ACCA

AA – Audit & Assurance

Class Notes
By:- Haris Hanif
+92 333 311 3959 Haris Hanif Official

Haris Hanif Official

 Page 1

Paper AA (F8) – AUDIT & ASSURANCE

OTQs (Objective Test Questions) CRQs (constructive Response Questions)
This involves having a scenario/case and This involves a case study and different
MCQS are asked which are related to requirements being tested related to case,
that specific case. also includes some knowledge based
questions

Paper Pattern

SECTION A (OTQs)
3 OTQs (per OTQ = 5 mcqs worth 2 marks each) = 30

SECTION B (CRQs)
1 CRQ worth = 30
2 CRQS (worth 20 marks each) = 40
TOTAL = 100

Basic Introduction 1 By:- Haris Hanif

 Page 2

Some Basic overview

 Auditor is external to the company (external firm)

 Audit is of Financial statements

 There may be misstatements in the financial statements, which is prepared by the

company.

o Misstatements:-

 External audit is for the satisfaction of shareholders

 It is the legal requirement for PLC to conduct external audit

 Auditor is appointed by shareholders in the AGM

 Auditor test/check the Financial statements and then thereafter express the OPINION
(no Guarantee)

 Auditor tests the F.S. on sample basis

 Auditor tests the material items

 The auditor is NOT responsible to detect the fraud, he is there to check the application
of accounting standards

 Auditor should think that there may be:-

- Errors
- Fraud
- Everything is genuine

 Auditor prepare the audit report and express the opinion whether the FS is true and fair
or not

Basic Introduction 2 By:- Haris Hanif

 Page 3

 Auditor has to perform the audit based on the systematic approach

 The auditor has to do some work (actions) known as

AUDIT PROCEDURES

Basic Introduction 3 By:- Haris Hanif

 Page 4

Note: - Controls have impact on the Financial Statements

Basic Introduction 4 By:- Haris Hanif

 Page 5

Expectation Gap:-
It is the gap of the PUBLIC opinion about audit and what AUDIT actually is.

 Some people may think that auditor tests 100%, but in the real, auditor works on
sample basis

 People may think that auditor verifies all the items in the F.S. but in real, auditor tests
the material item

 People usually think that auditor is giving the guarantee after the audit, but it instead
auditor gives the Opinion.

 People may think that auditor is responsible for the detection of fraud, but in real, he is
not responsible to detect the fraud, he should ensure financial statements are free from
material misstatements whether due to error or fraud.

AGENCY

STEWARDSHIP

ACCOUNTABILITY

Basic Introduction 5 By:- Haris Hanif

 Page 6

Audit Cycle (systematic approach)

Auditor’s Audit Engagement
Appointment/Reappointment Letter (A.E.L.)

Planning stage of
the Audit

Performing the
Audit

Review Stage

Opinion on F.S.

Basic Introduction 6 By:- Haris Hanif

 Page 7

Opinion of the AUDITOR

Basic Introduction 7 By:- Haris Hanif

 Page 8

Assurance

It is an engagement when one party appoints another party to provide the

satisfaction (confidence) to another party in order to increase the confidence
of another party and reducing the level of risk.

NOTE:-

Assurance and Audit 1 By:- Haris Hanif

 Page 9

5 Elements of Assurance Engagement

(1) Three Parties
- Intended User:
The individual or class of individual who need the assurance.

- Responsible party:
The party whose work is being assessed by the practitioner.

- Practitioner:
The one who provides the assurance to the intended user and should be independent and
expert in the relevant field.

(2) Subject Matter

This involves any data which is being evaluated by the practitioner for the purpose of
assurance to the intended user.

(3) Criteria
These are the parameter (or Standards/criteria) against which the subject matter is being
evaluated by the practitioner.

(4) Evidence
These are all the information and explanation collected by the practitioner by applying
suitable procedures on the given subject matter and those evidences should be
sufficient (Quantity) and appropriate (Quality).

(5) Assurance Report

This is the written report by the practitioner containing the assurance (opinion) on the
subject matter, being addressed to the intended user.

Assurance and Audit 2 By:- Haris Hanif

 Page 10

International Standards
• IAS (International Accounting Standards)

• IFRS (International Financial Reporting Standards)

• ISAE (International Standards on Assurance Engagement)

• ISA (International Standards on Audit)

• ISRE (International Standards on Review Engagement)

Levels of Assurance
ISAE (International Standards on Assurance Engagement)

• Absolute Assurance (Guarantee)

• Reasonable Assurance

• Limited/Moderate Assurance

Reasonable Assurance

Limited/Moderate Assurance

Assurance and Audit 3 By:- Haris Hanif

 Page 11

Examples of Reports

POSITIVE REPORT

• In our opinion, _____________ gives True and Fair View.

• In our opinion, _____________ do NOT give True and Fair View.

NEGATIVE REPORT

Nothing has come to our attention which causes us to believe that __________ is NOT True and Fair.

EXTERNAL AUDIT

Assurance and Audit 4 By:- Haris Hanif

 Page 12

5 Elements of AUDIT Engagement

(1) Three Parties
- Intended User:

- Responsible party:

- Practitioner:

(2) Subject Matter

(3) Criteria

(4) Evidence

(5) Assurance Report

Assurance and Audit 5 By:- Haris Hanif

 Page 13

Advantages of Audit
• It provides satisfaction to shareholders.

• It adds credibility in the financial statements.

• It also assist other stakeholders in making the economical decision, based on the financial
statements.

• It enables the auditor to give constructive advice to the management on the system
improvements.

Limitations of Audit
• There is limited time to do audit.

• Auditor works on sample basis and possible chances are that the sample which is ignored
may contain the misstatements.

• Evidences may be persuasive, rather than conclusive.

• Audit is not the objective work, judgements have to be made and auditors’ judgement may
not be appropriate sometimes.

ASSURANCE

AUDIT Engagement REVIEW Engagement

Assurance and Audit 6 By:- Haris Hanif

 Page 14

Review Engagement
It is the voluntary exercise in which a practitioner is engaged to evaluate the subject matter
other than financial statements (like internal controls) and applied limited procedures
mainly Inquiry and Analytical procedures and expresses the limited assurance in the form of
Negative report.

TYPES OF REVIEW ENGAGEMENT

(1) Direct Engagement
This is the engagement in which the practitioner evaluates the subject matter with the
limited procedures and then concludes the opinion.

(2) Attestation Engagement

This is the engagement in which the practitioner does NOT evaluate the subject matter, but
the practitioner ensures whether the information is free from material misstatements and
then grid the stamp as attested.

Non – Assurance Engagement

This is the engagement, in which the practitioner is engaged but NO ASSURANCE is
provided.
(1) Agreed upon procedures
This is the engagement in which practitioner is engaged to collect the facts and figures on
certain subject matter with some agreed procedures, but NO OPINION will be given, the
users will draw the opinion by themselves.

(2) Compilation Engagement

This is the engagement in which the practitioner is engaged to compile the information, but
NO ASSURANCE is given.
Example, Tax return compilation.

Assurance and Audit 7 By:- Haris Hanif

 Page 15

Internal controls

Internal Controls ISA – 315 deals with the whole area of controls.
As an auditor, in order to perform TOC, we need to understand the control system of
client…
…In this section we are discussing the controls system and then how the auditor should
deal with controls…
Internal control is system/process designed, implemented by the management or those
charged with governance or anyone who are representing the organisation and
achievement of its objectives.
Internal control has five components:
1) The control environment
2) The entity's risk assessment process
3) The information system relevant to financial reporting
4) Control activities
5) Monitoring of controls

Internal Controls 1 By:- Haris Hanif

 Page 16

(1) Control Environment:-

It includes the overall attitude, awareness, dedication, seriousness, commitment of those
charged with governance concerning the internal controls and its importance in the entity.
It sets the tone of the organisation and affects all other elements of the controls.
Control environment has many elements, like:-
• Organisational structure.
• Attitude of management towards risk.
• Management operating style.
• Human Resource policies.
• Enforcement of ethical values.
• Assignment of authority and reporting structures.
(2) Entity Risk Assessment Process :-
It involves how the management of client had identified the risk relevant to financial
reporting, estimating the significance of risk, assessing the likelihood of the occurrence of
those risk and what actions were decided by the management to address those risks.

(3) Information system relevant to Financial Reporting :-

It involves the system (either MANUAL or IT BASED) by which the entity initiate, record,
process and report the transactions or any events and to maintain the accountability for the
related assets, liabilities and equity.
NOTE:-
Auditor needs to understand all the information system of client, like TPS,MIS,EIS,ES,ERPS

Internal Controls 2 By:- Haris Hanif

 Page 17

(4) Control Activities:-

These are the policies and procedures that help to ensure that management directives are
carried out. These activities are designed to prevent, detect and correct errors/frauds. The
activities of controls either MANUAL or IT based are applied at various levels of the
organisation’s functions.
Examples may include
• Segregation of duties.
• Authorisation and approval by seniors.
• CCTV facility.
• Performance review and performance evaluation.
• Restricting access to certain information or assets.
• Internal audit review.
etc..

(5) Monitoring:-
It is process of assess or evaluate the effectiveness of internal control performance over a
period of time. The purpose is to assess the design and operation of controls and in case of
any problem, taking reasonable remedial actions to make the control system improvised.
The monitoring can be done through on-going activities or separate evaluation or both.
Management is ultimately responsible to undertake the monitoring of controls and in this
aspect, internal auditors play the key role.

INTERNAL CONTROLS

COMMON CONTROLS SPECIFIC CONTROLS

Internal Controls 3 By:- Haris Hanif

 Page 18

COMMON CONTROLS
WHAT are controls?
WHY are controls?

COMMON CONTROLS WHAT are controls?

These are the control ACTIVITIES.
SPAMSOAP
S – Segregation of duties.
It involves dividing the duties between two or more than two people, like one person should
receive the cash and second one is to record it.
P – Physical controls.
It involves the controls on the custody of assets and monitoring who is accessing the assets
or placing the restriction over assets, like Camera, locks, Passwords, authorised access.
A – Authorisation & Approval.
All the transactions, discounts, credit time and period should need authorization or approval
by the appropriate authorised personnel, like HOD.
M – Management Control.
This is the control by the management in all the departments, via analysis and review,
example like budgets, variances, internal audit services.
S – Supervision.
It involves ensuring the staff to know that their work will be checked, like supervising day-
to-day transactions.
O – Organisation chart/Organogram.
This means identifying the reporting line, levels of authority and responsibility so that no
one can cross their boundaries. Procedures manual may be helpful.
A – Arithmetic control.
The controls to ensure the mathematical accuracy of the transactions, examples include,
control-accounts, trial balance, reconciliations.
P – Personnel control.
Controls applied on the human resource, like providing training, performance appraisal,
disciplinary actions, proper investigation before hiring.

Internal Controls 4 By:- Haris Hanif

 Page 19

Other Common controls

• Proper backups.
• Disaster recovery plan (IT BASED).
• Proper dates and official logo on official papers.
• Sequentially pre-numbered official documents.
• Signature, initials, official stamp.
• Using words along with figures so that chances of transposition error may be
reduced.
• Multiple signatories, like on cheques of large amount.
• Pre-review and post-review of work.

COMMON CONTROLS WHY are controls?

Objectives/Reasons of controls (common):-

- To reduce the chances of fraud and error.
- To ensure the safeguard of the assets and prevent its misuse.
- To minimise the chances of material misstatements in the financial statements.
- To achieve the corporate objectives on timely basis.
- To ensure the receiving of relevant, timely and accurate information for appropriate
decision making.

Limitations of Controls
- Controls may not prevent the fraud if all of the staff together committing the fraud,
that is, collusion with the staff.
- There is a possibility of management override of the controls and if so, then staff
down the line may not follow the controls.
- Even if controls are effective, still there are chances of human error, since many of
the controls are operated by humans.
- Controls may be sometimes expensive and may not justify the benefits.
- Controls may be designed for the routine activities, not well designed/operated for
the non-routine tasks, that is, limited use for the routine activities.
- Controls, if not updated on timely basis, then those controls are not adequate.

Internal Controls 5 By:- Haris Hanif

 Page 20

COMPUTERISED CONTROLS

 General IT controls
 Application IT controls

General IT Controls

These are the controls on the whole system including information system in the organisation’s
computerized environment.

Examples:-

• Anti – virus softwares

• Staff IT Training

• Limited access in the IT system

• Disaster Recovery plan

• Back-ups of the records

• Password in the operating system

• IT policy and guidelines.

Application IT Controls

These are the controls over the particular transaction, application, standing data and the objective is
to make sure the accuracy and completeness of particular records in the accounting system.

These are further divided into THREE categories:-

(1) Input Controls.

(2) Process Controls.

(3) Output Controls.

IT Controls 1 By:- Haris Hanif

 Page 21

(1) INPUT CONTROLS

It ensures the completeness and accuracy of data being input. Examples:-

Format Check (This ensures data is input in the system according to the prescribed format).

Range Check (This is a control which allows the data to be input as per the range and not accepting
the data over a certain range).

Digit Verification (Certain digits are required to be input as a reference).

Control Total (This ensures the total of data being input).

Sequence Check (This ensures the sequence of the data being input)

Existence Check (This ensures to verify the existence of something, like certain key data must be
entered).

One for one checking (This involves checking of the entered document agreed back one by one to
the original source documents).

(2) PROCESS CONTROLS

This ensures the processing of all the data (which were input in the system) correctly and accurately
and all the files are updated in timely manner.

Examples:-

• Notification of the processing done.

• Screen warning if processed wrong.

• Screen warning if logout before the processing is complete.

(3) OUTPUT CONTROLS

These are the controls in the computerized environment to make sure that output (results) are
visible/viewed/reported to only authorized personnel in the organisation after the processing and
restricting the unauthorised personnel to view the output.

IT Controls 2 By:- Haris Hanif

 Page 22

TEST OF CONTROLS
Test of controls (T.O.C.)
Auditor must test that controls:

- which are properly designed

- and operating throughout the period.

Failures of internal controls (deviations) should be recorded & investigated regardless of the
monetary amount involved.

When controls are not designed or implemented effectively – there is no benefit in testing it.

Increase the substantive testing

 Page 23

TEST OF CONTROLS

How to perform T.O.C.? AUDIT PROCEDURES

“C A I³ R² O” Also use CAATs

(Computerized
Assisted Audit
Techniques)
 Page 24

TEST OF CONTROLS

Performing T.O.C.? Example:-

Overtime sheets are authorized by the responsible official.
Procedure + Purpose

Test of controls
Select the sample of authorized overtime sheets and
agree it is authorized by the responsible official by looking
at the signatory evidence.
 Page 25

USE OF CAATS
CAATs (Computerized Assisted Audit Techniques)
There are two facilities in CAATs

- Test Data Many tasks can be done, like:

- Audit software • testing of particular system

• review past logged in trails

• enter dummy entry to check the

operating effectiveness of the system.
 Page 26

USE OF CAATS
Example:-
Credit customers are given the certain limit & sales orders are entered into the system.

Test of controls
Using test data facility of CAATs, access the sales system and enter the dummy sales order above the
credit limit to ensure system is rejecting.
 Page 27

USE OF CAATS
Example:-
Access to payroll master file is restricted to authorized staff.

Test of controls
Using test data facility of CAATs, access the payroll master file and review the past logged in trails to
ensure it was accessed and amended by only authorized staff in payroll.

Also access payroll master file using the system ID of unauthorized personnel to ensure system is
denying the access.
 Page 28

ISA 265 – communicating deficiencies in internal controls to those charged with governance
and management

ISA 265 requires the auditor to:

 Communicate any deficiency that are of sufficient importance to merit management’s

attention to management.

 Communicate significant deficiencies to those charged with governance.

Deficiencies in internal controls

Deficiencies occur when:

- A control designed, implemented or operated in such a way that it is unable to prevent,

or detect and correct misstatements in the financial statements, on timely basis.

- A control necessary to prevent, or detect and correct, misstatements in the financial

statements on timely basis is missing.

1 Haris Hanif (+92 333 311 3959)

 Page 29

Significant Deficiencies in internal controls

Significant Deficiencies in internal controls are those which merit the attention of those
charged with governance.

External auditor should consider the following when determining if a deficiency in internal
controls is significant.

- The likelihood of deficiencies leading to material misstatements in the financial

statements.

- The susceptibility to loss or fraud of the related assets or liabilities.

- The subjectivity and complexity of determining estimated amounts.

- The financial statements amounts exposed to the deficiencies.

- The volume of activity that has occurred or could occur in the account balance or class
of transactions exposed to the deficiency or deficiencies.

- The importance of controls to the financial reporting process.

- The cause and frequency of the exceptions detected as a result of the deficiencies in the
controls.

- The interaction of deficiency with other deficiencies in internal controls.

2 Haris Hanif (+92 333 311 3959)

 Page 30

The auditor will communicate the deficiencies in a report to management.

(Management letter).
It is usually sent at the end of the audit and comprises a covering letter with an appendix
containing the deficiencies the auditor has found within the client’s control system and
recommendations to overcome each deficiency.
The covering letter should clarify something:
- The report is not a comprehensive list of deficiencies, but only those that have come to
light during normal audit procedures.

- The report is for the sole use of the company.

- No disclosure should be made to third party without written agreement of the auditor.

- No responsibility is assumed to any other parties.

