This text is an excerpt from an ACCA (Association of Chartered Certified Accountants) study guide for Paper F8, Audit and Assurance (International). The guide comprehensively covers various aspects of auditing, including the regulatory and ethical frameworks, the roles of internal and external auditors, corporate governance, audit planning and risk assessment, audit evidence and procedures, and audit reporting. Specific attention is given to International Standards on Auditing (ISAs) and the application of auditing standards in practice. The material also examines internal control systems, including their design, operation, and limitations, along with the concept of materiality in auditing. Finally, the text provides numerous examples and practice questions to aid student understanding and exam preparation.

Auditing and Assurance (International) Study Guide

Short-Answer Quiz

Instructions: Answer the following questions in 2-3 sentences each.

What is the purpose of an audit, and why is it important for users of financial statements?
Describe the limitations of a statutory audit, providing an example.
Explain the concept of professional skepticism and why it is crucial for auditors to maintain this attitude.
Define inherent risk and provide an example of an inherent risk associated with inventory.
Differentiate between a “provision” and a “contingent liability,” providing an example of each.
Describe the purpose of analytical procedures in an audit, giving examples of procedures used in substantive testing.
Explain the importance of cut-off procedures in the audit of sales and inventory.
Outline the key steps an auditor takes before, during, and after a physical inventory count.
Describe the key elements of an unmodified audit report, as specified by ISA 700.
Explain the role of International Standards on Auditing (ISAs) and how they are developed.

Answer Key

The purpose of an audit is to provide an independent and objective examination of financial statements to enhance their credibility and reliability for users. This assurance allows stakeholders, such as investors and creditors, to make informed economic decisions based on the audited information.
A statutory audit, while valuable, has limitations. Primarily, the cost of conducting an audit can be significant, especially for smaller entities. Additionally, an audit is not designed to detect all fraud, particularly if collusion is involved. An example is a situation where employees collude to override controls, making fraud difficult to uncover through standard audit procedures.
Professional skepticism is an attitude that involves a questioning mind and critical assessment of audit evidence. Auditors must not simply accept management assertions at face value but actively seek corroborative evidence and challenge assumptions. This is crucial to ensure the audit is conducted with objectivity and maintains the integrity of the audit opinion.
Inherent risk refers to the susceptibility of a financial statement assertion to material misstatement, irrespective of internal controls. For example, inventory valuation is subject to inherent risk due to the potential for obsolescence or fluctuations in market prices, which can impact the accuracy of its recorded value.
A “provision” is a liability of uncertain timing or amount, but its existence is probable, like a warranty provision for potential product defects. A “contingent liability,” however, arises from past events but is only recognized if a future event confirming its existence occurs, such as a potential lawsuit where the outcome is uncertain.
Analytical procedures involve evaluating financial information through plausible relationships and investigating significant fluctuations. In substantive testing, they can help identify unusual trends or ratios that might indicate misstatements. Examples include comparing sales growth to industry averages or analyzing gross profit margins over time.
Cut-off procedures ensure that transactions are recorded in the correct accounting period. In sales, this involves verifying that sales near the year-end are recognized in the proper period, preventing premature revenue recognition. For inventory, cut-off procedures ensure accurate valuation by confirming goods received before year-end are included in inventory, and goods shipped are excluded.
Before the count, auditors plan by reviewing prior year files, understanding the client’s inventory system, and coordinating with the client. During the count, they observe the client’s procedures, check inventory tags, and conduct test counts. Afterward, they follow up on discrepancies, reconcile counts with client records, and evaluate the overall inventory count process.
An unmodified audit report includes sections for the auditor’s opinion, basis for opinion, responsibilities of management and auditor, key audit matters, and the auditor’s signature and address. It signifies that the auditor has obtained sufficient and appropriate audit evidence to conclude that the financial statements are fairly presented.
ISAs are international standards that set out the requirements for conducting audits to ensure consistent high-quality audits globally. The International Auditing and Assurance Standards Board (IAASB), a committee of the International Federation of Accountants (IFAC), develops these standards through a rigorous process involving exposure drafts, public comments, and board deliberations.

Essay Questions

Discuss the ethical threats that may arise for an auditor, and explain the safeguards that can be implemented to mitigate these threats.
Evaluate the role of internal controls in financial reporting and explain how an auditor assesses and tests the effectiveness of these controls.
Analyze the different types of audit opinions and explain the circumstances that would lead an auditor to issue a modified audit report.
Compare and contrast the role of external and internal auditors, highlighting their respective objectives, responsibilities, and relationships with the organization.
Discuss the specific audit considerations and challenges involved in auditing complex IT systems, and explain the role of specialized audit techniques and tools in this context.

