lOMoARcPSD|2131964

Summary - book "Auditing a Practical Approach" - Chapter

1-3

Principles Of Auditing (The University of British Columbia)

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

C455 – Textbook Notes

Chapter 1
Assurance Engagements:

- Financial statement audits

- Compliance audits
- Operational audits
- Comprehensive audits
- Internal audits

Level of Assurance:

- Reasonable
- Moderate
- No assurance

Audit Opinions:

- Unmodified
- Modified

Modifications:

- Qualified
- Adverse
User
- Disclaimer of opinion

Accountable
Practitioner
Party

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.1 – Auditing and Assurance Defined

Assurance: engagement where an auditor/consultant is hired to provide an opinion on a subject matter
- Practitioner issues a WRITTEN CONCLUSION for which the accountable party is responsible
- Re ui es a accountability relationship – one party answerable to another for subject matter

TERM DEFINITION

Applicable financial The financial framework chosen by management to prepare a CO’s F/S. E.g.
reporting framework IFRS, ASPE

Assertions Statements made by management regarding the recognition, measurement,

and presentation and disclosure of items in the financial statements.

Audit evidence Information used by the auditor to support the audit opinion.

Audit file The file where the evidence and documentation of the work performed are
kept as a permanent record to support the opinion issued.

Audit plan The list or description of audit procedures to be performed.

Audit risk The risk that the auditor may express an inappropriate opinion. This means the
auditor may indicate that F/S are not materially misstated when in fact they are

Financial statements A structured representation of historical financial info, including related notes.

Independent The auditor's formal expression of opinion on whether the financial statements
auditor's report are in accordance with the applicable financial reporting framework.

Internal control Processes implemented & maintained by mgmt to help entity achieve objective

Material An amount or disclosure that is significant enough to affe t the use ’s de isio .

Materiality The maximum amount of misstatement or omission the auditor can tolerate
and still issue an unmodified or lea audit opinion.

Sufficient and The quantity (sufficiency) and quality (appropriateness) of the evidence
appropriate evidence collected by the auditor.

Unmodified opinion The auditor's opinion concluding that the financial statements are fairly
(unqualified opinion) presented.

Working papers Paper or electronic documentation of the audit created by the audit team as
evidence of the work completed.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.2 – Demand for Audit and Assurance Services

Financial Statement Users

- Investors – ROI, going concern, dividend
- Suppliers – ability to pay for supplies, going concern, debt
- Customers – going concern
- Lenders – ability to pay interest and principal
- Employees – ability to pay wages/salaries, future stability and profitability, job security
- Governments – comply with regulations, taxations, grants
- Public – associate with entity, understanding entity, what it does, plans for future

Sources of demand for audit and assurance services

PURPOSE of audited financial statements  to reduce information risk

- [CAS 200] – The objective of a F/S audit is for the auditor to express an OPINION
- that the F/S comply with relevant FINANCIAL REPORTING FRAMEWORK (Canadian GAAP)
- obtained REASONABLE ASSURANCE, conduct audit in efficient and effective manner
- Reduce AUDIT RISK to acceptably low level
- about whether the F/S are RELIABLE, free from any MATERIAL MISSTATEMENTS (error/fraud)
- EVIDENCE obtained in audit is SUFFICIENT AND APPROPRIATE
- Gives a fair presentation of the business' FINANCIAL POSITION and PERFORMANCE
- Not guaranteeing the success, not expressing opinion on effectiveness of internal controls

Causes of information risk: Remoteness, Complexity, Competing incentives, Reliability

Theoretical Frameworks
- Agency theory
o Owners (principals) have an incentive to hire an auditor (incur a monitoring cost) to
assess the fair presentation of the info contained in the F/S prepared by mgrs (agents).
- Information hypothesis
o Due to demand for reliable, high-quality information, various user groups (shareholders,
banks, lenders) will demand that F/S be audited to aid their DECISION-MAKING
- Insurance hypothesis
o Investor losses that result from F/S misrepresentations may be wholly or partially
recovered by suing auditors
o An audit is one way for investors to insure against part of their loss should the CO fail

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.3 – Different Assurance Services

Process of a financial statement audit

1. Planning stage –Understanding business, environment, processes to determine where RISKS are
2. Overall audit strategy – Plan WHEN to perform field work, WHO, WHAT
3. Execution stage – Obtain info, assess, discuss with client (systems, procedures, clarifications)
o Documentation (narrative, memos, schedules with audit ticks; sign off
o Partner approve and issue unmodified audit opinion

Limitations of a financial statement audit

- Result from the nature of financial reporting,
o Subjectivity, use of judgment, selecting and applying accounting methods
- the nature of audit procedures,
o reliance on evidence provided by client; does not have access to all info  limitation
- and audit to be conducted within a reasonable period of time and at a reasonable cost [CAS 200]

Compliance audits
- Compliance audits – involves gathering evidence to ascertain whether the person or entity
under review has followed the applicable rules, policies, procedures, laws, and regulations.
o E.g. tax audit – filed tax return in accordance with ITA

Operational audits
- Operational audit – o e ed ith e o o , effi ie , effe ti e ess of o pa ’s a ti ities
o Economy – cost of inputs (wages, materials)
o Efficiency – relationship between inputs and outputs
o Effectiveness – achievement of goals or production of certain level of outputs

Comprehensive audits
- Comprehensive audit – may encompass elements of F/S audit, compliance audit, operation
audit; auditor may report whether entity has met efficiency targets

Internal audits
- Internal audit – concerned with evaluating and improving risk management, internal control
procedures, and elements of the governance process.
- Often conducts operational audits, compliance audits, internal control assessments, reviews

Corporate Social Responsibility assurance

- CSR disclosures include environmental, employee, and social reporting.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.4 – Different Levels of Assurance

Reasonable assurance – NOT absolute assurance, can never be 100% certain no errors or omissions
- Positive statement – Only when evidence gathered is sufficient and appropriate

Moderate assurance - Perform procedures and gather evidence to express NEGATIVE ASSURANCE
- NO opinion; Information is plausible, nothing makes them believe otherwise

