Anda di halaman 1dari 232

ACCA Paper F8

Audit and Assurance (INT)

December 2011 Exams



Audit framework and regulation


Internal audit


Planning and risk assessment


Internal control


Audit evidence





Examiner and Exam Format

Question 1 Question 2

Question 3

Question 4

Question 5


Application of audit procedures to a scenario Short factual questions on ISAs and other knowledge-based areas



Questions with short practical scenarios covering topics such as: internal audit, risk


assessment, planning, controls, evidence,

conclusions and reporting


Chap 1

Definition of an audit

An audit is the independent examination of the financial statements of an entity by a duly appointed auditor.

Once the examination is done, the auditor provides a report to the

shareholders that the FS show a ture

and fair view.

Objective of an audit

Auditor to state an opinion as to whether the FS:

Give a true and fair view

Are prepared in accordance with applicable frameworks

Types of external audits


Required by law to undertake an audit (all public and large companies)


No legal requirement to do so.

Reasons to undertake a non-

statutory audit

Providing assurance to the owners over financial results

Making accounts more acceptable to tax authorities

Making a sale of the business more easy

Providing assurance to those providing finance to the business

Accountability, stewardship and


Stewardship: someone is responsible of taking care of something on behalf of another person. Ex. directors.

Accountability: people in positions of power can be held to account for their actions.

Agency: where an agent acts on behalf of a principle to perform tasks for them.


If the omission or misstatement of an item




could influence the economic

decision of users, that item is said to be


Errors found by an auditor in the FS could be substantial, influencing the decision of the investors. Hence such an error is known as a material misstatement.

Types of assurance engagements:

The framework permits only 2 types of

assurance engagement:

reasonable assurance engagement) limited assurance engagement)

Reasonable assurance


Auditor gathers sufficient evidence to conclude

that the subject matter agrees in all material

respects to the agreed criteria.

The assurance given is in the form of positive assurance, meaning that in their opinion, the subject has been prepared in accordance with the criteria required.

Reasonable assurance engagements provide high level of assurance.

Reasonable assurance


An example of a reasonable assurance engagement is an audit.

Auditor gives his report in the form of positive assurance

The financial statements have been prepared in accordance with applicable legislation and


Limited assurance engagement

Auditor gathers sufficient appropriate audit evidence to be satisfied that the subject matter is probable in the circumstances.

Report given in the form of negative assurance

Nothing has come to our attention that causes us to believe that the financial statements are not prepared (in all material aspects) in accordance with an applicable financial reporting framework.

Limited assurance engagement

Limited assurance engagements provide moderate assurance.

An example of a limited assurance engagement is a review. A review engagement is undertaken b an auditor using less evidence than required by an audit.

The users of the review report will be those who have

commissioned the review, example banks, and not

the shareholders.

Chap 2

Regulatory environment

International Federation of Accountants:

Serves to strengthen the profession worldwide Serves the public interest, and Promote adherence to high quality standards.

International Auditing and Assurance Standards Board:

Subsidiary of the IFAC and sets International Standards on Auditing.

Duty of auditors

Form an opinion as to whether the FS provide a true and fair view, and prepared in accordance with applicable accounting standards.

Prepare and issue a report.

It is the management of the company who has the responsibility of preparing the FS.

Benefits of statutory audits

Investors more able to rely on the information provided in the FS

Management able to verify that the systems / controls in pace are effective

Management are less likely to undertake fraudulent activities if they know that an audit is to take place

Auditor will highlight any weaknesses in a management letter.

Appointment, resignation and removal


Member of a recognised supervisory board ex ACCA Allowed to act as an auditor by that board


Directly authorised by the state

Appointment, resignation and removal


Resolution at each general meeting (re- appointment not automatic).

Directors pre first GM and to fill casual vacancy.

Appointment, resignation and removal

Exclusions by law

Those involved with the management off a company cannot audit it:

Directors Employees Business partners

Appointment, resignation and removal


Special notice sent to auditor

Auditors can make representations about why they should stay in office.

If resolution passed, company must notify regulatory

authority. Auditors must deposit statement of circumstances at

company’s office + sent to regulatory authority.

Auditors can receive notice and speak at GM where their

term of office would have expired.


Corporate Governance

Corporate governance system by which companies are directed and controlled.

Corporate governance - concerned with matters such as directors responsibilities, board

of directors, audit committee and relationship

with external auditors.

The focal point of corporate governance is to ensure that companies are run in the interests of their shareholders and the wider community.

OECD: Principles of Corporate Governance

Ensuring the basis for an effective corporate governance framework

making sure everyone involved is aware of their individual

responsibilities so no party is in doubt as to what they are accountable for.

The rights of shareholders

management should recognise that they are agents of the

shareholders and act in their interests.

The equitable treatment of shareholders

All shareholders should be treated fairly and in a just manner.

The rights of stakeholders

The corporate governance framework encourage active cooperation

between the entities and stakeholders in creating wealth, jobs and the sustainability of financially sound entities.

OECD: Principles of Corporate Governance

Disclosure and transparency

The corporate governance framework should ensure that timely

and accurate disclosure is made on all material matters regarding the entity, including the financial situation, performance, ownership and governance of the entity.

Responsibility of the board

The corporate governance framework should ensure the strategic guidance of the entity, the effective monitoring of

management by the board, and the board’s accountability to the

entity and its shareholders.

