in favour of District Audit. Howevercurrent initiatives have seen smaller private firms being appointed as auditors ofsmaller local authorities.



Quangos or ‘quasi-autonomous non-governmental bodies’ areunelected bodies appointed by the government to fulfil variousfunctions. Officially, they are termed ‘non-departmental publicbodies’. Let’s now consider the external audit regime of the othermajor public sector organisations.

The National Audit Office (NAO)

The head of the NAO is the Comptroller and Auditor General(CAG) who holds an ancient office that was upgraded by theNational Audit Act of 1983. The Act reinforced the CAG’s financialand operational independence and brought him into closer contactwith Parliament via the Public Accounts Committee. The Actcreated the National Audit Office with the CAG as its head andestablished a clear framework for his access to governmentdepartments and other public bodies. It also granted the NAO thestatutory authority to undertake ‘value for money’ (VFM) work.

A recent change affecting the work of the NAO is the introductionof resource accounting and budgeting, under the GovernmentResources and Accounts Act 2000. This involves changing from acash-based to an accruals-based system for planning and accountingfor expenditure (you may recall that this was mentioned in Session 5of Book 4).

The change to resource accounting and budgeting (often referred toas RAB) means that the Exchequer and Audit Departments Acts(originally passed by Parliament in 1866 and 1921) have beenamended. This is a sweeping change from former practice, and ineffect means that the accounts produced by most government bodieswill now include the three main statements generally produced byprivate sector bodies: a statement of financial performance (incomestatement); a statement of financial position (balance sheet); anda cash flow statement.

Since devolution, theresponsibility for auditingthe expenditure of theScottish Parliament andExecutive rests with theAuditor General forScotland, and the AuditorGeneral for Wales reportsto the Welsh NationalAssembly on the accountsand value for money ofpublic bodies in Wales.There is also aComptroller and AuditorGeneral for NorthernIreland.



In addition, the Treasury now has to prepare what are known as‘Whole of Government Accounts’ (WGA). This is a new duty, and itis being implemented on a phased basis, but essentially it willrequire the preparation of consolidated accounts for the publicsector.

The CAG’s responsibilities are to:

n audit and certify government and departmental resourceaccounts

n audit any other accounts demanded by statute

n report on these to Parliament.

It must be emphasised that these duties are compulsory! He mayalso:

n audit other accounts by agreement

n have access rights to bodies where he is not the appointedauditor but which are largely financed by public funds

n conduct VFM studies where he is the appointed auditor or byagreement

n report to Parliament thereon.

Although the CAG enjoys wide-ranging powers, he is subject tolimitations on these powers – he cannot:

n disallow expenditure or give legal judgements

n audit the accounts of local government or any nationalisedindustries

n ‘follow public money wherever it goes’, i.e. to individuals ororganisations receiving grants or subsidies

n question policy objectives

n examine government maladministration affecting individuals

n report other than to Parliament.

The CAG reports

The CAG reports on any qualifications of his audit certificate (theequivalent of the commercial audit report). The major part of hisreport though is concerned with VFM examinations. (We’ll belooking at them later in this session.)

The timetable for the preparation of accounts has changed recently,with departments preparing resource accounts being required tosend them to the CAG for audit by 30 November of the followingfinancial year. The Treasury is then required to present the certifiedaccounts to Parliament by 31 January of the following financialyear. The new legislation gives the Treasury power to alter thistimetable, and it is envisaged that this may be done in future.

The form of the CAG’s report is not prescribed and he has completediscretion concerning its timing and content. These reports arealways discussed with the audited bodies prior to publication toensure accuracy and fairness of reporting. The report normallyincorporates their replies to criticisms and other issues as well asother items raised and action taken. The final decision on the



content of the report always rests with the CAG. In practice, he doesnot disclose information relating to security or advice given toministers by their departments. Nor does he attempt to identifypolicy or commercial decisions although he may bring to notice thebasis for these decisions and their consequences including thefinancial implications of such decisions.

MoD expenditure is off target

By Gavin Hinks

The Ministry of Defence has had its accounts qualified by theNational Audit Office after the discovery of an army pensionfraud worth nearly half a million pounds, the loss of almost£30m on IT projects and an overspend of £37m.

The staggering figures were revealed in a report published onWednesday which saw the MOD accounts qualified for the thirdyear in succession. The fraud involved a single civil servantworking in the Pensions Division of the Army PersonnelCentre, Glasgow.

He allegedly transferred cash into personal accounts using thedetails of army personnel. The total amount involved came to£470,000 of which only £48,000 has been recovered.

The most shocking element of the accounts for 1998/99 involvedthe scrapping of software to run an RAF communicationssystem.

The project began in 1989, to be completed by 1994, at aprojected cost of £10.2m. By 1997 however, the software,known as the Common User Data System, was still not fullyoperational and was scrapped with £21m written off. A newoff-the-shelf system costing £1.3m is now being implemented.

A failed Navy IT project added £8.7m to the overall bill.

Operational and support costs ran over budget by £36m anddefence logistics by £700,000 prompting plans to request morefunds from parliament – the seventh time in ten years spendinghas exceeded expectations.

A statement from the NAO said the MOD had worked hard toachieve ‘better control’ over expenditure and had even madeimprovements.

But Sir John Bourn, comptroller and auditor general at theNAO, concluded the report saying there was still ‘seriousweaknesses’ in financial management and control, and ‘furtherimprovements’ needed at the MOD.

Source: Accountancy Age, 20 January, 2000



The Public Accounts Committee (PAC)

The PAC was created in 1861 and is the senior ParliamentarySelect Committee dealing with financial matters. It works veryclosely and co-operatively with the CAG. All accounts certified bythe CAG and submitted to Parliament are referred to the PAC forexamination, together with related reports. In practice, the PACconcentrates on pursuing those matters included in the CAG reportsand rarely examines the details of the accounts themselves.

The PAC has up to 16 members and is normally chaired bya senior member of Her Majesty’s opposition, normally anex-minister with relevant financial experience. The PAC does notconcern itself with policy objectives and conducts its business onnon-party political lines. The PAC then submits regular reports toParliament throughout the year with recommendations for furtheraction. The government then responds to each report by TreasuryMinute, giving details on the action initiated to implement thePAC’s recommendations. The PAC may choose to respond to thegovernment’s reply. The PAC’s reports and Treasury Minutes arealso debated by the House of Commons every year.

The Audit Commission of England and Wales

The Audit Commission was established by the Local GovernmentAct 1982. It was believed that:

the interests of all parties will be best served by an AuditCommission for local authorities in England and Wales.

Particular importance was attached to the VFM content of eachlocal authority audit.

Main provisions of the Local Government Act 1982

The major provisions of the Act affecting the Audit Commission are:

. members of the Audit Commission are to be appointed by theSecretary of State for the Environment (who may direct theCommission but not in relation to particular audits)

. the Commission appoints its own staff

. the Commission appoints auditors to local government and NHSTrusts, either from the District Audit Service or from approvedprivate sector firms

. the Commission fixes the audit fee

. the auditors undertake both financial and VFM audits.

The Commission’s objectives are:

to secure continued integrity of local government so that confidencein institutions of government is not eroded by concerns of fraud andcorruption ... to help authorities improve returns on billionsinvested annually as required under the Local Government Act.

The Commission has prepared a code of practice laying down theconduct of the annual audit and audit standards to be met, alongwith the techniques to be used. Again, particular emphasis is placedon VFM.



This is a changing and developing area, and the Audit Commission’spowers and functions were further clarified and codified by theAudit Commission Act 1998. However the Local Government Act2000 then repealed and amended some provisions of both theoriginal legislation and the Audit Commission Act 1998.

The external audit of local government in Englandand Wales

The role of the local authority external auditors is to form anopinion on the annual accounts. This opinion is to state whether theauthority’s financial statements fairly present both its financialposition and its income and expenditure for the financial year.The auditors have to ensure that the local authority has madearrangements to secure VFM. They also have to consider whetherthe accounts are contrary to law, or whether losses have beencaused by wilful misconduct and to further consider whether anadvisory notice should be issued to prevent unlawful action.

Illegalities

If the auditors discover apparent illegalities, they can pursue thefollowing courses of action:

. apply to the Courts for the action to be declared unlawful

. if the Court agrees it can order rectification of the accounts

. if a local authority’s councillors are involved and the amountsexceed £2 000, they will be disqualified from office for a specifiedperiod.

The public’s rights at a local government audit

Members of the public, the local government electors or theirrepresentatives enjoy privileges at each annual audit. These are:

. they can inspect, copy accounts, and all books, deeds, contracts,bills, vouchers and receipts relating to them

. they have an opportunity to question the auditor about theaccounts

. they may make objections to the auditors who may take actionfor illegality or issue a report in the public interest.

In order to fulfil their obligations in this respect local authorities arerequired to arrange, and publicise, a time and place for any localelector to attend and question the auditor about the accounts, or tomake objections to any items in the accounts. This must be done byplacing a notice in a local newspaper.

Fraud and corruption

The auditor has no specific duty to detect fraud and corruptionexcept when it is sufficiently material. Nonetheless, the auditorshould alert management to areas of potential fraudulent risk. Theauditor is required to pay special attention to areas where corruptpractices may be found and ensure the authority has takenappropriate preventive measures.



The local authority audit report

On concluding the audit, the auditors must enter a statement on theaccounts disclosing:

. that the audit has been completed in accordance with the Act

. whether their opinion is qualified or unqualified.

As well as this the auditor may issue a report in the public interestif necessary and send it to the local authority that then has to makethis publicly available. Additionally, the auditor has to summarise ina management letter addressed to the local authority councillors allof the significant matters arising.