No assurance – Not associated with information that may be false or misleading

Types of engagements
CHARACTERISTIC AUDIT REVIEW COMPILATION
To reduce the assurance To reduce the assurance To compile a set of
engagement risk to an engagement risk to an financial statements
Objective acceptably low level so that a acceptable level to allow based on information
positive opinion can be the practitioner to express provided. No
provided. Reasonable a negative form of assurance provided.
assurance means a high (not expression in that nothing
absolute) level of assurance has come to their attention

Sufficient appropriate Sufficient appropriate Mathematical

evidence is obtained: evidence is obtained as accuracy is checked.
part of a systematic
•o tai i g an understanding process that includes
of engagement circumstances obtaining understanding
There is no
of the subject matter
•assessi g risks requirement for
and other engagement
sufficient appropriate
Procedures • espo di g to assessed risks circumstances, but in
e ide e;
which evidence- gathering
•pe fo i g further evidence- procedures are limited
to discussion, analytics,
gathering procedures using a and inquiry. Auditor must not be
combination of inspection, associated with
observation, confirmation, anything false or
misleading.
recalculation, reperformance,
analytical procedures, inquiry

Financial reporting Must be in accordance Canadian GAAP or other. GAAP not required.
framework with Canadian GAAP or other.

Level of assurance High assurance Moderate assurance No assurance

Report Independent Auditor's Report Review Engagement Report Notice to Reader

Most time consuming, May take less time, less Least amount of
Cost and time
highest cost o k e ui ed; lo e cost work, lowest cost

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.5 – Different Audit Opinions

Unmodified opinion – clean opinion; not materially misstated, present fairly of financial position, in
accordance with Canadian GAAP
- Emphasis of mater paragraph – draws attention to issue auditor believes has been adequately
and accurately explained in a note to F/S

Nature of the matter giving rise Auditor’s judg e t: pervasiveness of the (possible) effects on F/S
to the modification
Material but not pervasive Material and Pervasive

F/S materially misstated Qualified opinion Adverse opinion

(Qualified for GAAP) departure

Inability to obtain sufficient Qualified opinion Disclaimer of opinion

appropriate audit evidence
(Qualified for scope) limitation

Qualified opinion - e ept fo the effects of a matter that is explained in the audit report, the F/S can
be relied upon by the reader; MATERIAL, NOT pervasive
- used when the matter of concern can be identified, quantified, and explained in report

Pervasive – refers to misstatements that are not confined to individual accounts or elements of F/S
- or, if confined, the misstatements affect an extensive portion of the F/S
- or there are missing disclosures that are vital to a user's understanding of the F/S

Adverse opinion – evidence that misstatements (aggregate/individually) are MATERIAL and PERVASIVE

Disclaimer of opinion – unable to obtain sufficient appropriate evidence, possible effects on F/S could
be material and pervasive

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.6 – Preparers and Auditors

Preparer responsibility
- Relevant: Impact on decisions made by users regarding performance
- Reliable: Free from material misstatements (error or fraud)
- Comparable: Consistently across time – trends; across entities – benchmark performance
against similar organizations
- Understandable: Impartially inform users
- Fairly presented: Consistent and faithful application of the accounting standards/framework

Auditor responsibility
Professional skepticism: Questioning, thoroughly investigates all evidence presented by the client
- Auditor: must seek independent evidence to corroborate information
o must be suspicious when evidence contradicts documents/enquiries by the client

Professional judgement: Level of expertise, knowledge, and training that an auditor uses
- Auditor: determine the reliability of an info source, sufficiency and appropriateness of evidence
o testing procedures used, an appropriate sample size

Due care: Being diligent, applying technical and statute-backed standards, and documenting each stage

Assurance Providers
- Non-assurance services: mgmt consulting, mergers & acquisitions, insolvency, tax, accounting
- Rules of Professional Conduct: some restrictions on non-audit services to audit clients
o Independence, transparency, objectivity

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.7 – The Role of Regulators and Regulations

Regulators, Standard Setters, and Other Bodies

Auditing and Assurance Standards Board (AASB)

- Purpose: to serve the public interest by setting high quality auditing and assurance standards.
- AASB adopted the International Standards on Auditing (ISAs)
o responsible for issuing the Canadian Standards for Assurance Engagements (CSAEs),
the Canadian review engagement and compilation engagement standards.
- The Canadian version of the ISAs = Canadian Auditing Standards (CASs)

International Auditing and Assurance Standards Board (IAASB)

- issued the ISAs - recognized by securities and derivatives markets around the world
- US stock exchange use Public Company Accounting Oversight Board (PCAOB) standards

Canadian Securities Administrators (CSA)

- Purpose: improving, coordinating, harmonizing regulation of Canadian capital markets
- Regulate listed entity disclosure requirements
o annual filing of audited F/S in accordance with Canadian GAAP  IFRS (listed entities)

Canadian Public Accountability Board (CPAB)

- Purpose: promote high-quality audits
- Incorporated in 2003, formed by CSA, CICA, OSFI
- Auditors of reporting issuers register and be a member of good standing with CPAB
o Re ie of fi ’s o plia e ith ualit o t ol poli ies, sa ple of e gage e t files

Toronto Stock Exchange (TSX)

- Must file documents through SEDAR (System for Electronic Document Analysis and Retrieval)

Chartered Professional Accountants of Canada (CPA)

- CA + CGA + CMA  CPA, mergers made provincially

Legislation
- Company can be incorporated under federal or provincial jurisdiction
o Federal: follow Canada Business Corporations Act (CBCA) - Audited F/S, Canadian GAAP;
audits conducted w/ Canadian generally accepted auditing standards (CPA handbook)

Regulation
- 36 Canadian Auditing Standards (CASs) = GAAS
- Engmt comply w/ Canadian Standards for Assurance Engagements (CSAEs), comply w/ GAAS

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1.8 – The Audit Expectation Gap

Audit Expectation Gap – difference between expectations of assurance providers and F/S users

What auditors do in reality Unrealistic user expectations

An auditor provides reasonable assurance. The auditor is providing complete assurance.