Glossary of Key Terms

Audit Risk: The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.
Audit Evidence: Information used by the auditor to form an opinion on the financial statements.
Analytical Procedures: Evaluating financial information through analysis of plausible relationships among both financial and non-financial data.
Control Risk: The risk that a material misstatement will not be prevented or detected and corrected on a timely basis by the entity’s internal control.
Detection Risk: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists.
Engagement Letter: A written agreement between the auditor and the client outlining the terms and scope of the audit engagement.
Financial Statement Assertions: Statements made by management, explicitly or implicitly, about the recognition, measurement, presentation, and disclosure of items in the financial statements.
Going Concern: The assumption that an entity will continue to operate for the foreseeable future.
Inherent Risk: The susceptibility of an account balance or class of transactions to misstatement, irrespective of related internal controls.
Internal Control: A system of policies and procedures implemented by management to ensure the achievement of an entity’s objectives.
Materiality: Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.
Professional Skepticism: An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
Provision: A liability of uncertain timing or amount.
Sampling Risk: The risk that the sample selected is not representative of the population and, therefore, the auditor’s conclusions may be incorrect.
Substantive Procedures: Audit procedures designed to detect material misstatements in the financial statements.
Tests of Controls: Audit procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.
Unmodified Audit Report: An audit report in which the auditor expresses an unqualified opinion, indicating that the financial statements are fairly presented in all material respects.

Briefing Document: Audit and Assurance (International)

Source: Excerpts from “028-ACCA Emile Wolf F8 Audit and Assurance (International) ( PDFDrive ).pdf”

Date: January 2013

Author: Emile Woolf Publishing Limited

Key Themes:

Statutory Audits and their limitations: The document emphasizes the crucial role of statutory audits in providing assurance to stakeholders about the reliability of financial statements. While statutory audits add credibility and make information more useful, the document acknowledges their limitations, primarily the cost involved.
Professional Scepticism and Judgement: The document stresses the importance of auditors maintaining professional scepticism throughout the audit process. This involves questioning information received, staying alert for potential misstatements, and critically assessing audit evidence.
Compliance with ISAs: The document highlights the need for audits to be conducted in accordance with International Standards on Auditing (ISAs), emphasizing their role in ensuring consistency and quality in audit practices globally.
Risk Assessment and Materiality: The document underscores the importance of risk assessment in planning an audit, identifying potential areas of misstatement. Materiality, the concept that not all errors significantly impact financial statements, is highlighted as crucial in determining the scope of audit work.
Internal Controls and their Evaluation: The document discusses the significance of internal controls in mitigating risks. Auditors are required to understand and evaluate these controls, forming a basis for determining the extent of further audit procedures.
Substantive Procedures and Audit Evidence: The document outlines the role of substantive procedures in detecting material misstatements. It covers various methods for obtaining audit evidence, including analytical procedures, inspection, and confirmation.
Specific Audit Areas: The document delves into specific audit areas, including non-current assets, inventory, payables, provisions, and equity, providing guidance on relevant audit procedures and considerations.
Audit Reporting: The document covers the components of an audit report, including modifications and emphasis of matter paragraphs, and the communication process with those charged with governance.
Ethical Considerations: The document emphasizes the importance of auditor independence, objectivity, and professional ethics. It discusses potential threats to independence and the safeguards that should be implemented to mitigate these threats.
Audits of Smaller Entities: The document acknowledges the unique characteristics of smaller entities and provides guidance on tailoring audit procedures to their specific circumstances.

Important Ideas/Facts:

Assurance and its levels:“The statutory audit provides assurance as to the quality of the information… However, there are differing levels or degrees of assurance. Some assurances are more reliable than others.”
Ineligibility to act as an auditor:“In addition, it is usual for statute law to establish that certain individuals are ineligible to act as an external auditor… These exclusions are designed to help to establish the independence of the auditor.”
Role of ISAs:“The role of the audit is to provide a high level of assurance to the users of the financial statements. This assurance will be of greater value to users if they know that the audit has been carried out in accordance with established standards of practice.”
Understanding the entity and its environment:“The auditor should look for factors that could be significant and to which particular attention should be given by the audit team.”
Materiality in auditing:“Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.”
Professional scepticism:“Professional scepticism is defined by ISA 200 as: “An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence”.”
Risk-based approach to auditing:“A key feature of modern auditing is the ‘risk-based’ approach that is taken in most audits. At the planning stage… the auditor will identify and assess the main risks associated with the business to be audited.”
Sampling in auditing:“Sampling in auditing involves applying audit testing procedures to less than the entire population of items subject to audit.”
Definition of a provision:“A provision is a type of liability. It is a liability of uncertain timing and uncertain amount.”
Communication with those charged with governance:“The external auditor should communicate formally to those charged with governance, partly as a ‘by-product’ of the audit process to provide useful feedback.”

Quotes from the Source:

“The role of the audit is to provide a high level of assurance to the users of the financial statements.”
“Professional scepticism is defined by ISA 200 as: ‘An attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence’.”
“Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.”

Conclusion:

This document provides a comprehensive overview of key concepts and practices in audit and assurance, emphasizing the importance of ethical conduct, compliance with ISAs, and a risk-based approach to auditing. It serves as a valuable resource for anyone studying or practicing auditing, particularly in an international context.