Combined Code of Corporate Governance

The Board Should meet regularly Rigorous/transparent nomination process Directors to submit for re-election Roles of chairman and CEO to be separate Board should establish a sound system of internal control Audit committee should be established Consider the need for internal audit

Corporate governance in action

Segregation of roles

Chairman of the board and CEO must be different people.


Ensures full information and discussion at board meetings Runs the board of directors


Ensures the operational functioning of the company

One person might end up having too much power and decisions might be taken which are not in the best interest of the shareholders.

Corporate governance in action

Audit committees - structure

At least one member should have relevant financial expertise.

At lest 2 NEDs for smaller companies, and 3 for larger ones.

Listed companies should have and audit committee with at least 3 NEDs

Corporate governance in action

Audit committees - role

To improve the quality of financial reporting and increase the confidence of the public in the FS

Assist directors in meeting their responsibilities in respect of financial reporting.

Provide a channel to external auditors to report concerns or issues.

– Review the company’s internal control systems

Strengthen the position of internal audit by providing greater independence from management.

Corporate governance in action

Audit committees - advantages

Provides the internal audit function with an independent reporting mechanism. Without this management may be tempted to hide unfavourable reports.

leaves top management free to manage by providing expertise on financial reporting

Ensures that corporate governance requirements are brought to attention of the board

Ensure that proper internal control systems are maintained.

Communication between directors, external audit and management is facilitated.

Corporate governance in action

Audit committees - disadvantages

Finding NEDs with the necessary expertise may be difficult

Additional costs will be involved

Chap 4



ACCA sets out a code of ethics for members and disciplinary action is taken

against those who fail to uphold them.



The fundamental principles are the following:


Members should be straightforward and honest in all business and professional relationships



Members should not allow bias, conflicts of interest or undue


influence of others to override professional or business


Professional competence and due care

duty to maintain professional knowledge and skill at a level

required to ensure that a client or employer receives competent

professional service




respect the confidentiality of information acquired as a result of professional and business relationships and should not


disclose any such information to third parties without proper or specific authority or unless there is a legal or professional right or duty to disclose

Professional behaviour

Members should comply with relevant laws and regulations and should avoid any action that discredits the profession.

Threats to objectivity

Five potential threats are identified in the

ACCA’s code of ethics. Safeguards are

suggested in order to counter each of the


Threats to objectivity

  • 1. Self interest - when the auditor has either a financial or personal interest in the client. Examples:

Dependence on client

If a client makes up too high a percentage of an auditors income, they

may be afraid of losing the income.

Safeguard If a Listed company makes up more than 10% of a firms income, they should not audit that client. (15% for non listed companies)

Threats to objectivity

  • 1. Self interest Examples:


Lowballing is setting a very low fee either to attract new clients or

ensure further work.

Safeguard Auditors should not set fees in this way, the fee must be based on a pre-determined level of work required.

Threats to objectivity

  • 1. Self interest Examples: Loans, Guarantees and overdue fees If an auditor fears he may not get such items paid back his objectivity may be threatened. In this case significant overdue fees constitute a loan. Safeguard Do not offer loans, guarantees or allow fees to go unpaid for a significant time.

Threats to objectivity

  • 1. Self interest

Other Examples:

Hospitality and Benefits Contingent Fees

Financial or Business interest

Financial interest such as shares etc.

Threats to objectivity

  • 2. Self review threat - if an auditor provides other services to a client such as Tax advice, then the auditor will be reviewing their own work during the course of the audit. Examples:

Accounting Services

If an auditor prepares the accounts it is 100% sure that they will be reviewing their own work. They may be tempted to hide errors to save face.

Safeguard - Auditor must not undertake accounting services for a client is they are a LISTED company.

Threats to objectivity

  • 2. Self review threat Examples:


If the auditor advises on or installs accounting software for a client this will have to be reviewed during the audit.

Safeguard - If the IT system is important to a significant part of the accounting system, the auditor should not design, provide or implement it.

Threats to objectivity

  • 2. Self review threat Examples:

Valuation Services

A valuation made by the auditor could have a material effect on the financial statements.

Safeguard If valuation requires a degree of judgement and have a material effect on the financial statements, then the auditor should not undertake to

provide it.

Threats to objectivity

  • 2. Self review threat Examples:

Valuation Services

A valuation made by the auditor could have a material effect on the financial statements.

Safeguard If valuation requires a degree of judgement and have a material effect on the financial statements, then the auditor should not undertake to

provide it.

Threats to objectivity

  • 2. Self review threat

Other Examples:

Tax Services

Corporate Financial Services Internal Audit Services Former Employee of Client joining Audit Firm

Threats to objectivity

  • 3. Familiarity threat - If the auditor is too familiar with the client, then this may give rise to a familiarity threat. Examples:

Participation in Client Affairs

The auditor may be too familiar with the client and be unwilling to upset them.

Safeguard Auditor cannot be a director, employee or business

partner of client. Cannot be part of team if have been one of these in

the last 2 years.

Threats to objectivity

  • 3. Familiarity threat Examples:

Family/Personal Relationship

An auditor may be unwilling to criticise or upset a family member if

they work for the client.

Safeguard No member of the audit team may have a family member or close personal relation in the client firm.

Threats to objectivity

  • 3. Familiarity threat Examples:

Audit Partners joining client

If a partner joins the client firm this may affect the judgement of the

auditors involved.