The audit does not guarantee the future viability The auditor is guaranteeing the future viability

An unqualified opinion indicates that the auditor An unqualified (clean) audit opinion is an indicator
believes that there are no material (significant) of complete accuracy.

misstatements (errors or fraud)

The auditor will assess the risk of fraud and The auditor will definitely find any fraud.
conduct tests to try to uncover any fraud, but
there is no guarantee that they will find fraud

The auditor tests a sample of transactions. The auditor has checked all transactions.

10

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

Chapter 2 – Ethics, Legal Liability, and

Client Acceptance
2.1 – The Fundamental Principles of Professional Ethics
True professional:

- Mastery of an intellectual skill due to extensive education and training.

- Services for a fee.
- Independent society or institute
o sets and maintains the standards to ensure members are qualified and competent.
- Code of conduct established and enforced by the society or institute.

The six fundamental ethical principles

Integrity – straightforward and honest

Objectivity – unbiased, no conflict of interest or influence of others

Professional competence– maintain knowledge and skill at level required; Continuing education, work
experience

Due care – Act diligently, complete task thoroughly, documents all work, finish on timely basis

Confidentiality – refrain from disclosing info learned from employment to people outside of workplace
- Exception: client allowed disclosure or legal requirement to disclose

Professional behavior – comply with rules, ensure reputation of profession, should not claim to provide
services, qualifications, experience, that is not true

Specific rules incorporating the principles of professional ethics

- Fees & pricing – contingency fee (based on outcome) not permitted; quotes cannot be provided
w/o adequate knowledge of work to be performed or significantly lower than predecessor firm
- Advertising – cannot be false or misleading or make unsubstantiated claims
- Contact with predecessor
o Before accepting engagement, new auditor required to ask the predecessor auditor
if there is any reason they should not accept engagement.
o Due to confidentiality, response will be limited to a yes/no (unless the client
gives permission)
- Professional conduct – aware of breach of conduct  duty to inform after contacting him/her

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

2.2 – Association and Independence

Independence of mind (actual independence)

- the ability to act with integrity, objectivity, professional scepticism

- make a decision that is free from bias, personal beliefs, and client pressures.

Independence in appearance (perceived independence)

- the belief that independence of mind has been achieved

- Not enough for an auditor to be independent of i d; must be seen as independent

Threats to independence
Self-interest – financial interest
- O i g shares i lie t’s usi ess
- Loan to or from client outside of normal lending terms
- Fee dependence – significant portion of total fees earned

Self-review – form opinion on own work

- Services performed for client – internal audit services, IT, legal, HR, corporate finance, valuations

Advocacy – act or believe to act on behalf of client

- Represent client in negotiations with 3rd party
- Represent client in legal dispute
- Encourage others to buy shares/bonds of client

Familiarity – close relationship, sensitive to needs of client

- Long association
- Close relati e, for er part er ho holds se ior positio at lie t’s
- Acceptance of gifts, hospitality that is not very minor

Intimidation – feels threatened

- Threat of using another assurance firm next year
- Undue pressure to reduce audit hours to reduce fees paid

Reporting issuer – a public company with market capitalization and book value of total assets > $10 m

- Audit partners must be rotated every 7 years, with a 5 year break

- Audit committee must pre-approve all services provided to the client by the firm.
- Audit partners may not be directly compensated for selling non-assurance services to client
o Certain services are prohibited: legal services, management functions, human resource
services, corporate finance services, litigation support, or expert services.
- Auditor cannot perform bookkeeping and accounting, actuarial, internal audit, valuation
services, and financial information systems design and implementation where the results
of the services will be subject to audit.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964
- Where an engagement team member accepts employment in a financial reporting role with a
client, the firm must refrain from being the auditor of that client for min. 1 year from filing date
Safeguards to independence
- Client: establish audit committee, policies ensure F/S fairly presented, auditor has assess to docs
- Accounting firm: Continuing education, procedures for client acceptance/continuance, peer
review, partner rotation
Summary of independence threats and safeguards
THREATS EXAMPLES
•A auditor has a financial interest
in their client.
•A audit firm relies on the fees
from a client.
Self-interest
•A audit partner is concerned
threat
about losing a prestigious client.
•A auditor has a business
relationship with a client.
•A assurance team is asked to
evaluate the effectiveness of an
operating system that a colleague in
their firm implemented for client
Self-review
•A assurance team audits records
threat
that were prepared by a colleague
in their firm on behalf of the client.
•A member of the assurance team
has recently been an EE of the client
in a financial reporting position
•A firm promotes shares of an audit
client.
•A auditor represents an audit
Advocacy threat client in a legal case.
•A auditor… has a family member
who is a director on the board of an
audit client or involved in preparing
Familiarity
accounting info subject to audit.
threat
•A auditor accepts special gifts
from their client.
•A long association exists between
audit team member and client.
Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)
SAFEGUARDS TO INDEPENDENCE
•Poli ies and procedures within an
accounting firm identifying any staff with
financial interest in an assurance client.
•Regular review of fees earned from each
client v. total fees from all other clients.
•Mi i izi g the provision of non-audit
services to assurance clients.
•Policies and procedures prohibiting
business relationships with clients.
•Mi i izi g the provision of non-audit
services to assurance clients.
•Whe providing non-audit services,
ensuring that the client is responsible for
overseeing and guiding that work and
making any final decisions regarding the
outcomes of that work.
•Ha i g a cooling-off period before an audit
partner can be employed in a senior role at
an audit client.
•Poli ies and procedures prohibiting
business relationships with clients.
•Poli ies and procedures prohibiting the
representation of clients in any disputes or
legal matters.
•Rotati g staff assigned to clients so they do
not spend too much time at any one client's
premises.
•Part er and staff rotation policies.
•Edu atio regarding acceptance of gifts
and hospitality from assurance clients
providing examples of what is and what is
not acceptable.
•Pro edures when assigning staff to
assurance clients ensuring no close personal
relationships exist between assurance team
 lOMoARcPSD|2131964
•A director is on the board of a
client who was until recently the
engagement partner on the audit
•Clie t threatens to dismiss auditor
•The audit firm is threatened with
litigation by their audit client.
•The client places pressure on the
Intimidation audit team to reduce the scope of
threat the audit, to reduce audit fees, or to
meet an unrealistic deadline.
•A member of the client's staff
places undue pressure on the audit
team to allow them to use an
inappropriate accounting technique.
Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)
members and client personnel.
•Edu atio regarding socializing with client
personnel.
•A oida e of fee dependence.
•Appropriate corporate governance
structures within clients, such as an audit
committee, to liaise with senior assurance
team members and client management.
•Adhere e to stringent procedures
regarding the removal of assurance
providers
 lOMoARcPSD|2131964