You can also look at the annual audit and inspection lettersfor all local authorities via the Audit Commission’s website(http://www.audit-commission.gov.uk/). These letters do notcontain the audit report on the annual accounts, as they take awider view and cover other matters that the Audit Commission hasto report on, but they make reference to it.

Independent auditor’s report toWolverhampton City Council

We have audited the financial statements on pages 120 to 176which have been prepared in accordance with the accountingpolicies applicable to local authorities as set out on pages120 to 125.

This report is made solely to Wolverhampton City Council, as abody, in accordance with Section 2 of the Audit Commission Act1998. Our work has been undertaken so that we might state toWolverhampton City Council those matters we are required tostate to it in an auditors’ report and for no other purposes.To the fullest extent permitted by law we do [not] accept orassume responsibility to anyone other than WolverhamptonCity Council, as a body, for our audit work, for this report, orfor the opinions we have formed.

Respective responsibilities of the Director for Resourcesand Support and auditors

As described on page 106, the Director for Resources andSupport is responsible for the preparation of the statement ofaccounts in accordance with the Code of Practice on LocalAuthority Accounting in the United Kingdom 2004: AStatement of Recommended Practice. Our responsibilities, asindependent auditors, are established by statute, the Code ofAudit Practice issued by the Audit Commission and ourprofession’s ethical guidance. We report to you our opinion asto whether the statement of accounts presents fairly thefinancial position of the Council and its income andexpenditure for the year.

We review whether the statement on internal control on pages108 to 111 reflects compliance with CIPFA’s guidance TheStatement on Internal Control in Local Government. Meeting



the Requirements of the Accounts and Audit Regulations 2003published on 2 April 2004. We report if it does not comply withproper practices specified by CIPFA or if the statement ismisleading or inconsistent with other information we are awareof from our audit of the financial statements. We are notrequired to consider, nor have we considered, whether thestatement on internal control covers all risks and controls. Weare also not required to form an opinion on the effectiveness ofthe authority’s corporate governance procedures or its risk andcontrol procedures. Our review was not performed for anypurpose connected with any specific transaction and should notbe relied upon for any such purpose.

We read the other information published with the statement ofaccounts and consider the implications for our report if webecome aware of any apparent misstatements or materialinconsistencies with the statement of accounts. We are notrequired to consider, nor have we considered, informationregarding future projections included within the statements ofaccounts.


We conducted our audit in accordance with the AuditCommission Act 1998 and the Code of Audit Practice issued bythe Audit Commission, which requires compliance with relevantauditing standards issued by the Auditing Practices Board.

An audit includes examination, on a test basis, of evidencerelevant to the amounts and disclosures in the financialstatements. It also includes an assessment of the significantestimates and judgements made by the Council in thepreparation of the financial statements, and of whether theaccounting policies are appropriate to the [Council’s]circumstances, consistently applied and adequately disclosed.

We planned and performed our audit so as to obtain all theinformation and explanations which we considered necessary inorder to provide us with sufficient evidence to give reasonableassurance that the statement of accounts [is] free from materialmisstatement, whether caused by fraud or other irregularity orerror. [In] forming our opinion, we evaluated the overalladequacy of the presentation of the information in the financialstatements.

Opinion

In our opinion, the statement of accounts presents fairly thefinancial position of Wolverhampton City Council as at 31 March2005 and its income and expenditure for the year then ended.

KPMG LLP, Chartered AccountantsBirmingham (Date: 31.08.05)

Figure 7.5 Example of a local authority external audit report



NHS external audit

Since 1990/1, the Audit Commission has been responsible for theappointment of NHS external auditors. The powers of the externalauditors are based on statute arising from The National HealthService Act 1977, The Local Government Finance Act 1982 and TheNational Health Service and Community Care Act 1990. The AuditCommission Act 1998 is now the main Act of Parliament setting outthe statutory responsibilities and powers of NHS external auditors.Another point to note is that NHS foundation trusts appoint theirown auditors under arrangements overseen by Monitor, which is theindependent regulator for NHS foundation trusts. The objectives ofthe audit include:

. the Audit Commission is responsible for the appointment ofauditors of the Health Service

. the Audit Commission has prepared a Code of Audit Practice forthe Health Service

. the auditors must satisfy themselves that the accounts complywith directions issued under the NHS Act and that value formoney is achieved

. to give auditors the right of access to documents held by GeneralPractitioner (i.e. doctor) fundholders

. there is no right of question of the auditor, or inspection andobjection to the accounts

. the auditor must immediately report to the Secretary of State forHealth where unlawful expenditure may have occurred.

It should be noted that it is the responsibility of the National AuditOffice to examine and certify the summarised accounts of the healthauthorities. It is the Audit Commission that appoints the auditorswho carry out the individual health authority audits.




Independent Auditor’s report to the Board of Governorsof Guy’s and St Thomas’ NHS Foundation Trust

I have audited the financial statements on pages 46 to 74 whichhave been prepared in accordance with the accounting policiesrelevant to NHS Foundation Trusts as set out on pages 56 to 59.

This report is made solely to the Board of Governors of Guy’sand St Thomas’ NHS Foundation Trust as a body in accordancewith paragraph 24(5) of Schedule 1 of the Health and SocialCare (Community Health and Standards) Act 2003. My workwas undertaken so that I might state to the Board of Governorsthose matters I am required to state to it in an auditor’s reportand for no other purpose. In those circumstances, to the fullestextent permitted by law, I do not accept or assume responsibilityto anyone other than the Foundation Trust as a body, for myaudit work, for the audit report or for the opinions I form.

Respective responsibilities of Directors and auditor

As described on page 47 the Directors are responsible for thepreparation of the financial statements in accordance withdirections issued by the Independent Regulator. Myresponsibilities, as independent auditor, are established bystatute and the Audit Code for NHS Foundation Trusts issuedby the Independent Regulator and my profession’s ethicalguidance.

I report to you my opinion as to whether the financialstatements give a true and fair view of the state of affairs ofthe Trust and its income and expenditure for the period, inaccordance with the accounting policies directed by theIndependent Regulator as being relevant to NHS FoundationTrusts.

I read the information contained in the Annual Report andconsider the implications for my report if I become aware of anyapparent misstatements or material inconsistencies with thestatement of accounts.


I conducted my audit in accordance with the Health and SocialCare (Community Health and Standards) Act 2003 and theAudit Code for NHS Foundation Trusts issued by theIndependent Regulator, which requires compliance withrelevant auditing standards issued by the Auditing PracticesBoard.

An audit includes examination, on a test basis, of evidencerelevant to the amounts and disclosures in the financialstatements. It also includes an assessment of the significantestimates and judgements made by the Directors in thepreparation of the financial statements, and of whether the



accounting policies are appropriate to the Trust’scircumstances, consistently applied and adequately disclosed.

I planned and performed my audit so as to obtain all theinformation and explanations which I considered necessary inorder to provide me with sufficient evidence to give reasonableassurance that the financial statements are free from materialmisstatement, whether caused by fraud or other irregularity orerror. In forming my opinion I also evaluated the overalladequacy of the presentation of information in the financialstatements.

Opinion

In my opinion the financial statements give a true and fair viewof the state of affairs of Guy’s and St Thomas’ NHS FoundationTrust as at March 31 2005 and of its income and expenditurefor the period then ended in accordance with the accountingpolicies directed by the Independent Regulator as beingrelevant to NHS Foundation Trusts.

Certificate

I certify that I have completed the audit of the accounts inaccordance with the requirements of the Health and SocialCare (Community Health and Standards) Act 2003 and theAudit Code for NHS Foundation Trusts issued by theIndependent Regulator.

Sue Exton

District Auditor June 30 2005

1st Floor, Millbank Tower

Officer of the Audit Commission

Millbank, London SW1P 4HQ

Figure 7.6 Example of an NHS external audit report

7.7 Value for money auditing

We have seen that great emphasis is given to value for money (VFM)auditing in the public sector external audit. It is given thisemphasis due to the absence of the normal private sector yardsticksof measuring corporate performance, e.g. gross and net profits andthe ROCE. Public sector entities are organised to provide sociallynecessary and desirable services that the private sector cannot or isunwilling to provide in the volume required, e.g. education.Therefore, to measure the provision of these services, VFM auditshave been developed to concentrate on three specific elements:

. economy

. effectiveness

. efficiency.



These are often referred to as the three ‘Es’. We shall now considereach of these separate elements.

Economy

This is concerned with the inputs into a sector and may be definedas the least costly resources required to produce an appropriatequality of output. Economy is a relative measure and the auditorneeds to consider the entity’s regulations for creating standards tosatisfy those requirements at an optimum level. It is important forthe auditor to remember that the economy standard should not beconsidered in isolation and must be regarded in conjunction with theother two elements.

Public sector audit reports are not the same as commercial audits!


Is economy another way of saying that the cheapest option should besought on all occasions?

Effectiveness

This is concerned with the success of achieving the objectives of theorganisation and thus refers only to the outputs of the organisation.It is defined as the relationship between output and objectives.



An effective entity will be one that is attaining its objectives. Sincethe public sector is largely service based, some of these objectivesmay be difficult to identify. The auditor will have to be aware of theclient’s needs and requirements. Again, this element should not beconsidered in isolation. Usually any objectives can be obtained ifthere are no financial constraints so the auditor has to rememberthe criterion of economy mentioned earlier!


How would the external auditors of a school measure the school’seffectiveness?

Efficiency

This links economy and effectiveness together, i.e. both inputs andoutputs. It can be defined as the amount of output per unit of input.It may be expressed as

outputinput

.

The greater the ratio, the more output for input is achieved, andvice versa.

The Audit Commission and VFM

Every year the Audit Commission develops a series of nationalstudies which are designed to promote good audit managementpractice in specific service areas. These studies are carried out atlocal regional levels by the appointed auditors. You can find outmore about the current work of the Audit Commission by looking atrecent reports published on their website (http://www.audit-commission.gov.uk/).