3 Haris Hanif (+92 333 311 3959)

 Page 31

Exam Focus

Deficiencies Recommendations

4 Haris Hanif (+92 333 311 3959)

 Page 32

PURCHASE SYSTEM
 Page 33

PURCHASE SYSTEM
Ordering stage (placing orders to suppliers)
Risks Control objectives Controls Test of controls
Orders may be To ensure that orders are Purchase requisition Review the sample of
unauthorized, not for being made for genuine should be authorized by orders requisition,
genuine business use. business use. the departmental ensure it is authorized
manager or HOD. by relevant HOD, by
looking at signature.
 Page 34

PURCHASE SYSTEM
Ordering stage (placing orders to suppliers)
Risks Control objectives Controls Test of controls
Expensive materials may To ensure materials are Approved suppliers Review the sample of
be purchased. being purchased at should be used for orders made and agree it
competitive price or say purchasing (BOD is made to approve
reasonable price approved suppliers). suppliers, by referring
the approved suppliers
For non-routine items, list.
separate quotations
from suppliers should be
obtained.
 Page 35

PURCHASE SYSTEM
Goods received (at store)
Risks Control objectives Controls Test of controls
Ordered goods not To ensure those goods are Check the goods against Observe the goods
received. received which were the available copy of P.O. receiving process
actually ordered. whether goods are being
Faulty goods received. Check the quality of checked against the copy
To ensue goods are goods and then accept. of P.O.
accepted if they are of
required quality. Raise sequentially pre- Review the GRN and
numbered GRN and ensure they are
maintain multiple copies sequentially pre-
(store, ordering numbered and match
department, accounts GRNs with the P.O.
department).
 Page 36

PURCHASE SYSTEM
Goods invoiced and recorded (liabilities)
Risks Control objectives Controls Test of controls
Liabilities of the goods To ensure the complete Accounts department Agree GRNs with the
may not be recognized in and accurate record should have the copy of invoices.
the records. keeping for all the goods GRNs.
received. Review liability records
Invoices should be and ensure all goods
matched with the GRNs. received had been
recorded (liability).
Unmatched GRNs
should be reviewed and
investigated.
 Page 37

PURCHASE SYSTEM
Goods invoiced and recorded (liabilities)
Risks Control objectives Controls Test of controls
Liability may be recorded To ensure liability is only Allocate the same Review the Invoices
for the goods not for the goods which were sequential pre- received and ensure
received, risk of bogus actually ordered and numbering to the same sequential pre-
supply of goods. received. invoices received as of numbering as of GRNs.
GRNs raised.
Ensure all matched
GRNs and Invoices are
recorded.
 Page 38

PURCHASE SYSTEM
Payment made to suppliers
Risks Control objectives Controls Test of controls
Payments may be made to To ensure payments are All invoices should be Obtain the sample of
wrong suppliers. only made to correct authorized by invoices authorized,
suppliers. appropriate manager, confirm the signature of
before payment. authorized personnel.

Regular review of Review the supplier

suppliers’ statements statement
and should be reconciliations, discuss
reconciled. their process of
investigation.
Authorization of any
changes after the Review signature of
reconciliation. authorized personnel
after any changes made.
 Page 39

PURCHASE SYSTEM
Payment made to suppliers
Risks Control objectives Controls Test of controls
Wrong amount (twice) To ensure accurate and Agree all the invoices Review the sample of
amounts may be paid. correct being paid to with the GRNs, check calculations and confirm
suppliers. the price, sales tax, signatory evidence.
discounts and all and
also calculate the Inspect the sample of
amount. invoices to confirm paid
invoices are stamped as
Once paid, invoices “paid”.
should be stamped as
“paid”.
 Page 40

NON-CURRENT ASSET SYSTEM / CAPITAL EXPENDITURE

NCAs are having some Risks and Control Objectives

Risks Controls Objectives

 Capital expenditures may be incurred  To ensure capital expenditure are incurred for
unnecessarily. genuine business use.

 Capital items may be misappropriated.  To ensure the safe custody of NCAs.

 Capital items may not be recorded in NCA  To ensure all CapEx are completely recorded in
register. NCA register.

 Revenue expenditure may be recorded as NCA.  To ensure CapEx are properly classified in the
accounting records.
 Page 41

NON-CURRENT ASSET SYSTEM / CAPITAL EXPENDITURE

Capital Expenditure / NCAs – Controls and Test of controls
Controls Test of controls
 CapEx should be authorized by BOD/CapEx committee.  Review the minutes of BOD meetings to
confirm authorization.
 Establish physical controls on NCA like CCTV,
 Inspect NCA and observe security
security guards, tracker on vehicles. arrangements there.

 Insurance over NCAs.  Inspect the sample of order forms to ensure

separate forms of purchasing of NCA and of
 Separate order forms for materials purchasing and materials.
purchasing of NCAs.
 Review NCA register for completeness and
classification.
 Review the NCA register to ensure proper classification.
 Review IA work on NCA verification. Discuss
 Review the NCAs and trace in the NCA register, like by with them the process of investigation.
IA department.
 Page 42

INVENTORY SYSTEM
Inventories are having some Risks and Control Objectives

Risks Controls Objectives

- Inventory may be damaged/stolen. - To prevent or minimize the chances of theft of
inventory.
- Inventories may not be used fully before its
useful life ends. - To ensure less or no interruption due to stock
out costs.
- Inventory movements are not adequately
monitored. - To ensure all movements of inventory is
authorized and adequately monitored.
- Inventory may not valued at lower of cost or
NRV. - To ensure inventory is valued and lower of cost
or NRV and accurately and complete records
are maintained.
 Page 43

INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

- Proper and good conditions in the warehouse. - Visit the warehouse and observe the
 CCTV environment.
 Fire sprinklers/alarms
 Emergency exit - Watch previously CCTV footage on sample basis
 Temperature monitor to ensure it is being monitored and recorded.
 Proper arrangement of inventories –
well organized and placed.
 Page 44

INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

- Maintaining inventory records - Inspect the inventory records and confirm the
maintenance of records.
 Bin Card

 Store ledger

 Inventory master file

 Page 45

INVENTORY SYSTEM
Inventories – Controls and Test of controls
Controls Test of controls
Company should undertaking the inventory count with good features.  Visit the counting area,
 Counting should be done in quite times, not during the movement, if observe the system and
needed to count during the movement, then movement should be agree whether
separately conducted – outside the warehouse/separate place. instructions are being
complied.
 Counting staff should be selected from the department, other than
warehouse.  Inspect the job ID card of
employees performing
 Counting staff should have proper instructions. the count to ensure they
are from departments
 Counting should be done in pairs, one person should count and other than warehouse.
other should re-count.

 Counting process should be supervised, by the supervisor.

 Page 46

INVENTORY SYSTEM
Inventories – Controls and Test of controls

Controls Test of controls

Company should undertaking the inventory count with good features.  Inspect the counting sheets
 Counting staff should counting sheets which should contain all the and confirm sequential pre-
information – but not quantities to be counted. numbered, ensure no
quantities are mentioned.
 Counting sheet should be sequentially pre-numbered.
 Observe counted areas are
marked/flagged and
 Counted areas should be marked/flagged. customers inventory are
separately placed.
 Units sold (not delivered) should be kept separately with the tagging
of name of customers.  Agree the signature of
counting staff after the
 After the count, both the counting staff should sign off the counting count.
sheet.
 Page 47

SALES SYSTEM
 Page 48

SALES SYSTEM
Orders Received (from customers)
Risks Control objectives Controls Test of controls
Orders may be received To ensure that orders are For old customers, check Inspect the management’s
from the customers with received from the the outstanding balances. working of credit check,
poor credit ratings – leading customers with good credit like review the
to late payments/bad debts. ratings. For new customers, check correspondence of
the credit worthiness prior company with credit
to accept the orders, like rating agencies.
check credit ratings from
credit rating agencies. Enter the credit limit in
the system above credit
Allot the credit limit limit to ensure system is
accordingly. rejecting.

Regularly review the credit

limit.
 Page 49

SALES SYSTEM
Orders Received (from customers)
Risks Control objectives Controls Test of controls
Orders may not be To ensure all the Complete the Review the customers’
fulfilled – which may customers’ orders would customers’ orders on orders to confirm they
dissatisfy the customers. be fulfilled on time. sequentially pre- are sequentially pre-
numbered orders forms. numbered.

Pass customers’ orders Check the integrated

to warehouse or system – like through
production – use dummy entry.
integrated system which
would enable automatic
notifications to them.
 Page 50

SALES SYSTEM
Goods dispatched
Risks Control objectives Controls Test of controls
Wrong goods dispatched. To ensure correct goods Check the goods’ quality Visit the goods
are dispatched to and quantity while packaging process and
correct customers. packing. observe the system.

Check goods against

orders forms.
 Page 51

SALES SYSTEM
Goods dispatched
Risks Control objectives Controls Test of controls
Customers may falsely To minimize the chance Send GDN to Inspect the sample of
claim that goods are not of false claim made by customers, it should be GDNs and ensure
received. customers. signed by them. they are signed by
customers.
Multi-part GDNs
(warehouse, customers, Check copies of
sales team, invoicing GDNs in the
department) departments.
 Page 52

SALES SYSTEM
Goods invoiced & recorded
Risks Control objectives Controls Test of controls
Goods dispatched may not To ensure that all goods Invoices should be Agree invoices with the
be invoiced or invoiced dispatched are invoiced sequentially pre- GDNs.
with incorrect amount. correctly. numbered.
Insect sample of invoices
Invoices should be to confirm sequential
agreed with price list or pre-numbering.
credit terms with
customers. Agree invoices with the
authorized price list.
Invoices should be
system generated.
 Page 53

SALES SYSTEM
Goods invoiced & recorded
Risks Control objectives Controls Test of controls
Invoices posted to wrong To ensure that invoices Regular review of Discuss with
customers’ accounts. are posted to the customers’ accounts. management for the
correct customers’ regular review, confirm
accounts. Send regularly the any signatory evidence
statements to of review.
customers.
Review any written
correspondence with
the customers for any
disputed invoicing.
 Page 54

SALES SYSTEM
Payment received
Risks Control objectives Controls Test of controls
Cash (payment) from To ensure cash received Produce aged receivable Review aged receivables
customers not received from the invoices raised, report on time (monthly report.
on time or may become on time. basis).
bad debt. Discuss with the
Follow up overdue management the follow
customers for payments. up process.
 Page 55

SALES SYSTEM
Payment received
Risks Control objectives Controls Test of controls
Payments received may be To ensure payment Segregation of duties Observe the segregation
misappropriated. received are not who updates the ledger of duties.
misappropriated and and raise invoices.
payments are safeguarded. Agree invoices received
Ask customers to pay via in the company’s bank
bank in the company’s statement.
name bank account.
Review reconciliations,
Regular reconciliations re-perform it and discuss
of customers who paid. with them the
investigation process of
differences.
 Page 56

CASH & BANK SYSTEM

Cash & Bank system are having some Risks and Control Objectives

Risks Controls Objectives

 Cash may be thefted.  To reduce the chances of theft of cash.

 Unnecessary cash expenses.  To ensure cash expenditures are being made for
the genuine business use.
 Holding too much cash – missing out the
short-term investment opportunity.  To hold the cash as per the requirement.

 Cash received not banked.  To ensure all cash received are banked.

 Making fake signatures on cheque.  To ensure no fake signatures on cheque and no

misuse of signing authority on cheque.
 Authorized personnel may misuse the signing
authority on cheque.
 Page 57

CASH & BANK SYSTEM

Cash & Bank system – Controls and Test of controls
Controls Test of controls
 Cash should be placed in the locked fixture.  Assess the security/safety arrangements
where cash is placed.
 Every cash expense should be authorized by senior
responsible official.  Discuss the need for cash and confirm it
is as per the requirement.
 Holding the cash as per the need and not to hold too
much cash and should be banked.  Review the cash vouchers and ensure
the signature of authorized personnel.
 Maintaining the cash vouchers, authorized by responsible
official.  Assess the safety of cheque book.

 Cheque book to locked away,  For any large payment, review the
evidence of multiple signatories.
 Multiple signatories – like on large amounts.
 Page 58

PAYROLL SYSTEM
 Page 59

PAYROLL SYSTEM
There are two main aspects for payroll

Human Resource (HR) function Payroll processing function

Includes:- Includes:-
• Staff appointment • Monthly processing of payroll
• Staff removal
• Staff appraisal
• Notifications of salary changes

These two functions should be segregated.

 Page 60

PAYROLL SYSTEM
 Page 61

PAYROLL SYSTEM
Work recorded
Risks Control objectives Controls Test of controls
Time (hours) may not be To ensure hours worked Biometric system to Observe the employees’
recorded accurately. are accurately recorded. record employees’ attendance marking
attendance – with process.
integrated (auto
generated) time sheet. Review the sample of
timesheets for evidence
Time sheets to be that they have been
reviewed by responsible reviewed by responsible
official. official.
 Page 62

PAYROLL SYSTEM
Work recorded
Risks Control objectives Controls Test of controls
Un-worked hours may be To ensure only worked OT should be pre- Inspect the sample of
recorded. overtime should be decided, rate, time and OT sheets and agree it is
recorded and paid. work. authorized by the
responsible official.
OT should be authorized
by the responsible
official.
 Page 63

PAYROLL SYSTEM
Recognition of payroll liability
Risks Control objectives Controls Test of controls

HR should appoint Review job description

Data of fictitious To ensure only genuine and/or remove. of HR and payroll to
employees may be created and actual employees confirm segregation of
and paid. would be paid. Complete their forms duties.
and pass to payroll after
authorization. Review documentation
of HR and payroll
Unique employees’ confirming HR
number should be appointed/removed.
assigned.
Review personnel files to
Personnel files should be confirm joiners’ data are
maintained. added and resigned
employees data
removed.
 Page 64

PAYROLL SYSTEM
Recognition of payroll liability
Risks Control objectives Controls Test of controls

Any changes in the Review the sample of

Wages are To ensure that wages are employees’ standing data reports of changes made,
paid/deductions made at paid/deductions are made should be authorized by ensure properly
wrong rates. at appropriate rate. HR manager. authorized.

Exception/edit report Review the

should be generated edit/exception report
after any changes. generated.

Changes report should Review the signature of

be printed and signed by appropriate personnel
appropriate manager. on the printed changes
report.
 Page 65

PAYROLL SYSTEM
Payment made to employees
Risks Control objectives Controls Test of controls
Senior personnel should Review the printout
Employees may not be To ensure employees are recalculate the amounts to be payment sheets, review the
paid to staff. evidence of signature of
paid the right amount. being paid the right
authorized personnel.
amount. Payment sheets to be reviewed
by senior responsible official. Agree the authorization
signature of FD on payment
Before payment, amounts to be
agreed with payroll record and sheets.
pay slips.
Review BACS details and
For BACS, bank account of ensure payments were
employees should be verified, transferred to correct
payment to be authorized by employees.
finance director.

For cash payment, at least two Observe the cash payment

staff should be there. process.
 Page 66

Direct & Indirect controls

Direct Controls

Direct controls addresses the risk of material misstatements in the financial statements, at
assertion level.
Indirect controls
Indirect controls support direct controls.

Example
Responsible manager recalculates the payroll, agrees the amounts on the payroll list to
individual pay slips.
(Direct controls) Accuracy

Manager review on the total of payroll total each month (Indirect controls)

1 Haris Hanif (+92 333 311 3959)

Page 67

2 Haris Hanif (+92 333 311 3959)

 Page 68

Controls Documentation

Auditors must maintain the RECORD of the controls system of the client and should also update each
year, following are the methods of documenting the control system of the client.

1) Narrative notes

2) Flowcharts

3) Questionnaires

4) Checklists

(1) Narrative Notes

It involves written description of the control system of the client and details what occurs in each
stage of the system, after having the discussion with the management of the client entity.

Advantages

• It is written and easily understandable by all the audit staff members.

• It is simple to record and if recorded in the system then changes can be made easily (in case
of errors in recording)

Drawbacks

• It may be time consuming to narrate the entire system rather than if there would have been
the diagrammatic (flowchart) presentation.

• Sometimes it may be burden to read the narrative notes, if it is too much.

• If it is written manually then difficult to amend in case of any errors.

Control Documentation 1 By:- Haris Hanif

 Page 69

(2) Flow charts

It involves diagrammatic presentation (record) of the client entity and showing the sequence of the
system using the arrow lines.

Advantages

• It is easy to view and understand the system of the client since it is presented in one diagram
and arrow line facilitates better understanding.

• It is time saving presentation as compared with the detailed narrative notes.

• Due to the usage of standard symbols, it is easy to spot the any missing controls.

Drawbacks

• In case of any errors in the initial diagram, it is difficult to amend it and it will require much
time to draw from the scratch.

• Sometimes, it may be include less detail as compared with the narrative notes.

Control Documentation 2 By:- Haris Hanif

 Page 70

(3) Questionnaires

This involves list of questions (expected controls) by the auditor and those questions to be asked
from the client entity.

There are two types of questions in questionnaires.

(a) ICQ (Internal Control Questionnaire)

Questions asked from the client entity to know about the existence of the controls, that is, whether
or not controls exist.

(b) ICEQ (Internal Control Evaluation Questionnaire)

Questions asked from the client entity to know about the quality of the controls,
that is whether the controls are operating effectively.

Advantages

• It facilitates the communicative interaction with the client entity.

• Questions are easy to prepare (keeping in mind good system) and then can be used in
multiple clients.

• It is flexible and any of the staff member can ask the questions from the client by referring to
the questionnaire document.

Drawbacks

• It may include illogical questions and asking too much questions may create the burden on
the client.

• Using the standard questions (in every client) may miss out certain unusual controls at the
particular client.

Control Documentation 3 By:- Haris Hanif

 Page 71

(4) Checklist

This involves preparing the list of expected controls in the document and then auditor, through the
observation, TICK on the list in case of presence of controls and CROSS on the list in case of absence
of controls.

Advantages

• It is easy for the auditor to watch and observe the system and noting the controls.

• It is time saving method since no need to wait for the client’s personnel to answer.

Drawbacks

• There is no communicative interaction with the client’s staff while documenting the system.

• Using the standard list of expected controls (in every client) may miss out certain controls at
the specific organisation.

Approach to deal with the controls

Control Documentation 4 By:- Haris Hanif

 Page 72

Corporate Governance
It is the system by which companies are directed and controlled by senior officers.

Who is responsible for corporate governance?

Executive Directors (EDs)

They are involved in day-to-day activities, that is, provide the direction for the operations.
Examples:-

Non-Executive Directors (NEDs)

They are not involved in the day-to-day operations, but they are involved in the top level
meetings.
NOTE:-

Corporate Governance 1 By:- Haris Hanif

 Page 73

NEDs should be Neutral, that is, Independent

- No major stakeholder should be NED

- No relative of ED should be NED

- Former (previous) ED should NOT be the NED of the same company.

- No business relation (customers/suppliers) with the company.

- No salary of NEDs, no commission, no PRP, they should be only remunerated with

the meeting fees.

- No Cross directorship.

Workings of NEDs
- Scrutinise the work of E.D.s

- Challenge the work of E.D.s in constructive manner.

- Ensure that decision making should be in favour of the company.

- Give healthy advice to the BOD

- Ensure the long term decision making.

- Bring/share the outside expertise the company.