2.3 – The Auditor’s Relationship with Others

Auditors and shareholders
- S/H rely on audit report to inform them of reliability of info provided by management
- S/H respo si le for appoi t e t a d re o al of o pa y’s auditors; BoD ill fa ilitate this

Auditors and Board of Directors

- Dire tors’ responsibility to ensure F/S fairly presented, true and fair view
- Auditor – read minutes of board meetings to learn about the key decisions regarding the
strategic direction, level of dividends declared, plans for significant asset purchases, major
investments, and major agreements with other companies that may be contemplated

Auditors and the audit committee

- CSA: all listed companies have AC
- Role: oversee accounting, financial reporting, and audit of the F/S
o established by the board, acts on behalf of full BoD
o At least 3 independent non-executive directors (not part of management)
- Responsibilities: recommend auditor and fees to board; oversee audit and resolve differences
between auditor and management; pre-approve all non-audit services to be provided by auditor

Auditors and internal auditors

- External auditor intends to use the work of the internal audit function, consider characteristics:
o Objectivity – independence
o Technical competence – skills, training
o Due professional care – documentation, planning, supervision of internal audit
o Communication – meetings, access to documents, inform of any issues

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

2.4 – Legal Liability

Tort law - rights, obligations, and remedies that is applied by courts in civil proceedings to provide relief
for persons who have suffered harm from the wrongful acts of others. MUST establish that:

- A duty of care was owed by the auditor.

- There was a breach of the duty of care.
- A loss was suffered as a consequence of that breach.

Legal liability to clients

Contract law: a client can sue the auditor for breach of contract.
- Auditor fails to live up to their responsibility implicit in agreeing to act as the auditor and explicit
in the engagement letter
- E.g. if auditor withdraws from an audit w/o cause, before completing audit and issuing report

Tort of negligence: auditor failed to take reasonable care in the performance of the audit.
- Work was below the standard that may be reasonably expected
- Injured party must prove that the auditor's carelessness, unintentional behaviour caused harm

London and General Bank Ltd. (No. 2) (1895) 2 Ch. 673

- Lord Justice Linley noted that an auditor however is not bound to do more than exercise
reasonable care and skill in making inquiries and investigations. He is not an insurer; he does not
guarantee that the books do correctly show the true position of the company’s affairs. What is
reasonable care and skill must depend upon the circumstances of that case.
- Result: Auditor has a duty to report to S/H, not the directors
o Explanation of the extent to which an auditor could be held liable for the lie t’s a tio s

Kingston Cotton Mill (No. 2) (1896) 2 Ch. 279

- Lord Justice Lopes noted that it is the duty of an auditor to bring to bear on the work he has to
perform that skill, care and caution, which a reasonably competent, careful and cautious auditor
would use. What is reasonable skill, care and caution must depend on the particular
circumstances of each case. An auditor is not bound to be a detective or, as was said, to
approach his work with suspicion or with a foregone conclusion that there is something wrong.
He is a watchdog, but not a bloodhound.
- Result: auditor is not to assume that the client's accounts are materially misstated.

Pacific Acceptance (1970) 90 WN (NSW ) 29

- Standards of reasonable care & skill had changed considerably since Kingston Cotton Mill case
- Justice Moffit pronounced the following:
o Auditors have a duty to use reasonable care and skill.
o Auditors have a duty to check and see for themselves rather than rely on client
management and staff.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

o Auditors must closely supervise and review the work of junior staff.
o Auditors must properly document procedures used.
o Auditors have a duty to warn and inform the appropriate level of management.
o Auditors have a duty to take further action where suspicion is aroused that a
misstatement may have occurred.
o Auditors should be guided by professional standards.

Negligence – any behaviour that is careless or unintentional and breaches the duty of care.
- Client or S/H need to prove that the auditor had not complied with auditing standards
or ethical guidelines.
- Then need to establish that they suffered a loss as a result of that negligence.
- To ascertain a causal relationship between the negligent act and the loss suffered,
reasonable foreseeability must be proven
o Auditor aware that any negligence on their part could cause a loss to the client or its S/H
- The audit firm is not negligent to issue the audit report if the audit evidence shows that the
opinion issued is supported.

Contributory negligence
- Plaintiff (the party suing) and the defendant (the auditor) can be proven to have been
negligent, each party must be held accountable in proportion to their guilt.
- E.g. management is responsible for internal controls, but does not repair deficient control.
Auditor knows and reports it to management, but fails to report it to the directors
o Management + auditor are negligent to have contributed to the loss of the plaintiff

Legal liability to 3rd parties

- 3rd parties – do not have contractual relationship w/ auditor  rely on tort law
- Have to prove: duty of care owed, negligence, loss

Ultramares Corp v. Touche (1931) 174 N.E. 441

- The Ultramares doctrine: establishes that auditors are not liable for ordinary negligence to
parties that they do not have a privity (contractual) relationship with
- Judge Cardozzo ruled that an auditor cannot have liability in an indeterminate amount for an
indeterminate time to an indeterminate class.

Hedley Byrne & Co v. Heller and Partners Ltd. (1964) A.C. 465

- It introduced the concept of reasonably foreseeable third parties.

- Advertising, company A obtained reference (B) from bank, B went under, sued bank
- Result: Liability was extended to 3rd parties provided the auditors knew beforehand that they
would be relying on their opinion.