Safeguard All links to audit firm severed. Removed from audit team as soon as appointment made. If made director or key management and has worked for auditor in previous two years the audit firm must

resign. (Can be reappointed after 2 yr period is up).

Threats to objectivity

  • 3. Familiarity threat Examples:

Acting as Auditor for prolonged period

If a partner has acted as auditor for a client for too long a period, they

may become complacent or over familiar with them.

Safeguard - If client is listed company engagement partners should act for maximum of 5 yrs with 5 yr break in between rotations.

A Key audit partner must have a break of 2 yrs after a period of 7 yrs

and senior staff on listed audits should also not act for more than 7 yrs. For non-listed clients it is advised that partners act for no longer than 10 years.

Threats to objectivity

  • 4. Advocacy threat - Advocacy threat is where an auditor represents the client or is involved in representing them.


Legal Services

If an auditor provides legal services, they may be perceived to take the same view as the client and therefore lose independence.

Safeguard No legal services to be offered to client or defence in dispute material to the financial statements.

Threats to objectivity




Corporate Financial Services

May be seen to be less than independent if advising on such matters

Safeguard Don’t negotiate on clients behalf with the bank or advise on debt restructuring

Threats to objectivity

  • 5. Intimidation threat

Intimidation threat is simply what it says, i.e. that the auditor feels unable to give an independent opinion for fear of losing the client or upsetting someone. The safeguards will be the same as those outlined above.

Dealing with Threats

The way in which an audit firm should deal with potential threats to independence is to have in place procedures


Identify any potential threats Evaluate what level of risk they pose Check that necessary safeguards are in place Correct any problems if necessary.


Information should only be disclosed by auditors:

If the client has given their consent Under a legal obligation e.g. money laundering, terrorism, drug trafficking If required by regulatory body e.g. FSA Under a court order If in the public interest e.g. environmental pollution.

Engagement letters

• Define auditors’ responsibilities

• Written evidence of auditors’ acceptance

Send to board of directors/or audit committee prior first audit

Identify any reports to be produced in addition to audit report

Update for changes

Engagement letters


Objective of audit

Management responsibilities

Applicable reporting framework

Test nature inherent responsibilities

Unrestricted access to records

Confidentiality of reports



Role of Internal audit

Chap 5

Internal audit

A department within the company which

oversees internal control systems and ensures that procedures are in place to

ensure good corporate governance.

Internal audit

Provides assurance to the board by:

Reporting on and monitoring the effectiveness of internal controls.

Assisting with implementation of required accounting standards.

Ensuring that laid down procedures are being followed.

Liaising with external auditor to reduce time and expense of external audit.

Ensures compliance with OECD Principles.

Internal audit

One of the key concepts surrounding internal audit is the independence of internal audit from management.

Ways to keep internal audit independent are to:

Have them report to an independent committee i.e. the Audit


Ensure that the internal audit function is well regarded by other departments.

Have a ‘whistle blowing’ function for internal audit to report

serious misconduct when found.

Outsourcing of Internal audit


The provider will have specialist staff.

Cost of employing and training full time staff is avoided.

Outsourcing provides an immediate internal audit department.

The time scale is flexible with the contract for the appropriate time.

Independence may be improved.

Audit methodology and technologies will be up to date.


If Internal and External audit are provided by the same firm (prohibited under ethics rules in UK) then there may be a conflict of interest.

Independence may not be ensured by

outsourcing due to threat of management not renewing the contract.

The cost of outsourcing may be so high as to encourage the firm not to have an internal audit function at all.

Lack of understanding of firms culture, objectives and attitudes.

The standard of service provided cannot be controlled.

Blurring of the distinction between internal and external audit function.

Types of Internal audit


Value for Money

Value for money can be broken down into 3 sectors:

Economy: Are goals achieved at a minimum cost (still paying attention to quality)?

Efficiency: Are resources being used to maximise output?

Effectiveness: Are objectives being achieved?

These three areas can be thought of as Input Process Output.

Inputs Economy As cheap as possible given quality

Process Efficiency Perform the process as efficiently as possible

Outputs Effectiveness These match objectives set

Chap 6

ISA 200 Overall Objective of the

Independent Auditor

To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.

Audit risk = the risk that the auditor expresses an inappropriate audit


ISA 200 Overall Objective of the

Independent Auditor

In order for the auditor to reduce audit

risk he identifies the areas which are

more likely to be risky, and then he plans the audit testing accordingly.

The need to plan

  • - required by ISA 300 to plan the audit so that the engagement will be performed in

an effective manner.

- planning will make the audit address salient issues and hence less time is wasted.

  • - ensuring the correct audit team is in place

  • - the team is working efficiently

ISA 300 Audit planning

The audit plan involves a number of


Risk Assessment - the identification of risk will determine the entire audit process

Audit Strategy - The audit strategy sets out the scope, timing and direction of the audit.

ISA 300 Audit planning

The scope of the audit will be determined by the reporting framework applied as well as any industry

specific requirements

The timing of the audit will set out any deadlines applicable and the dates of the interim and final audit visits.

The direction of the audit will be determined by the identification of high risk areas and materiality.

ISA 300 Audit planning

Prevention and detection of fraud is the responsibility of management.

The risk of fraud is important to the auditor because it may lead to a material misstatement.

This will impact the audit strategy in the following ways:

Testing may be focused on the areas in which fraud is suspected.