Corporate Governance 2 By:- Haris Hanif

 Page 74

Company and the Structure of BOD

Nomination Committee
- Consider the skills of the BOD
- Nominate the suitable candidates for the BOD
- Present capable directors in AGM – for final approval of shareholders.

Remuneration Committee

Risk Committee

Corporate Governance 3 By:- Haris Hanif

 Page 75

Audit Committee
- At least 3 members on audit committee – this is for large P.L.C.
- At least 2 members on audit committee – this is for S.M.E.s
- At least 1 person should be the member of professional accountancy body.
- Chairman of the company should NOT sit in the audit committee.

Roles of Audit Committee

- Recommendations in the appointment/removal of auditors and also advice on their
remuneration.
- Discuss and resolve the ethical, professional issues of the auditors.
- Review the financial statements, internal controls and also take part in the risk
management.
- Oversight the audit.
- Encouraging whistle blowing provisions in the company.

Features of GOOD Corporate Governance

- At least 50% NEDS on the BOD.
- Chairman and CEO should be two different individuals.
- Chairman should be NED.
- Greater independency and Transparency.
- No misleading information.
- Greater accountability of directors.
- Good internal controls.
- Establishing internal audit department.
- All NEDs should be independent and should NOT serve more than 9 years.
- Sub-BOD committees.
- Maximum disclosures in the F.S.
- Conduct AGM along with the proxy access.
- Less/No dominancy of EDs.
- BOD should focus on the long term and performance and reward system should be
based on the long term performance.
- Maximum healthy debate in the BOD meetings.
- EDs should not serve for too much long time period, there should be re-election.

Corporate Governance 4 By:- Haris Hanif

 Page 76

Internal Audit

NOTE:-
- IA department should be independent.
- No conflict of interest.
- No ethical threats.
Objectives/Functions/Scope/Purpose/Assignments of IA department

 Review the controls and the financial statements as well.

 Check whether any value is added in the company.

 Review the operating matters that is, whether operating matters are being run or
not, as guided.

 Also review the VFM of every department.

 Review whether the company is complying with the laws and regulations.

 Undertake special investigation related to the fraud.

 Also perform the IT audit.

 Purchasing audit – in the purchase area.

 Customer experience audit, that involves review the customer relationship.

 Assist in the business risk management.

NOTE:-

Internal Audit 1 By:- Haris Hanif

 Page 77

NOTE:-

 IA is itself the internal control.

 It’s a sign of good corporate governance.
 IA should be internally independent.
 IA should not report to the single director,
o They should report to the BOD, through the channel of AUDIT COMMITTEE.
NEED for the IA department:-
Some factors should be considered before establishing IA department:-
- Past frauds.
- Persistent breach of the controls.
- Business expansion.
- Increasing the number of staff.
- Changes in the organisational structure.
- Company is in crisis.
- Increasing the complains.
- Anything unusual.

IA and the FRAUD

Internal auditor plays the role in the investigation of the fraud, it includes:-

 Identify the fraud

 Quantify the fraud
 How the fraud was done
 Who has done the fraud
Advantages of IA department
- IA department is itself the control and can contribute in the improvement in the
control environment.
- It adds “value” in the company and external parties may be impressed.
- Review will be conducted independently.
- Neutral advice to the BOD.
- Assisting the external auditors and if external auditors will be rely on IA work and
then their audit procedures can be reduced and audit fees can be saved.
Limitations of IA department
- No need for the professional accountancy qualification so limited knowledge of
accounting.
- Chances of collusion with the other staff as IA department is also the staff.
- IA department is of no use if BOD is not considering their advice.
- BOD may restrict IA department not to check the particular/specific area.

Internal Audit 2 By:- Haris Hanif

 Page 78

NOTE:-

Advantages of outsourcing IA department Drawbacks of outsourcing IA department

Time saving as outsource is easily available. Chances of leaking secret information.
Not employees, so no personal clashes. May be high fees.
Reducing burden of fixed cost. No in-house expertise/lack of in-house
skills.
Outsourcing – firm may have large portion If rotation of IA staff, then they may find
of expertise since they might be serving time consuming task to understand the
many clients. system and perform IA work.
If same auditor is also the external auditor,
then it would be ethical problem.

Difference between Internal and External Auditor

Factors Internal Auditors External Auditors

Status

Remuneration

Working
Scope
Objective

Reporting

Internal Audit 3 By:- Haris Hanif

 Page 79

ISA – 610 Using the work of IA:-

Internal Audit 4 By:- Haris Hanif

 Page 80

ISA – 500 (Audit Evidence)

Audit Evidence:
These are all the information and explanation collected by the auditor and used by the auditor to arrive
at the conclusion on which auditor’s opinion is based.

Evidences should be:-

- Sufficient
- Appropriate

Audit Procedures:

Audit Evidence 1 Haris Hanif

 Page 81

Evidences:-
Sufficient Evidence:
This refers to the QUANTITY of the evidence. However, it is a matter of auditor’s professional judgment
whether the Evidence is “enough” or not. Some factors help to determine whether the evidences are
enough include:-

- Risk of material misstatement

- Materiality of the item
- Nature of accounting and internal control system
- Results of controls test
- Auditors’ knowledge and experience of the business
- Size of population, sample
- Reliability of evidence obtained

Appropriate Evidence:
Appropriateness of evidence refers the QUALITY of the evidences and splits into TWO categories.

(a) Relevance
Relevance means evidence should relate to the financial statements assertions being tested.

(b) Reliable
It refers to the trustworthy source of evidence.

Audit Evidence 2 Haris Hanif

 Page 82

Management Expert
Employee (or outsourced organization) who is expert in the field other than accounts/audit but his work
has impact on the financial statements as his work is used by the entity to assist in the preparation of
financial statements.

Examples:-

Lawyer

Mechanical Engineer

NOTE:-

ISA 500 Audit Evidence provides guidance on what the auditor should consider before relying on the
work of a management's expert.

The auditor must:

- Evaluate the competence, capabilities and objectivity of that expert.

- Obtain an understanding of the work of that expert.
- Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.

Audit Evidence 3 Haris Hanif

 Page 83

Financial Statements Assertions

Assertions ASSERT to declare something

These are the declarations in the financial statements, either express or implied, by the
management and used by the auditor to collect evidences and consider the material
misstatements.
Assertions can be remembered through mnemonic ACCA–COVER–P

A – Allocation

C – Classification

C – Completeness

A – Accuracy

C – Cut-off

O – Occurrence

Financial Statements Assertions 1 Haris Hanif

 Page 84

V – Valuation

E – Existence

R – Rights & Obligations

P – Presentation

Note:-

Accuracy; Valuation and Allocation

Financial Statements Assertions 2 Haris Hanif

 Page 85

ASSERTIONS

Account balance Events and Transactions

Completeness Completeness
Accuracy; Valuations and Allocation Accuracy
Classifications Classifications
Existence Cut-off
Rights and Obligations Occurrence
Presentation Presentation

Assertions about Account balances and related disclosures at the period end
Existence – Assets, liabilities and equities interests exists.

Rights and oligations – the entity holds or controls the right to assets and liabilities are obligations of
the entity.

Completeness – all assets, liabilities and equity interets that should have been recorded, have been
recorded, and all related disclosures that should have been included, have been included.

Accuracy, valuation and allocation – assets, liabilities and equity interests have been included in the
financial statements at appropriate amounts and resulting valuation or allocation adjustments have
been appropriately recorded, and all related disclosures have been appropriately measured and
described.

Classification – assets, liabilities and equity interests have been recorded in the proper accounts.

Presentation – account balances are appropriately aggregated or disaggregated and clearly described,
and related disclosures are relevant and understandable in the context of the applicable financial
reporting framework.

Financial Statements Assertions 3 Haris Hanif

 Page 86

Assertions about Classes of transactions and events, and related disclosures for
the period under audit
Occurrence – the transactions and events recorded and disclosed have occurred and pertain to the
entity.

Completeness – all transactions and events that should have been recorded have been recorded, and all
related disclosures that should have been included have been included.

Accuracy – amounts and other data have been recorded appropriately and related disclosures have
been appropriately measured and described.

Cut-off – transactions and events have been recorded in the correct accounting period.

Classification – transactions and events have been recorded in the proper accounts.

Presentation – transactions and events are appropriately aggregated or disaggregated and clearly
described, and related disclosures are relevant and understandable in the context of the applicable
financial reporting framework.

Financial Statements Assertions 4 Haris Hanif

 Page 87

Accounting standards and Assertions

Accounting Standards Assertions

Financial Statements Assertions 5 Haris Hanif

 Page 88

Auditor's Expert
ISA 620 Using the Work of an Auditor's Expert provides guidance to auditors.

If the auditor lacks the required technical knowledge to gather sufficient appropriate evidence to form
an opinion, they may have to rely on the work of an expert.

Examples of such circumstances include:

- The valuation of complex financial instruments, land and buildings, works of art, jewellery and
intangible assets.
- The estimation of oil and gas reserves.
- The interpretation of contracts, laws and regulations.
- The analysis of complex or unusual tax compliance issues.

Auditors use the professional judgement whether it is necessary to use the services of expert and
whether it is related to the purpose of the audit.

To fulfil this responsibility the auditor must evaluate whether the expert has the necessary competence,
capability and objectivity for the purpose of the audit.

Evaluating competence

Information regarding the competence, capability and objectivity on an expert may come from a variety
of sources, including:

- Personal experience of working with the expert

- Discussions with the expert
- Discussions with other auditors
- Knowledge of the expert's qualifications, memberships of professional bodies and licences.
- Published papers or books written by the expert.
- The audit firm's quality control procedures.

Evaluating objectivity

Experts are not bound by similar code of ethics as external auditors.

Objectivity needs to be evaluated, by simple means like:-

- Make enquiries of the client about known interests or relationships with the chosen expert.
- Discuss applicable safeguards with the expert.
- Discuss financial, business and personal interests in the client with the expert.
- Obtain written representation from the expert.

Auditor’s Expert 1 Haris Hanif

 Page 89

Agreeing the work

Once the auditor has considered the above matters they must then obtain written agreement from the
expert of the following:

- The nature, scope and objectives of the expert’s work.

- The roles and responsibilities of the auditor and the expert.
- The nature, timing and extent of communication between the two parties.
- The need for the expert to observe confidentiality.

Evaluating the work

Once the expert's work is complete the auditor must scrutinise it and evaluate whether it is appropriate
for audit purposes.

In particular, the auditor should consider:

- The reasonableness of the findings and consistency with other evidence.

- The significant assumptions made.
- The use and accuracy of source data.

Reference to the work of an expert

- The use of an auditor’s expert is not mentioned in an unmodified auditor's opinion unless
required by law or regulation.

- Reference to the work of an expert may be included in a modified opinion if it is relevant to the
understanding of the modification. This does not diminish the auditor’s responsibility for the
opinion.

Auditor’s Expert 2 Haris Hanif

 Page 90

Accounting Standards and Assertions

Substantive Procedures – 1 1 By:- Haris Hanif

 Page 91

Substantive Procedures

Substantive Procedures – 1 2 By:- Haris Hanif

 Page 92

PPE

ABC limited had purchased the property amounted $20m from another company in the month of
August, 20X9 paid via bank in the same month.

The finance director had informed you that the company also had increased the life of its one of the
machine to 5 years whose previous estimated life was 3 years.

Describe the substantive procedures you should perform to obtain the sufficient and appropriate
audit evidence

Substantive Procedures – 1 3 By:- Haris Hanif

 Page 93

Substantive Procedures – 1 4 By:- Haris Hanif

 Page 94

PPE – Revaluation

Finance director of Space limited had informed you during the year they had undertaken the
revaluation of few of the buildings and revalued to $12m and contacted the Ansari Associates to do
the revaluation. At the time of revaluation the NBV was $10m.

Describe the substantive procedures you should perform to obtain the sufficient and appropriate
audit evidence

Substantive Procedures – 1 5 By:- Haris Hanif

 Page 95

Substantive Procedures – 1 6 By:- Haris Hanif

 Page 96

PPE – Additions & Disposals

Solo Limited is a manufacturing company whose year end is 31st July 20X9. The company had
purchased the machine on 1st April 20X9 and also incurred some amount to train the staff to use
that machine. The company had disposed some old machines at $52.5m and the NBV at the time of
disposals was $50m. The company uses proportionate method of depreciation.

Describe the substantive procedures you should perform to obtain the sufficient and appropriate
audit evidence

Substantive Procedures – 2 1 By:- Haris Hanif

 Page 97

Substantive Procedures – 2 2 By:- Haris Hanif

 Page 98

Goodwill

Apple limited is a manufacturing company of air conditioner and acquired 75% equity interest in
Poplar limited which manufactures fans. The consideration transferred for the acquisition amounted
$90,000 and the being as parent company, Apple limited had reported the goodwill $25,000 in the
consolidated statement of financial position. The reporting year end is 31st December 20X8 of both
the companies.

Describe the substantive procedures you should perform to obtain the sufficient and appropriate
audit evidence

Substantive Procedures – 2 3 By:- Haris Hanif

 Page 99

Substantive Procedures – 2 4 By:- Haris Hanif

 Page 100

Intra Group Transactions

Holo limited is the parent company whose year-end is 31st December 20X0 and the company holds
90% equity interest in Jojo limited whose reporting year is same as of parent. During the year, Holo
limited sold the goods to Jojo limited whose 60% are still in inventory. The transaction took place
with 10% profit margin.

Describe the substantive procedures you should perform to obtain the sufficient and appropriate
audit evidence

Substantive Procedures – 2 5 By:- Haris Hanif

 Page 101

Substantive Procedures – 2 6 By:- Haris Hanif

 Page 102

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Pre-payments
- Trade receivables at year – end

Pre-payments:-

Substantive Procedures – 5 1 By:- Haris Hanif

 Page 103

Substantive Procedures – 5 2 By:- Haris Hanif

 Page 104

Trade Receivables:-

Substantive Procedures – 5 3 By:- Haris Hanif

 Page 105

Substantive Procedures – 5 4 By:- Haris Hanif

 Page 106

Substantive Procedures
External Confirmation (ISA – 505)
This is external confirmation which the auditor obtains to confirm the available
information from third party (confirming party).
Normally, external confirmation confirms assertions like:-
- Existence - Valuations - Rights & Obligations
NOTE:-
 Permission from client entity is necessary prior to send this confirmation
letter.
 Auditor drafts this conformation letter.
 It needs to be signed by the management.
 Letter head will be of client entity.
 Address of auditor is enclosed in the confirmation letter and reply should
be directly given to the auditor.
Types of External Conformations:-
(1) Positive Confirmation:-
A positive confirmation request is a request that the confirming party respond
directly to the auditor indicating whether the confirming party agrees or disagrees
with the information in the request, or providing the requested information.
Method 1.

Method 2.

Substantive Procedures – 6 1 By:- Haris Hanif

 Page 107

(2) Negative Confirmation:-

A negative confirmation request is a request that the confirming party respond
directly to the auditor only if the confirming party disagrees with the information
provided in the request.
Note:-
Negative confirmation is risky because if third party fails to respond then auditor
may assume that the information is correct.
ISA – 505 says that negative confirmation can be sent under following conditions:-
- The risk of material misstatement has been assessed as low.
- The auditor has obtained sufficient appropriate audit evidence on the
operating effectiveness of relevant controls.
- The population consists of a large number of small, homogeneous account
balances.
- A very low exception rate is expected.

Substantive Procedures – 6 2 By:- Haris Hanif

 Page 108

Steps/Procedures to circulate external confirmation letter

Substantive Procedures – 6 3 By:- Haris Hanif

 Page 109

Substantive Procedures – 6 4 By:- Haris Hanif

 Page 110

EXAM FOCUS:-
Question:-
Describe the procedures to circulate positive external confirmation.
ANSWER:-
- Obtain the consent from the key management personnel (like FD) before
sending the confirmation letter.

- Obtain the list of the third parties to whom confirmation letter needs to be
sent.

- Select sample of third parties keeping focus on nil balances, old and
unsettled balances, round off, contra balances.

- Draft the confirmation letter on the letter head of client and ask the FD to
sign on this letter.

- If reply is received and balance agreed then nothing to perform further

audit procedures.

- If reply received with the discrepancy then it needs to be discussed with the
management, ask them to reconcile and reperform the reconciliation with
the inspection till the source documents.

- If reply is not received, then discuss with the management, also request for
the reminder to be sent. In addition, if necessary then make a call or
personal visit to confirm the balance.

- Prepare the summary of all the follow up responses, that is, which balance
was agreed, which was not, which was reconciled, which was not, whose
reply was not received.

Substantive Procedures – 6 5 By:- Haris Hanif

 Page 111

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Cash balance
- Bank balance/Bank reconciliations

CASH:-

Substantive Procedures – 7 1 By:- Haris Hanif

 Page 112

Substantive Procedures – 7 2 By:- Haris Hanif

 Page 113

BANK/BANK RECONCILIATION:-

Substantive Procedures – 7 3 By:- Haris Hanif

 Page 114

Substantive Procedures – 7 4 By:- Haris Hanif

 Page 115

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Inventory

Inventory:-

Substantive Procedures – 8 1 By:- Haris Hanif

 Page 116

Substantive Procedures – 8 2 By:- Haris Hanif

 Page 117

ISA 501 Audit evidence – specific considerations for selected items provides guidance for auditors on
attending the physical inventory count to obtain evidence regarding the existence and condition of
inventory.

Before the inventory counts

 Identifying risk of material misstatements
 Nature of internal controls relating to inventory
 Existence of adequate procedures established and proper instructions given to personal
involved in stock count at client end
 Timing of counts
 Location of inventory count
 Need for an expert

During the inventory counts

 Auditor would observe stock count and would carry out test counts
 Observe whether stock count instructions are being properly followed by the stock counters
 In performing test counts the auditor would follow a two-way test approach to ensure
completeness
 Records to floor testing
 Floor to record testing
 Retention of any stock documents for further procedures
 Cut-off procedures before and after the counts to ensure that entire inventory movements
pertaining to the year has been tracked / obtaining the last documents such as goods
received notes and gods dispatched notes
 Where any inventory is in the third party control, the auditor should sent confirmation for
inventory. However if the auditor consider that the inventory items are material he could.
 Test the integrity of management
 Observe the third party counts by himself or by some other auditors
 Obtaining the order auditor report on stock counts
 Inspecting document of inventories held by third parties

After the inventory counts

Once the auditor has planned and performed the inventory count, the auditor would perform
procedure to finalized inventory for accounts purpose such as:
 Ensure that, inventory has been properly valued based on stock counts sheets available with
the auditor.
 Ensure proper rate for inventory valuation has been picked up on the basis of FIFO or
Weighted average cost method
 Ensure that all stock variance if the entity operates standard inventory system has been
closed out
 Ensure that all working papers pertaining to inventory has been properly signed by auditor
and client personal available at stock
 Ensure all adjustments identified by the auditors is reflected in the financial statements
 Ensure proper inventory control sheet and inventory physical observation report has been
filed in audit wok papers

Substantive Procedures – 8 3 By:- Haris Hanif

 Page 118

Question (from DEC – 2014 exam of ACCA)

Jackdaw motors, a car manufacturing company has year-end 31st January 2015.