These VFM studies are usually tailored to meet local needs as well.This is normally achieved by detailed discussions between officers,members and the auditor so that a detailed audit plan can bedeveloped. Each local authority, for example, has to develop a ‘BestValue’ framework from its own internal policy reviews and this willbe subject to future examination by the external auditor.

Performance indicators

As we have seen, the absence of commercial yardsticks to measureperformance has led to the development of performance indicators(PIs) as part of the requirements of the Citizen’s Charter. Localauthorities, for example, have to publish a wide range of PIs.



There are two sets of PIs: those related to Best Value, BVPIs, plusthe Audit Commission PIs, ACPIs. The number and scope of thesePIs will be subject to change. These PIs must be incorporated inBest Value Performance Plans, and they should show not onlyactual performance but also comparative performance against allother local authorities.

Examples of performance indicators could be:

. energy costs per cubic metre for particular forms of building andclimatic conditions

. vehicle costs for particular vehicles used for particular tasks andconditions, such as refuse disposal

. costs per patient and occupancy rates as applicable to particulartypes of ward and medical condition.

The advantage of PIs are that they recognise that variations inperformance will occur between similar organisations. BenchmarkPIs can be established and these can help both local managers andauditors measure actual performance achieved.

The problems with using PIs in practice is that public sectororganisations follow a multiplicity of objectives. Also, although someorganisations are similar they will not be exactly the same due toregional and geographical variations. Therefore, meaningful PIs canbe very difficult to set and measure in quantitative terms. The othermajor problem is how best to measure the qualitative factorsinvolved.

Structuring a VFM audit

A fundamental prerequisite in a VFM audit is that the auditoravoids becoming involved in the policy-making process and objectivesetting. The audit will involve the following:

. identifying the entity’s policy objectives

. establishing that the organisational structures of the entity areappropriate to the relevant activities, i.e. responsibilities,authorisation and accountability

. ensuring line managers are aware of policies and areimplementing these

. reviewing performance effectiveness by analysing performanceindicators

. reviewing the performance of each section of the entity againstobjectives

. monitoring the results against predetermined performanceobjectives and standards to ensure that outstanding performanceis encouraged and that unacceptable performance is corrected.

The objective of the VFM audit will be to highlight waste andextravagance or unrewarding expenditure and to assess whetherprogrammes undertaken are meeting predetermined aims.



Difficulties arising in a VFM audit

Carrying out a VFM audit can present a number of problems for theauditor and is not as straightforward as the previous notes mayhave led you to believe. We shall consider some of the problems theauditor may encounter which can be summarised as follows:

. measurement of benefits arising may only occur in the long termfor assessing effectiveness, e.g. child health care programmescan lead to benefits in later adult life

. outputs may be difficult to define and could be interrelated,e.g. the Education Act aims to create an ‘educated population’

. some outputs cannot be measured in monetary terms or otherunits, e.g. how is the output of the armed forces to be measured?

. the costs of government action may be passed on to others,e.g. the administration of statutory sick pay now rests withemployers

. one activity may lead to several benefits, e.g. pollutionprevention can lead to a cleaner environment with less damageto crops, buildings and the health of the populace

. performance indicators compiled to measure performance fail toreflect quality

. to whom is the auditor ultimately reporting? Government, localcouncillors, or the public?

Conclusion

In local authorities the auditor produces a management letter (youwill remember that the private sector auditor can produce a similarmanagement letter) which, amongst other items, will consider valuefor money attainment.

You should now appreciate that the role of the external auditor inthe public sector is more onerous and wide ranging than in thecommercial sector. However, VFM audits, although not a statutoryrequirement in the private sector could, nonetheless, be carried outif required. This could be done by the external auditor as anadditional service specified by the engagement letter, or by theinternal audit department.

SummaryYou should now have a clear understanding of how the developmentof corporate governance has impacted on the role of the auditor. Youshould also appreciate the differences between external and internalauditing and the links between them, the differences between publicsector audits and commercial audits and, finally, you should now beaware of and understand the concept of value for money auditing.

You now have a self-assessed question to do. Be sure you havecompleted it and comparedwhat you wrote with the suggested answerat the back of the book before you start Session 8, The audit report.




(1) Connect your computer to the Internet, open your web browser andvisit the website of any UK company supplying its annual report –remember Carol from Book 1? You could use Carol(www.carolworld.com) to locate the company. Examine the annualreport for mention of corporate governance. Compare the disclosuresgiven with what you know about the various corporate governancereports.

Spend about 15 minutes looking for this information and writingyour own notes on the topic.

(2) Visit the National Audit Office website (www.nao.org.uk) to find outmore about its work and current projects. (You should look at the‘what’s new’ and ‘links’ pages in particular.)

Spend about 15 minutes looking for this information and writingyour own notes on the topic.




SESSION 8

The audit report

Introduction


(1) describe the statutory requirements relating to the audit report

(2) describe the statutory elements of the audit report

(3) describe how and to what degree the auditor may qualify theaudit report, and what this means.

This session will familiarise you with the auditor’s responsibilitieswith respect to reporting on a company’s financial statements andlooks at the difference between various forms of qualified andunqualified audit reports.

8.1 The statutory requirements

At the conclusion of the audit the auditors will have to express theiropinion on the truth and fairness of a company’s financialstatements in the audit report. Statutory legislation has consistentlyrequired that certain mandatory statements appear in the report.


Connect your computer to the Internet, open your web browserand navigate to Carol (www.carolworld.com) or Northcote(www.northcote.co.uk). Spend around 30 minutes collecting 10–12audit reports. Try to find at least one qualified audit report. (Don’t worryif you can’t, but you will find it easier to follow the rest of this session ifyou do.)

Ideally, you should print these. If you do not have access to a printer,bookmark each of them (using the Internet Explorer ‘favourites’ menuitem or the Netscape ‘bookmarks’ menu item) so that you can find themagain easily.

Now spend five more minutes comparing them, looking for anydifferences between them, particularly between any qualified auditreport(s) you found and the rest.

An unqualified audit report

This is the type of audit report all companies will seek to receive!This type of report reflects that the financial statements show a trueand fair view and satisfy s237 of the Companies Act 1985.




Please open the electronic material on your PC and work throughSection 8.1, The audit report.


S235 Companies Act 1985 requires the auditors to state explicitlywhether in their opinion the annual accounts have been properlyprepared in accordance with statute and in particular whether atrue and fair view is given in the:

. balance sheet of the state of the company’s affairs at the end ofthe financial year

. in the profit and loss account of the company’s profit and loss forthe financial year, and

. in the case of group accounts, of the state of affairs at the end ofthe financial year and the profit and loss for the year of theundertakings included in the consolidation, so far as thisconcerns the members of the company.

8.2 ISA 700: the auditors’ report onfinancial statements

The auditing standard says:

The auditor should review and assess the conclusions drawn fromthe audit evidence obtained as the basis for the expression of anopinion on the financial statements.

The auditor’s report should contain a clear written statement ofopinion on the financial statements taken as a whole.

The auditors’ report is placed either before the financial statementsand after the directors’ responsibility statement or at the end ofthe financial statements.

THE AUDIT REPORT SESSION 8


Directors’ responsibilities

in respect of the preparation of financial statements

The directors are required by the Companies Act 1985 toprepare financial statements for each financial year which givea true and fair view of the state of affairs of United UtilitiesWater PLC at the end of the financial year and of the resultsfor the financial year. The Company is also required to prepareaccounting statements each year which comply with therequirements of Condition F of the licence of the Company as awater and sewerage undertaker under the Water Industry Act1991. The accounting statements may be combined with thefinancial statements.

The directors consider that in preparing the financialstatements on pages 6 to 44, the Company has used appropriateaccounting policies, consistently applied and supported byreasonable and prudent judgements and estimates, and that allaccounting standards and all Regulatory Accounting Guidelinesissued by the Office of Water Services which they consider to beapplicable to these financial statements have been followed,subject to any departure and explanation described in the notesto the accounts. After making enquiries, the directors are of theopinion that the Company has adequate resources to continuein operational existence for the foreseeable future. For thisreason, they continue to adopt a going concern basis inpreparing these financial statements. The directors haveresponsibility for ensuring that the Company keeps accountingrecords which disclose with reasonable accuracy the financialposition of the Company and which enable them to ensure thatthe financial statements comply with the Companies Act 1985.

In addition, the directors have responsibility for ensuring thatthe Company keeps proper accounting records sufficient toenable the historical cost and current cost informationrequired by Condition F of the licence to be prepared, havingregard to all relevant Regulatory Accounting Guidelines. Thedirectors have a general legal responsibility for taking suchsteps as are reasonably open to them to safeguard the assetsof the Company and to prevent and detect fraud and otherirregularities. The directors are required to confirm in thefinancial statements that, in their opinion, the Company wasin compliance with paragraph 3.1 of Condition K of the licencerelating to the availability of the rights and assets, at the endof the financial year (see page 4).

Independent auditors’ report

to the members of United Utilities Water PLC

We have audited the financial statements of United UtilitiesWater PLC for the year ended 31 March 2005 which comprisethe profit and loss account, the balance sheet, the cash flowstatement, the notes to the cash flow statement, the statementof total recognised gains and losses, the reconciliation ofmovements in shareholders’ funds, and the related notes



1 to 25. These financial statements have been prepared underthe accounting policies set out therein.

This report is made solely to the Company’s members, as abody, in accordance with section 235 of the Companies Act1985. Our audit work has been undertaken so that we mightstate to the Company’s members those matters we are requiredto state to them in an auditors’ report and for no other purpose.To the fullest extent permitted by law, we do not accept orassume responsibility to anyone other than the Company andthe Company’s members as a body, for our audit work, for thisreport, or for the opinions we have formed.