Audit and Assurance FAQ

What is the purpose of an audit?

An audit aims to provide a high level of assurance to users of financial statements. This assurance is enhanced when users know the audit was conducted according to established standards like the International Standards on Auditing (ISAs). A consistent application of auditing standards across different companies allows for reliable comparisons of their financial statements.

What are the limitations of a statutory audit?

While statutory audits offer valuable assurance, they do have limitations:

Cost: Audits can be expensive, although the cost might be reduced if the audit firm already performs other services for the company, such as accounting or advisory work.
Time: Audits require time to complete, meaning the audit report is not available immediately after the year-end.
Sampling: Auditors usually examine a sample of transactions rather than every single one. While this is generally sufficient, it carries a small risk that a material misstatement might go undetected.
Judgement: Auditing relies on professional judgment, which can be subjective and potentially influenced by factors like time constraints or management pressure.
Fraud: While auditors are alert to fraud, a well-concealed fraud might not be detected.

What is the role of auditing standards?

Auditing standards, primarily ISAs, ensure consistency and quality in the audit process. They provide guidance to auditors on:

Planning and conducting audits: Standards outline the steps involved in planning an audit, assessing risks, gathering evidence, and forming an opinion.
Reporting: Standards dictate the format and content of the audit report, ensuring clarity and consistency for users.
Ethical considerations: Standards address ethical issues like independence and objectivity, safeguarding the integrity of the audit profession.

What is materiality in auditing?

Materiality recognizes that financial statements need not be 100% accurate to be useful. It concerns the significance of information and whether its omission or misstatement would influence users’ economic decisions.

Auditors use materiality thresholds to determine:

The scope of the audit: They focus on areas where the risk of material misstatement is higher.
The nature and extent of audit procedures: They tailor their procedures to the assessed risk and materiality levels.
The evaluation of misstatements: They determine whether identified misstatements are material enough to warrant adjustments or require a modified audit opinion.

What is audit risk and its components?

Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. It consists of three components:

Inherent risk: The risk of misstatement due to the nature of the transactions or balances themselves. For example, complex transactions or estimates are inherently riskier.
Control risk: The risk that the company’s internal controls fail to prevent or detect a material misstatement.
Detection risk: The risk that the auditor’s procedures fail to detect a material misstatement that exists.

What are the auditor’s responsibilities regarding fraud?

Auditors are responsible for obtaining reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error. While not primarily responsible for fraud prevention, auditors should:

Maintain professional skepticism: Be alert to conditions that might indicate fraud and critically assess audit evidence.
Assess the risk of fraud: Consider factors that might increase fraud risk and tailor audit procedures accordingly.
Respond to suspected fraud: Investigate any signs of fraud and report them to the appropriate level of management or those charged with governance.

What are analytical procedures and how are they used in auditing?

Analytical procedures involve comparing and analyzing financial and non-financial data to identify unusual fluctuations or relationships. Auditors use analytical procedures:

In planning the audit: To gain an understanding of the business, identify areas of risk, and set materiality levels.
As substantive procedures: To test the reasonableness of account balances and identify potential misstatements.
At the final stage of the audit: To assess the overall reasonableness of the financial statements and identify any remaining areas of concern.

How does the auditor use the work of internal auditors?

External auditors may use the work of internal auditors to gain efficiency, particularly in areas like:

Understanding the entity and its environment: Internal auditors’ knowledge of the business and its processes can assist the external auditor.
Assessing risks: Internal auditors’ risk assessments and control evaluations can inform the external auditor’s risk assessment.
Performing substantive procedures: Internal auditors’ testing can provide evidence for the external audit, but the external auditor remains responsible for the overall opinion.

The external auditor must evaluate the competence and objectivity of the internal audit function before relying on their work. This involves considering factors like:

Internal audit’s organizational status and reporting lines: Their independence from management is crucial.
The qualifications and experience of internal audit staff: Their competence to perform the required tasks.
The quality of internal audit’s work: Their adherence to professional standards and the adequacy of their documentation.

International Auditing Standards

Timeline of Events:

This text focuses on auditing standards and procedures, not on a specific series of events. Therefore, a traditional timeline is not applicable.

Cast of Characters:

1. Emile Woolf Publishing Limited:

Bio: A publishing company specializing in accounting and finance materials, including study texts for ACCA (Association of Chartered Certified Accountants) exams.
Role: Publisher of the source document, “028-ACCA Emile Wolf F8 Audit and Assurance (International).”

2. Association of Chartered Certified Accountants (ACCA):

Bio: A global professional accounting body offering the Chartered Certified Accountant qualification.
Role: Sets the syllabus and study guide for the F8 Audit and Assurance (International) exam.

3. International Accounting Standards Committee Foundation (IASB):

Bio: An independent, private-sector body that develops and approves International Financial Reporting Standards (IFRS).
Role: Develops accounting standards that influence the auditing process.