Haig v. Bamford (1977) S.C.R. 466

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

- Auditor knew F/S were being provided to an outside investor, duty of care (investor relied on
F/S), company went bankrupt (investor incurred loss) – TO WHAT EXTENT?
- Result: auditors did not know the name of investor, but knew F/S were being passed on to
unidentified members of a limited class for use in a transaction

Hercules Management Ltd. v. Ernst & Young [1997] S.C.R. 165

- Potential S/H relied on the audited F/S, made a share investment, claim F/S negligently prepared
- Result: dismissed claim; the audited F/S were prepared to evaluate management stewardship,
not for individuals making investment decisions.
o Plaintiffs did ’t rely on F/S for purpose for which they were prepared, no duty of care

Livent Inc. v. Deloitte & Touche LLP , 2014 ONSC 2176

- Livent, a theatre production company, went bankrupt in the late 1990s.

- After it filed for bankruptcy, the company and its management were investigated for both
criminal and securities fraud.
- Garth Drabinsky and Myron Gottlieb (founders) were convicted of fraud and Deloitte was sued
for failing to detect the fraud.
- Result: Deloitte was negligent in 1997 audit, ordered to pay Livent creditors $84.8 million
- Lawsuit was not filed directly by 3rd party shareholders or creditors, but rather it was filed by the
receiver of the bankrupt company on behalf of the creditors.
o Within the Hercules limitation because the plaintiff was the company itself.
o Deloitte appeali g… **look up results**

In summary, to establish that an auditor owes a duty of care to a third party, the third party must
demonstrate that a duty of care existed, the duty of care was breached, the audit report was relied
upon, and there were quantifiable damages.

The third party must also establish that the auditor was aware that the third party was going to use the
F/S and that they relied on the F/S for the purpose for which they were prepared.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

Avoidance of litigation
- Hiring competent staff
- Training staff and updating their knowledge regularly
- Ensuring compliance with ethical regulations, with auditing regulations
- Implementing policies and procedures that ensure:
o appropriate procedures are followed when accepting a new client
o appropriate staff are allocated to clients
o ethical and independence issues are identified and dealt with on a timely basis
o all work is fully documented
o adequate and appropriate evidence is gathered before forming an opinion

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

2.5 – Client Acceptance and Continuance Decisions

Assessment of client integrity:
- the reputation of the client, its management, directors, and key stakeholders
- the reasons provided for switching audit firms (client acceptance decision)
- the client's attitude to risk exposure and management
- the client's attitude to the implementation and maintenance of adequate internal controls to
mitigate (minimize) identified risks
- the appropriateness of the client's interpretation of accounting rules
- the client's willingness to allow the auditor full access to info required to form their opinion
- the client's attitude to audit fees and its willingness to pay a fair amount for the work completed

Information relevant to the client acceptance or continuance decision can be found through:
- communication with previous auditor (client acceptance decision) before communicating any
client details to prospective auditor (if permission refused, auditor should consider declining)
- communication with client personnel
- communication with third parties such as client bankers and lawyers
- an Internet or background search
- a review of news articles about the client
- a review of prior-period financial statements

Engagement letter – prepared by auditor, acknowledged by client before commencement of audit;

Contract for every year; legal liability purposes, set out terms/obligations to avoid misunderstandings
- Explanation of the scope of the audit
o In accordance with Canadian GAAS
- summarizes the responsibilities of management and the responsibilities of the auditor
o internal controls so F/S free from material misstatement, unrestricted access to
personnel and documents
- identifies the applicable financial reporting framework,
o Management prepare F/S in accordance with IFRS
- makes reference to the expected form and content of the audit report

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

Chapter 3 – Audit Planning I

3.1 – Stages of An Audit

Planning an audit
- CAS 300: an auditor plan their audit to reduce audit risk to an acceptably low level
- Audit Risk: risk that auditor issues an unmodified opinion when F/S are materially misstated.
- Efficiency: amount of time spent gathering audit evidence
- Effectiveness: minimization of audit risk
- Involves:
o Understand entity, environment
o Identify factors that may impact risk of material misstatement
o Performing an audit risk and materiality assessment, significant risks
 Plan where to spend more time where risks greatest
o Determine audit strategy – Nature and timing of procedures performed
 Sets the scope, timing, directions of audit and provides the basis for developing
a detailed audit plan
o Adequacy of closing procedures and associated risks

Performing/executing an audit
- Execution stage: Detailed testing of controls & substantive testing of transactions and accounts

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

o Rely o lie t’s i te al o t ols  test of controls

o Conduct detailed substantive tests of transactions throughout the year
o Detailed substantive tests of balances recorded at year end

Concluding and reporting on an audit

- Conclusion: based on evidence, arrive at opinion regarding fair presentation of F/S
- Reporting stage: evaluating the esults of the detailed testi g i light of the audito ’s
u de sta di g of thei lie t a d fo i g a opi io o the fai p ese tatio of the lie ts’
financial statements

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.2 – Gaining an Understanding of the Client

WHY understand client?

- Make reasonable preliminary risk assessment, assess planning materiality

- Determine the appropriateness of the entity's accounting policies
- Identify areas where additional audit work may be required (i.e., related parties),
- Develop expectations for analytics
- Client more likely to have certain errors or deficiencies in system, operations, underlying data
- Assess the risk that the financial statements contain a material misstatement due to:
o the nature of the client's business
o the industry in which the client operates
o the level of competition within that industry
o the client's customers and suppliers
o the regulatory environment in which the client operates, economy

CAS 315: steps to take when gaining an understanding of a client.

1. Make inquiries of management and of others (financial and non-financial staff at all levels)
o including governance, internal audit, sales, operational personnel
2. Perform analytical procedures at the planning stage to identify any unusual or unexpected
relationships that may highlight where risks exist.
o Analytical procedures: study of plausible relationships b/w financial & non-financial data
3. Perform observation and inspection procedures to corroborate the responses made by
management and others within the organization.
o E.g. observation or inspection of the entity's operations, premises, and fa ilities;
business plans and st ategies; internal control a uals; and any reports prepared and
reviewed by management (management reports, interim F/S, minutes of BoD meetings)

Entity Level
Interview client personnel: what client does? how it functions? ownership structure? financing sources?