The auditor may choose not to rely on the representations of management if they are suspected of involvement in fraud.

Materiality may be reduced.

Evidence provided by the client may not be relied upon.

The auditor may have to generate more 3 rd party evidence.

Knowledge of the business - KOB

Auditors are required to obtain an

understanding of their clients, their

business and their internal controls.

The purpose is to identify the risks that the business is exposed to and how these

could lead to a risk of material

misstatement in the financial statements.

Knowledge of the business - KOB

This generally includes:

Industry and regulatory factors; Operations of the entity; Ownership and governance structures; Type of investments it makes; Accounting policies used by the entity; • Entity’s objectives;

Where to get the info from?

Information from the audit firm ex. partner; Information from external sources ex. newspaper; Information from past audits; Information from the client ex. website;

Understanding the entity and its


We are required to:

Make enquiries with management and others within the company;

Analytical procedures; Observation and inspection.

Analytical procedures

Evaluation of financial information, used in:

Planning stage of the audit; Testing stage of the audit; Review stage of the audit;

Analytical procedures

They incorporate the comparison of:

Current and prior year figures; Current and budgeted/forecast figures; Client and industry averages.

Analytical procedures

At the planning stage analytical

procedures are useful to gain an

understanding of the client’s performance

over the last 12 months and to identify any


Chap 7

ISA 320 Materiality

Information is material if its omission or

misstatement could influence the economic decisions of users taken on the

basis of the financial statements.

ISA 320 Materiality

Materiality is important to the auditor

because if a material item is incorrect, the

financial statements will not show a true and fair view.

ISA 320 Materiality

Establishing materiality:

(1) 0.5-1% of turnover

(2) 5-10% of profit before tax (3) 1-2% of total assets

Prevention and detection of fraud

and error

ISA 240 recognises that misstatement in the

financial statements can arise from fraud

or error. The first one being intentional and the latter being unintentional.


Fraud can be split into 2 types:

Fraudulent financial reporting

Misstating the accounts of the company

Misappropriation of assets

Theft of company’s assets

The auditor’s responsibility

Obtaining reasonable assurance that the

financial statements are free from

material misstatement, either due to fraud or error;

Communicate any identification of fraud to management;

The director’s responsibility

Prevent and detect fraud;

Implement an effective system of internal


Chapter 8

Risk assessment

Audit risk

The risk that the auditor expresses an

inappropriate opinion on the financial


Risk assessment

Audit risk:

Inherent risk x control risk x detection risk

Inherent risk

This is the risk related to the nature of

the activities of the company.

Considered in the planning stages of the audit.

Inherent risk




Auditor might be concerned about items being expired



Auditor might be concerned about items becoming out of fashion



Auditor might be concerned about stock becoming obsolete

Control risk

Risk of material misstatement due to

inadequate internal controls within the



Control risk

No segregation of duties

No controls over assets

No controls over IT

Large number of signatories

Detection risk

The work carried out by the auditor does

not uncover a material misstatement that


This may be due to sampling and non- sampling risk

Detection risk

Sampling risk

The risk that the conclusion reached

because of a sample being taken would

differ from the conclusion given had the whole population been tested.

i.e. the sample taken was not correct!!!

Detection risk

Non-sampling risk

The risk that the conclusion reached by the auditor would be incorrect due to factors other

than the sample being taken.


Procedures used

Interpretation of results

Affecting audit risk

Auditor cannot affect inherent risk or control risk as these are internal to the client.

Affecting audit risk

If the auditor assesses both the inherent risk and control risk as being high, he has to make sure that detection risk is low, so as to even out the other results.

Reducing detection risk

Increase amount of tests

Increase sample

Chap 9

Internal Control Systems

Controls set up by the management of a

company to carry out the business of the company in an orderly and efficient manner.

Internal Control Systems

The purpose of internal controls is to help

prevent fraud and errors which would make the accounting information incorrect.

Internal Control Systems

strong controls by the entity


auditor relies on info. produced

Components of an Internal Control


1 - Control activities

Approval and Control of Documents (approval by senior management)

Controls over IT (passwords etc) Reconciliations Arithmetical Accuracy Control Accounts Restricted access to physical assets Compare physical counts with accounting records Segregation of Duties

Components of an Internal Control


2 Risk assessment

Management should be undertaking regular risk assessments to ensure that all risks are identified and mitigated.

Components of an Internal Control


3 Information system

The auditor must ‘obtain an understanding of the information system, including the related business

processes, relevant to financial reporting.’

The auditor must decide what areas of the information

system are relevant to the financial reporting of the entity

and only concentrate on those systems.

Components of an Internal Control


4 Monitoring of controls

Controls may be monitored either by management or by the internal audit function if one exists.

The auditor may be able to rely on some of the work of internal audit, but must first gain an understanding of

how controls are monitored and how effective the

monitoring is.

Components of an Internal Control


5 The control environment

The control environment refers to the framework around which the controls of the organisation operate.

Management attitude will largely determine the nature of the control environment.

Controls over IT systems

(i) General controls

protect the system by restricting access through passwords, usernames etc. Other general controls will include back-up procedures, controls over changes to the system or software, controls to prevent access to sensitive data.