4. International Federation of Accountants (IFAC):

Bio: A global organization for the accountancy profession dedicated to serving the public interest by strengthening the profession and contributing to the development of strong international economies.
Role: Oversees the International Audit and Assurance Standards Board (IAASB).

5. International Audit and Assurance Standards Board (IAASB):

Bio: An independent standard-setting board that sets International Standards on Auditing (ISAs) and other pronouncements for audit, assurance, and related services professionals.
Role: Develops and issues ISAs, the internationally recognized auditing standards that the source document focuses on.

6. Auditors (External, Internal, Statutory):

Bio: Professionals who examine financial records and provide an opinion on their accuracy and compliance with relevant laws and regulations.
Role: The central figures in the source document. Their responsibilities, ethical considerations, and the standards they must adhere to are the main topics of the text.

7. Audit Clients:

Bio: Companies or organizations that engage auditors to perform audits.
Role: The recipients of the audit services. Their characteristics, internal control systems, and specific financial information influence the audit process.

8. Users of Financial Statements:

Bio: Stakeholders who rely on financial statements to make economic decisions, such as investors, lenders, creditors, and regulators.
Role: The intended audience of audited financial statements. The auditors’ work aims to provide assurance to these users about the reliability of the information presented.

9. Sam Smith (from example):

Bio: Fictional character presented in an example case study. He is the sole shareholder and director of “Risky Sounds,” a retailer selling hi-tech recording equipment.
Role: Illustrates a specific audit scenario where the auditor needs to identify and assess various risks, such as inherent risk and control risk, associated with the client’s business.

External Audits: A Comprehensive Guide

External Audit

An external audit is performed by a qualified auditor appointed by shareholders and independent of the company [1]. The purpose of an external audit is to express an opinion on the truth and fairness of the annual financial statements [2]. The external auditor will perform whatever work is deemed necessary to reach that opinion [2]. The external auditor has no specific responsibility for fraud and error, other than to report whether the financial statements give a true and fair view [3]. The external auditor will be concerned that there has been no material undetected fraud or error during the period [3].

External audits are a statutory requirement in most countries for listed and other large companies to protect shareholders [4]. Smaller, “family” companies where the shareholders are also the directors are often exempt from this requirement [4]. For example, in the UK, companies are exempt from external audits if their annual revenue does not exceed £6.5 million and their assets do not exceed £3.26 million [4]. Even if not legally required, companies and entities may choose to have an external audit performed [5].

External audits offer the following benefits:

Increased credibility of published financial statements [6]
Confirmation to management that they have performed their statutory duties correctly [6]
Assurance to management that they have complied with non-statutory requirements, such as corporate governance requirements [6]
Feedback on the effectiveness of internal controls, with recommendations for improvement [6]

External audits do have some limitations:

The audit is only a snapshot of the financial position at a particular point in time [7]
The audit may not detect all errors or fraud, particularly if there is collusion [7]
The audit may be time-consuming and expensive [7]
The audit may disrupt the normal running of the business [7]

Eligibility to act as an external auditor is usually determined by membership of an appropriate regulatory body [8]. The role of such bodies includes offering professional qualifications for auditors, establishing procedures to ensure auditors’ professional competence is maintained, and ensuring auditors are “fit and proper” persons who act with professional integrity [9]. Auditors are typically regulated by both government and their professional body, covering technical and professional standards, qualifications, and independence [10]. Statutory law also excludes certain individuals from acting as external auditors for a given company, such as officers or employees of the company, partners or employees of officers or employees of the company, and partnerships in which ineligible individuals are partners [11]. These exclusions are designed to establish the auditor’s independence [11].

The history of external audits dates back to the Egyptian and Roman empires, with independent auditors used to ensure the accuracy of returns [12]. The statutory audit is now a key feature of company law throughout the world [12]. Without assurance from auditors, shareholders may not accept the accuracy and reliability of financial statements [13].

The external auditor is appointed by shareholders, which ensures independence [14]. Auditors are typically appointed at the company’s annual general meeting and are reappointed annually [15]. The shareholders have the power to dismiss the auditor [15]. As a general principle, the directors should recommend the appointment of new auditors to the shareholders, and the shareholders should make a decision [15]. Auditors who resign from office will be required to give their reasons to the shareholders and may be required to notify the authorities of their removal [15].

The main statutory rights of the external auditor include:

The right of access to all accounting books and records at all times [16]
The right to all information and explanations from management necessary for the proper conduct of the audit [16]
The right to receive notice of and attend all meetings of the shareholders [16]
The right to speak at shareholders’ meetings on matters affecting the audit or the auditor [17]
The right to receive a copy of all written resolutions [17]

The main duty of the external auditor is to:

Examine the financial statements [18]
Issue an auditor’s report on the financial statements to be presented to the shareholders [18]

The external auditor’s report sets out the auditor’s opinion as to whether the financial statements:

Give a true and fair view of the company’s financial position and performance [19]
Have been prepared following the applicable financial reporting framework [19]

Local law may require the auditor to consider other matters as part of the statutory audit process, such as compliance with relevant laws and regulations and the consistency of the directors’ report with the audited financial statements [19]. The auditor must plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement [20]. The procedures selected for the audit depend on the auditor’s judgment, including the assessment of the risks of material misstatement, whether due to fraud or error [20].