Major customers: good reputation, good terms with client, pay client on timely basis

- Dissatisfied customers – may withhold payment, affects ADA, CF, discontinue, going concern
- Few customers  more risk
- Consider terms of L/T contracts

Major suppliers: reputable, quality goods, timely

- Returned for faulty? Terms of contracts? Terms of payment?

- Timely payment? Trouble sourcing goods? Supplier may refuse to transact if not timely

Is client importer or exporter of goods?

- Stability of country it trades with, foreign currency

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

- Effectiveness of any risk management policies it uses to limit exposure to currency fluctuations
(hedging policies)

Capacity to adapt to changes in technology and other trends

- Risk falling behind to competitors, losing market share  going concern

Nature of warranties provided to CU

- Likelihood of goods returned, systemic fault? Rectify problem

- Risk that client underprovided rate of return (adequacy of warranty provision)

Discounts given to CU

- Bargaining power with CU and suppliers

- Discounting policies – are they putting profit margin at risk?

Reputation with CU, suppliers, EE, S/H, community

- Poor reputation  future profit risks

Understanding operations

- Where, # locations, dispersion

- More spread out  harder for client to effectively control and coordinate operations  risk of
errors in F/S
- Visit locations where risk of material misstatement is greatest – assess processes, procedures
o E.g. country with high inflation, high risk of theft

Nature of employment contracts, relations with EE

- How EE paid, wages, bonuses, union, attitude of staff to ER

- Unhappy  risk of industrial action (strike, disrupt operations)
- Complex payroll system  more likely of errors

Sources of financing

- Reliability of future financing, structure of debt, reliance on debt v. equity financing

- Meeting interest payments? Repaying funds raised when due?
- Covenant with debt provider – terms and nature of restrictions
o Limit further borrowings, maintain certain Debt-to-equity ratio
- Violate debt covenant recall debt  lie t’s li uidity at isk  risk of going concern

Ownership structure

- Amount of debt funding relative to equity, different forms of shares, differing rights of S/H
- The client's dividend policy and its ability to meet dividend payments out of operating cash flow

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

Industry level
Level of competition in that industry

- More competitive  more pressure on profits

- Economic downturn  weakest company will face financial hardship, possible liquidation
- client's position within its industry v. competitor and ability to withstand downturns
- the client's size relative to competitors

Reputation among its peers

- reading articles in the press, industry reports

- poor reputation  CU and suppliers shift business

Level of government support for companies operating in that industry

- provided to industries that are in line with government policy (e.g. manufacture water tanks,
solar heating, reduced-flow taps – environmental policies)
- International competition? New industry and needs time to establish?

Assessment of government regulation

- Tariffs on goods, trade restrictions, foreign exchange policies

- Ca affe t lie t’s ia ility, o ti ued p ofita ility

Level of demand for the products/services in that industry, the factors that affect demand

- Seasonal – affect cash flow

- Changing trends – isk i e to y o soles e e if do ’t keep up o ha ge ui kly, outdated

Economy Level
Economic upturn – Expect profits, risk overstate revenues, understate expense

Economic downturn – purposely understate profits, maximize write-offs

- Explain to investors there is decline in earnings

- Benefit of taking a bath : low base to demonstrate an improvement in results next year

Change in interest rates, currency fluctuations, trends, conditions

Auditor: concerned w/ client's susceptibility to the changes & ability to withstand economic pressures

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.3 – Related Parties

Auditor: responsible to ensure related parties identified and appropriately disclosed

Related party: parent companies, subsidiaries, joint ventures, associates, company management, and
close family members of key management

- Not independent
- Increase susceptibility of material misstatement, impact F/S results

Required disclosure:

- purchase and sales transactions between companies under common control or when one party
has significant influence over another
- rent paid from one related party to another
- loans made to shareholders or senior management
- loan guarantees provided by a shareholder of the company

CAS 550 Related Parties requires the auditor to do the following:

1. Discuss with engagement team the susceptibility of F/S to material misstatement due to
fraud/error from related party relationships and transactions.
2. Ask management to identity all related parties, provide explanation (nature, type, purpose)
3. Understand processes and procedures mgmt has in place to ensure all related party txn are
identified, authorized, accounted for, and disclosed in accordance with chosen framework
4. Remain alert when inspecting documents (bank confirmations, unusual sales and purchase
invoices, minutes of BoD and S/H meetings, contracts) for indicators that related party txns may
not have not been identified or disclosed to the auditor.
5. Identify and assess the risk that txns may not be in the normal course of operations.
o For such txns, inspect any underlying documents, determine the business rationale to
ensure that they are not an attempt to fraudulently misstate the financial results

Sample risk assessment Procedures:

Preparation
(a) Review entity's list of directors, managers, key staff, family members, and advisors to identify
potential or existing related party transactions.
(b) Obtain or prepare a listing of related party transactions.
(c) Consider history (if any) of not disclosing related parties or transactions.
(d) Inquire of management and document what internal controls (if any) or procedures exist to
ensure that related parties are identified, approved (especially those outside the normal course
of business), and accounted for in accordance with the applicable financial reporting framework.
Assess the control design and implementation of any relevant internal controls.

2. Risk of unidentified transactions

(a) Identify where related party transactions could possibly occur. Consider existence of transaction
designed to improve liquidity or profitability, reduce debt to equity leverage, avoid corporate or

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

personal taxes, avoid breach of a bank covenant, shift income/expense to future periods, or con
ceal other financial statement manipulation or misappropriation of assets.
(b) Inquire of mgmt, key EEs, and any component auditors (at the request of audit team, performs
work on financial info related to a component for the audit group) about the existence of:
- Related parties not already identified and details of such transactions.
- Agreements or loan guarantees not reflected in the financial statements.
- Any payments (kickbacks), preferential terms, or side deals not disclosed.
(c) Review minutes of corporate meetings and other relevant documentation.