As described in the statement of directors’ responsibilities, theCompany’s directors are responsible for the preparation of thefinancial statements in accordance with applicable UnitedKingdom law and accounting standards. Our responsibility isto audit the financial statements in accordance with relevantUnited Kingdom legal and regulatory requirements andauditing standards.

We report to you our opinion as to whether the financialstatements give a true and fair view and are properly preparedin accordance with the Companies Act 1985. We also report if,in our opinion, the directors’ report is not consistent with thefinancial statements, if the Company has not kept properaccounting records, if we have not received all the informationand explanations we require for our audit, or if informationspecified by law regarding directors’ remuneration andtransactions with the Company and other members of theGroup is not disclosed.

We read the directors’ report and the other informationcontained in the annual report for the above year as describedin the contents section and consider the implications for ourreport if we become aware of any apparent misstatements.


We conducted our audit in accordance with United Kingdomauditing standards issued by the Auditing Practices Board. Anaudit includes examination, on a test basis, of evidence relevantto the amounts and disclosures in the financial statements. Italso includes an assessment of the significant estimates andjudgements made by the directors in the preparation of thefinancial statements and of whether the accounting policies areappropriate to the circumstances of the Company and theGroup, consistently applied and adequately disclosed.

We planned and performed our audit so as to obtain all theinformation and explanations which we considered necessary inorder to provide us with sufficient evidence to give reasonableassurance that the financial statements are free from materialmisstatement, whether caused by fraud or other irregularity orerror. In forming our opinion, we also evaluated the overall



adequacy of the presentation of information in the financialstatements.

Opinion

In our opinion, the financial statements give a true and fairview of the state of affairs of the Company as at 31 March 2005and of the profit of the Company for the year then ended andhave been properly prepared in accordance with the CompaniesAct 1985.

Deloitte & Touche LLP


Manchester

15 July 2005

Figure 8.1 Where the audit report appears in the financial statements

ISA 200, Objective and general principles governing an audit offinancial statements, makes an important point about the nature ofthe assurance provided by the audit report:

An audit in accordance with ISAs (UK and Ireland) is designedto provide reasonable assurance that the financial statementstaken as a whole are free from material misstatement.Reasonable assurance is a concept relating to the accumulation ofthe audit evidence necessary for the auditor to conclude thatthere are no material misstatements in the financial statementstaken as a whole. Reasonable assurance relates to the wholeaudit process.

The view given in financial statements is itself based on acombination of fact and judgment and, consequently, cannot becharacterized as either ‘absolute’ or ‘correct’.

Accordingly ... an audit is not a guarantee that the financialstatements are free of material misstatement.

Elements of the audit report

The audit standard states that the audit report has to include thefollowing matters:

. a title

. identification of the person or persons to whom the report isaddressed

. an introductory paragraph which identifies the financialstatements audited and includes a statement of the respectiveresponsibilities of the entity’s management and of the auditor

. a scope paragraph which refers to ISAs (or relevant nationalstandards or practices), and describes the work performed by theauditor

. an opinion paragraph which refers to the relevant financialreporting framework (for example, IFRS or domestic standards



as applicable), and gives the opinion of the auditor on thefinancial statements

. the date of the report, the auditor’s address and the auditor’ssignature.

You should check this prescribed layout against the audit reportsyou found in Internet Activity 8.1.

The scope of the audit

ISA 700 states that the auditors should explain the basis of theiropinion by including the following in the scope paragraph:

. a statement that the audit was conducted in accordance withISAs (or relevant domestic standards as appropriate)

. a statement that the audit was planned and performed to obtainreasonable assurance about whether the financial statementsare free of material misstatement whether caused by fraud orother irregularity or error

. a statement that the audit process includes:

(a) examining, on a test basis, evidence to support the financialstatement amounts and disclosures

(b) assessing the accounting principles used in the preparationof the financial statements

(c) assessing the significant estimates made by management inthe preparation of the financial statements

(d) evaluating the overall financial statement presentation

. a statement that the audit provides a reasonable basis for theopinion.

The auditor’s opinion

ISA 700 further states:

The opinion paragraph of the auditor’s report should clearlyindicate the financial reporting framework used to prepare thefinancial statements (including identifying the country of originof the financial framework when the framework used is notInternational Accounting Standards) and state the auditor’sopinion as to whether the financial statements give a true and fairview (or are presented fairly, in all material respects), in accordancewith that financial reporting framework and, where appropriate,whether the financial statements comply with statutoryrequirements.

An unqualified opinion on the financial statements is expressedwhen, in the auditor’s judgement, they give a true and fair view andhave been prepared in accordance with relevant accounting or otherrequirements. This judgement concludes whether:

. the financial statements have been prepared using appropriateaccounting policies which have been consistently applied

. the financial statements have been prepared in accordance withrelevant legislation, regulations or applicable accountingstandards and that any departures are justified and adequatelyexplained in the financial statements



. there is adequate disclosure of all information relevant to theproper understanding of the financial statements.

The majority of audit reports are unqualified

The audit signature and date


The auditor should date the report as of the completion date of theaudit. This informs the reader that the auditor has considered theeffect on the financial statements and on the report of events andtransactions of which the auditor became aware and that occurredup to that date.

In the UK and Ireland, the date of an auditor’s [or] a reportingentity’s financial statements is the date on which the auditor signedthe report expressing an opinion on those statements.

Since the auditor’s responsibility is to report on the financialstatements as prepared and presented by management, the auditorshould not date the report earlier than the date on which thefinancial statements are approved or signed by management.

In the UK and Ireland, the auditor should not date the reportearlier than the date on which all other information contained ina report of which the audited financial statements form a part havebeen approved by those charged with governance and the auditorhas considered all necessary available evidence.

The date of the auditor’s signature is thus the date on which thefollowing occur:

. receipt of the financial statements and accompanying documentsin the form approved by those charged with governance – whowill normally be the directors of the company concerned – forrelease

. review of all documents which they are required to consider inaddition to the financial statements



. completion of all procedures necessary to form an opinion on thefinancial statements including a review of post-balance sheetevents.

The auditors sign their report expressing an opinion on the financialstatements for distribution with those statements.

If the date on which the auditors sign the report is later than thaton which the directors approve the financial statements, then theauditors must check that the post-balance sheet event review(whereby events that have occurred since the end of the financialperiod are examined to see if they should be recognised within theannual report) has been carried out up to the date they sign theirreport and that the directors would also have approved the financialstatements on that date.

Conclusion and the true and fair view

You will recall that S226(2) Companies Act 1985 requires that theaccounts of a limited company show a true and fair view althoughthe Act fails to define exactly what this is.

A written counsel’s opinion stated that:

An SSAP is a declaration by the Accounting Standards Committeeon behalf of its constituent professional bodies that save inexceptional circumstances accounts which do not comply with thestandard will not give a true and fair view.

(Note that this opinion was given before the advent of theAccounting Standards Board and Financial Reporting Standards,and also before the introduction of IFRSs.)

A further legal opinion has stated that:

The changes brought about by the Companies Act 1989 will in myview affect the way in which the court approaches the questionwhether compliance with an accounting standard is necessary tosatisfy a true and fair view requirement. The court will infer fromS256 that statutory policy favours both the issue of accountingstandards and compliance with them; indeed S256(3)(C)additionally contemplates the investigation of departures from themand confers power to provide public funding for such a purpose.The court will also in my view infer from paragraph 36 A Schedule 4that accounts which meet the true and fair requirement will ingeneral follow rather than depart from standards and thatdeparture is sufficiently abnormal to require to be justified. Thesefactors increase the likelihood, to which the earlier joint opinionsreferred, that the courts will hold that in general compliance withaccounting standards is necessary to meet a true and fairrequirement.

Miss Mary Arden, Appendix, ASB, foreword to Accounting Standards

8.3 The qualified audit report

We have seen that if the auditors are of the opinion that theaccounts reflect a true and fair view, the auditors will issue anunqualified report. However if the auditors do not express such an



opinion they will issue a qualified report if the followingcircumstances arise:

. there is a limitation on the scope of the auditors’ examination, or

. the auditor disagrees with the treatment or disclosure of an itemin the financial statements.

A qualified audit report with a disclaimer of audit opinion does notmean that the financial statements fail to present a true and fairview. For example, the disclaimer may relate to the auditor beingunable to obtain sufficient and reliable evidence relating to the stockvaluation, and to nothing else.

The auditor then has to decide whether the effects of such matters is, ormay prove material to the financial statements. If this is the case or ifthere is non-compliance with relevant accounting or other treatments,then the financial statements will not disclose a true and fair view.

Modified audit reports

ISA 700 sets out several types of modified audit report. The first ofthese concerns matters that do not affect the auditor’s opinion. TheISA refers to this as an ‘emphasis of matter’. Here the auditor willinclude a paragraph that highlights the issue or problem.

The use of an emphasis of matter paragraph does not affect theauditor’s opinion. For example, it might be used in circumstanceswhere there is a significant uncertainty, the resolution of which isdependent on future events and which may affect the financialstatements. Another example is the use of this paragraph tohighlight a material matter regarding a going concern problem,or to highlight a matter affecting the financial statements which isdisclosed in the notes to the accounts. The paragraph wouldnormally follow the opinion paragraph.

The other types of modified audit report concern matters that doaffect the auditor’s opinion:

. a qualified opinion

. a disclaimer of opinion

. an adverse opinion.

The matrix below shows the different circumstances when thesedifferent types of audit opinion would be used.