Work in progress

Jackdaw undertakes continuous production of cars, 24 hours a day, seven days a week. An inventory
count is to be undertaken at the year end and Puffin & Co will attend. You are responsible for the
audit of work in progress (WIP) and will be part of the team attending the count as well as the final
audit. WIP constitutes the partly assembled cars at the year end and this balance is likely to be
material. Jackdaw values WIP according to percentage of completion, and standard costs are then
applied to these percentages.

Describe the substantive procedures the auditor should perform to obtain sufficient and
appropriate audit evidence in relation to:

Valuation of Work in progress (4 marks)

ANSWER:-

Substantive Procedures – 8 4 By:- Haris Hanif

 Page 119

Dashing Company (Sept/Dec 2017)

Dashing Co manufactures women’s clothing and its year end was 31 July 20X7. You are an audit
supervisor of Jaunty & Co and the year‐end audit for Dashing Co is due to commence shortly.

The draft financial statements recognise profit before tax of $2.6m and total assets of $18m. You
have been given responsibility for auditing receivables, which is a material balance, and as part of
the audit approach, a positive receivables circularisation is to be undertaken.

At the planning meeting, the finance director of Dashing Co informed the audit engagement partner
that the company was closing one of its smaller production sites and as a result, a number of
employees would be made redundant. A redundancy provision of $110,000 is included in the draft
financial statements.

Required:

(a) Describe the steps the auditor should perform in undertaking a positive receivables
circularisation for Dashing Co. (4 marks)

(b) Describe substantive procedures, other than a receivables circularisation, the auditor should
perform to obtain sufficient and appropriate audit evidence to verify EACH of the following
assertions in relation to Dashing Co’s receivables:

(i) Accuracy, valuation and allocation

(ii) Completeness, and

(iii) Rights and obligations.

Note: The total marks will be split equally between each part. (6 marks)

(c) Describe substantive procedures the auditor should perform to obtain sufficient and
appropriate audit evidence in relation to the redundancy provision at the year end.

(5 marks)

Substantive Procedures – 9 1 By:- Haris Hanif

 Page 120

Answer:-

(a) Steps in undertaking a positive receivables circularisation for Dashing Co

- Obtain consent from the finance director of Dashing Co in advance of undertaking the
circularisation.

- Obtain a list of trade receivables at the year end, cast this and agree it to the receivables
ledger control account total.

- Select a sample from the receivables list ensuring that a number of nil, old, credit and large
balances are selected.

- Circularisation letters should be prepared on Dashing Co’s letterhead paper, requesting a

confirmation of the year‐end receivables balance, and for replies to be sent directly to the
audit team using a pre‐paid envelope.

- The finance director of Dashing Co should be requested to sign all the letters prior to them
being sent out by a member of the audit team.

- Where no response is received, follow this up with another letter or a phone call and where
necessary alternative procedures should be performed

- When replies are received, they should be reconciled to Dashing Co’s receivables records,
any differences such as cash or goods in transit should be investigated further.

Substantive Procedures – 9 2 By:- Haris Hanif

 Page 121

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Share Issuance (capital and premium)
- Reserves and dividends

Share Issuance (capital and premium)

Substantive Procedures – 10 1 By:- Haris Hanif

 Page 122

Answer:-
- Agree the authorized share capital from the statutory documents
governing the company’s constitution.

- Inspect the resolution minutes to ensure that changes in the capital is

properly authorized & also read the minutes of BOD meetings to ensure
that issuance of share capital is authorized.

- Agree the amount received from the issuance of shares in the bank
statement.

- Inspect the equity records and agree the share capital valued at par and
ensure the excess amount in the share premium account to verify the
classification.

- Inspect the register of shareholders register and agree the completeness

of details including the total list with the amount of share capital.

- Re do the calculations of share capital/premium account to verify the

accuracy of the figures.

- Inspect and read the notes to the accounts to ensure the necessary and
complete disclosures of issuance of shares as per the local law
requirement.

Substantive Procedures – 10 2 By:- Haris Hanif

 Page 123

Reserves and dividends

Substantive Procedures – 10 3 By:- Haris Hanif

 Page 124

Answer:-
- Inspect the records of reserves and confirm that company has complied
with the legal requirements of reserves and distinguish between
distributable and non-distributable reserves had been made.

- Ensure that movements on reserves do not contravene the legislation

and the company’s constitution by reviewing the legislation.

- Inspect and read the minutes of BOD meeting to ensure the BOD
approval and the amount of dividends.

- Inspect the reserves records to verify that dividends were paid from the
distributable reserves.

- Obtain the sample of dividends warrants (receipts) to confirm the

amount of dividends as decided in the BOD meetings and properly
recorded in the accounts of dividends and payables and bank/cash.

- Agree the amount paid of dividends in the post year end bank
statement.

- Recalculate the dividends paid and entire movements in the equity to

confirm the mathematical accuracy.

- Inspect the notes and read the disclosures to ensure the completeness
of disclosures of reserves and dividends.

Substantive Procedures – 10 4 By:- Haris Hanif

 Page 125

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Trade payables
- Employment tax payable
- Sales tax payable

Trade payables

Substantive Procedures – 11 1 By:- Haris Hanif

 Page 126

Answer:-
- Agree the opening trade payable balance with the last year’s closing
balance to ensure correct value is carried down.

- Compare trade payables with the prior years and industry averages and
discuss with the management and investigate the significant variations.

- Calculate trade payable days and compare over the past years and
industry averages and investigate the significant difference.

- Review the post year-end payments and follow in the pre-year-end

payable balance to ensure the correct valuation at year-end.

- Agree the payable balance with the statements sent by the suppliers.

- With the permission of client, send the positive confirmation letter to

the suppliers to confirm the year end payable balance.

- For any payments made during the year, agree the amounts from the
cash book/bank statements.

- Agree the closing trade payable balance in the ledger, trial balance, draft
financial statements to ensure completeness of records.

- Recalculate the entire payable list/ledgers to verify the mathematical

accuracy of figures.

- Review the adequacy of disclosures in the notes related to the trade

payables.

Substantive Procedures – 11 2 By:- Haris Hanif

 Page 127

Employment tax payable

Substantive Procedures – 11 3 By:- Haris Hanif

 Page 128

Answer:-
- Perform analytical procedures by comparing the employment tax
payable over the previous years and investigate unusual difference for
reasonableness test.

- Obtain the employment tax calculations records to ensure that tax was
deducted as per the current active tax rates/slabs.

- Agree the year-end employment tax payable accrual with payroll records
to verify the accurate amount recorded.

- Recalculate the employment tax to verify the mathematical accuracy of

the figures.

- Agree the amount paid to the tax authorities in the post-year-end bank
statement.

- Review the correspondence with the tax authorities for any amounts
outstanding, if yes, then verify in the year-end accrual.

- Inspect and read the notes to verify the complete disclosures of

employment tax.

Substantive Procedures – 11 4 By:- Haris Hanif

 Page 129

Sales tax payable

Substantive Procedures – 11 5 By:- Haris Hanif

 Page 130

Answer:-
- Obtain the sales invoices sent to the customers and ensure that sales tax
was charged as per the active rate in the current year.

- Perform the analytical procedures by comparing the sales tax with the
previous years and investigate the significant variations for
reasonableness test.

- Inspect the liability record to ensure that sales tax liability is accounted
for as current liability to test the classification.

- Agree the sales tax paid in the post year end bank statement.

- Review the correspondence with the tax authorities for any amounts
outstanding, if yes, then verify in the year-end accrual.

- Recalculate the sales tax liability to verify the mathematical accuracy.

- Agree the year-end sales tax liability to the tax return submitted to the
sales tax authority to verify the accurate amount.

- Review the notes to the accounts to verify the complete disclosures of

the sales tax liability.

Substantive Procedures – 11 6 By:- Haris Hanif

 Page 131

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Accrued expenses
- Accrued Wages

Accrued expenses

Substantive Procedures – 12 1 By:- Haris Hanif

 Page 132

Answer:-
- Obtain the list of all accrued expenses and confirm the items related to
the business norms/activities and ensure items are related to revenue
expenditures.

- Compare accrued expenses over the past years and discuss with the
management and investigate the significant variations.

- For actual accrued expense, agree the amounts from the invoices issued
by the suppliers.

- For accrued expenses estimated, discuss with the management the basis
of estimations and ensure the assumptions are reasonable and can be
relied upon and also analyse the variation level from the prior years to
ascertain reliability of estimated accrual.

- Recalculate all the accrued expenses to verify the mathematical accuracy

of figures.

- Agree the accrued expenses in the profit/loss as expense charged and

payable as at year-end.

- Review post year end payments and follow in the pre-year-end accruals
to verify the valuation.

- Review the adequacy of disclosures related to accrued expenses in the

notes to the accounts.

Substantive Procedures – 12 2 By:- Haris Hanif

 Page 133

Accrued Wages

Substantive Procedures – 12 3 By:- Haris Hanif

 Page 134

Answer:-
- Obtain the total payroll expenses and compare with the prior years and
investigate the significant variations.

- Perform proof-in-total calculations by multiplying average number of

employees with average wage rate and compare with the payroll
expense actually charged and investigate the significant variations.

- Obtain the payroll calculations and ensure appropriate and valid

statutory deductions were made, like employment tax as per active tax
rate of the year and accounted for as CL at year-end.

- Agree the payroll amounts in the profit/loss as expense charged and

payable at the year-end.

- Agree the net amounts (gross pay less deductions) in the post year end
bank statements.

- Review the notes to the accounts and ensure complete disclosures are
made related to the accrued wages.

Substantive Procedures – 12 4 By:- Haris Hanif

 Page 135

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Bank Loan (NCL)

Substantive Procedures – 13 1 By:- Haris Hanif

 Page 136

Substantive Procedures – 13 2 By:- Haris Hanif

 Page 137

IAS – 37 (Provision, liabilities and contingencies)

Substantive Procedures – 13 3 By:- Haris Hanif

 Page 138

Question
Zota limited is manufacturing company and its financial reporting year-end is
31st December 20X2. In the last year there was a legal case filed against the
copyright with the provision estimated $10,000 as at 31st December 20X1.
The case is still pending and provision amount reported $15,000 in the draft
financial statements of 20X2.
Required:-
Describe the substantive procedures the auditor should perform to obtain
sufficient and appropriate audit evidence in relation to the legal case.

Substantive Procedures – 13 4 By:- Haris Hanif

 Page 139

Substantive Procedures – 13 5 By:- Haris Hanif

 Page 140

Describe substantive procedures the auditor should perform to obtain

sufficient and appropriate audit evidence in relation to:-
- Revenue/sales
- Purchases

Revenue/Sales

Substantive Procedures – 14 1 By:- Haris Hanif

 Page 141

Answer:-
– Obtain the sample of customers’ P.O.s and sent invoices to verify that
sales transactions were genuinely occurred in the period.

– Perform analytical procedures by comparing the overall level of revenue

against prior years and budget and investigate any significant
fluctuations.

– Calculate the gross margin for Company and compare this to the prior
year and investigate any significant fluctuations.

– Perform proof in total by multiplying the average units sold with the
average selling price and compare with the reported sales figure and
investigate the significant variations.

– Select a sample of sales invoices for larger customers and recalculate the
discounts allowed to ensure that these are accurate and agree the cash
discounts given as expense in the income statement.

– Recalculate for a sample of invoices that the sales tax has been correctly
applied to the sales invoice as per the current sales tax % and ensure
that sales amount is net off sales tax.

– Select a sample of customer orders and agree these to the despatch

notes and sales invoices through to inclusion in the sales ledger, trial
balance to ensure completeness of revenue.

– Select a sample of despatch notes both pre and post the year end, follow
these through to sales invoices in the correct accounting period to
ensure that cut-off has been correctly applied.

– For any sales return, select a sample of credit notes issued after the year
end and follow through to sales invoice to ensure the returns were
recorded in the proper period.

Substantive Procedures – 14 2 By:- Haris Hanif

 Page 142

Purchases

Substantive Procedures – 14 3 By:- Haris Hanif

 Page 143

Answer:-
- Compare the total purchases with the past years and with budget and
investigate the significant variations.

- Calculate the gross margin and compare with the past years and
investigate the significant variations.

- Perform proof in total by multiplying the average purchases and average

purchase price and compare with the reported figure of purchases and
investigate the significant variations.

- For any cash discounts received like on larger purchase, recalculate it

and agree it as other income.

- Obtain the P.O.s sent and GRNs for the evidence of goods received and
agree in the ledger, trial balance and draft financial statements to
ensure completeness of records.

- For any amounts paid during the year, agree the amounts paid in the
bank statement/cash book.

– Select a sample of GRNs both pre and post the year end, follow these
through to purchase orders in the correct accounting period to ensure
that cut-off has been correctly applied.

– For any purchase return, select a sample of debit notes sent and credit
notes received after the year end and follow through to purchase
invoice to ensure the returns were recorded in the proper period.

Substantive Procedures – 14 4 By:- Haris Hanif

 Page 144

GENERAL SUBSTANTIVE PROCEDURES – (Assertions Specific)

Procedure – on COMPLETENESS of INCOME/REVENUE
- Perform analytical procedure by comparing the revenue from the past years and discuss with the
management and investigate the significant difference.

- Obtain the list of customers, sent GDNs and invoices and cast to confirm the completeness.

- Perform proof in total calculation, obtaining the units sold and multiply with the average selling
price and compare with the reported revenue and discuss and investigate the significant difference.

- Calculate GP margin and compare with the past years and industry averages and investigate the
significant difference.

- Agree the total revenue in the receivable ledger, control account and trial balance to confirm
completeness.

- Obtain the sales records and contracts and ensure revenue is completely recorded for all those
orders whose performing conditions are met as per IFRS-15.

Procedures – on VALUATION of Receivables

- Perform analytical procedure on receivable by comparing over the past years and investigate the
significant difference and also discuss with the management.

- Inspect the aged receivable analysis and discuss with the management whether any allowance is
needed.

- Calculate the receivable collection period and compare with the past years and investigate the
significant difference and also consider and discuss the need for any allowance.

- Review the correspondence of the company with the customers to identify the disputed balance or
balance unlikely to be paid.

- Review the post-year-end cash receipts and follow in the pre-year-end receivable balance.

- Obtain the positive confirmation from the customers with the permission of management to
confirm the year-end balance of receivable.

- Recalculate the total receivables to verify the accurate valuation at year-end.

- Perform proof in total, estimate the allowance of receivable and compare with that of management
and consider to discuss and investigate the significant difference.

Assertions Specific Substantive 1 By:- Haris Hanif

 Page 145

Procedures – on EXISTENCE of receivables

- Obtain the positive confirmation from the customers with the permission of management to
confirm the year-end balance of receivable.

- Review the correspondence of the company with the customers to identify the disputed balance or
balance unlikely to be paid.

- Obtain the P.O.s from the customers and sent invoices and GDNs to look for the signature of
customers.
Procedures – RIGHTS and OBLIGATIONS of receivables
- Obtain the P.O.s of customers and sent invoices and see the name of the customers on it.

- Review the GDNs sent and see the signature of evidence of goods despatched to them.

- Obtain the positive confirmation from the customers with the permission of management to
confirm the year-end balance of receivable.

- Review the agreement with any factor organisation whether any receivables were sold to them.
Procedures – on VALUATION of payables
- Perform analytical procedure on the payables by comparing over the past years and investigate the
significant difference.

- Agree the opening balance with the last year closing balance to ensure exact amount is carried
down.

- Calculate the payable days and compare with the past and industry averages and discuss and
investigate the significant differences.

- If any amount is paid during the year, agree the paid amount in the cash book.

- Obtain the supplier statement to agree the year-end payable balance.

- Send the positive confirmation letter to the supplier to confirm the year-end payable balance.

- Review the post-year-end cash payment record and follow in the year-end payable balance.

Assertions Specific Substantive 2 By:- Haris Hanif

 Page 146

Procedure – on Cut – off of sales.

- Obtain the GDNs sent before and after year-end and follow in the receivable ledger, sales records
to ensure it is recorded in the correct time period.

- Obtain the sale agreement and see the date when then performing obligations were met and
follow the sales in the correct accounting period.

- Perform analytical procedure by comparing the revenue from the past years and discuss with the
management and investigate the significant difference.

- Calculate GP margin and compare with the past years and industry averages and investigate the
significant difference.

Procedures – on PAYROLL
- Perform analytical procedures on payroll by comparing over the past years and discuss and
investigate the significant difference.

- Perform proof in total calculation on payroll by multiplying number of employees with average
wage rate and compare with the reported payroll expense and discuss and investigate the
significant difference.

- Obtain the payroll records and ensure that all statutory deductions were deducted.

- Obtain the payroll records and agree it as expense in the income statement.

- Agree the wages paid in the bank statement and agree with the payroll records.

- Obtain and recalculate the payroll calculations to verify the mathematical accuracy of figures.

- Review the notes to the accounts to ensure the necessary and complete disclosure of payroll.

Assertions Specific Substantive 3 By:- Haris Hanif

 Page 147

Procedures – on VALUATION of Inventory

- Obtain the breakdown of inventory standard cost and agree it includes DM, DL, P-OHs.

- Agree the cost of DM with the invoices, labour cost from payroll records and discuss with
management how overheads are estimated and ensure basis are reliable.

- Compare standard cost with the actual cost to ensure standard cost is close approximated to the
actual cost.

- Compare inventory value over the prior years and investigate the significant variations.

- Calculate inventory turnover days and compare over the prior years and investigate the significant
differences.

- Review the inventory records for slow moving inventories and discuss with the management
whether it should be written down.