Controls over IT systems

(ii) Application controls

specific control procedures over the accounting applications that are built into the system. They will include checks to ensure the arithmetical accuracy of transactions as well as controls preventing the reversing of transactions

Chapter 10

Internal control and the audit

Tests of control test the systems in place by determining whether the controls over it are sufficient or not. If the control in place is strong, then the auditor is able to place reliance on the information generated by that particular system.

Substantive procedures on the other hand are procedures to gain direct assurance over a figure in the financial statements

Internal control fraud and error

If the auditor decides that the internal controls are strong, this may mean that they may not have to gain less evidence from other sources.

Chapter 11

Specific internal controls - Revenue

Taking orders


Orders should be raised accurately.

The customer should be credit worthy.

Credit limits should not be exceeded.

The company should be able to fulfil the order.


All orders should be in writing from customer or confirmed with customer.

All customers undergo credit checks.

Credit limits should be checked before

accepting an order.

Inventory should be checked before issuing an order.

Specific internal controls - Revenue

Dispatch of goods


All orders should be sent to the warehouse.

The goods required should be in inventory.

The correct goods should be sent to the correct customers.


Order pads or computer generated orders should be sequentially numbered to ensure none go missing.

Goods should be selected from

inventory using the customers’ order.

The order should be authorised and signed when goods selected.

Match GDN with customer order.

Customer signs GDN & returns to company.

GDN recorded and filed with

sequential numbers.

Specific internal controls - Revenue

Raising invoice


An invoice should be raised for all deliveries.

The invoice should be for the correct amount.

Any credit notes should be valid and



GDN sent to invoicing dept. Invoice raised to match and copy attached to GDN and filed sequentially.

Order agreed to GDN. GDN agreed

to invoice.

Invoice agreed to price list.

Above checked and signed by person in authority.

All credit notes allocated and copy attached to invoice to which it relates.

All credit notes authorised by line manager.

Specific internal controls - Revenue

Recording of the sale



All sales should be recorded.

The correct amount

should be recorded for

each sale.

The sale should be recorded against the correct customer.

Review debtors’ ledger for credit

balances where invoices may not have been recorded.

Reconcile the debtors ledger.

Check all entries to invoices

Send out statements to all customers regularly.

Specific internal controls - Revenue

Receipt of payment


All customers should pay the correct amount.

All invoices should be paid.

All receipts should be recorded.

The correct amount should be recorded.

The payment received should

be allocated to the correct customer.

All money banked promptly.


Cash received agreed to invoice.

Review aged listing and investigate old balances.

Chase up old outstanding amounts.

Perform regular bank reconciliations

Lodge cash and cheques to the bank regularly.

Ensure that segregation of duties exists

Review customer statements.

Retention of customer remittance details

Specific internal controls -


Raise requisition and place order


The requisition should be for a valid business reason.

The cost of the requisition should be reasonable.

Items should only be

requisitioned when required.

Orders should be raised for all requisitions.


Line manager authorises all requisitions.

All purchasing is centralised.

Suppliers used are approved.

Inventory levels checked before ordering.

Sequentially pre-numbered requisition pads with order matched to requisition.

Orders confirmed in writing.

Check price is the same as price list being used.

Specific internal controls -


Goods received



For all orders that are made, the

goods are actually received.

The goods should be the correct goods as ordered.

The quality of the goods should

be acceptable.

The quantity of goods received should be as ordered.

All goods received are delivered to one area which is


Records are updated as soon as the goods arrive.

Sequentially numbered purchase order matched to the GRN and checked correct.

Inspect the goods received to ensure quality and quantities.

Sign and authorise GRN

Specific internal controls -


Receipt of invoice



Invoices should be received for all goods received.

All invoices received are for valid purchases.

All invoices have the correct items, quantities and prices.

All invoices should be arithmetically correct.

When goods received a copy of the GRN (sequentially numbered) sent to invoicing dept. and matched to invoice.

Items checked to invoice to ensure validity.

Invoice checked, signed and authorised for payment.

Specific internal controls -


Recording of the purchase



The correct amount should be recorded for all purchases.

All purchases should be recorded.

The transaction should be recorded in the correct supplier account.

All invoices checked and stamped.

All invoices filed away should therefore be stamped.

Suppliers statements should be reconciled regularly

Reconcile purchase ledger control account.

Specific internal controls -


Payment to supplier



All invoices should be paid.

All invoices should be paid on time.

All invoices should be paid only once.

All invoices should be paid at the correct amount.

All payments should be for valid

business expense.

All invoices stamped as paid when done.

Ensure system in place to pay on time to retain credit limits and supplier goodwill.

Ensure stamped invoice is not paid again by keeping separate once paid.

Vouch payment amount to invoice


All invoices should be authorised before payment.

All payments should be authorised.

Specific internal controls - Payroll

Timesheets submitted



All of the sheets or cards should be received.

All sheets or cards should be valid

All of the hours submitted should have been actually worked.

The number of sheets or cards should be counted to ensure the number matched the number of employees.

Access to additional sheets or cards should be restricted.

All sheets and cards should be authorised by line managers.

Specific internal controls - Payroll

Inputting of information



All information should be

input with none missed or omitted.

Information should be input accurately.

No information should

be included twice.

No bogus employees should exist.

Totals should be checked.

Sheets should be signed once input.

No duplicate employees should be possible on the system.

Passwords and usernames should

restrict access to data.

New employees should only be set up on the computer by a senior manager.

Segregation of duties should exist.

Specific internal controls - Payroll

Standing data / date kept for long term inputted


Payments to leavers

should cease once they have left.