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.4 – Fraud Risk

Auditor: questioning attitude/professional skepticism, search thoroughly for corroborating evidence to
validate info from client, must not assume past experience is indicative of current risk of fraud

Fraud: intentional act to obtain an unjust or illegal advantage through use of deception (CAS 240, p11)

Red flags include:

- key finance personnel refusing to take leave
- overly dominant management
- poor compensation practices
- inadequate training programs
- a complex business structure
- no (or ineffective) internal auditing staff
- a high turnover of auditors
- unusual transactions
- weak internal controls

FINANCIAL REPORTING FRAUDS MISAPPROPRIATION OF ASSETS FRAUDS

- intentionally misstating items or omitting - involves some form of theft

important facts from F/S
 Improper asset valuations  Using a company credit card or car for
 Unrecorded liabilities unauthorized personal use
 Timing differences - bringing forward revenues  Employees remaining on the
recognition, delaying expenses recognition payroll after ceasing employment
 Recording fictitious sales  Unauthorized discounts or refunds to CUs
 Understating expenses  Theft of inventory by EE or CU
 Inappropriate application of accounting principles

Client: responsibility for preventing and detecting fraud

Prevention: use of controls and procedures aimed at avoiding fraud

Detection: use of controls and procedures at uncovering fraud should one occur

Auditor: responsibility to assess risk of fraud and effecti e ess of lie t’s atte pt to p e e t/dete t
fraud through internal controls

Incentives and pressures to commit a fraud

- operation in a highly competitive industry
- a significant decline in demand for products or services
- falling profits
- a threat of takeover
- a threat of bankruptcy
- ongoing losses

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

- rapid growth
- poor cash flows combined with high earnings
- pressure to meet market expectations
- planning to list on a stock exchange
- planning to raise debt or renegotiate a loan
- about to enter into a significant new contract
- a significant proportion of remuneration tied to earnings (that is, bonuses, options)

Opportunities to perpetrate a fraud

- accounts that rely on estimates and judgment
- a high volume of transactions close to year end
- significant adjusting entries and reversals after year end
- significant related party transactions
- poor corporate governance mechanisms
- poor internal controls
- a high turnover of staff
- reliance on complex transactions
- transactions out of character for a business (e.g. if a client leases its motor vehicles it should
not have car registration expenses)

Attitudes and rationalization to justify a fraud

Attitude = ethical beliefs about right and wrong, Rationalization = ability to justify an act
- a poor tone at the top (that is, from senior management)
- the view that implementing an effective internal control structure is not a priority
- an excessive focus on maximization of profits and/or share price
- a poor attitude to compliance with accounting regulations
- rationalization that other companies make the same inappropriate accounting choices

Ber ie Madoff’s $50 illio Po zi s he e

- manager of Ascot Investment
- 1987 – stock market crash, 10-12% investment returns 4.5%
- I e ti e/P essu e: to ai tai etu s, took out i esto s’ apital to pay out edee i g
investors, falsified results
- Oppo tu ities: efused to dis lose ho he ea ed sig ifi a t etu s, i esto s did ’t ask fo i fo
- Rationalization: he believed everyone was greedy
o Claims he warned potential investors his investment choices are risky, lead to losses,
give him more money for larger returns
- 2009 – plead guilty, 150 years in prison

Audit procedures relating to fraud

CAS 240 procedures auditor should perform:

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

1. The auditor should ask management and those charged with governance if they are aware of a
known fraud or suspect there has been a fraud. The results of enquiries should be documented.
2. All members of the audit team should attend a team planning meeting. Review significant fraud
risk factors and where the F/S may be particularly susceptible to fraud.
3. The auditor should perform preliminary analytics to identify any unusual relationships that
may indicate fraud and thus require further investigation
4. The auditor must consider the risk of management override. Mgmt can manipulate records or
override the controls designed to prevent such fraud. Auditor should test a sample of J/E,
review estimates for reasonableness, contemplate the risk of earnings management (particularly
revenue recognition), and examine unusual business txns to ensure that they have substance.

Find fraud?

- Bound by confidentiality, but should seek legal advice to determine if there is a requirement
to report the fraud to an outside 3rd party.
- The auditor may also consider withdrawing from the engagement.
- Must report the fraud to mgmt (level above fraud occurred), report fraud to audit committee

10

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.5 – Going Concern

[CAS 570, p2] The going concern assumption is made when it is believed that a company will remain in
business for the foreseeable future

- Assets: valued that they will continue to be used for purposes of conducting a business
- Liabilities (current/non-current): will pay debts when fall due in years to come
- Management and those charged w/ governance: responsibility to assess going concern
- Auditor: obtain evidence to assess validity of going concern assumption
o If client does not make adjustments to recoverability, then express adverse opinion

Going Concern Risk – indicators

- a significant debt-to-equity ratio
- long-term loans reaching maturity without alternative financing in place
- prolonged losses
- an inability to pay debts when they fall due
- supplier reluctance to provide goods on credit
- the loss of a major market, key customer, franchise, or license
- overreliance on a few customers or suppliers
- high staff turnover
- staff regularly out on strike
- shortage of a key input or raw material
- rapid growth with insufficient planning
- being under investigation for non-compliance with legislation
- falling behind competitors

CAS 570 provides a list of appropriate audit procedures:

- assessment of cash flows – budget, projections

- assessment of revenue and expense items
- assessment of interim financial statements
- review of debt contracts
- review of board and other meetings
- discussions with client management and lawyers
- identification and assessment of mitigating factors

Going Concern Risk – Mitigating factors (reduce risk)

- a letter of guarantee from a parent company
- the availability of non-core assets, which can be sold to provide needed cash, without
interrupting the company's operating capacity
- the ability to raise additional funds through the sale of shares
- the ability to raise additional funds through borrowings
- the ability to sell an unprofitable segment of the business

11

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.6 – Corporate Governance

Corporate governance: the rules, systems, and processes within companies used to guide and control,
manage the business and the affairs of the entity.

- Monitor actions of staff, assess level of risk

- Auditor: concern with safeguarding the integrity in financial reporting.

Board Composition

- The board should have a majority of independent directors.

- The chair of the board should be an independent director.

Meetings of Independent Directors

- The independent directors should hold regularly scheduled meetings at which non-independent
directors and members of management are not in attendance.