Audit report qualification matrix

Nature ofcircumstances

Material but notfundamental

Fundamental

Uncertainty Except for ... might Disclaimer

Disagreement Except for ... Adverse



Qualified opinion

A qualified opinion should be expressed when the auditor is not ableto issue an unqualified report but concludes that the matter is not somaterial and pervasive as to require a disclaimer of opinion or anadverse opinion. An ‘except for ... might’ audit report is one wherethe auditor disclaims an opinion on a particular aspect of theaccounts but which is not considered to be fundamental. An ‘exceptfor’ opinion is one where the auditor expresses an adverse opinionon a particular aspect of the accounts that is material but notconsidered to be fundamental.

Disclaimer of opinion

A disclaimer of opinion should be expressed when the possible effectof a limitation on scope is so material or pervasive that the auditorhas not been able to obtain sufficient appropriate audit evidence.When the auditors give a disclaimer of opinion, they state that theyare unable to form an opinion as to whether the accounts give a trueand fair view.

Adverse opinion

An adverse opinion should be expressed when the effect of adisagreement is so material and pervasive to the financialstatements that a qualification of the report will not be adequateto disclose the misleading or incomplete nature of the financialstatements. An adverse opinion is one where the auditors believethe financial statements do not give a true and fair view.

Adverse opinion

Figure 8.2 shows an example of a qualified audit report.



Auditors report to the shareholders

We have audited the financial statements on pages 5 to 14, whichhave been prepared under the historical cost convention as modifiedby the revaluation of certain fixed assets and on the basis of theaccounting policies set out on page 7.


As described on page 2, the company’s directors are responsible forthe preparation of financial statements.

It is our responsibility to form an independent opinion, based on ouraudit, on those financial statements and to report our opinion to you.

Basis of opinion

We conducted our audit in accordance with Auditing Standards issuedby the Auditing Practices Board. An audit includes examination, on atest basis, of evidence relevant to the amounts and disclosures in thefinancial statements. It also includes an assessment of the significantestimates and judgements made by the directors in the preparation ofthe financial statements, and of whether the accounting policies areappropriate to the Group’s circumstances, consistently applied andadequately disclosed.

We planned and performed our audit so as to obtain all the informationand explanations which we considered necessary in order to provide uswith sufficient evidence to give reasonable assurance that the financialstatements are free from material misstatements, whether caused byfraud or other irregularity or error. However, the evidence available tous was limited because we were unable to carry out auditingprocedures necessary to obtain adequate assurance regarding thevaluations provided for stocks and work in progress appearing in theBalance Sheet amounting to £6 500 and £114 000, respectively. Anyadjustment to these figures would have a consequential significanteffect on the profit for the year ended 30th April 1999.

In forming our opinion we also evaluated the overall adequacy of thepresentation of information in the financial statements.

Opinion

Except for any adjustments that might have been found to be necessaryhad we been able to obtain sufficient evidence concerning stock, in ouropinion the financial statements give a true and fair view of the state ofthe Company’s affairs as at 30th April 1999 and of its profit for the yearthen ended and have been properly prepared in accordance with theCompanies Act 1985, applicable to small companies.

In respect alone of the limitation on our work relating to stock andwork in progress:

. we have not obtained all the information and explanationsthat we considered necessary for the purpose of our audit; and

. we were unable to determine whether proper accounting recordshad been maintained.

Registered Auditors,24th January 2000

Figure 8.2 An example of a qualified audit report



Fundamental uncertainty

This arises when an inherent uncertainty is fundamental. This iswhen the magnitude of its potential impact is so great that, withoutclear disclosure of the nature of and implications of the uncertainty, theview given by the accounts would be seriously misleading. When theauditors are forming their opinion they should consider whetherthe view given by the financial statements could be affected by inherentuncertainties that may prove fundamental.

If such an inherent uncertainty exists that is

. fundamental, in the auditors’ opinion, and

. adequately accounted for and disclosed in the financialstatements,

the auditor should include an explanatory paragraph referring tothe fundamental uncertainty in the section of the audit reportsetting out the basis of their opinion.

When adding an explanatory paragraph, auditors should use words toindicate clearly that their opinion on the financial statements is notqualified in respect of its contents. The auditors will qualify their reportif the fundamental uncertainty is materially misstated or inadequatelydisclosed. Alternatively, they may choose to issue a disclaimer ofopinion if there has been a limitation of scope on the audit preventingthe auditor assessing the financial statements properly.

Inherent uncertainties

Inherent uncertainties arise when an uncertainty in the accountswill only be resolved by events in the future outside the control ofthe reporting entity. If the auditors concur with the directors’ viewof the inherent uncertainty then there will be nothing wrong withthe accounts as they remain at that point. The auditors will have toconsider whether the inherent uncertainty has been treatedproperly in the accounts. They will have to consider whether:

. the accounting policies dealing with the uncertain matters aresuitable

. the estimates are reasonable

. the disclosures are adequate.

Usually, the auditors’ report will not refer to any inherentuncertainties if they are adequately covered in the financialaccounts.

Limitations on the scope of the audit

This arises when limitations have been imposed on the auditorcarrying out his work. This will lead to the auditor being unable toassemble sufficient evidence to formulate an opinion and thus anunqualified opinion will be expressed. If this is the case then:

. the auditors’ report should include a description of the factorsleading to the limitation in the opinion of their report

. the auditors should issue a disclaimer of opinion when the effect isso material or persuasive that they are unable to express an opinion



. a qualified opinion should be issued when the effect of thelimitation is not so material or persuasive as to require adisclaimer – the wording of the opinion should indicate that it isqualified as to the possible adjustments to the financialstatements that might have been determined to be necessaryhad the limitation not existed.


Can you think of any practical examples where a limitation of scope onthe audit may occur?

Audit disagreements on accounting treatment ordisclosures

This arises where the auditor disagrees with the accountingtreatment or disclosure of a matter in the accounts which ismaterial to an understanding of the financial statements. Theauditors should include in the opinion section of their report:

. a description of all substantive factors giving rise to thedisagreement

. their implications for the financial statements

. whenever practicable, a quantification of the effect on thefinancial statements.

When the auditor believes that the effect of the matter giving rise tothe disagreement is material or pervasive to the extent that thefinancial statements are seriously misleading, an adverse opinionshould be issued.

In the case of other material disagreements, the auditors shouldissue a qualified opinion indicating that it is expressed except forthe matters giving rise to the disagreement.

In practice, most UK audit reports are unqualified. It is only a verysmall minority of accounts that are qualified.

Summary

You should now be aware of the auditors’ responsibilities withrespect to reporting on a company’s financial statements and of thedifference between various forms of qualified and unqualified auditreports. You should know the statutory requirements relating to the



audit report, the statutory elements of the audit report, and howand to what degree the auditor may qualify the audit report, andwhat this means.

Now, you’re nearly at the end of this book. But, first, you have aself-assessed question to do. Be sure you have completed it andcompared what you wrote with the suggested answer at the back ofthe book before looking at the Review of this book.


Connect your computer to the Internet, open your web browser andnavigate to Carol (www.carolworld.com) or Northcote(www.northcote.co.uk). Spend around five minutes finding theregistered office of a plc and write or phone them requesting a full copyof their latest annual report.

As some may take a while to respond, it is probably better to send lettersto around four plcs.

When you receive the annual report, read through it, noting thosefeatures we have covered during this book, not just this session.

Be sure to do this before you sit your exam!




ReviewHaving completed this fifth book of B680 Certificate in Accountingyou should now have a clear idea of the role of the auditor, howauditing is currently practised in the UK, and of the various rulesand regulations that govern the work of the auditor.

You now know the different types and quality of evidence availableto the auditor to formulate the audit opinion, and how to obtain it.You have also learnt about the main forms of audit documentationand their uses, and of two ways of conducting a risk-based audit.You have been introduced to the importance of internal controls andtheir relevance to the conduct of audit testing. Finally, you shouldnow understand the difference between compliance testing andsubstantive testing and be aware of the difference between amanagement letter and a letter of engagement.

Overall, you should now be able to explain what an audit is and whyaudits are necessary (Objective 1); explain the relevance of bothethics and the Auditing Practices Board to auditing practice(Objective 2); describe the regulations that govern the appointment,resignation and removal from office of an auditor (Objective 3);describe the audit appointment process from the client’s perspective(Objective 4); explain the process of audit planning, particularly inthe context of risk and materiality (Objective 5); describe theimportance of internal controls and the main forms of audit evidenceand documentation (Objective 6); describe the system of controlsover corporate governance and how they impact on the work of theauditor (Objective 7); and explain the various forms of audit reportavailable to the auditor (Objective 8).

Electronic Activity

You’ve now ten objective test questions to complete. When you answerthem, be sure you understand any of the questions you get wrong.

Once you are satisfied that you can answer all ten questions correctlyand that you understand and agree with the answers, you will be readyto move onto Book 6, Financial Statement Analysis.

Good luck!



Useful websiteaddressesThe following websites provide useful information both aboutauditing and accounting, and are well worth a visit.

AAT www.aat.co.uk

ABREMA (Activity Based RiskEvaluation Model of Auditing)

www.abrema.net/abrema/index.html

ACCA www.accaglobal.com

ASB (Accounting Standards Board) www.frc.org.uk/

Audit Commission www.audit-commission.gov.uk

APB (Auditing Practices Board) www.frc.org.uk/

Carol www.carolworld.com/

CIMA www.cimaglobal.com

CIPFA www.cipfa.org.uk

ICAEW www.icaew.co.uk

Institute of Internal Auditors www.iia.org.uk

The Information Systems Audit andControl Association Foundation

www.isaca.org

Northcote www.northcote.co.uk

National Audit Office www.nao.org.uk

The World Lecture Hall web.austin.utexas.edu/wlh/

USEFUL WEBSITE ADDRESSES


Further readingCosserat, G. (2004) Modern Auditing, 2nd ed., John Wiley & Sons.