The external auditor is required by ISA 260 to communicate formally with those charged with governance, typically the board of directors or the audit committee, as a “by-product” of the audit process to provide useful feedback [21].

The external auditor must comply with International Standards on Auditing (ISAs), which apply primarily to the external audit process [22]. However, these provisions can often be seen as good practice for relevant internal audit work [22]. The role of auditing standards is to provide a high level of assurance to the users of financial statements, which are of greater value if the users know the audit has been carried out following established standards of practice [22]. Consistent auditing standards are essential for users comparing the financial statements of multiple companies [22].

The external auditor plays a role in corporate governance [23] by:

Providing an independent check on the integrity of the financial information prepared by the directors for the use of shareholders and other stakeholders [23]
Potentially having a responsibility for forming an opinion on the extent to which the directors have complied with specific corporate governance regulations [23]

In addition, good corporate governance systems have procedures and arrangements designed to maintain the independence of the external auditor [24]. For example:

The external auditor may be required to report to an audit committee and work with the chief executive officer and finance director [24]
The nature and extent of non-audit services provided by the audit firm may be kept under review to ensure the auditor has not become excessively dependent on the company for fee income and is not in danger of becoming too familiar with the company’s management and systems of operation [25]
Suitable procedures may be established for discussing contentious issues where the auditors and the finance director/chief executive officer have strong differences of opinion [25]

The external auditor is also required by ISA 260 and ISA 265 to communicate with management periodically with observations arising from the audit that are significant and relevant to management’s responsibility to oversee the financial reporting process [26]. These observations might include weaknesses in internal control found by the auditor or accounting policies adopted by the entity which the auditor considers inappropriate [24].

Internal Audit: A Comprehensive Guide

Internal Audit

Internal audit is a function or department set up within an entity to provide an appraisal or monitoring process, as a service to other functions or to senior management within the entity [1]. There is no legal or statutory requirement for entities to have an internal audit function [2], so they will only conduct internal audits if the benefits outweigh the costs [2].

While external auditors are appointed by shareholders and must remain independent of the company [1], internal auditors are typically employees of the entity and therefore report to management [1, 3]. Internal auditors cannot achieve the same level of independence as external auditors [4], but their independence should be protected as much as possible by measures such as:

Reporting lines: The chief internal auditor should report to the highest level of management or to the audit committee [5], rather than the finance director [6].
Scope of work: The scope of work should be determined by the chief internal auditor or the audit committee, rather than the finance director or line management, to avoid the risk of focusing only on non-contentious areas [6].
Rotation of staff: Internal auditors should be rotated regularly to other jobs within the entity to reduce familiarity threats [7].
Appointment of chief internal auditor: The audit committee should be responsible for appointing the chief internal auditor to avoid a potential conflict of interest [7].
Not performing non-audit tasks: Internal auditors should focus on audit specialization to preserve their independence [8].
Unrestricted access to information: Internal auditors should have unrestricted access to information necessary for their audit work [9].
Management support: Internal auditors should have the support of management at all levels [9].

In the UK, listed companies are required to set up an audit committee that must consider the need for an internal audit function each year, even if one does not currently exist [10]. Reasons for not having an internal audit function should be explained in the annual report and accounts [11]. Other companies and entities may also choose to have an internal audit function because of the assurance it provides about the adequacy of internal controls [11].

The role of the internal audit function is to:

Examine and evaluate the organization’s risk management, control, and governance processes, including those for financial reporting, operational efficiency, and legal compliance [10, 12].
Provide assurance to management and the board of directors on the adequacy and effectiveness of those processes [10, 12, 13].
Identify areas for improvement and make recommendations to management [12, 13].

The scope of internal audit work can vary substantially depending on factors such as the size and structure of the entity, the nature of its business, the attitude of senior management to risk management, and the perceived control risks [14].

Internal audit activities may include one or more of the following [14, 15]:

Monitoring of internal control: Internal auditors may be given specific responsibility for reviewing internal controls, monitoring their operation, and recommending improvements [13].
Examination of financial and operating information: This may involve reviewing the methods used to identify, measure, classify, and report such information, or specific inquiries into individual items, including detailed testing of transactions, balances, and procedures [16].
Review of the economy, efficiency, and effectiveness of operations: This may include a review of non-financial controls [16].
Review of compliance with laws, regulations, and other external requirements, as well as internal requirements such as management policies and directives [15].
Special investigations into particular areas, such as suspected fraud [15].