Board Mandate

- Written mandate that acknowledges responsibility for the stewardship of the issuer for:
(a) satisfying itself as to the integrity of senior a age e t;
(b) adopting a strategic planning process that takes into account the opportunities and risks
(c) risk identification, risk mitigation
(d) ensuring succession planning;
(e) adopting a communication poli y;
(f) overseeing the internal control and management information systems; and
(g) developing the issuer's approach to corporate governance, including outlining a set of corporate
governance principles and guidelines to be followed.

The written mandate of the board should also set out:

i. establishing methods for receiving feedback from stakeholders histle lo e s ;

ii. setting expectations and responsibilities of directors.

Position Descriptions

- Board should develop job descriptions for Chair of board and Chair of each board committee.

Orientation and Continuing Education

- The board should ensure all new directors receive a comprehensive orientation so they fully
understand their role and the nature and operation of the business.
- The board should provide continuing education opportunities for all directors.

Code of Business Conduct and Ethics

12

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

- to address conflicts of interest, protection and proper use of corporate assets, confidentiality of
corporate information, fair dealing with investors, customers, suppliers, competitors and EE;
compliance with la s, ules a d egulatio s; and reporting of any illegal or unethical behaviour.
- The board should monitor compliance with this code.

CSA’s Corporate Gover a e Guideli es

- At least 3 directors are independent of entity

- Recommend that chair of the board be independent
- BoD not required to participate in day-to-day decision making; but responsible to act in best
interest of corporation
- Written mandate
- Recommended to meet regularly, minutes maintained
- All listed entities have audit committee
o Audit committee: consist of independent board members who are financially literate.
o Responsible for appointing the auditor, overseeing the work of the auditor,
pre-approving all audit and non- audit services, and ensuring that a process is in place to
permit the reporting of weaknesses in internal control.

13

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.7 – Information Technology

IT – Txn initiation, recording, processing, correction as necessary, transfer to GL, compilation of F/S

IT Risks: unauthorized access to computers, software, data; errors in p og a s; la k of a kup; lost data

- insufficient security or poor password protection  data lost/distorted, misstatements in F/S

Errors in computer programming

- can occur if programs are not tested thoroughly

- deliberately changed to include errors
- programming changes not processed on timely basis
o change sale price, update discounts

Ne p og a s off the shelf , e IT syste

- Benefit: tested before

- Risk: ot suited lie t’s eeds o epo ti g e uirements
o Data lost/corrupt when transferring info; does not process data appropriately
o Staff not trained adequately
- Need embedded control to minimize risk of misstatement

Controls used to reduce IT risk to acceptably low level

- General Controls: Policies and procedures that relate to many applications and support the
effective functioning of application controls (CAS 315).
o Procedures for purchasing, changing, and maintaining new computers/software
o Use of passwords and other security measures to minimize unauthorized a ess;
o Procedures to ensure appropriate segregation of duties (e.g. amend/maintain program
v. staff who use it)
- Application controls: manual or automated procedures that typically operate at a business
process level and apply to the processing of transactions by individual applications (CAS 315).
o Ensuring all txns are recorded once, rejected transactions are identified & corrected
o Impact procedures used for data entry, data processing and output, or reporting.
o Include reconciliations between input & output data, automated checks on data
entered to ensure accuracy

Audit strategy: test

Client's general and
those controls, rely on
application controls
client's procedures to
adequate
min. IT risk
Auditor identified IT
risk
Audit strategy: rely on
Client's general and
own tests of txns and
application controls
balances from client's
NOT adequate
IT system

14

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

3.8 – Closing Procedures

Revenue/expense occurred during period; asset/liability relevant; accruals complete; contingent
liabilities accurate and reflect potential future obligations

Auditor: concerned transactions and events recorded in correct accounting period, closing procedures
o e tly applied, F/S a u ately efle t esults of lie t’s losi g p o edu es

- Responsible to ensure client applied procedures appropriately

- Check the accuracy of accrual calculations around year end (documents, confirm)
o look at earnings trends to assess whether the reported income is in line with PY

Canadian Professional Engagement Manual – Risk assessment procedure

Observation and inspection

(a) Business plans, budgets and most recent financial results.

(b) Minutes of directors'/audit committee meetings.
(c) Reports/letters, etc. from regulators or government agencies.
(d) Internet/magazine/newspaper articles on the entity or industry.
(e) Details of actual or threatened litigation including correspondence with external legal counsel.
(f) Significant contracts and agreements.
(g) Communications with staff on changes in entity-level control matters.
(h) Tax assessments and correspondence.

Inquiry

- Management, financial reporting

(a) Business objectives, industry trends, management's assessment of current
and potential risk factors and their planned responses.
(b) Major events or changes that took place during the period. Consider
o economic conditions o ownership
o changes in products/services o organizational structure
o new technologies, o key personnel, bonus plans
o contracts o IT infrastructure or applications
o funding o internal control processes and fi
o operating results nancial reporting
(c) Any instances of alleged, suspected or actual fraud
(d) Any performance bonuses or incentive plans.
(e) The identity of and nature and amount of related party transactions during the period
(f) Any going-concern events or conditions
(g) Transactions, events and conditions that give rise to accounting estimates
(h) Nature, extent and status of litigation/claims against the entity or key personnel.
(i) Whether the entity is in compliance with required filings (tax returns, etc.), declarations and
other regulatory requirements.

15

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)

 lOMoARcPSD|2131964

- Governance board (directors, audit committee)

(a) The composition, mandate and meetings of the board of directors and any audit committee.
(b) Any knowledge of management override, fraud or suspected fraud.
(c) Their opinion on:
•The effectiveness of management oversight.
•The control environment (culture, competence, attitudes, etc.).
•What financial statement areas are susceptible to fraud (Form 512).

Top management
compensation

Minimum profit not Above maximum Between minimum

likely reached profit and maximum profit

Managers: increase
Overaccrual next reduce profit,
accruals (closing increase profit to
year, boost profit, deferring profit and
entries), reduce increase bonus
receive bonus, "shift" bonus to next year
current year profit

16

Distributing prohibited | Downloaded by BA AB (amit.charming@gmail.com)