Dunn, J. (2001) Auditing Theory and Practice, 3rd ed., Pearson Education.

Gray, I. and Manson, S. (2004) The Audit Process, Principles, Practice andCases, 3rd ed., Thomson Learning.



GlossaryAPB Auditing Practices Board.

audit An exercise the objective of which is to enable the auditor toexpress an opinion on whether the financial statements give a trueand fair view of the entity’s affairs at the period end and of its profitand loss for the period then ended.

Audit Commission Organisation that appoints the externalauditors to local government and NHS Authorities and Trusts.

audit committee A committee of predominantly non-executivedirectors within a company dealing with compliance and review ofthe financial statements, and liasing with the internal and externalauditors.

audit evidence The information auditors obtain in order to form anopinion; the evidence has to be sufficient and appropriate.

audit plan The formulation of the general audit strategy detailingthe direction, scope and conduct of the audit.

audit programme Detailed instructions to the audit team settingout audit procedures to be adopted. It acts as a means of controllingand monitoring the audit.

audit risk The risk that the auditor will express an incorrectopinion.

bulletins Audit bulletins issued by the APB to provide timelyguidance on newly emerging topics.

CAATs Computer Assisted Auditing Techniques.

compliance testing Audit testing on the effectiveness of internalcontrols.

Comptroller and Auditor General (CAG) Head of the NationalAudit Office.

control risk A component of overall audit risk. The risk that amisstatement in an account balance or class of transactions will notbe prevented or detected by the internal controls.

corporate governance Means of promoting the accountability andappointment of directors.

detection risk A component of overall audit risk. The risk thataudit substantive tests fail to discover misstatements.

District Audit Organisation that undertakes the external audits ofmost local authorities and NHS Authority and Trusts.

engagement letter A written letter of agreement between theauditor and client specifying the terms of the audit.

fundamental uncertainty An inherent uncertainty is fundamentalwhen its potential impact is so great that, without clear disclosure ofthe nature and implications of the uncertainty, the view given bythe financial statements would be seriously misleading.

GLOSSARY


inherent uncertainty A component of overall audit risk; the risk ofan account balance or class of transactions to material misstatementeither individually or when aggregated.

internal audit An independent objective assurance and consultingactivity designed to add value and improve an organisation’soperations. It helps an organisation accomplish its objectives bybringing a systematic, disciplined approach to evaluate and improvethe effectiveness of risk management, control, and governanceprocesses.

internal control The whole system of internal controls, financialand otherwise, established by management in order to carry on thebusiness of the enterprise in an orderly and efficient manner, ensureadherence to management policies, safeguard the assets, and secureas far as possible the completeness and accuracy of the records.

ISAs International Standards on Auditing (UK and Ireland)

materiality The principle that financial statements shouldseparately disclose items which are significant enough to affectevaluation or decisions. The level of significance is a matter forindividual judgement. It may be considered in the context of thefinancial statements as a whole, or individual items within them. Itmay be considered in relative or absolute terms, depending on thenature of the matter.

NAO National Audit Office.

PAC Public Accounts Committee.

Practice notes Issued by the APB to assist auditors in applyingaudit standards of general application to particular circumstances.

SASs Statements of Auditing Standards – now replaced by ISAs.

SIRs Statements of Investment Circular Reporting Standards.

substantive tests Audit tests of the integrity and accuracy of anaccount balance or class of transactions.

three ‘Es’ Economy, efficiency, effectiveness – see VFM.

VFM Value for money audit, monitoring the achievement of thethree ‘Es’.

walk through test Tracing a transaction from inception tocompletion in an accounting system and observing the application ofrelevant internal controls.



Suggested answers toself-assessed questionsInternet Activity 1.1

Connect your computer to the Internet, open your web browser andnavigate to the APB’s website (via www.frc.org.uk/ ). Spend at least15 minutes looking through the site. Look only at the APB’s aims andobjectives, newsletters and publications (you will find links to thesevia the site map). You may like to look at the Glossary of Terms foundunder ‘Publications’ then ‘Auditing Standards’ and compare the mostrecent definition of the audit of financial statements found there(December 2004) with that provided above.

Do not look at the exposure drafts at this time.

Is this site useful? How do you feel you may be able to make use of whatyou have found there? Write around 100 words on this.


This site is a goldmine for information about the practice of auditingin the UK today. You’ll have seen that the APB is responsible fordeveloping and issuing auditing standards in the United Kingdomand the Republic of Ireland and that it ‘is committed to leading thedevelopment of auditing practice in the United Kingdom and theRepublic of Ireland so as to:

. establish high standards of auditing

. meet the developing needs of users of financial information and

. ensure public confidence in the auditing process.

You’ll also have seen the impressive and large list of publications.However, you may have noticed that you have to pay for some of theless recent ones! You’ll have found more information about currentprojects, and they are well worth reading about for a taste of howauditing is changing.


The reassurance of an independent audit will be of value not only to theshareholders but also to other stakeholders. Can you remember fromBook 1 any other groups that will be using audited financial statements?You’ve now learnt a lot more than you knew when you were studyingBook 1. See if you can use your new knowledge to produce a new list inthe space below.

. potential shareholders or investors

. lenders of capital

. employees for wage round negotiations

SUGGESTED ANSWERS TO SELF-ASSESSED QUESTIONS


. financial analysts and advisers

. customers and suppliers for credit rating purposes

. business advisers

. government agencies for tax purposes and other governmentdepartments for macro economic planning and nationalstatistics.


Non-statutory audits obviously cost money. What would persuade apartnership to undergo a non-statutory audit?

Write a list of possible reasons in the space below.

. profit sharing between partners is settled equitably especially ifcomplicated profit sharing arrangements exist

. audited partnership accounts facilitate the admission of newpartner(s) if a set of credible previous accounts exist

. partnership changes initiated by a change in the profit sharingratios, death or retirement of partners, which may result inasset revaluations and the creation of non-purchased goodwill.Figures will be given credibility if the accounts are audited afterthey have been adjusted

. applications for loan finance to third parties are enhanced ifsupported by audited accounts

. audited accounts submitted to the tax authorities carry greatercredibility

. the presence of a qualified auditor can provide a source offurther financial advice.


(1) From the perspective of each of a range of stakeholders, what doyou think might be the arguments in favour of retaining the smallcompany audit threshold (and so exempting smaller companies fromthe need to have their financial statements audited) versus abolishingit? Enter each category of stakeholder under the first column andthen complete the table.

(2) What do you think the impact would be on small audit firms of raisingthe audit threshold?

Spend ten minutes writing answers to these two questions in the spacebelow.



(1) Stakeholders In favour of retentionof exemption

Against retention ofexemption

Shareholders Small company membersare usually the executivedirectors or closelyrelated: therefore nobenefit from audit

Non-executive membersrequire reassurance andthis protects the minorityshareholders

Banks Banks rarely rely onaudited accounts inpractice for reviewing thesecurity of a loan

Audit could be a pre-condition of granting loancapital

Tradecreditors

In practice only limitedreliance is placed on theaccounts because theyare filed so late

The opportunityto critically assess thecredit worthiness of acompany will be removed

Tax agencies There is little evidenceillustrating tax authoritiesrely significantly more onaudited accounts than onunaudited accounts

Audited accounts can berelied upon for calculatingCorporation Tax and VAT

Managers Managers still retain theoption of an independentaudit but an independentconsultant could providethis at a lesser cost

It is a useful independentcheck on the accuracy ofthe accounts andimprovements could beinitiated on the advice ofauditors

(2) Although the intention of reducing the expenses of smallbusinesses may prove to be beneficial it will also reduce theaudit fee income of accounting firms. This impact will be mostsevere on the smaller audit firms that traditionally serve thesmall company end of the statutory audit market. Thisinevitably leads to a restructuring (closures and amalgamationsof audit firms) in the overall audit market.


Why cannot the net debtors figure be established exactly? What shouldauditors do if they cannot verify any figure in the financial statements?

You may wish to review your earlier financial accounting notes beforeanswering this question.

Financial statements and data are verifiable. The net debtors figurewill often include a provision for doubtful debts, which is a bestestimate that should not materially affect the financial statements.Similar provisions apply to fixed assets, stock and creditors. If anyuncertainty arises in the auditor’s mind as to the commercial realityof any balances, a qualified audit report will be issued.




(1) Write down some things that could arise during an audit which wouldbring both parties into conflict.

(2) What should the auditor do if it is felt that the integrity of themanagement cannot be relied on?

Conflicts could arise between both parties when:

. directors’ bonuses are related to profits

. the directors are deliberately engaged in presenting misleadingfinancial information, e.g. Mirror Group Newspapers and RobertMaxwell.

The auditor should hold that this postulate will hold true unlessevidence to the contrary arises. If any doubt arises as to theintegrity of the directors then the auditor may wish to resign toavoid the risk of being sued for negligence. Lack of confidence in themanagement may affect the auditor’s opinion and the audit report.The auditor may also need to consider responsibilities under fraudand money laundering regulations.


Why do you think some auditors, especially those in small audit firms,may find it difficult to remain completely independent?

The consequences of the loss of a financially valuable client maylead to the auditor’s independence being questioned. This isespecially true if the audit firm provides other services to the client,such as management consultancy or tax advice.

For small clients, the auditor often also prepares the financialstatements. This practice clearly contradicts the postulate. However,existing controls state auditors cannot perform this function forlisted companies and other public interest companies and that theauditor should be absolved from management decisions.