Internal audit assignments can be more specifically categorized as:

Operational internal audit assignments
Value for money audits
Best value audits
Financial audits
Information technology (IT) audits

Operational internal audit assignments involve examining a particular aspect of the entity’s operations, such as marketing or human resources [17]. These assignments are also known as management audits or efficiency audits [17]. The purpose is to assess management’s performance in that area and ensure company policies and control procedures are adhered to [17]. The audit will identify areas for improvement in efficiency, performance, and management [17]. For each area of operation, the internal auditor will assess the adequacy and effectiveness of policies, procedures, and controls [18, 19].

Value for money (VFM) audits originated in the public sector to assess financial performance where profit-based measures are not appropriate [20]. VFM audits have been adopted by commercial organizations to assess performance beyond profitability [20]. VFM focuses on the “3 Es”: economy, efficiency, and effectiveness [20].

Financial audits involve reviewing accounting records and other documentation to substantiate figures in financial statements and management accounts [21]. This work overlaps with that of external auditors, so it is now a relatively minor part of internal audit work [21].

IT audits involve assessing the internal controls that operate within an organization’s computer systems [22].

Because internal audit is not a regulatory requirement, there is no requirement for internal auditors to be professionally qualified, unlike external auditors [23]. However, management may require specific qualifications or experience when hiring internal auditors [23].

Internal auditors prepare audit reports for management because they work on behalf of management [3]. There are no legal or formal requirements for internal audit reports, so they may take any appropriate form, similar to any other internal business report [3].

A possible structure for an internal audit report:

Introductory items
Executive summary
Main body of the report
Conclusions and recommendations
Appendices (if required)

The executive summary should summarize the main points of the report, including the purpose, findings, conclusions, and recommendations [24]. This allows management to understand the key information without reading the entire report [25].

Internal audit reports should communicate:

The scope and objectives of the audit
The methodology used
The findings and conclusions reached
Recommendations for improvement

Companies may choose to outsource their internal audit function to external accounting firms, mainly due to cost or the need for specialized skills [2, 26].

Benefits of outsourcing:

No recruitment or training of staff required [27]
Instant access to a team of qualified auditors [27]
Access to specialist staff [27]
Variable costs instead of fixed costs [27, 28]
More economical for smaller entities [28]

Potential problems with outsourcing:

Independence issues for external auditors if they are the outsourced firm [28]
Lack of continuity and understanding of the client’s business due to changing personnel [29]
High fees charged by accounting firms [29]
Increased risk of confidentiality breaches [29]
Less control over internal audit work [30]
Potential conflicts of interest between internal and external auditors if the same firm is used [30]

Internal and external audits use similar procedures [31], but there are some fundamental differences between the two roles:

FeatureExternal AuditInternal AuditRoleExpress an opinion on the truth and fairness of the annual financial statements [32].Examine systems and controls and assess risks to make recommendations to management for improvement [32].QualificationDetermined by statute and membership of a regulatory body [32].No statutory requirements – management selects a suitably competent person [33].AppointmentAppointed by shareholders, ensuring independence [33].Appointed by management [33].DutiesSet out by statute [34].Set out by management [34].Report toShareholders [34].Management [34].ResponsibilityConcerned with material undetected fraud or error that impacts the financial statements [34].May be given specific responsibility for investigating suspected fraud or error, with a lower materiality threshold [34].The internal audit function can be a valuable asset to any organization, providing independent assurance and insight to help management improve the effectiveness of risk management, control, and governance processes.

Corporate Governance and Auditing

Corporate Governance

Corporate governance is the system by which a company is directed and controlled. [1] The goal of corporate governance is to promote transparent and efficient markets, consistent with the rule of law. [2] Good corporate governance frameworks strive to protect shareholder rights, ensure the equitable treatment of all shareholders, recognize the rights of stakeholders, ensure timely and accurate disclosure of material matters, and ensure the strategic guidance of the company. [3, 4]

Directors are responsible for the governance of a company on behalf of its shareholders. [1, 5] They have a stewardship role in looking after the company’s assets and managing them on behalf of the shareholders. [6] Directors are also responsible for establishing a suitable system of internal controls to manage the company’s risks, including business risks and governance risks. [7, 8]

Key Issues in Corporate Governance

Effective Board of Directors: The board should be independent-minded and possess a diverse range of skills and experience. [9]
Clearly-Defined Responsibilities: The board should have responsibilities it must not delegate and should execute those responsibilities effectively. [9]
Acting in the Best Interests of Shareholders: Directors should govern the company in the best interests of its shareholders, not for their personal gain. [10]
Reliable Financial Statements: The financial statements should be reliable and transparent. [1, 10]
Risk Management and Control: Risks should be identified, assessed, and controlled, and the directors should provide assurance to shareholders about the effectiveness of these systems. [10]
Fair Director Remuneration: [11]
Open Communication: There should be open and constructive dialogue between the directors and shareholders. [11]

Role of Auditors in Corporate Governance

External auditors play a vital role in corporate governance by providing an independent check on the integrity of financial information prepared by directors. [1, 12] They may also be responsible for forming an opinion on whether the directors have complied with specific corporate governance regulations. [12] In addition, they communicate with management about significant observations arising from the audit, including weaknesses in internal control. [13]

Internal auditors can assist management in monitoring the system of internal control. [14] They can help obtain assurance that these systems are adequate and functioning properly.