The data on the system should be accurate.


Managers should authorise and promptly inform the payroll dept of leavers and joiners.

Regular checks of standing data should be undertaken by senior management.

Forms should be signed to verify leavers/joiners are recorded on the system.

Changes should be authorised by senior member of staff.

Specific internal controls - Payroll

Processing and recording of payroll


The payroll calculations should be correct.

The correct wages, PAYE &

NIC’s should be recorded on the



A sample printed out and checked


System produces report automatically for over/under payments.

Print out signed by clerk to confirm


Senior management review to ensure reasonable.

Specific internal controls - Payroll

Payment made to staff



All staff should receive payment.

No bogus employees should be paid.

The correct amount should be paid to staff.

If cash wages are paid ensure that two people are present when payment is made.

BACS summary should be reviewed

by manager and authorised prior to


List of BACS payments should be reviewed to verify all payments made.

Specific internal controls -


Goods arrive into inventory


All goods should be

protected from theft on arrival.

New deliveries should be kept separate from returns.

Goods received should be of suitable quality.

Inventory should be recorded.

Only inventory ordered should be accepted.


Locations kept secure with access


Separate areas for new deliveries and returns. Goods checked for quality on arrival.

Purchases cycle controls should be in

place. (see above)

Specific internal controls -


Inventory stored until needed


Inventory should be stored safely and securely to ensure

good condition.

Oldest inventory should be used first to prevent obsolescence.

Inventory should be

protected from theft.


Ensure that storage area is weather proof, has fire protection and is at the correct


Ensure inventory system is based on FIFO.

Access to stores should be restricted.

Warehouse should have a single

secured exit.

Specific internal controls -


Materials leave stores to go to production


The correct amount of

inventory should

be sent to the



The correct type

of materials

should be sent.


The production manager should authorise all

requisitions from stores.

Requisition orders should be checked to goods sent out.

Standard quantities of materials could be used.

Specific internal controls -


Finished goods sent to customers


The correct goods should be sent.

Quality should be maintained.

Records should

be updated promptly and accurately.


The same procedures as the sales cycle apply here.

Specific internal controls -


Inventory is counted



The count should be accurate.

Counted areas marked to prevent double counting.

Managers check accuracy by spot counts.

Counting done in pairs.

Employees don’t count areas

they are responsible for.

Count sheets sequentially


Controls over inventory arrivals during the count.

Specific internal controls - Cash

Cash amounts should be safeguarded


Cash should be locked in safe.

Access to cash restricted.

Security movements for large amounts.





Perform surprise cash count. Ensure only authorised staff have access to cash. Check sequential numbering of cash receipts.

Check mail is opened by two members of staff to reduce

the chance of fraud.

Specific internal controls - Cash

Cash held at premises is kept to a minimum


Cash should be banked regularly.

Cash balances in tills should be emptied regularly


Check all cash lodged intact to bank regularly.

All lodgements are authorised.

Examine bank reconciliations and ensure regularly performed.

Investigate old outstanding


Specific internal controls - Cash

Withdrawals authorised



Limited number of authorised signatories.

Banking online should have restricted access.

Cheques should not be signed in advance.

Cheque books should be

kept under lock and key.

Cheque book should be reviewed to ensure no cheques are missing and no cheques are signed in advance.

Verify that cash payments are arithmetically correct.

Direct debits should be consistent and authorised.

Petty cash balances should be counted

and checks made that controls are in

place over petty cash.

Chapter 12

Reporting control weaknesses

If management are interested, the auditor can also offer to provide what is called a MANAGEMENT LETTER whereby weaknesses in the controls of the company are highlighted.

Reporting control weaknesses

The weaknesses highlighted in this letter

are those found during the audit testing

and not necessarily all the weaknesses in the controls of the company.

Reporting control weaknesses

It should be highlighted that:

The list only includes weaknesses that came to light

during the audit The report is for the sole use of the company

No disclosure should be made to 3 rd parties without prior notification to the auditor

No responsibility is assumed to other parties.

Reporting control weaknesses

the structure of the report will be as follows:





Chapter 13

Audit evidence

ISA 500 mentions that different

assertions apply to different figures in

the financial statements. These different figures include:

Transactions and events Account balance Presentation and disclosure

Transactions and events

Mainly, figures relating to transactions and

events relate to entries which are reflected

in the statement of comprehensive income / income statement.

Account balance

Items found in the balance sheet

Presentation and Disclosure

The notes to the accounts, which

incorporate how the financial statements

have been presented and items disclosed.

Transactions and events

COMPLETENESS: all transactions that should have been recorded, have been recorded.

OCCURRENCE: transactions which have been recorded, have occurred and pertain to the company.

CUT-OFF: transactions have been accounted for in the proper accounting period

CLASSIFICATION: transactions have been recorded in the proper accounts

ACCURACY: transactions have been recorded appropriately

Account Balance

COMPLETENESS: all assets, liabilities and equity that should have been recorded, have been recorded.

EXISTENCE: assets, liabilities and equity really exist


a right over the asset and the obligation over the liability

VALUATION: assets, liabilities and equity are correctly valued in the financial statements

Presentation and Disclosure

COMPLETENESS: all disclosures that should have been disclosed, have been disclosed.

OCCURRENCE: disclosed events have been recorded and pertain to the entity

CLASSIFICATION: disclosures are appropriately presented and expressed.