As recently as 2000, larger clients were provided with audit andother services by large accountancy firms. This was permitted dueto the pressure and strength of these firms and their members andbecause the large firms attested that these functions were carriedout by separate divisions of their firms, thus avoiding a conflict ofinterest. However, in 2000, following pressure from the US StockExchange, this practice was stopped and audit firms were forced toprovide only audit services to their clients.




Connect your computer to the Internet, open your web browser andnavigate to the APB’s website via the FRC’s website (www.frc.org.uk/ ).Spend at least 15 minutes looking through the site. This time, look atthe APB’s work programme.


The APB’s work programme sets out their plans for the immediatefuture. Auditing standards are currently being revised and replacedby new International Standards on Auditing (ISAs), so much of theBoard’s recent work has been concerned with this developmentprogramme. Other important matters are the establishment ofEthical Standards and guidance on new and emerging issues.

For information: exposure drafts are early attempts at new ISAs.They are issued for comment and then revised in the light of thecomments received.

Don’t forget that you can find information concerning the APB’sfuture plans at this site. Be sure to look at it again. It will help youget a feel for the issues facing auditing today.


Connect your computer to the Internet, open your web browser and oncemore navigate to the APB’s website (via www.frc.org.uk/ ). From withinthe site, obtain definitions for:

(1) ISAs


(3) SIRs


(1) ISAs

These contain basic principles and essential procedures (identifiedin bold type lettering) together with related guidance in the form ofexplanatory and other material including appendices. They apply toall audits of financial statements for periods commencing on or after15 December 2004.


Practice notes are intended to assist auditors in applying auditstandards of general application to particular circumstances andindustries.

Bulletins are issued to provide auditors with timely guidance onnew or emerging issues.



Both of these are persuasive rather than prescriptive but observanceof these indicates good practice. They have similar status to theexplanatory foreword material in ISAs.

(3) SIRs

Statements of Investment Circular Reporting Standards containbasic principles and essential procedures with which reportingaccountants are required to comply in the conduct of an engagementinvolving an investment circular, e.g. prospectus or listingparticulars intended to be issued in connection with a securitiestransaction in the UK or the Republic of Ireland.


Why do you think a qualified member of the Chartered Institute ofManagement Accountants (CIMA) is not included in the above list ofapproved auditors?

CIMA accountants are trained predominantly in managementaccounting and although they study auditing, primarily internalauditing, they do not study external auditing to sufficient depth.


Can you suggest what is the more obvious group excluded from auditing?

The simple answer to this is that anyone who is not a member of anRSB cannot become an auditor. Even if someone is a member of anRSB, it does not necessarily mean that he or she can become apractising auditor. This may be because the qualified member doesnot provide audit services or does not have a practising certificate(i.e. has not registered for this purpose with his or her professionalaccountancy body).


What would you advise an auditor to do who became ineligible tocontinue in the role as a company auditor after work on the audit hadalready been commenced?

The auditor should vacate or resign office as auditor immediately.The company should be notified in writing and provided with anexplanation concerning why the auditor has resigned as the auditorof the company.




Why do you think directors are allowed to appoint the auditors in theseinstances?

The auditor is usually appointed at the AGM held after the year endto approve the financial statements by the shareholders. In the firstyear, this would be impractical since no auditor would have beenappointed to perform work on these financial statements to informthe members whether the accounts showed a true and fair view.Thus, it is expedient to allow the directors to appoint the firstauditor so that this problem can be overcome.

The same reason applies for filling casual vacancies.


Which stakeholders do you think would specifically be interested in thereasons surrounding the resignation of the auditors?

Shareholders and creditors. The auditors are required to state intheir resignation statement whether the surrounding circumstancesshould be brought to the attention of the shareholders and creditors,including any debenture holders. The Registrar of Companiesshould also be notified within 14 days that the auditor has resigned.

However, if the company believes the auditor is seeking needlesspublicity the company can apply to the court to rescind therequirement of making this information available to theshareholders. A copy of the court notice has to be circulated toshareholders if this occurs.


Why do you think it is the shareholders rather than the directors who aregiven the right of removing the auditor?

The proviso of this part of the Companies Act is to preserve theright of the members to appoint auditors of their choice andpreserve the auditor’s independence of the directors. It may be thatdifferences of opinion between the directors and auditors mayinfluence the directors to seek the auditor’s dismissal.




How would you find out this information before accepting a new client?

You should in part have found this easy to answer if you recall yourearlier studies! To find out the financial information, the auditorcould simply obtain the published accounts of the company from theprevious years. The client should be able to provide this or theycould be obtained from the Registrar of Companies.

The auditor could then perform a financial analysis of the accountsand examine the company’s accounting policies and see what theprevious audit reports stated. The Registrar also can provide detailsof the directors of the company.

Further enquiries could be made with credit rating agencies todetermine the standing of the company. Many credit agencies nowoffer this service online via the Internet.


What do you think the prospective new auditors should do if the clientrefuses permission to contact the outgoing auditors?

It is unusual that this permission would be denied in practice. If itwere, this should immediately place the prospective new auditors ontheir guard and they should decline the appointment.


What circumstances do you think could arise to require the redrafting ofan engagement letter?

ISA 210 suggests the following circumstances could require a newengagement letter being drafted:

. the client has misunderstood the objective and scope of the audit

. any revised or special terms of the engagement

. a change in the management, directors or audit committee of theclient

. a significant change in company ownership

. a significant change in the size and nature of the client’sbusiness

. any change in legal or professional requirements.




Connect your computer to the Internet, open your web browser andsearch for information concerning the Barings scandal. (Do not use anapostrophe.)

If you experience difficulties in finding anything on this topic, you mayfind what you are looking for if you search instead on the name‘Nick Leeson’.

Spend at least 30 minutes looking for this information and writing yourown notes on what occurred.


There are not nearly so many web pages dealing with this topic asthere are with some of the others you’ve searched for in this course.However, there are more than enough for you to learn what NickLeeson did. Effective internal controls would have prevented this,yet this was not the last time something like this happened.Auditors cannot assume internal controls work just because themanagement say they do – the auditors must test them. Whenauditors are considering accepting a new client, they need toconsider whether there may be aspects of the audit for which theylack the necessary expertise. Not every audit firm could perform asatisfactory audit of Barings!


Why do you think the auditor should spend time planning the audit?Is this a waste of valuable audit time that could be spent checking thefinancial statements?

The idea of planning any activity is to direct your effortsproductively and avoid wasting time on unnecessary activities. It isthe same with planning the audit. In particular, in relation to theaudit, the auditor will aim to:

. allocate appropriate attention to all areas of the audit

. identify any problem areas that may require more attention andaudit work

. help facilitate review, i.e. control and review the progress of theaudit against the plan.


Prior to commencing a new audit, how would an auditor beginassembling knowledge of the business?



You should remember part of these answers from the auditappointment notes! First an approach to the previous auditorsshould be made with the permission of the client. At the same timethe previous financial statements of the entity should be obtained toassess the viability of the entity as a going concern – see thefundamental accounting concepts in Book 1. The auditor will alsowish to make enquiries as to the integrity of the directors of theentity.

The auditor will also wish to avail himself of any specific rules orregulations applicable to the entity and any particular accountingstandards. (You’ll come across an example of this when we look atpublic sector audits in Section 7.6.)


Which documents produced by the client would be of use to the auditorin obtaining a knowledge of the business?

The most obvious answer would be the published accounts.However, other documentation such as the management accountsand the budgets not publicly available would also be useful. Clientcatalogues with their product ranges and prices could be of benefit.


Can you think of any work that the auditor will need to do at the year endthat affects one of the current assets?

A major item in the current assets of any manufacturing companywill be stock and work in progress. You will know from Book 1 thatstock has to be valued in accordance with SSAP 9, or IAS 2 asapplicable, at the lower of cost and net realisable value. To obtainthis value a stock count and valuation has to take place by the clientat the cut off date for the financial year end. The auditor will needto attend and observe this stock count to ensure it has been carriedout correctly.

Another example would be the figure for debtors, which appears inthe balance sheet of virtually all companies (other than those whosell their goods and services for cash). The figure must be verified bythe auditor, in many cases through direct contact with individualdebtors.


Why should there be ‘a degree of judgement involved in determiningaccount balances’? How will the auditor identify and approach thesebalances?



This is where the auditor and you must draw on your financialaccounting knowledge. You will remember that some items in theaccounts are ‘best estimates’ since they cannot be quantified exactly.Also the manner and nature of these calculations can have differentbases. Examples here could be depreciation charges, stockvaluations and provision for doubtful debts. The auditor would hopeto find these transactions carried out in accordance with UKaccounting standards, or IFRSs as appropriate, and that thestandards were consistently applied.


Entity A and entity B both have overstated their monthly net profits by£100. Entity A’s stated net profit is £1000 and entity B’s stated net profitis £100 000.

Which do you consider to be a material misstatement?

Only entity A’s error is material. This is because its true stated netprofit should be £900. Therefore, profit has been overstated by11.1%! Clearly entity A is a small operation compared to entity B.Thus, although both have committed the same error in terms ofvalue, the impact on B’s statement will be insignificant. Entity B’strue stated profit should be £99 900. An error of 0.1%! Any user ofthese accounts would not be misled. This cannot be said of any userof A’s accounts.


Connect your computer to the Internet, open your web browser andspend ten minutes searching for information concerning ‘computerassisted auditing techniques’. (This may be spelt with a hyphen,i.e. computer-assisted auditing techniques. Do not use the abbreviationCAATs.)

If you find it difficult to find any information on this topic, you should lookat the ABREMA (Activity Based Risk Evaluation Model of Auditing) site atwww.abrema.net/abrema/index.html

Spend another 20 minutes looking through the information you havefound and writing your own notes on the topic.


This is a very difficult topic to find anything useful about. You mayhave needed to use more than one search engine. If you foundanything worthwhile, you did very well indeed! However, even if youwere successful in your searching, you probably found it verydifficult.