Assertions Specific Substantive 4 By:- Haris Hanif

 Page 148
Planning Stage and Risk Assessment

Planning and Risk Assessment 1 By:- Haris Hanif

 Page 149
TWO qualities expected from the AUDITOR
(1) Professional Scepticism
- Ability to cast doubt
- Ability to ask question
- Should be neutral and alert all the times
- Should assume that management is neither honest nor dishonest
- should NOT believe that FS would be either correct or wrong, instead should assume that there
may be:-
o Error
o Fraud
o Every genuine

(2) Professional Judgment

It means application of the acquired knowledge and skills in the given circumstances, examples may
include where professional judgement is used:-
- While assessing the risk
- While deciding the materiality
- While deciding the team size
- While designing sample, procedures etc.

AUDIT RISK MODEL

Audit Risk includes:-
1. Inherent Risk
2. Control Risk
3. Detection Risk

Planning and Risk Assessment 2 By:- Haris Hanif

 Page 150

Planning and Risk Assessment 3 By:- Haris Hanif

 Page 151
Inherent Risk (IR)
There is a risk that there may be misstatements in the financial statements assertions of account balance,
transactions, disclosures and those misstatements may be material either individually or in aggregated with
other misstatements, before internal controls.
Examples:-
– Events or transactions that involve significant accounting estimates
– The application of new accounting standards
Control Risk (CR)
There is a risk that internal controls of the client entity are not capable to prevent, detect and correct the
misstatements in the financial statements assertions of account balance, transactions, disclosure and those
misstatements may be material either individually or in aggregated with other misstatements.
Examples:-
– A lack of personnel with appropriate accounting skills
– Installation of significant new IT systems related to financial reporting
Detection Risk (DR)
There is a risk that audit procedures of the auditor are not be able to detect the material misstatements either
individually or in aggregated with other misstatements that may be present in the financial statements
assertions of account balance, transactions, disclosures.
Examples:-
(a) Sampling Risk
The selected sample of the auditor may not contain the misstatements and the ignored sample may
contain the misstatements.

(b) Non-sampling Risk

The risk other than the sampling risk:-

 Limited/shortage of audit staff

 Poor audit – procedures
 Limited time
 Poor audit motivation
 Lack of trained audit staff

Planning and Risk Assessment 4 By:- Haris Hanif

 Page 152
NOTE:-

AUDIT RISK (AR)

There is a risk that auditor’s opinion may be inappropriate (wrong) when the financial statements are
materially misstated either individually or in aggregated manner.

Planning and Risk Assessment 5 By:- Haris Hanif

 Page 153

AUDIT RISKS
Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial
Statements
Company is doing research and
development.

Large amount of inventory units

at year end.

Company had received advance

payments from customers.

Directors’ bonuses based on the

profits or assets or any
accounting figure.

Company had spent amounts on

marketing.

Audit Risk - examples 1 By:- Haris Hanif

 Page 154

Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial

Statements
Company had sold NCA.

Receivable balances were higher

than the last year.

Company had revalued land and

buildings.

Company had given training to

staff for the operation of
machines.

Audit Risk - examples 2 By:- Haris Hanif

 Page 155

Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial

Statements
Goods ordered just before the
year-end (last week) and not yet
received by the year end.

Company is using standard

costing to value the stock.

Company had issued shares.

Company is facing the going

concern doubt (only doubt), not
confirmed to be shut down.
Examples:-
 Falling profits.
 Cash issues.
 Negative financial ratios.
 Key staff left.
 Key supplier left.
 Key customer left.
 Any major accident.
 Severe legal case.

Audit Risk - examples 3 By:- Haris Hanif

 Page 156

Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial

Statements
Company had increased the life
of the machine (NCA).

Company had recalled the

products. (means buy back) once
sold, like products were
defective.

Company is intending to give

bonus once FS are finalized, that
is, after the year-end.

Some frauds were noticed by the

company’s management.

Sales were returned after the

year-end, those sales were
related to the REPORTING YEAR.

Audit Risk - examples 4 By:- Haris Hanif

 Page 157

Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial

Statements
Company had decided to make
some staff redundant before the
year-end.

Company had accidently

recorded the sales of next year to
the REPORTING YEAR.

Company had made the sales on

the basis of RETURN.

Company had obtained the

BANK-LOAN for long term.

Customers complains are

increasing during the year.

Company had issued Redeemable

preference shares.

Audit Risk - examples 5 By:- Haris Hanif

 Page 158

Matters Correct Treatment Risk of wrong treatment IMPACT ON Financial

Statements
Company is not counting the
inventory at the year-end.

Company had launched new

accounting software and
accounting data is transferred to
the new system.

Directors wants audit to be

complete earlier this year.

First year audit/New Client.

Company has 50 sites where

inventories are held.

Company had outsourced the

TAX/PAYROLL or any accounting
work to other organization.

Audit Risk - examples 6 By:- Haris Hanif

 Page 159

ISA – 330 (The Auditor’s Responses to assessed risks)

Overall Response Assertion Level Response

Audit Risk and Risk Response 1 By:- Haris Hanif

 Page 160

EXAM FOCUS

Required:
Describe the audit risk and explain the auditor’s
response in planning the audit.

ANSWER:

AUDIT RISK AUDITOR’S RESPONSE

Audit Risk and Risk Response 2 By:- Haris Hanif

 Page 161

Audit Risk and Risk Response 3 By:- Haris Hanif

 Page 162

EXAMPLE # 1:
ABC limited had sold its machine.

Audit Risk and Risk Response 4 By:- Haris Hanif

 Page 163

EXAMPLE # 2:
Directors’ bonus is based on the profit figure.

Audit Risk and Risk Response 5 By:- Haris Hanif

 Page 164

ISA 315 – Understanding Client Entity and its environment

WHAT to understand?
- Nature of the business and the activities in the business
- Range of the products
- Applicable accounting standards
- Internal control system
- Regulatory environment
- Level of competition in the industry

WHY to understand?
- To identify and assess the risk of the material misstatements
- To decide the level of materiality
- To design the sample size, audit procedures
- To decide the number of audit staff, any expert needed

HOW to understand?
- Inquiries and discussion with the management
- Observing the client entity
- Referring the previous years working papers
- Reading and analyzing the Financial statements
- Preliminary analytical procedures
- Independent inquiries about the client entity
NOTE:-

Understanding entity and its environment 1 By:- Haris Hanif

 Page 165

EXAM FOCUS
Identify FIVE sources of information relevant to gain an understanding and
describe how this information will be used by the auditor.
(4 – 5 marks)

ANSWER:
- Detailed discussion with the management. This is likely to help the auditor
to understand the nature of business, product range, business activities etc.

- Reading the past financial statements. This is likely to facilitate the auditor
to understand the accounting standards applicable on the client entity.

- Preliminary analytical procedures. This is likely to facilitate the auditor to

compare the financial statements and analyse for the risk of material
misstatements that may be present.

- Reviewing the previous working papers. This may facilitate the auditor to
understand about the controls and any deficiency in the controls in the past
and accordingly focusing on the matters in the current year.

- Independent inquiries. This may assist the auditor to know the reputation
of client, its integrity, reliability of the client and ascertain that figures in
the financial statements can be relied upon.

Understanding entity and its environment 2 By:- Haris Hanif

 Page 166

ISA – 320 (Materiality)

Materiality
Information is said to be material if its omission or distortion can affect the
decision making of the user.
Note:-

Note:-
The auditor’s determination of materiality is a matter of professional judgment,
and is affected by the auditor’s perception of the financial information needs of
users of the financial statements. In this context, it is reasonable for the auditor to
assume that users:
 Have a reasonable knowledge of business and economic activities and
accounting and a willingness to study the information in the financial
statements with reasonable diligence;
 Understand that financial statements are prepared, presented and audited
to levels of materiality;
 Recognize the uncertainties inherent in the measurement of amounts
based on the use of estimates, judgment and the consideration of future
events; and
 Make reasonable economic decisions on the basis of the information in the
financial statements.

Materiality 1 By:- Haris Hanif

 Page 167

Misstatement (material)
“Misstatement, including omissions, are considered to be material if they,
individually or in aggregate, could reasonably be expected to influence the
economic decision of the users taken on the basis of the Financial statement.”
Materiality helps the auditor to decide:-
- The sample size and number of items to examine.
- Which item to examine.
- Audit staff members.
- Expected time to examine the items in financial statements.
- What level of misstatement can affect the opinion of the auditor.

Note:-

Materiality 2 By:- Haris Hanif

 Page 168

(1) Quantitative Materiality

This is the monetary amount of materiality set by the auditor and it is further
categorized into two:-
(a) Overall materiality
The materiality level for the financial statements as a whole and is based
on the financial threshold to guide audit planning and procedures.
Benchmark thresholds are:-

5% --- 10% PBT 0.5% --- 1% of Revenue

1% --- 2 % Total assets 2% --- 5% of Net assets

0.5% --- 1% of GP 5% --- 10% of PAT

(b) Performance Materiality

The amount set by the auditor at less than materiality for the financial statements
as a whole to reduce to an appropriately low level the probability that the
aggregate of uncorrected and undetected misstatements exceeds materiality for
the financial statements as a whole.
Planning the audit solely to detect individually material misstatements overlooks
the fact that the aggregate of individually immaterial misstatements may cause
the financial statements to be materially misstated, and leaves no margin for
possible undetected misstatements.

Materiality 3 By:- Haris Hanif

 Page 169

How to determine performance materiality?

The determination of Performance Materiality involves the exercise of
professional judgement and is not a simple mechanical calculation. We determine
performance materiality by deducting from materiality the total amount of
uncorrected misstatement that we anticipate identifying and that we believe
management will not correct in the financial statements.
It is affected by the:
- Auditor’s understanding of the entity and its environment
- Nature and extent of misstatements identified in previous audits and
thereby auditor’s expectation in relation to misstatements in the current
period
- The reliability of Entity’s internal control over financial reporting
- Increased engagement risk
- Any changes in the business

Example:
The Engagement Partner has determined Materiality for Company A amounting
to $5,000,000 for the current period audit and the engagement team is about to
determine performance materiality next. Company is engaged in the trading of
high brand clothes and there have been no significant changes in the entity’s
business, internal control, risks of material misstatement or management. The
entity has been our client for the last five years and the uncorrected
misstatements is approximately $1,500,000 in the prior years.
The engagement team determines performance materiality to be $3,500,000
($5,000,000 - $1,500,000).

Materiality 4 By:- Haris Hanif

 Page 170

Note:-
Materiality level for particular class of transaction, account balance and
disclosure
If, in the specific circumstances of the entity, there is one or more particular
classes of transactions, account balances or disclosures for which misstatements
of lesser amounts than materiality for the financial statements as a whole could
reasonably be expected to influence the economic decisions of users taken on the
basis of the financial statements, the auditor shall also determine the materiality
level or levels to be applied to those particular classes of transactions, account
balances or disclosures.
Some FACTORS are considered that may indicate the need for one or more
particular classes of transactions, account balance, disclosures, like:-

Materiality 5 By:- Haris Hanif

 Page 171

(2) Qualitative Materiality

 Matter is considered
 Amount is ignored
 Amount may be even higher or lower than the quantitative threshold
 It is a matter of professional judgement of the auditor.

USE of Materiality
Planning

Performing

Concluding

Materiality 6 By:- Haris Hanif

 Page 172

NOTE:-
- Materiality is determined during the planning stage, however if actual
scenarios are different then materiality level needs to be revised
accordingly.

- Auditors are also required to document everything related to the

materiality, like:-

 Quantitative thresholds.
 Qualitative aspects
 Any revision, reasons/justifications.

Materiality 7 By:- Haris Hanif

 Page 173

Exam Focused
Explain the concepts of materiality and performance materiality in accordance with ISA 320
Materiality in planning and performing the audit. (4 – 5 marks)

Answer
Misstatement, including omissions, are considered to be material if they, individually or in
aggregate, could reasonably be expected to influence the economic decision of the users taken
on the basis of the Financial statement.
Auditor determines the materiality by size (quantitative) and/or by nature (qualitative) or
combination of both. Quantitative materiality is determined as overall materiality which is the
materiality for the financial statement as a whole and is based on the benchmark %s under ISA
320 like 5% PBT, 1% revenue or total assets and deciding the benchmark % is a matter of
auditors’ professional judgement and also affected by auditors’ perception of financial
information, need of the users of financial statements, perceived level of risk in the financial
statements, that is, higher the risk, lower is the materiality level.
Point to be noted is that the total (aggregated) misstatements should NOT exceed the overall
materiality otherwise auditor should ask the management to correct those misstatements.
Auditor also determines the performance materiality which is the amount set by the auditor at
less than materiality for the financial statements as a whole to reduce to an appropriately low
level the probability that the aggregate of uncorrected and undetected misstatements exceeds
materiality for the financial statements as a whole.

Hence the performance materiality is set at the lower than the overall materiality for the
financial statements as a whole and is used for testing the individual transactions, account
balance, disclosures. The aim of performance materiality is to reduce the risk that total of all
the errors in balances, transactions, disclosures exceed the overall materiality.
In materiality ,the auditor also consider the qualitative aspect (nature) which is the non-
financial and in that, amount is ignored, the amount may be even higher or lower than the
monetary threshold, but only the matter is considered which is again the matter of the
auditors’ judgement like any legal proceedings.
Materiality is decided in the planning stage of the audit and if real circumstances are different
then it needs to be revised accordingly and auditor is required to document all the details of
the materiality as part of the working papers.

Materiality 8 By:- Haris Hanif

Page 174
 Page 175
Kangaroo Construction – June 2013
You are the audit senior of Rhino & Co and you are planning the audit of Kangaroo

Construction Co (Kangaroo) for the year ended 31 March 20X3. Kangaroo specialises in building houses and provides a
five‐year building warranty to its customers. Your audit manager has held a planning meeting with the finance director.
He has provided you with the following notes of his meeting and financial statement extracts:

Kangaroo has had a difficult year; house prices have fallen and, as a result, revenue has dropped. In order to address
this, management has offered significantly extended credit terms to their customers. However, demand has fallen such
that there are still some completed houses in inventory where the selling price may be below cost. Cash flow issues have
been alleviated partly due to the requirement for customers to pay a deposit of $5,000 to secure the house they wish to
buy. The deposit is refundable until the house is 75% complete. At this stage the house is deemed to be built to the
customer’s specification and the deposit becomes non‐refundable.

During the year, whilst calculating depreciation, the directors extended the useful lives of plant and machinery from
three years to five years. This reduced the annual depreciation charge.

The directors need to meet a target profit before interest and taxation of $0.5 million in order to be paid their annual
bonus. In addition, to try and improve profits, Kangaroo changed their main material supplier to a cheaper alternative.
This has resulted in some customers claiming on their building warranties for extensive repairs. To help with operating
cash flow, the directors borrowed $1 million from the bank during the year. This is due for repayment at the end of
20X3.

Required:

(a) Calculate SIX ratios, for BOTH years, which would assist the audit senior in planning the audit of Kangaroo
Construction Co. (6 marks)

(b) Using the information provided and the ratios calculated, identify and describe SEVEN audit risks and explain the
auditor’s response to each risk in planning the audit of Kangaroo Construction Co. (14 marks)
 Page 176

Analytical Procedures – ISA 520

Analytical procedures include:-

(a) The consideration of comparison with:
— Prior comparable accounting period, in order to establish trends and patterns and
to look for the unusual fluctuations in amounts in the current financial year that
seem to inconsistent with last year.
— Anticipated results of the entity, that is to compare the actual results with the
budget or forecast from the side of the entity so that differences could be identified
with a view to seek explanations, if differences are material.
— Expected results, it means that comparing the actual results with the expectations
of the auditor.
— Industry information, auditors can use industry information in order to evaluate the
actual performance of the client entity, for example through published financial
statements of the companies within the same industry.
(b) Those between elements of financial information that are expected to conform to a
predicted pattern based on the entity's experience, such as the relationship of gross profit to
sales.
(c) Those between financial information and relevant non-financial information, such as the
relationship of payroll costs to number of employees.

Related Items.  Payables and purchases

 Inventories and cost of sales
 Non-current assets and depreciation, repairs and maintenance
expense
 Intangible assets and amortisation
 Loans and interest expense
 Investments and investment income
 Receivables and bad debt expense
 Receivables and sales

Analytical Procedures 1 By:- Haris Hanif

 Page 177

Techniques of analytical procedures:-

 Ratio Analysis

 Examining related accounts

 Trend Analysis

 Reasonable test

Examples of unusual items

Note:-
Acceptable difference

Analytical Procedures 2 By:- Haris Hanif

 Page 178

Analytical Procedures and Financial statements Assertions

Analytical procedures provide the evidence on:-

- All assertions of transactions and disclosures

- All assertions of account balance and disclosures and related disclosures, except for Rights
and Obligations.

Examples:-
Transactions and related disclosures
Analytical Procedures Financial Statements Assertions
Compare current year GP margin with prior - Occurrence and completeness of
years and with industry trends. revenue
- Cut-off of revenue
- Accuracy of revenue
- Occurrence and completeness of cost
of sales
- Accuracy of cost of sales
- Classification of cost of sales

Compare current year effective tax charge with - Accuracy of tax expense
the applicable rate of corporation tax for the - Completeness of tax expense and
period. disclosures
Perform proof in total of payroll (based on - Occurrence and completeness of
number of employees multiplied by average payroll expense
wage) - Accuracy of payroll expense
- Cut-off of payroll expense

Account balance and related disclosures

Analytical Procedures Financial Statements Assertions
Compare current year receivable collection - Existence and completeness of trade
period to that of prior year. receivable
- Accuracy, valuation and allocation of
trade receivable
- Accuracy, valuation and allocation of
provision for irrecoverable receivables
Calculate current year ratio and compare with - Existence and completeness of current
that of prior year. assets
- Accuracy, valuation and allocation of
current assets
- Existence and completeness of current
liabilities
- Accuracy, valuation and allocation of
current assets
- Presentation of going concern
disclosures

Analytical Procedures 3 By:- Haris Hanif

 Page 179

Usage of Analytical Procedures

Note:- ISA 520 states that when using analytical procedures as substantive test, auditor must:-

Analytical Procedures 4 By:- Haris Hanif

 Page 180

Fraud – ISA 240

Fraud is an intentional act by one or more individuals among management, those charged with
governance, employees or third parties, involving the use of deception to obtain an unjust or illegal
advantage.