Systems of Corporate Governance

Many countries have established minimum corporate governance requirements, typically for listed companies. [15] These requirements may be based on voluntary codes of practice or statutory regulations. [15]

For example, the UK Corporate Governance Code applies to listed companies. While it does not have statutory force, the Listing Rules of the Financial Services Authority require listed companies to comply with it or explain their reasons for non-compliance (“comply or explain”). [15] In contrast, the United States adopted a statutory approach with the Sarbanes-Oxley Act (2002), which mandates specific corporate governance requirements, such as the requirement for CEOs and CFOs to report on the adequacy of their internal control systems. [15]

Audit Committees

An audit committee is a sub-committee of the board of directors that oversees financial reporting and auditing. [16] Many corporate governance codes require listed companies to establish audit committees. [16]

Benefits of Audit Committees:

Strengthening the independence of external auditors: The audit committee provides a point of contact for external auditors, separate from executive management, to enhance their objectivity. [16, 17]
Improving communication: They facilitate communication between the external auditor and the board of directors on significant audit matters. [16, 17]
Enhancing the quality of financial reporting: They oversee the financial reporting process, including the selection and application of accounting policies, to ensure the accuracy and reliability of financial statements. [18]
Monitoring internal control: They are responsible for reviewing the adequacy and effectiveness of the company’s internal financial controls and risk management systems. [18]
Overseeing the internal audit function: They monitor the effectiveness of the internal audit function in providing assurance on internal controls. [18]
Recommending the appointment, reappointment, or removal of external auditors: They make recommendations to the board, which is then submitted to shareholders for a vote. [18]

Potential Limitations of Audit Committees:

Lack of independence: If the audit committee members are not truly independent of management, their effectiveness in overseeing the audit function may be compromised. [19]
Limited expertise: Audit committee members may lack the necessary financial expertise to effectively challenge management and the external auditors. [19]
Burden on non-executive directors: Serving on the audit committee can place a significant time commitment and workload on non-executive directors, potentially detracting from their other responsibilities. [19]

Accountant Professional Ethics

Professional Ethics for Accountants

Professional ethics are essential for maintaining public trust in the accounting profession. Accountants are expected to adhere to a code of ethics that emphasizes integrity, objectivity, professional competence, confidentiality, and professional behavior. The ACCA (Association of Chartered Certified Accountants) Code of Ethics and Conduct, for example, provides a framework for ethical decision-making for its members.

The ACCA’s Code outlines five fundamental principles:

Integrity: Be straightforward and honest in all professional and business relationships. [1]
Objectivity: Do not let bias, conflicts of interest, or undue influence of others compromise professional or business judgments. [1]
Professional competence and due care: Maintain professional knowledge and skill at a level that ensures clients or employers receive competent service based on current developments in practice, legislation, and techniques. Act diligently and in accordance with applicable technical and professional standards. [1]
Confidentiality: Respect the confidentiality of information acquired as a result of professional and business relationships and do not disclose such information to third parties without proper authority or unless there is a legal or professional right or duty to disclose. [2]
Professional behavior: Comply with relevant laws and regulations and avoid any action that discredits the profession. [3]

The ACCA’s Code of Ethics recognizes that threats to these fundamental principles can arise from various circumstances. The Code identifies five categories of threats:

Self-interest threats [4-6]
Self-review threats [6]
Advocacy threats [7]
Familiarity threats [8, 9]
Intimidation threats [8, 10]

To address these threats, the Code emphasizes the importance of safeguards. Safeguards are actions or measures taken to eliminate threats or reduce them to an acceptable level. The Code categorizes safeguards into three types:

Safeguards created by the profession, legislation, or regulation. These include requirements for education, training, continuing professional development, corporate governance regulations, professional standards, and professional or regulatory monitoring and disciplinary procedures. [11]
Safeguards in the work environment. These include an organization’s systems of monitoring and ethics and conduct programs, robust internal controls, and policies and procedures for ensuring quality control and independence. [12]
Safeguards created by the individual. These include maintaining professional competence through continuing education, seeking advice from mentors or other professionals, and adhering to a strong personal code of ethics. [13]

The ACCA Code also provides detailed guidance on specific situations that may present ethical challenges, such as accepting gifts and hospitality, dealing with conflicts of interest, and providing non-assurance services to audit clients. The Code requires members to carefully consider these situations and apply appropriate safeguards to ensure that they act ethically and maintain the profession’s reputation.