This is an example of how difficult it can be to find information onthe web. For specialist topics like this, it is often the case that youcan find information at university course sites. You will find auseful repository of these sites at the World Lecture Hall(web.austin.utexas.edu./wlh) but even there it is difficult to findanything on this topic!

Don’t forget about the World Lecture Hall as you may find it veryhelpful during the rest of your course, even if most of the universitycourses it provides links to are American. (Americans have adifferent way of presenting financial accounting, and different law,tax and audit rules from us, but they treat management accounting(managerial accounting), in a similar way to us. Of course,organisations, management, marketing, and knowledgemanagement – the other Block 3 topics – are covered the sameeverywhere.)


You are attempting to obtain evidence to substantiate the value andexistence of a client’s stock. The client’s management has told you thatthey have performed the stocktake and calculated the value so there isno need to worry!

What would be your reaction?

This is only oral evidence and is unacceptable. You will need toinspect the stock to verify its existence and its condition. You willwant to attend the stocktake as an observer and carry out some testcounts to verify the quantity. Finally, you will perform computationsto ensure that the stock value is at the lower of cost and netrealisable value. (You may wish to consult your previous notes fromBook 1 on SSAP 9, or IAS 2 as applicable, here.)


Can you identify simple financial and non-financial internal controls youcould expect to find in any organisation?

A primary financial control would be a budget. The control would bethat no expenditure should be undertaken unless it has beenallocated a budget.

Non-financial controls could be simply taking up references forappointees or examining qualification certificates. These aresometimes referred to as people controls. It is surprising the numberof instances where this does not occur!




Connect your computer to the Internet, open your web browser andsearch for information concerning ‘substantive tests’ and ‘compliancetests’. Enter these two terms in separate searches, include all invertedcommas and tell the search engine you are looking for a phrase.

Spend 15 minutes looking for information about each of these termsand writing your own notes on each of them.

Be sure to take good notes of what you find. Being able to distinguishbetween these two forms of audit tests is important.

Hopefully, you managed to find something useful. Don’t forget, eventhough there are many more American sources of information on theInternet you should try and find British sources for definitionsrelating to this course. Where you have a choice, use the Britishsources.

Substantive tests look at individual transactions, account balances,asset entries, etc. in order to determine whether the accountbalances and underlying classes of transactions (and the financialstatements) of the entity are accurate and complete. The moresubstantive test procedures that the auditor carries out, the greateris the probability that any material error or irregularity in thefinancial statements being audited will be detected.

Compliance tests examine whether internal controls and procedureshave actually operated effectively and consistently throughout theperiod under audit. That is, they check whether the procedures thatshould be followed are being followed. They are also known ascontrol tests.

You will find a lot of useful definitions of these and other auditingterminology at www.abrema.net/abrema/index.html, which is atthe website of the Activity Based Risk Evaluation Model of Auditing(ABREMA). You will find this an invaluable resource for gainingfurther understanding of many of the terms you have and willencounter in this book.


What is a non-executive director? How do non-executive directorsenhance objectivity and independence?

A non-executive director (NED) is a director who is not involved inthe day-to-day executive management function. Therefore, a non-operational director will be independent of normal businesspressures within the entity.



A CIMA paper, Non Executive Directors; Their Value toManagement, suggested the following qualities are desirable fornon-executive directors:

(1) a director well-versed in the technological side of the corebusiness

(2) a director who has had wide experience of direction andleadership

(3) a director with sales or marketing experience

(4) a director with good City connections

(5) a qualified accountant or lawyer.

The ProNed organisation for non-executive directors has alsosuggested that they should:

a not have been employed in an executive capacity by the companywithin the previous five years

b not be retained by the company as a professional adviser on acontinuing and regular basis

c not be a significant supplier or customer of the company.


What qualities do you think a Non-Executive Director should bring to anaudit committee?

Non-Executive Directors should bring fresh ideas to the auditcommittee. These should be grounded in experience and expertise.Their objectivity and knowledge should enable them to identifypotential problems and offer constructive advice.


Why do you think that most companies have previously not had aninternal audit function?

Internal audit is not a statutory function in the private sector andtherefore there is no requirement to have one in place. Moreover, tobe effective, internal audit has to be effectively resourced and waspreviously regarded as an added expense. Also, many companieshave questioned the ability of internal audit to generate any addedvalue to the company.


Explain what specific items you think the external auditor should considerwithin the above criteria.



. Organisational status refers to the internal audit’s status withinthe organisation. This status will be granted by managementand this will influence the ability of the internal auditor to beobjective. Traditionally, reporting has been to the financedirector but more progressive companies send their internalaudit reports to the audit committee in order to increase theobjectivity of the internal auditor.

. Scope or function relates to the nature and extent of theassignments that the management allows the internal auditor toperform.

. Technical competence refers to the levels of professionalqualification and training to fulfil the roles of internal audit.

. Due professional care is the extent to which internal audit workis properly planned, supervised, reviewed and documented.


Do you think that once internal audit work has been found to besatisfactory there is no further need to review its work in the future?

No! Internal audit work will need to be reviewed every year by theexternal auditor to determine whether adequate standards havebeen maintained.


Is economy another way of saying that the cheapest option should besought on all occasions?

No! Just because the cheapest option is obtained, it fails to considerthe quality of the service or product. Remember it is the optimumstandard that must be achieved which may not always equate to thecheapest option. For example, a school will find it cheaper to buysoftback textbooks rather than hardback editions. However, thecheaper option will not last as long as the hardback edition and thusin the long term it is not economic and indeed may prove ultimatelymore costly.


How would the external auditors of a school measure the school’seffectiveness?

The easy part of the answer is to ensure that the school has operatedwithin its budget. Thus, financial effectiveness can be measured.However, what of the other non-financial measures? These can rangefrom staff/student ratios, levels of examination success, truancyrates, students proceeding into higher education, etc.




(1) Connect your computer to the Internet, open your web browserand visit the website of any UK company supplying its annualreport – remember Carol from Book 1? You could use Carol(www.carolworld.com) to locate the company. Examine the annualreport for mention of corporate governance. Compare the disclosuresgiven with what you know about the various corporate governancereports.

Spend about 15 minutes looking for this information and writing yourown notes on the topic.

(2) Visit the National Audit Office website (www.nao.org.uk) to find outmore about its work and current projects. (You should look at the‘what’s new’ and ‘links’ pages in particular.)

Spend about 15 minutes looking for this information and writing yourown notes on the topic.


(1) You may find that some companies don’t refer to the term‘corporate governance’ but, instead, refer to the qualities itdemands.

(2) You may have seen on the website that the NAO scrutinisespublic spending on behalf of Parliament and audits the accountsof all government departments and agencies as well as a widerange of other public bodies, reporting to Parliament on theeconomy, efficiency and effectiveness with which Governmentbodies have used public money. There is a lot of usefulinformation on the website, and you’ll have noticed that much ofit is free!


Connect your computer to the Internet, open your web browser andnavigate to Carol (www.carolworld.com) or Northcote(www.northcote.co.uk). Spend around 30 minutes collecting 10–12 auditreports. Try to find at least one qualified audit report. (Don’t worry if youcan’t, but you will find it easier to follow the rest of this session if you do.)

Ideally, you should print these. If you do not have access to a printer,bookmark each of them (using the Internet Explorer ‘favourites’ menuitem or the Netscape ‘bookmarks’ menu item) so that you can find themagain easily.

Now spend five more minutes comparing them, looking for anydifferences between them, particularly between any qualified auditreport(s) you found and the rest.

It is relatively easy to find audit reports in this way, particularly ifyou use the Northcote site. It is not, however at all easy to findqualified audit reports. We suggest that you look at the General



Report of the Comptroller and Auditor General on the website of theNational Audit Office (www.nao.org.uk). Among other matters, itreviews the number, nature and type of qualified audit reports thathis office issued in respect of government departmental resourceaccounts. At the time of writing, a qualified audit report had beenissued in relation to the accounts of the Inland Revenue for the year2003–2004. Or you could try putting the phrase ‘UK accountsqualified audit report’ into your usual Internet search engine andsee what it comes up with (don’t use quotation marks here).


Can you think of any practical examples where a limitation of scope onthe audit may occur?

Examples where this could arise are when company records havebeen unavailable to the auditor, the company directors prevent theauditor carrying out his duties, the auditor not being allowed toattend a stocktake or having no means of confirming the existence ofbalances.


Connect your computer to the Internet, open your web browser andnavigate to Carol (www.carolworld.com) or Northcote(www.northcote.co.uk). Spend around five minutes finding theregistered office of a plc and write or phone them requesting a full copyof their latest annual report.

As some may take a while to respond, it is probably better to send lettersto around four plcs.

When you receive the annual report, read through it, noting thosefeatures we have covered during this book, not just this session.

Be sure to do this before you sit your exam!




AcknowledgementsGrateful acknowledgement is made to the following sources forpermission to reproduce material in this book.

Tables

Table 2.1: ‘International Standards on Auditing (UK and Ireland(ISAs)’ Auditing Practices Board, www.frc.org.uk/ Copyright ªAuditing Practices Board; Table 4.1: HMSO (1985) The Rights ofAuditors. Crown copyright material is reproduced under ClassLicence Number C01W0000065 with the permission of theController of HMSO and the Queen’s Printer for Scotland.

Cover image

PhotoDisc Images.

Every effort has been made to trace all copyright owners, but if anyhas been inadvertently overlooked, the publishers will be pleased tomake the necessary arrangements at the first opportunity.



Book 5 Audit Theory, Practice and Ethics - Arab Open University

Documents

Transcript of Book 5 Audit Theory, Practice and Ethics - Arab Open University