Two types of Fraud

(1) Misappropriation of Assets

(2) Fraudulent financial reporting

NOTE: - There may be misstatement in the financial statements either due to ERROR or FRAUD.

FRAUD RISK FACTORS

Some factors which cast doubt that a person may be involved in fraud;

Fraud 1 By:- Haris Hanif

 Page 181

Director’s responsibilities related to FRAUD

Directors are primarily responsible for prevention and detection of fraud and responsibilities
include:-
- Implementing the effective system of control; reducing the opportunities of fraud and
increasing chances of detection of fraud (if any) and punishment to the people involved in
the fraud.
- Creating the culture of honesty, ethical behaviour.

NOTE:-
Audit committee should review these procedures to ensure they are in place and working
effectively.

Fraud and Internal Auditors

Internal auditors can help management fulfil their responsibilities in respect of fraud and error.
Typical functions the internal auditor can perform include:

• Testing the effectiveness of the internal controls at preventing and detecting fraud and error
and provide recommendations for improvements to the controls.
• Performing fraud investigations to:
– identify how the fraud was committed
– identify the extent of the fraud
– provide recommendations on how to prevent the fraud from happening again.
• Performing surprise asset counts to identify misappropriation.

The presence of an internal audit department may act as a deterrent to fraud in itself as there is a
greater chance of being discovered.

AUDITOR’S responsibilities related to FRAUD

Auditor has two responsibilities related to the fraud:-

(1) Assessment of risk of material misstatements due to fraud.

(2) Responding to the assessed risk

Fraud 2 By:- Haris Hanif

 Page 182

(1) Assessment of risk of material misstatements due to fraud.

Auditor should:-

- Obtain reasonable assurance that financial statements are free from material
misstatements, whether caused by error or fraud.
- Apply professional scepticism and remain alert to the possibility that fraud may take place.
- Consider the possibility of management override of controls

PROCEDURES:-

(2) Responding to the assessed risk

PROCEDURES:-

- Review journal entries to identify any manipulated figure

 Focus on unusual activity
 Any unauthorised recorded transaction
 Any adjustments made at the end of the period.

- Review the management’s estimates

 Evaluate the reasonableness of judgments and identify any bias.
 Review any retrospective adjustments reflected in the prior year.

- Review any transaction outside the normal course of the business.

Fraud Reporting
Auditor should consider to report to the fraud to the appropriate channel:-

If fraud:-

- By the staff ---------------->

- By the management ---------------->

- By the BOD ---------------->

Fraud 3 By:- Haris Hanif

 Page 183

Written representation:-
Written representation should be taken from management related to the fraud:-

- Acknowledgment that management is responsible for prevention and detection of fraud.

- Management has disclosed to auditor the results of management’s fraud risk assessment.
- Management has disclosed to auditor any known/suspected fraud.
- Management has disclosed to auditor any allegation of fraud affecting the financial
statements.

Exam Focused

State the auditor’s responsibility in relation to the prevention and detection of fraud.

Auditor must conduct an audit in accordance with ISA 240 The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements and are responsible for obtaining reasonable assurance
that the financial statements taken as a whole are free from material misstatement, whether caused
by fraud or error.

In order to fulfil this responsibility, the auditor is required to identify and assess the risks of material
misstatement of the financial statements due to fraud.

They need to obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses. In addition,
the auditor must respond appropriately to fraud or suspected fraud identified during the audit.

When obtaining reasonable assurance, the auditor is responsible for maintaining professional
scepticism throughout the audit, considering the potential for management override of controls and
recognising the fact that audit procedures which are effective in detecting error may not be effective
in detecting fraud.

To ensure that the whole engagement team is aware of the risks and responsibilities for fraud and
error, ISAs require that a discussion is held within the team. For members not present at the
meeting, the audit engagement partner should determine which matters are to be communicated to
them.

If fraud is detected, the auditor must report this to management and those charged with
governance.

Fraud 4 By:- Haris Hanif

 Page 184

Laws and Regulations – ISA 250

Responsibilities of management – related to LAWS and REGULATIONS

It is the responsibility of management, with the oversight of those charged with governance, to
ensure that the entity's operations are conducted in accordance with relevant laws and regulations,
including those that determine the reported amounts and disclosures in the financial statements.

Responsibilities of the auditor – related to LAWS and REGULATIONS

The auditor must perform audit procedures to help identify non-compliance with laws and
regulations that may have a material impact on the financial statements.

TWO categories of Laws and regulations Auditor’s Responsibilities

(1) Those that affects the financial statements The auditor should obtain the sufficient and
directly. appropriate evidence about the compliance
with laws and regulations.

(2) Those which do NOT affect the financial Assess the level of materiality and auditor
statements directly. should identify the non-compliance by suitable
audit procedures.

Audit procedures to identify instances of non-compliance

- Obtaining a general understanding of the legal and regulatory framework applicable to the
entity and the industry, and of how the entity is complying with that framework.
- Enquiring of management and those charged with governance as to whether the entity is in
compliance with such laws and regulations.
- Inspecting correspondence with relevant licensing or regulatory authorities.
- Remaining alert to the possibility that other audit procedures applied may bring instances of
non-compliance to the auditor's attention.
- Obtaining written representation from the directors that they have disclosed to the auditors
all those events of which they are aware which involve possible non-compliance, together
with the actual or contingent consequences which may arise from such non-compliance.

Laws and Regulations 1 By:- Haris Hanif

 Page 185

Investigations of possible non-compliance

When the auditor becomes aware of information concerning a possible instance of non-compliance
with laws or regulations, they should:

- Understand the nature of the act and circumstances in which it has occurred.
- Obtain further information to evaluate the possible effect on the financial statements.

Audit procedures when non-compliance is identified

- Enquire of management of the penalties to be imposed.
- Inspect correspondence with the regulatory authority to identify the consequences.
- Inspect board minutes for management's discussion on actions to be taken regarding the
non-compliance.
- Enquire of the company's legal department as to the possible impact of the non-compliance.

Reporting non-compliance

Laws and Regulations 2 By:- Haris Hanif

 Page 186

Exam focused
Explain the responsibilities of management and auditors in relation to compliance with law and
regulations under ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements.

Answer
Under ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements,
management have a responsibility to ensure that the operations of the company are conducted in
accordance with the provisions of laws and regulations. This includes compliance with laws and
regulations that determine amounts and disclosures in financial statements, including tax liabilities
and charges.

Auditors are not responsible for preventing non-compliance with laws and regulations, and cannot
be expected to detect non-compliance with all laws and regulations. They have a responsibility to
obtain reasonable assurance that the financial statements are free from material misstatement,
whether caused by fraud or error.

Auditor’s responsibility differs in relation to the two different categories of laws and regulations
identified below:

– Laws and regulations which have a DIRECT effect on the determination of material amounts and
disclosures in financial statements. Here the auditor is responsible for obtaining sufficient
appropriate audit evidence regarding compliance.

– Laws and regulations which DO NOT HAVE A DIRECT EFFECT on the determination of material
amounts and disclosures in financial statements, but may impact the entity’s ability to continue to
trade. Here the auditor’s responsibility is limited to specified audit procedures to help identify non-
compliance with those laws and regulations that may have a material effect on the financial
statements. This includes inquiring with management whether the entity is in compliance with such
laws and regulations, and inspecting correspondence with relevant licensing or regulatory
authorities.

Auditor also has a responsibility to remain alert, by maintaining professional scepticism, to the
possibility that other audit procedures may bring instances of identified or suspected non-
compliance with laws and regulations.

Laws and Regulations 3 By:- Haris Hanif

Page 187
Page 188
 Page 189

Audit Planning 1 By:- Haris Hanif

 Page 190

Audit Planning (ISA 300 – Planning an audit of financial statements)

Auditors formulate an overall audit strategy which will then be translated into a detailed audit plan
for the purpose of guidelines for the staff to follow so that the audit will be performed in a
professional manner.

AUDIT STRATEGY:
The overall audit strategy sets the scope, timing, and direction of the audit, and guides the
development of the more detailed audit plan. Following are the matters that may be considered in
establishing the overall audit strategy:
(1) Characteristics of the Engagement:
 Financial reporting framework
 Industry-specific reporting requirements
 Expected audit coverage
 Nature of business segments
 Availability of internal audit work
 Use of service organisations
 Effect of information technology on audit procedures
 Availability of client personnel and data
(2) Reporting objectives, timing of the audit and nature of communications:
 Entity's timetable for reporting
 Organisation of meetings with management and those charged withgovernance
 Discussions with management and those charged with governance
 Expected communications with third parties

(3) Significant factors, preliminary engagement activities, and knowledge gained on other
engagements:
 Determination of materiality
 Areas identified with higher risk of material misstatement
 Results of previous audits
 Need to maintain professional scepticism
 Evidence of management's commitment to design, implementation and maintenance of
sound internal control
 Volume of transactions
 Significant business developments
 Significant industry developments
 Significant changes in financial reporting framework
 Other significant recent developments
(4) Nature, timing and extent of resources:
 Selection of engagement team
 Assignment of work to team members
 Engagement budgeting

Audit Planning 2 By:- Haris Hanif

 Page 191

Audit planning and procedures should be discussed by the management or those charged with
governance/audit committee in order to co-ordinate the work, including that of internal audit.
Remember that the overall responsibility for audit strategy and planning is the matter of auditor.

AUDIT PLAN:
The audit plan converts the audit strategy into a more detailed plan and includes the nature, timing
and extent of audit procedures to be performed by engagement team members in order to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
The audit plan shall include the following:
 A description of the nature, timing and extent of planned risk assessment procedures
 A description of the nature, timing and extent of planned further audit procedures at the
assertion level
 Other planned audit procedures required to be carried out for the engagement to comply
with ISAs

The plan sets out answers to three main questions (the ‘3Ws’):
 Who will perform the audit work? (Staffing)
 When will the work be done? (Timing)
 What work is to be done? (The scope of the audit)

The planning for these procedures occurs over the course of the audit as the audit plan develops.

Examples of items included in the audit plan could be:

 Timetable of planned audit work
 Allocation of work to audit team members
 Audit procedures for each major account area (eg inventory, receivables, cash etc)
 Materiality for the financial statements as a whole and performance materiality

Any changes made during the audit engagement to the overall audit strategy or audit plan, and the
reasons for such changes, shall be included in the audit documentation.

Benefits/Reasons of Audit Planning:-

Planning the audit will give many benefits to the auditors. Audits are planned to: -

- Helping the auditor to devote appropriate attention to important areas of the audit.
- Helping the auditor to identify and resolve potential problems on timely basis.
- Helping the auditor to properly organize and manage the audit engagement so that it is
performed in an effective manner.
- Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks and proper assignment of work
to them.
- Facilitating the direction and supervision of engagement team members and the review of
the work.
- Assisting, where applicable, in coordination of work done by experts.

Audit Planning 3 By:- Haris Hanif

 Page 192

AUDIT REPORT (ISA 700) Standard

Audit Report 1 By:- Haris Hanif

 Page 193

Contents (Section of AUDIT REPORT) Explanations (purpose)

1. Title This indicates that this is the independent auditor’s
report.
2. Addressee This refers the appropriate recipients of the
auditor’s report who are members, shareholders.
3. Auditor’s opinion paragraph This is the concluding opinion of the auditor on
financial statements that it represents true and
fair view.
4. Basis for opinion paragraph This is the description that professional standards
were applied during the audit and that sufficient
and appropriate evidence were gathered on
financial statements and audit report can be relied
upon.
5. Key audit matters (ISA-701) This section describes the matters which according
to the auditor’s judgment are most significant and
should be included in the audit report.
(mandatory only for listed companies)
6. Other information (ISA-720) To clarify that management is responsible for the
other information such as the Chairman's
statement. The auditor's opinion does not cover
the other information and the auditor's
responsibility is only to read the other information
and report in accordance with ISA 720.
7. Responsibilities of management for To clarify that management is responsible for
Financial statements preparing the financial statements and for the
internal controls. Included to help minimize the
expectations gap.
8. Responsibilities of auditor for financial To clarify that the auditor is responsible for
statements expressing reasonable assurance as to whether the
financial statements give a true and fair view and
express that opinion in the auditor's report. The
section also describes the auditor's responsibilities
in respect of risk assessment, internal controls,
going concern and accounting policies. Included to
help minimize the expectations gap.

9. Other reporting responsibilities This is the reporting responsibility of the auditor

other than financial statements, which are in
accordance with the requirement of the local
legislation.
10. Name of Engagement Partner The name of the audit engagement partner who is
responsible for expressing the audit opinion.
11. Auditor’s signature The signature of the audit engagement partner
expressing the opinion, along with the firm logo.
12. Auditor’s address The official address of the audit firm, in case of any
queries.
13. Date of audit report The date when the audit report had been signed.

Audit Report 2 By:- Haris Hanif

 Page 194

ISA 701 (Key Audit Matters)

Key Audit Matters (KAM):-

These are the matters which according to the auditors’ judgment are most significant and should be
included in the standard audit report and is mandatory for listed entities. Normally the contents of the
KAM are selected from the matterscommunicated to those charged with governance.

The purpose of including these matters is to assist users in understanding the entity, and to
provide abasis for the users to engage with management and those charged with governance
about matters relating to the entity and the financial statements.

The contents of the KAM are tailored according to the scenarios of the organization. The major
point to note that this does not modify the report/opinion of the auditor.

Matters that may be included in the KAM paragraph are:-

 High risky areas.

 Effect of accounting estimates.
 Revenue recognition.
 Valuation of financial instruments.
 Fair values.
 Fraud risk areas.
 Or any other significant matter which auditor believes to be material and shall be included.

Identification the contents of the KAM paragraph require the professional judgment of the
auditor andconsidering some factors for this, like:-

 Nature of the matter

 Complexity of the matter
 Significance of the matter
 Impact on the financial statements
 Relevance for the shareholders.
If there are no key audit matters?
Presentation of KAM in the audit report - Discuss with the engagement
- Definition of KAM quality reviewer, if any.
- Explanation, why the matter is considered to be KAM. - Communicate to those charged
- How the matter was addressed in audit (procedures). with governance.

- Explain in KAM section that there

NO matters to report.
NOTE:- KAM is NOT the substitute of EOM and OM (ISA 706)

Audit Report 3 By:- Haris Hanif

 Page 195

ISA 720 (Other Information) --------> (immediately after the KAM Paragraph)

Other information is financial and non-financial information (other than the financial
statements and the auditor's report thereon) included in an entity’s annual report.

Examples of other information include the following:

 A report by management or those charged with governance on operations

 Financial summaries or highlights
 Employment data
 Planned capital expenditures
 Financial ratios
 Names of officers and directors
 Selected quarterly data
 Explanation of critical accounting estimates and related assumptions

An annual report is a document, or combination of documents, prepared typically on an annual basis by

management or those charged with governance in accordance with law, regulation or custom.

Other information is said to be misstated when other information is incorrectly stated or

otherwise misleading.

ISA 720 states that the auditor shall read the other information to identity material inconsistencies
withthe audited financial statements. If a material inconsistency is identified, the auditor shall
determine whether the audited financial statements or other information is misstated.

(a) Financial statements are materially misstated.

i. Discuss with the management and ask management to correct the
financialstatements, if corrected then conduct the review.
ii. If not corrected, then consider the impact on the audit report,
modifications asper ISA 705
(b) Other information is materially misstated.
i. Discuss with the management and ask the management to correct the
otherinformation, if corrected then review the corrections.
ii. If not corrected, then communicate this matter to those charged with
governance and also consider the impact on the audit report
(modified), or either waywithdraw from the audit engagement (where
this permitted legally).
Auditor must • Include other information section immediately after the
retain the final
Basis of opinion and include the description of
copy of Other
misstatement.
Information in
the audit file.

Audit Report 4 By:- Haris Hanif

 Page 196

Additional Communication in the Audit report

In exceptional circumstances, auditors are required to make additional communications in the audit
report, even though financial statements are true and fair.

- Material uncertainty related to going concern (ISA – 570)

- Matters under ISA – 706

o Emphasis of matter paragraph (EOM)
o Other matter paragraph (OM)
NOTE:-

It is important to note that the above mentioned additional communications do NOT modify the
financial statements, it is true and fair.

Going Concern

- If there is material uncertainty, then it should be

DISCLOSED in the notes adequately by the company.

Material uncertainty related to going concern

This paragraph is added when the client company had correctly/adequately disclosed in the notes the
matter related to the material uncertainty related to going concern.

The auditor uses this section to draw the attention of the user to the disclosure note related to material
uncertainty.

- It is added immediately after the basis for opinion paragraph.

1) Title
2) Addresses
3) Opinion paragraph
4) Basis for opinion paragraph
5) Material uncertainty related to going concern
6) ………

Audit Report 5 By:- Haris Hanif

 Page 197

Matters under ISA – 706

o Emphasis of matter paragraph (EOM)
o Other matter paragraph (OM)

Emphasis of matter paragraph (EOM)

An emphasis of matter paragraph is a paragraph included in the auditor's report that refers to a
matterappropriately presented or disclosed in the financial statements that, in the auditor's
judgement, is of such importance that it is fundamental to users' understanding of the financial
statements and that auditor should emphasise the disclosures.
Examples:-
- Uncertainty related to future outcomes of litigation or regulatory action.
- Early application of new accounting standards.
- Disclosure of significant subsequent events, like fire in the production facility.
- Major catastrophe that has significant effect on entity’s financial position.

NOTE:-
- EOM should NOT refer the going concern issues.
- Same matter should NOT be included in the KAM.
- It is placed in the audit report immediately before or after the KAM paragraph.
- It should refer the particular NOTE is the disclosure that is being referred.
- Auditor must state that his opinion related to this matter is NOT modified.

1) Title
2) Addresses
3) Opinion paragraph
4) Basis for opinion paragraph
5) Material uncertainty related to going concern
6) Emphasis of matter
7) Key audit matters
8) ……

Audit Report 6 By:- Haris Hanif

 Page 198

Other matter paragraph (OM)

An other matter paragraph is a paragraph included in the auditor's report that refers to a matter
other than those presented or disclosed in the financial statements that, in the auditor's
judgement, is relevant to users' understanding of the audit, the auditor's responsibilities or the
auditor's report.
Examples:-
- Prior year’s financial statements were not audited.
- Prior year’s financial statements were audited by another auditor.
- To communicate that auditor’s report is solely for intended users (existing shareholders),
not for others like future/potential investors, banks, etc.