ACCURACY: disclosures have been disclosed appropriately

How to test these assertions.


OBSERVATION observation of events like mail opening, stocktake etc

ENQUIRY asking management, accountant, staff.

CONFIRMATION contacting third parties

RECALCULATION example depreciation, accruals.

RE-PERFORMANCE redo procedures like stock take, reconciliations

ANALYTICAL PROCEDURES comparing the figures.

How to test these assertions


Inspection of records

Analytical review



How to test these assertions


Inspection of records


How to test these assertions


Inspection of records



How to test these assertions


Inspection of assets


How to test these assertions


Inspection of records

Inspection of assets


How to test these assertions


Re performance

Analytical review


Chapter 14

Audit evidence

ISA 500 states that ..

The objective of the auditor is to design and

perform audit procedures in such a way to enable the auditor to obtain sufficient

appropriate audit evidence to be able to draw reasonable conclusions

Audit evidence


There must be ENOUGH evidence to support the auditor’s

opinion. Determining whether evidence is sufficient depends on:

Risk of material misstatement

Results of tests of controls

Size of population being tested

Size of sample selected

Quality of evidence obtained

Audit evidence


This is made up of:

Reliability of evidence

Relevance of evidence


Evidence is considered reliable when:

It is obtained from independent sources Generated internally but subject to effective internal control Obtained directly by the auditor In documented form In original form


To be relevant, audit evidence has to

address the objective of the procedure.

Accounting estimates

Characteristics of accounting estimates:

Confirmation of estimates is difficult Prone to inaccuracy No physical evidence Prone to management bias

Accounting estimates

The auditor must obtain an understanding


• Management’s assessment of the estimates How the estimate is actually done

Not for profit organisations

Properties of a not for profit organisation:

Lower risk activity is relatively simple

Direct control by owners persons coming up with the idea of an NFP are the ones who have total control

Simpler systems

Not for profit organisations

Evidence implications:

Same auditing rules apply

Quantity of evidence may be well less than for a larger


It may be more efficient to carry out 100% testing ie no


Not for profit organisations


Management override

No segregation of duties

Less formal approach

Not for profit organisations

Differences from privately owned entities


Do not have profit maximisation as their main objective

Do not have external shareholders

Will not distribute dividends

Not for profit organisations

Problems auditing NFP’s

Weaker systems due to:

Lack of segregation of duties Use of volunteers Less formalised systems and controls

Income received by way of donation

Assessing going concern may be difficult

Opening balances and comparative


When taking on new clients, the auditor must ensure that:

Opening balances are correct

Prior period closing balances have been brought forward


Appropriate accounting policies been consistently used

or changes appropriately disclosed.

Opening balances and comparative


Audit procedures:

Consult client’s management

Reviewing documentation of prior period

Consulting previous auditor and reviewing his working papers

Substantive testing if all the above are unsatisfactory

Chapter 15

Audit sampling


Audit sampling

Substantive procedures are carried out on samples of

the transactions making up a figure in the financial statements.

The amount of substantive testing can be varied depending on the size of the sample being chosen.

Due to the auditor choosing a SAMPLE he cannot give ABSOLUTE ASSURANCE.

Ways to extract a sample

(i)Statistical sampling

(ii)Non-Statistical sampling

Statistical sampling

An approach to sampling that uses:

Random selection of samples; and Probability theory to evaluate the results

Considerations when designing a


The purpose of the procedure Combination of procedures being performed Nature of evidence sought Possible misstatements

Types of samples

Random selection: use of random number tables

Systematic selection: sampling interval used

Monetary unit sample: selecting sample based on the


Haphazard selection: no structured technique but one avoids bias

Block selection: involves selecting a block of items which are next to each other in the population.

Non-Statistical sampling

Judgement is used to select items to be tested. This usually leads to focusing on higher value items.

Chapter 16

Audit documentation

Imp things to note:

  • 1. If the working papers do not exist, then the auditor will be unable to prove how and why the opinion expressed was arrived at.

  • 2. Working papers should provide evidence that a qualified practitioner could easily follow and report the same conclusions.

  • 3. Unclear working papers are USELESS.

Audit file structure

Planning stage:

  • 1. Risk assessment.

  • 2. Materiality.

  • 3. Knowledge of the business.

  • 4. Use of any experts.

  • 5. Composition of the audit team.

  • 6. Timing.

  • 7. Reporting (does the client form part of a group of companies to which we must report?)

Audit file structure


  • 1. Property plant and equipment

  • 2. Intangible assets

  • 3. Receivables

  • 4. Cash

  • 5. Payables

  • 6. Share capital

  • 7. Etc….work carried out on the specific sections which we ll be auditing. Each section will contain its lead schedule

Audit file structure

Completion and review:

  • 1. Final analytical review

  • 2. Documentation of issues found

  • 3. Subsequent events

  • 4. Specific topic questions

  • 5. etc

The lead schedule

Components of a lead schedule

  • 1. Title: client name / year end / ‘prepared by’ section / subject

  • 2. Prior year figures

  • 3. References

Chapter 17

Analytical Procedures

Used to highlight unusual figures in order to

focus the audit on them or to establish that

a trend has continued.

Analytical Procedures

compulsory at the planning and final stage

of the audit. Also an effective tool for

gathering evidence throughout the audit.