Audit Evidence and Procedures

Audit Evidence

The outcome of an audit is a report, usually expressing an opinion on the truth and fairness of the financial statements. That report and opinion must be supportable by the auditor if challenged. Therefore, the auditor will collect evidence on which to base his report and opinion. [1]

ISA 500 Audit Evidence states that the objective of the auditor is to design and perform audit procedures to enable him to obtain sufficient appropriate audit evidence to draw reasonable conclusions on which to base the audit opinion. [1]

Sufficient relates to the quantity of evidence, while appropriate relates to the quality (relevance and reliability) of the evidence. The auditor needs to exercise professional judgment regarding the quantity and quality of evidence. [2]

Relevance and Reliability

Relevance deals with the logical connection with the purpose of the audit procedure. For example, when testing for overstatement in the existence or valuation of accounts payable, testing recorded accounts payable may be a relevant audit procedure. [3]

Reliability is influenced by its source and nature. Here are some general principles:

External evidence is more reliable than internal evidence.
Evidence obtained directly by the auditor is more reliable than evidence obtained indirectly or by inference.
Evidence in documentary form is more reliable than oral evidence.
Evidence created in the normal course of business is more reliable than evidence created specifically for the audit.
Original documents are more reliable than photocopies or facsimiles. [4]

Procedures for Obtaining Audit Evidence

ISA 500 identifies several procedures for obtaining audit evidence: [5, 6]

Inspection (looking at an item): This could involve inspecting tangible assets, entries in accounting records, or documents such as invoices.
Observation: This involves watching a procedure, such as physical inventory counts, distribution of wages, or opening of mail. However, observation is limited to the point in time when the observation takes place.
Inquiry: This involves seeking information from knowledgeable persons inside or outside the entity. Inquiries may be written or oral.
Confirmation: This is a specific type of inquiry where the auditor seeks a direct response from a third party, such as a bank or a customer, to confirm the accuracy of information.
Recalculation: This involves checking the arithmetical accuracy of documents or records.
Reperformance: The auditor reperforms a check or control that the client originally carried out.
Analytical procedures: This involves evaluating and comparing financial and/or non-financial data for plausible relationships. For example, an auditor might compare this year’s gross profit percentage to last year’s and ensure that any change is in line with expectations.

Financial Statement Assertions

The financial statements comprise several assertions or representations made by management. The auditor must obtain evidence to support these assertions. [7, 8] These assertions are grouped into three categories:

Assertions about classes of transactions and events for the period under audit (i.e. income statement assertions)
Assertions about account balances at the period end (i.e. balance sheet assertions)
Assertions about presentation and disclosure (i.e. assertions about the disclosures in the financial statements). [8]

The Audit of Specific Items

Auditors use assertions to guide their audit procedures. For example, when auditing receivables, the auditor might use direct confirmation of accounts receivable. They would also obtain other evidence relating to receivables and prepayments and the related entries in the profit or loss section of the income statement. [9]

When auditing inventory, the auditor’s procedures might include: [10]

attending inventory counting procedures for year-end and continuous inventory systems
verifying cut-off procedures
obtaining direct confirmation of inventory held by third parties
assessing the valuation of inventory, and
obtaining other evidence relating to inventory.

Audit Sampling

Given the volume of transactions and data, it is often impractical for auditors to examine every item. Audit sampling involves testing a subset of items from a population. ISA 530 Audit Sampling sets out the requirements. [11] The auditor must design and select the sample, evaluate the results of testing, and project any misstatements found in the sample to the entire population. [12] The auditor must determine whether the use of audit sampling has provided a reasonable basis for conclusions about the population tested. [12]

Reliance on the Work of Others

In some cases, the auditor might rely on the work of others, such as internal auditors, experts, or service organizations.

ISA 610 Using the work of internal auditors sets out the requirements for using the work of internal auditors as audit evidence. The external auditor must assess the objectivity and competence of the internal audit function and the relevance and reliability of their work. [13]

ISA 620 Using the work of an auditor’s expert addresses the auditor’s use of experts. The auditor must evaluate the expert’s competence, capabilities, and objectivity and evaluate the appropriateness of the expert’s report as audit evidence. [14]

ISA 402 Audit considerations relating to an entity using a service organization covers situations where the client uses a service organization. The auditor should obtain an understanding of the services provided and assess the risks of material misstatement. [15] If the auditor cannot obtain sufficient appropriate audit evidence regarding the service organization, they should modify their audit report. [16]

Audit Documentation

The auditor must document the audit procedures performed, the audit evidence obtained, and the conclusions reached. [17] This documentation, known as audit working papers, may be in paper or electronic form. ISA 230 Audit Documentation provides guidance. [17] The audit working papers should be sufficient to enable an experienced auditor with no previous connection to the audit to understand the work performed and the conclusions reached. [18]

By Amjad Izhar
Contact: amjad.izhar@gmail.com
https://amjadizhar.blog

Affiliate Disclosure: This blog may contain affiliate links, which means I may earn a small commission if you click on the link and make a purchase. This comes at no additional cost to you. I only recommend products or services that I believe will add value to my readers. Your support helps keep this blog running and allows me to continue providing you with quality content. Thank you for your support!

International Audit and Assurance