NOTE:-
- Matters are other than disclosures in the financial statements.
- Same matter should NOT be included in the KAM.
- It is placed immediately after the KAM paragraph.

1) Title
2) Addresses
3) Opinion paragraph
4) Basis for opinion paragraph
5) Material uncertainty related to going concern
6) Emphasis of matter paragraph
7) Key audit matters
8) Other matter
9) ……

Audit Report 7 By:- Haris Hanif

 Page 199

Modified Opinions
Modified opinions are expressed in TWO circumstances:-

1) Financial statements are not free from material misstatements.

2) Auditor is unable to obtain sufficient and appropriate audit evidence.

Why auditor is Unable to obtain sufficient and appropriate evidence?

Limitations imposed by client entity.

Circumstances beyond the control of entity.

Circumstances relating to nature or timing of audit work.

NOTE:-

Auditors need to consider whether the matter is material only OR material and pervasive both.

Audit Report 8 By:- Haris Hanif

 Page 200

Auditor issues 3 types of modified opinions:-

(1) QUALIFIED OPINION:-

(2) ADVERSE OPINION:-

(3) DISCLAIMER OPINION:-

TWO reasons of modified opinions and THREE types of modified opinions:-

(1) Financial statements are Misstated (2) Auditor is unable to obtain sufficient and
appropriate audit evidence

If management imposed limitation of scope:-

The auditor must:-

- Request the management to remove the scope limitation.

- If management refuses, communicate to those charged with governance.
- Perform alternative audit procedures.
- Issue a qualified audit opinion, if matter is considered material but not pervasive.
- Withdraw from the audit if matter is pervasive, if withdrawal is not possible before issuing the
audit report, issue disclaimer opinion.

Audit Report 9 By:- Haris Hanif

 Page 201

NOTE:-

When auditor issues any modified opinion, then:-

- Opinion Paragraph heading should reflect the title of modified opinion.

- Basis for opinion paragraph shall also be modified.

NOTE:-

The matters which gives rise to:-

- Qualified opinion
- Adverse opinion
- Material uncertainty related to going concern.

They would NOT be described in the KAM section, instead a reference to the basis for qualified/adverse
opinion or going concern section would be included.

In case of Disclaimer opinion:-

- Other information section would not be included.

- KAM would not be included.

Audit Report 10 By:- Haris Hanif

 Page 202

Audit Report – Question

Exam Focus

Required:

Discuss each of these issues and describe the impact on the auditor’s
report if the above issues remain unresolved.

Audit Report – Question 1 By:- Haris Hanif

 Page 203

Minnie Company

The following issues have arisen during the course of the audit of Minnie Co.
Profit before tax is $10m.

(i) Depreciation
Depreciation has been calculated on the total of land and buildings. In previous
years it has only been charged on buildings. Total depreciation is $2.5m and the
element charged to land only is $0.7m.

(ii) Wages Data backed up

Minnie Co’s computerised wages program is backed up daily, however for a
period of two months the wages records and the back-ups have been corrupted,
and therefore cannot be accessed. Wages and salaries for these two months are
$1.1m.

(iii) Lawsuit
Minnie Co’s main competitor has filed a lawsuit for $5m against them alleging a
breach of copyright; this case is ongoing and will not be resolved prior to the
auditor’s report being signed. The matter is correctly disclosed as a contingent
liability.

Required:

Discuss each of these issues and describe the impact on the auditor’s report if the
above issues remain unresolved.

Audit Report – Question 2 By:- Haris Hanif

 Page 204

Answer:-

Audit Report – Question 3 By:- Haris Hanif

 Page 205

Audit Report – Question 4 By:- Haris Hanif

 Page 206

Audit Report – Question 5 By:- Haris Hanif

 Page 207

Evaluation of misstatements 1 By:- Haris Hanif

 Page 208

ISA – 450 Evaluation of misstatements

Three Types of misstatements
1. Factual misstatements

2. Judgemental misstatements

3. Projected misstatements

Evaluation of misstatements 2 By:- Haris Hanif

 Page 209

Note:-
Auditor might have asked the company to correct the misstatements
and some misstatements might be still un-corrected and in this
REVIEW STAGE, auditor is dealing with the Un-corrected
misstatements.
Auditor’s responsibility related for un-corrected misstatements
 Consider/evaluate the materiality level of un-corrected
misstatements in aggregated manner.

 If those un-corrected misstatements are material, then ask the

management to correct those un-corrected misstatements.

 If management will correct those un-corrected misstatements

then review the corrections by applying suitable procedures.

 If management will not correct those un-corrected

misstatements then explain them the impact on the audit
report.

 If management is still not correcting those un-corrected

misstatements then consider the impact on the audit report.

 Obtain the written representation from the management

regarding their treatment of un-corrected misstatements.

Evaluation of misstatements 3 By:- Haris Hanif

 Page 210

Going Concern
Going concern:-
It is defined under IAS – 1 (presentation of financial statements) as “the assumption that the enterprise
will continue in operational existence for the foreseeable future.” Normally the time period is viewed as
next 12 months.

When the going concern assumption is appropriate, assets and liabilities are recorded on the basis that
the entity will be able to realize its assets and discharge its liabilities in the normal course of business.

 Consideration of foreseeable future involves the judgment about the future

events, which are inherently uncertain.
 Uncertainty increases with time and judgment can only be made on the basis of
information available at any point – subsequent events can be changed.
 There may be circumstances in which it is appropriate to look further ahead.
This depends on the nature of the business and their associated risks.

Management responsibilities regarding going concern and the Financial Statements:-

Going concern 1 By:- Haris Hanif

 Page 211

ISA – 570 (Going Concern):-

ISA – 570 placed guidance for the external auditors to assess the management’s work on going concern
assessment along with monetary values and disclosures and to perform some audit procedures and to
consider the impact on audit report.

Indicators of going concern doubt:-

ISA – 570 includes some examples of events or conditions that may cast doubt about going concern
assumptions.

Indicators Examples
Financial  Net liability or net current liability position.
 Fixed-term borrowings approaching maturity without
realistic prospects of renewal or repayment.
 Indications of withdrawal of financial support by creditors.
 Negative operating cash flows (historical or prospective).
 Adverse key financial ratios.
 Substantial operating losses or significant deterioration in
the value of assets used to generate cash flows.
 Arrears or discontinuance of dividends.
 Inability to pay creditors on due dates.
 Inability to comply with terms of loan agreements.
 Change from credit to cash-on-delivery transactions with
suppliers.
 Inability to obtain financing for essential new product
development or other essential investments.
Operating  Management intentions to liquidate or cease operations.
 Loss of key management without replacement.
 Loss of a major market, key customers, licence, or
principal suppliers.
 Labour difficulties.
 Shortages of important supplies.
 Emergence of a highly successful competitor.
Other  Non-compliance with capital or other statutory
requirements.
 Pending legal or regulatory proceedings against the entity
that may, if successful, result in claims that the entity is
unlikely to be able to satisfy.
 Changes in laws/regulations/government policy expected
to adversely affect the entity.
 Uninsured or underinsured catastrophes when they occur.

Going concern 2 By:- Haris Hanif

 Page 212

Audit procedures – whether or not the company is going concern:-

— Analyze and discuss cash flow, profit and other relevant forecasts with management.
— Analyze and discuss the entity’s latest available interim financial statements (or management
accounts).
— Review the terms of debentures and loan agreements and determine whether they have been
breached.
— Read minutes of the meetings of shareholders, the board of directors and important
committees for reference to financing difficulties.
— Inquire of the entity’s lawyer regarding litigation and claims.
— Confirm the existence, legality and enforceability of arrangements to provide or maintain
financial support with related and third parties.
— Assess the financial ability of such parties to provide additional funds.
— Consider the entity’s position concerning unfulfilled customer orders.
— Review events after the period-end for items affecting the entity’s ability to continue as a going
concern.
— Confirm the existence, terms and adequacy of borrowing facilities.
— Obtaining and reviewing reports of regulatory actions.
— Determining the adequacy of support for any planned disposals of assets.
— Obtain the written representation from the directors regarding their opinion.

Auditors’ responsibility regarding going concern:-

ISA – 570 explained the responsibilities of the auditor in respect of going concern.

 The auditor should remain alert throughout the audit for the evidence of events/conditions that
may cast doubt on company’s ability to continue as going concern and discuss those events with
management.
 Auditors are required to consider the appropriateness of management’s use of going concern
assumptions.
 Auditors need to assess the risk that the company may be or may not be going concern.
 Obtaining sufficient and appropriate evidences that company is a going concern.
 Confirm that whether or not there any material uncertainties regarding going concern and
perform necessary audit procedures whether or not the company is going concern.
 If there is any material uncertainties exist, ensure those uncertainties are completely disclosed
and in case of it is confirmed, ensure that financial statements are prepared on break-up basis, if
there is no such actions from management, then consider the impact on audit report.

Going concern 3 By:- Haris Hanif

 Page 213

Impacts on audit report regarding going concern:-

No. Scenarios Impact on the Audit Report

1 Going concern status is valid but material
uncertainty exist and those are correctly
disclosed in the financial statements
(NOTES)

2 Going concern status is valid but material

uncertainty exist and those are NOT
disclosed in the financial statements
(NOTES)

3 Going concern status is NOT valid and

financial statements are prepared on the
basis of accruals.

4 Management is NOT assessing the going

concern status
Or
Management is NOT extending the
assessment of going concern

…………when Auditor asked to do so…

Going concern 4 By:- Haris Hanif

 Page 214

Events after the reporting period

Events after the reporting period (IAS – 10):-
There are circumstances in which there may be some events which may or may not be favourable for
the reporting entity, between the year-end date and financial statements are audited.

IAS – 10 Events after the reporting period deals with the treatment in the financial statements of events,
both favourable and unfavourable, occurring after the period-end. There are two types of events
defined by IAS – 10.

Adjusting Events Non-adjusting Events

Accounting Treatment
Accounting Treatment

Subsequent Events 1 By:- Haris Hanif

 Page 215

Subsequent Events (ISA – 560):-

Subsequent Events:-
These are the events occurring between the period-end and the date of the auditor's report and also
include facts discovered after the auditor's report has been issued.

Auditors shall consider the effect of such events on the financial statements and on their audit opinion.

Subsequent Events 2 By:- Haris Hanif

 Page 216

Between the date of Financial statements and the date of Audit report:-
Auditors are responsible for performing procedures designed to obtain sufficient and appropriate audit
evidence that all events up to the audit report are properly accounted for and procedures may include:-

— Inquire from directors if they are aware of any subsequent events that require adjustments in
the financial statements.
— Inquire of items involving any subjective judgment.
— Inquire from management about their process for the identification of subsequent events.
— Inquire from management whether there have been any sales or destruction of assets or any
change in the business structure.
— Inquire from management about any major events which may affect appropriateness of
accounting policies, for example going concern problems.
— Inspect and read minutes of the BOD/Committee meetings and inquire about any unusual items.
— Inspection of correspondence with legal advisors.
— Inquire of the progress with regards to reported provisions and contingencies.
— Perform procedures related to post reporting period work performed in order to very period
end (year-end) balances:-
 Check after date receipts from receivables.
 Inspecting the cash book for payments/receipts that were not accrued for the
year-end.
 Checking the sales price of inventories.
— Ensure that client has complied with the correct accounting treatments under IAS – 10.
— If material adjusting events are adjusted for, or material non-adjusting events are not disclosed
then ask the management to make necessary amendments to financial statements.
— If management refuses to amend financial statements, then consider the impact on audit
report. If the matter is material, then audit report will be modified with qualified opinion and in
case the matter is pervasive then it will be modified with adverse opinion.
— Obtain written representation from management stating all events requiring adjustment or
disclosure have been adjusted or disclosed.

Subsequent Events 3 By:- Haris Hanif

 Page 217

Between the date of Auditor’s report and the date the Financial statements are issued:-
— The auditor has no obligation to perform procedures, or make inquiries regarding financial
statements, after the date of the audit report.
— However if the auditor becomes aware of the facts, had it been known to the auditor before
signing audit report, audit report/opinion might have been modified, then auditor should take
actions:-
 Discuss with the management regarding the matter and determine whether the
financial statements require amendments.
 Request the management to amend the necessary amendments.
 Undertake necessary audit procedures on the amended financial statements
and ensure those are correctly dealt under IAS-10.
 Issue the new audit report.
— If management refuse to make any amendments in the financial statement that should have
been made, then:-
 If the audit report has not been provided to the management, then modify the
audit opinion and then give it to the management.
 If the audit report has been provided to the management, then auditor shall
notify to the client not to issue the financial statements before amendments.
 However, if client issues the financial statements ignoring the request of the
auditor, then auditor should take reasonable necessary actions to prevent
reliance on the audit report.

After the Financial statements are issued and Before the AGM:-
— Auditors have no obligation perform audit procedures, or make inquiries regarding the financial
statements after they have been issued.
— However if the auditor becomes aware of the fact that if those matter(s) would have been
known to the auditor then audit report/opinion might have been modified, then:-
 Discuss the matter with the management and determine whether the financial
statements require amendments.
 Request the management to make necessary amendments in the financial
statements (Re-stated financial statements)
 Management must take necessary actions to ensure anyone who is in the
recipient of previously issued financial statements is informed (Re-stated
financial statements)
 Auditor should perform necessary audit procedures on the amendments to
ensure they have been put through correctly, extended up to the date of the
new audit report
 The auditor shall also issue new audit report, which will include explanatory
paragraph (Emphasis of Matter paragraph), EOM that refers to a note in the
financial statements which describes the reason for the amendments.
— If management does not take necessary actions, refuses to recall and amend the financial
statements, then auditor will notify the client that auditor will take actions to prevent reliance
on the auditor’s report.
— If management still does not take any actions, the auditor shall take necessary actions to
prevent reliance on the auditor’s report.

Subsequent Events 4 By:- Haris Hanif

 Page 218

ISA – 580 (Written Representation)

Written representation:-

Written representation 1 By:- Haris Hanif

 Page 219

When to take MRL?

Contents in MRL
- Confirmation/acknowledgment that management was responsible for the controls and
financial statements.
- Confirmation/acknowledgement that all the transactions are reflected in the financial
statements.
- Acknowledgement that management had given all the information to the auditor.
- Acknowledgement all written representations are provided as required by other ISAs.

NOTE:-
If a company is not giving MRL;

- There is doubt:-
 Over the management integrity
 Over the other evidences received

PROCEDURES:-
- Discuss and request again for the written representations.
- Explain the management the impact on the audit report.
- If still MRL is not received, then consider the impact on the audit report, whether it should
be modified or not.

Written representation 2 By:- Haris Hanif

 Page 220

Overall Review of the Financial Statements

Written representation 6 By:- Haris Hanif

 Page 221

Professional Ethics
Ethical principles by the professional body, like ACCA.

IFAC (International Federation of Accountants)

IFAC has boards, like:-
- IAASB: The International Auditing and Assurance Standards Board

- IAESB: The International Accounting Education Standards Board

- IESBA: The International Ethics Standards Board for Accountants

- IPSASB: The International Public Sector Accounting Standards Board

Ethics and Practice Management 1 Haris Hanif

 Page 222

Independency
An auditor should be independent:-

- From mind

- By appearance

Fundamental Ethical Principles

(1) Integrity
Members should be honest and straightforward in their professional dealings.

(2) Objectivity
Members should not allow bias, conflict of interest or undue influence.

(3) Professional competence & due care

Members should attain the professional knowledge, required level of experience and
also to update with any professional development changes, like legislation, international
standards. Members should also act diligently in accordance with professional standards
and avoiding negligency.

(4) Confidentiality
Members should respect the confidential information of client acquired in the context
of professional services and should not misuse the confidential information of the client.

(5) Professional behavior

Members should comply with relevant laws and regulations and should avoid all those
actions which bring disrepute the profession.

Ethics and Practice Management 2 Haris Hanif

 Page 223

Exceptions of confidentiality
In some cases, CONFIDENTIALITY can be breached disclose something, when:-

- Permission is given by the client.

- Required by the law/professional body.

- To protect the firm’s interest in the legal proceedings.

NOTE:-
Obligatory Disclosure:-

In some situations, auditor MUST disclose the activities to the appropriate and relevant
authorities:-

- Drugs activities
- Terrorist activities
- Money Laundering
- Breach of laws
- Treason

Ethics and Practice Management 3 Haris Hanif

 Page 224

Ethical Threats and Safeguards

Ethical Threats Safeguards

Situations where the independency and Actions taken by the auditor to reduce the
objectivity of the auditor may be ethical threat at an acceptable low level.
compromised.
Common safeguards, like:-

- Discussion with audit committee.

- Audit work may be compromised.
- Firm’s procedure to resolve ethical
- Wrong opinion can be expressed. issues.

- Seeking independent
legal/professional advice.

- Replacement of the person from the

audit team the presence of whom
creates ethical threat.

- Independent EQR (engagement

quality reviewer).

Engagement partner

Partner responsible for the overall effective functioning of the audit,

expresses the opinion on the F.S.

Key audit partner

Audit partner on the engagement who is responsible for key

decisions, judgements on significant matter.

Engagement quality reviewer

Evaluates the significant judgements used in the audit, evaluates the

conclusion on the audit engagement.

Ethics and Practice Management 4 Haris Hanif

 Page 225

Self-interest threats
Where the auditor has a financial or other interest that will inappropriately influence their
judgement or behaviour.

Threats Safeguards
Auditor/family members having financial - Auditor/family members should not
interest, having shares in the client to be have shares in the client to be
audited. audited.
- Dispose of shares/financial interest
before the audit.
High audit fees - Fee depends on the size of the client,
expected work.
- Not more than 15% of the firm’s total
fee for 2 consecutive years, if exceed,
then should be disclosed/discuss with
those charged with governance.
- Independent EQR.
Low balling - Preferred not to do lowballing in the
audit fees.
- It is NOT strictly prohibited, if
lowballed in the fee then required
level of quality in the audit should be
provided.
- Independent EQR.
Contingent fees - Not permitted.
Overdue fees - Obtain partial or full payment for the
fees.
- Independent EQR.
Loans/guarantee to/from the firm - Not permitted until and unless
immaterial.
Business relationship with audit client/key - Should not engage with the client for
personnel of client. the business relation unless it its
immaterial amount.
- If purchase of goods/services by the
audit team (material amount) then
remove the person from the audit
team.

Ethics and Practice Management 5 Haris Hanif

 Page 226

Gifts/hospitality from the client - Should be rejected if material, only it

can be accepted if it is trivial.
- If behaviour of audit team would be
changed (no matter immaterial) then
it should be rejected.
Potential employment with the audit client - Firm should establish
procedures/policies requiring
individuals to notify before leaving
the firm and join the client.
- Remove from the audit team.

Self-review threats
Situation where the auditor is in a position to review the same work performed by himself.
NOTE:-
Chinese wall concept
- Separate audit partners, separate team
- Confidentiality agreement between them not to share the information related to the
audit.

Threats Safeguards
Client staff joined the audit firm, previously - Not include that person in the audit
served as employee/director at client team who served in the period
influencing the financial statements. covered by the audit.
- When service with the audit client
was prior to the period covered by
the auditor’s report, an appropriate
reviewer should review the work
performed by the audit team
member.
Temporary personnel assigned at client - That staff should not be included in
entity. the audit team.
- Not giving that staff the audit
responsibility for any function that
had been performed during the
assignment.

Ethics and Practice Management 6 Haris Hanif

 Page 227

Providing other non-audit services, like:- - Chinese wall concept

- Bookkeeping services
- Independent review of the audit work
- Preparation of financial statements
NOTE:-
- Internal audit services For the taxation services, safeguards would:-
- NO Safeguards for just tax return
- Taxation services compilation as it does not create the
threat.
- IT services - Other taxation services like
calculations, planning etc, for that
- Valuation services again – different people (see above).

- Corporate finance services

Ethics and Practice Management 7 Haris Hanif

 Page 228

Familiarity threats
When the auditor becomes too sympathetic or too trusting of a client and loses professional
scepticism, or where the relationship between the auditor and client goes beyond professional
boundaries.

Threats Safeguards
Long association of the same audit client. Rotate after seven years to senior personnel
of the firm:-
- Engagement partner
- Key audit partner
- Engagement quality reviewer (EQR)

Cooling off period for these personnel:-

- Engagement partner (5 years)
- Key audit partner (2 years)
- EQR (3 years)

NOTE:-
In exceptional circumstances, a key audit
partner may be permitted to serve a one year
extension if continuity is important to
maintain audit quality.

If an audit client becomes a public interest

entity, the length of time served as a key
audit partner before the client became a
public interest entity is taken into account.

If a key audit partner was a key audit partner

on that engagement at a different firm, the
length of time served at the prior firm should
be taken into account.

NOTE:-
During the cooling off period, the individual
should not:-
- Be an engagement team member.
- Provide consultancy to audit team.
- Provide other professional services to
the client.

Ethics and Practice Management 8 Haris Hanif

 Page 229

Member of audit engagement team has - Remove the person from the audit
family or personal relationship with the team.
client’s staff having influence on the financial - Bring structural changes in the firm so
statements. that the individual does not deal with
that matter that are responsibility of
the family member.
Expensive gifts/hospitality given by the client - Gifts/hospitality should NOT be
entity. accepted until and unless it is trivial.
Member of audit team now joined the client - Replace those person(s) from the
entity, influencing the financial statements. audit team having friendly terms with
that person of previously in the audit
team.
- Change the audit methodology and
adopt the audit approach not
predictable by that person previously
in the audit team.

Intimidation threats

The situation where client entity is exercising undue influence on the audit team, trying to
blackmail the auditor. It may be actual or perceived.
Examples:-
- Not to pay previous audit fees.
- Blackmail in any personal capacity.
- Blackmailing the auditor for any previous misconduct by the auditor.
- Undue influence based on the dominating personality.
Safeguards:-
- Discuss with the audit committee.
- Not to come under the influence.
- Resign from the audit.

Ethics and Practice Management 9 Haris Hanif

 Page 230

Advocacy threats
Promoting the position of a client or representing them in some way would mean the audit firm
is seen to be 'taking sides' with the client.
Examples:-
- Representing the client in court or in any dispute where the matter is material to the
financial statements.
- Negotiating on the client's behalf for finance.
- Auditor is supporting the client by promoting the product, like becoming the part of
marketing campaign being run by the client.
- Supporting the client in the issuance of shares, that is, convincing others to buy shares
of the client entity.
Safeguards:-
- Discuss these issues with the audit committee.
- Simply do NOT engage in any activity that shows that auditor is promoting the interest
of the client entity.
- In case of legal matters, only attend the court if there is a call from court.

Ethics and Practice Management 10 Haris Hanif

 Page 231

Conflict of interest
The situation where auditor is facing two or more situations which are NOT compatible with
each other and that objectivity of the auditor may be compromised.
(a) Conflict of interest between Auditor and the Client
Auditor is having the shares, joint venturing, partnership in the company that is having direct
competition with the client.

Safeguards:-
- Disclose this to the client, its audit committee, obtain consent to do audit.
- Replace the person having this conflict of interest.

Ethics and Practice Management 11 Haris Hanif

 Page 232

(b) Conflict of interest between TWO competing clients

Auditor is engaged in the audit of TWO companies who are Direct Competitors of each other.

Safeguards:-
- Notify both the clients and obtain their consents before the audit.
- Advice both the clients to seek independent legal/professional advice.
- Also seek (audit firm) independent legal/professional advice.
- Use different audit partners, separate teams, also sign the confidentiality agreement
between them not to share the information related to audit.
- Clearly guidelines for the members of each engagement team on the issues of security
and confidentiality.
- Regular review of the application of safeguards by an independent partner/other senior
individual.

Ethics and Practice Management 12 Haris Hanif

 Page 233

Advertisement – audit firm

Audit firms are allowed to advertise their services but it should be in ethical manner and the
purpose should be to “inform” rather than “impress.”

Advertisement should be simple, decent, in ethical manner and should NOT leave adverse
impression on:-

- Member (himself)
- ACCA or the accountancy professional as a whole.
Advertisement should NOT:-
- Bring ACCA into disrepute
- Discredits the services offered by others (like by claiming superiority)
- Exaggerate the services offered
- Be misleading
- Have false claims
- Specify the time limit to complete the audit
- Use unprofessional language/tone of text
- Be in breach of any national advertising standards
Name and Logo of ACCA

- Members can use ACCA (as members) or write chartered certified accountants or can
use FCCA (if they are fellow members).

- Firm can describe itself “chartered certified accountants” provided that:-

 At least half of the partners are ACCA members.

 These partners having at least 51% control of voting rights under the
firm’s partnership agreement.

- If all the partners are members of ACCA they may use the description on their stationery
as “members of ACCA” or if partners are mixed like ACCA and ICAEW then they may use
like “members of the firma are either ACCA or ICAEW”.
Use of the ACCA logo
• A firm that has at least one ACCA member as a partner (or director) may use the ACCA
logo (also called the ACCA ‘mark’) on its professional stationery and on its website.
• The ACCA logo should be separate from the logo of the firm.
• The positioning, size and colour of the ACCA logo should be chosen so that it is clearly
recognisable.
• The logo can be downloaded by members from the ACCA website in electronic format.

Ethics and Practice Management 13 Haris Hanif

 Page 234

Tendering
Tendering is the process of quoting a fee for work before the work is carried out.

Most tenders include a formal written document supported by an oral presentation.

All presentations should be dynamic, professional and within the limits of the ethical
framework.

Contents in Tender form

Ethics and Practice Management 14 Haris Hanif

 Page 235

Acceptance and considerations

Some matters need to be considered prior to accept the audit engagement

Factors/Steps before accepting NEW CLIENT

- Ensure that the firm is complying with the fundamental ethical principles under IESBA
code of ethics, also consider if there is any ethical threat then appropriate safeguard
shall be applied to reduce the threat at an acceptable low level.

- Must contact the existing auditor and obtain the professional clearance before
accepting the audit client whether or not there is any legal/illegal issue and whether any
reason that firm should not accept the audit client. (Professional clearance letter).
 Obtain the permission from the client before sending the letter to the
existing auditor, if not permitted, refuse the audit.
 Existing auditor also needs permission from client to respond, if not, then
refuse the audit.
 If a reply is received, consider the outgoing firm's response and assess if
there are any ethical or professional reasons why they should not accept
appointment.
 If a reply is still not received the prospective firm may send the reminder
letter requesting certain time to respond, if still no reply then firm may
still choose to accept but must proceed with care.
- Ensure that the firm is legally allowed to do the audit and there is no legal restriction for
the firm to do the audit.

- The firm must consider whether there are adequate resources available in the firm, like
capable and competent staff, sufficient time, knowledge and experience to conduct the
audit of the client.

- Undertake the client screening process:-

 Independent inquiries about the members of BOD
 Analyse the level of work so that reasonable fee can be quoted.
 Reputation of the client.
 Firm must comply with money laundering regulations and if there is any
money laundering suspicion or actual it is, the refuse the engagement.

Ethics and Practice Management 15 Haris Hanif

 Page 236

Pre-conditions of the audit

(1) Ensure that Client is using the applicable accounting framework in the jurisdiction and is
acceptable to the auditor.
(2) Management is acknowledging its responsibilities:-
- Preparation of financial statements is the responsibility of the management.
- Management is responsible for the necessary controls over the financial
statements.
- Management will give unrestricted access to the auditor necessary for the audit
of the financial statements.
***If any of the condition is NOT met, the refuse the audit.

Agreeing the terms of Audit Engagement

Audit Engagement Letter (AEL)
It is the written agreement between the audit firm and the client.
Purpose of AEL
Its purpose is to:

- Minimise the risk of any misunderstanding between the practitioner and client
- Confirm acceptance of the engagement
- Set out the terms and conditions of the engagement.
Contents of AEL
- Objective and scope of the financial statements.
- Responsibilities of the management and that of auditor.
- Identification of applicable financial reporting framework.
- Expected form and content of any reports issued by the auditor.
- Inherent limitations of the audit.
- Form and other communication as a result of the audit.
- Expectations that management will provide written representations.
- Basis for the audit fees.
- Any restriction on the auditor's liability, when such possibility exists.
- Any obligations to provide audit working papers to other parties.

Ethics and Practice Management 16 Haris Hanif

 Page 237

Changes to AEL
The engagement letter should be reviewed every year to ensure that it is up to date but does
not need to be reissued every year unless there are changes to the terms of the engagement.

ISA 210 requires the auditor to consider whether there is a need to remind the entity of the
existing terms of the audit engagement for recurring audits. Some firms choose to send a new
letter every year to emphasise its importance to clients.
The auditor should issue a new engagement letter if the scope or context of the assignment
changes after initial appointment, or if there is a need to remind the client of the existing
terms.
Reasons for changes would include:

- Changes to statutory duties due to new legislation

- Changes to professional duties, for example, due to new or updated ISAs
- Recent changes in senior management
- A significant change in ownership.

Ethics and Practice Management 17 Haris Hanif

 Page 238

Audit Documentation – ISA 230

It is the record of the audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached.

Two types of Working papers file

(1) Permanent working paper file
These include the matter which are of continuous importance. For example:-
- Engagement letter
- The client questionnaire
- Memorandum and articles of association
- Other legal documents such as prospectus, leases, sales agreement.
- Details of the history of client’s business.
- Board minutes of continuous relevance.
- Previous year’s signed accounts, analytical review and reports to the management.
- Accounting system notes, previous years’ control questionnaire.

(2) Current year working paper file

These are the matters which are relevant to the current year’s audit. Examples include:-
- Financial statements.
- Accounts checklist.
- Management account details.
- Reconciliations of management and financial accounts.
- Summary of unadjusted errors.
- Significant evets and errors.
- Review notes.
- Audit planning memorandum.
- Time budgets and summaries.
- Written representations.
- Report to the management.
- Notes of board minutes.
- Communications with third parties such as experts or other auditors.

Audit Documentation 1 By:- Haris Hanif

 Page 239

Sample of Audit Documentation

Audit Documentation 2 By:- Haris Hanif

 Page 240

Contents of working paper file

(1) Name of the client

(2) Year-end date

(3) Working paper reference number

(4) Name of working paper

(5) Date prepared

(6) Subject matter

(7) Objective of work

(8) Work performed

(9) Results obtained

(10) Conclusion

(11) Reviewer name

(12) Date reviewed

NOTE:-

PROPERTY

SECURITY

RETENTION

Audit Documentation 3 By:- Haris Hanif

 Page 241

Reasons/Objectives/Benefits/ of working papers

- It provides the evidence of the auditor’s basis for a conclusion about the achievement of the
overall objective.

- It provides the evidence that the audit was planned and performed in accordance with ISAs
and other legal and regulatory requirements.

- It assists the management team to plan and perform the audit.

- It assists team members responsible for supervision to direct, supervise and review audit
work.

- It enables the team to be accountable for its work.

- It allows a record of matters of continuing significance to be retained.

- It enables the conduct of the quality control reviews and inspections.

Audit Documentation 4 By:- Haris Hanif

 Page 242

Audit Sampling – ISA 530

Population:-
The entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions.
Sample:-
It refers less than 100% items.
Sampling Unit:-
Each item in a population is referred to as sampling unit.
Audit Sampling:-
It is the application of audit procedures to less than 100% of items within a
population of audit relevance such that all the sampling units have chances of
selection in order to provide the auditor with a reasonable basis on which to
draw conclusions about the entire population.
Stratification:-
It is a process of dividing a population into sub – populations, each of which is
a group of sampling units which have similar characteristics, (often monetary
value).

Sampling risk

Non – Sampling risk

Audit Sampling 1 By:- Haris Hanif

 Page 243

Two types of sampling

(1) Statistical sampling
It involves the sampling having the features of random selection of sample
items and use of probability theory to evaluate sample results, including the
measurement of sampling risk.

(2) Non – statistical sampling

Sampling which does not have the features of statistical sampling and often ot
depends on the professional judgment of the auditor.

Audit Sampling 2 By:- Haris Hanif

 Page 244

Anomaly:-
It is a misstatement or deviation which is not the representative of
misstatements or deviations in a population.

Note:-
Projections of misstatements needs to be calculated from the sample onto the
population to obtain the broad view of scale of the misstatements.

Misstatements which is “Anomaly” can be excluded when projecting sample

errors to the population.

Tolerable rate of deviation:-

Rate of deviation from the prescribed internal control procedures set by the
auditor in respect of which the auditor seeks to obtain an appropriate level of
assurance.

Tolerable misstatements:-
Monetary amount set by the auditor in respect of which the auditor seeks to
obtain the appropriate level of assurance.

Audit Sampling 3 By:- Haris Hanif

 Page 245

Methods of sampling:-
(1) Random sampling
All the items in the population have an equal chance of being selected. This is
achieved by the use of random numbers to select the items for testing.
(2) Systematic sampling
It starts with the random approach and then thereafter selecting the sample
after the constant interval, that is, standard gap between them.
(3) Haphazard sampling
It involves selection of sample on arbitrary basis, for example selecting any 100
invoices from a file. This is not scientifically valid method and therefore not
recommended since it may be result in bias.
(4) Block selection
The auditor selects the complete block of sampling units from the population.
For example checking 50 consecutive invoices.
It may be possible that block selection may produce samples which are not
representative of population as a whole and therefore may not be used to
project the misstatements in the population based on the misstatements
found in the sample.
(5) Monetary unit sampling
It is a type of value – weighted selection in which a sample size, selection and
evaluation results in a conclusion in monetary amounts.

Audit Sampling 4 By:- Haris Hanif

 Page 246

CAATS & ADA

CAATS (Computerised Assisted Audit Techniques)
It is the application of audit procedures using computer as an audit tool.
NOTE:- The overall objective and scope of the audit do not change when the
audit is conducted in a computerised environment. However, the application of
audit procedures may requires the auditor to consider techniques that use the
computer as an audit tool.

CAATS

Test Data

CAATS and ADA 1 By:- Haris Hanif

 Page 247
Audit Software

CAATS and ADA 2 By:- Haris Hanif

 Page 248
Advantages of CAATS
- Larger number of items can be tested quickly and accurately and giving
assurance to the auditor.

- CAATS can be used in multiple clients for the smooth audit.

- There may be digital security to protect the details of the client’s records.

- CAATS facilitates both testing general as well as application controls.

- Auditor can test the transactions like from where it was originated in the
system rather than relying on the paper records which may be incorrect or
manipulated.

Drawbacks of CAATS
- Initial setup of CAATS may be time consuming and expensive for the audit
firm.

- Audit staff might not be well trained and that firm needs to train them and
hence training cost would have to borne by the firm.

- The system of particular client may not be compatible/supportive with

CAATS.

- Any negligency by the audit team may affect the client’s system like lost or
corruption of data, while using the CAATS.

CAATS and ADA 3 By:- Haris Hanif

 Page 249
DATA and BIG DATA

BIG DATA

CAATS and ADA 4 By:- Haris Hanif

 Page 250
NOTE:-

CAATS and ADA 5 By:- Haris Hanif

 Page 251
AUDIT DATA ANALYTICS (ADA)
It is a process of analysing the past data through inspection, extraction, filtering
and selecting the relevant data in order to make a pattern, deviations,
consistencies, inconsistencies, anomalies.
Audit firms use the data analytics to understand the client, performing
preliminary analytical procedures, performing TOC and substantive testing,
sampling and concluding the evidences.

How the Auditor can use Data Analytics

- Understanding the client, its nature of business, S.O.P.s, financial
statements, controls.

- Developing the expectations (by auditor) and comparing the reported

figures by client and investigate the significant variance.

- Compare the performance of client with the similar competitors in the

market to ascertain any kind of manipulation.

- Analyse the accounting figures, like aged receivable and ascertaining

the reasonableness of the provisions made for doubtful debt.

- Analysing the sales and purchase pattern for the trend of slow moving
inventory and consider whether it needs to be written off.

- Analysing the cash flows for the routes of money trail for any hint of
money laundering.

CAATS and ADA 6 By:- Haris Hanif

 Page 252
Data Analytics and Audit Quality
- Large sample

- More procedures can be performed and more evidences.

- Quick performing the audit procedures and low D.R.

- Detailed information analysis.

- Appropriate opinion.

- Can be used in the future audit (recurring audit)

Limitations of Data Analytics

- Time consuming to train the audit staff.

- Training cost.

- CAATs development.

- Any technical error by the audit firm may lead to loss or corruption of
client’s data.

- Issue of IT security

CAATS and ADA 7 By:- Haris Hanif