Analytical Procedures

Profitability Ratios

Gross margin (gross profit/sales)100

Net margin (net profit/sales)100

ROCE (profit before interest and tax / share capital + reserves + borrowings)

Analytical Procedures

Liquidity Ratios

Receivables days (receivables/sales)365

Payables days (payables/purchases)365

Inventory days (inventory/cost of sales)365

Current ratio (current assets/current liabilities)

Quick ratio (current assets inventory/current liabilities)

Analytical Procedures

Whether or not to rely on analytical procedures:

Suitability not suitable for every assertion

Reliability auditor may only rely on data generated from a system with strong controls

Degree of precision some figures will not have a recognisable trend over time or be comparable

Acceptable variation variations having an immaterial impact on the financial statements will not hold as much interest to the auditor as those that do

Chapter 18

Auditing specific items

Questions in the exam will focus on a scenario with the audit of specific items.

For this section of the exam paper, the approach to such a question should focus on three things:

What are the assertions for the item in the question.

What procedures should be carried out to test the balance?

Always relate these steps to the scenario in the question a list of procedures not relevant to the scenario will not get any marks!





Tangible Non Current Assets

Tangible Non Current Assets

Non Current Liabilities

Non Current Liabilities

Bank and Cash

Bank and Cash



Chapter 19


ISA 600 deals with the use of the work of an expert by the auditor.

The auditor may not have the expertise to make judgements on all aspects

of a clients’ business and may seek help in the form of an expert. Examples of this are specialist inventory, property valuation and complex work in progress.

If the auditor chooses to rely on the work of an expert, they must ensure that the expert is independent and sufficiently competent.


The auditor will decide whether the expert is competent based on their qualifications and their experience.

If an expert in the inventory of the entity being audited is consulted on valuation of inventory, but works for a subsidiary of the entity then the auditor may consider them to be not sufficiently independent.

The auditor should make no reference to the use of the work of others in the audit report. It is the auditors’ opinion in the report and the work of others is simply one type of evidence that may be used, if sufficient and reliable, to come to that opinion.


ISA 610 sets out the considerations the auditor must make before relying on work carried out by internal audit.

The auditor should consider:

Whether the internal audit staff are sufficiently independent to retain objectivity.

The qualifications and technical competence of the internal audit staff.

The professionalism of the staff and the standing of internal audit within the organisation.

Are internal audit constrained in any way by management?


If these considerations are fulfilled the auditor may assess the reliability of the work carried out by internal audit by ensuring:

Internal audit working papers are well documented hand have been reviewed.

Evidence gained by internal audit is sufficient and appropriate.

Any conclusions drawn are reasonable and valid.

Management have acted on recommendations made by internal audit.

Chapter 20

Computer assisted audit







  • 1. To run client data to check for errors

  • 2. To extract samples

  • 3. Check calculations

  • 4. Produce reports

  • 5. Match transactions

  • 6. Create test data, input it in the client’s system and compare the result to what was expected (auditing around the computer input vs output).

Chapter 21

Subsequent events and going


During the audit it is likely that the auditor will come across errors in the FS. The auditor should keep a record of these and report to management.

The auditor will not be concerned with immaterial errors, however, individual immaterial errors could aggregate to amount to a material misstatements.

Also, there might be material misstatements.

Subsequent events and going


If management amend material errors, then the auditor

will issue an unqualified report.

If management do not amend the errors then a qualified report will be issued.

Subsequent events and going


Between the year end and the date

of signing the audit report, the auditor has an active duty to search for all material events.

Subsequent events and going


Between the date of signing the

audit report and the date of issue

(usually AGM date), this turns to a passive duty.

Subsequent events and going


Subsequent events review

Review of post year end management accounts

Review of post year end board minutes


Adjusting vs non-adjusting


Adjusting vs non-adjusting events Adjusting events Provide additional evidence relating to conditions existing at the balance

Adjusting events

Provide additional evidence relating to conditions existing at the balance sheet date.

Example: a debtor going bankrupt after year end.

Adjusting vs non-adjusting


Adjusting vs non-adjusting events Non-adjusting events Events taking place after balance sheet date but do not

Non-adjusting events

Events taking place after balance sheet date but do not fall under the definition of adjusting events.

Example: fire destroying inventory after balance

sheet date.

Subsequent events

A question on subsequent events will usually involve a scenario with events which you must decide are adjusting or non-adjusting













Going concern review

Consider economic conditions of the industry in which the company is operating

Contact providers of finance to the business to

ensure they are happy to continue to do so.

Assess management’s intentions of the future.

Review any budgets

Chapter 22

Management representations

The auditor may ask management to confirm in writing certain issues which arose during the audit.

There are specific and non-specific items to be included in the management representation letter.

Specific items: those required by ISA’s

Non-specific items: items relevant to that particular

audit. Ex. No evidence was available on specific

elements of the FS.

Chapter 23

Audit reports

ISA 700 sets out the elements /contents of an audit report. They are:


Identifies the report as an ‘Independent Auditors Report’


The shareholders i.e. for whom the report is produced.

Introductory Paragraph

Sets out which pages in the report have been subject to audit and which have not.

Statement of responsibilities of management

Management have prepared financial statements in accordance with GAAP and representing a true and fair view. Application of accounting policies and estimates as well as responsibilities for systems and controls.

Statement of responsibilities of auditor

The audit was planned and assessed the risk of material misstatement considering internal controls and obtaining sufficient appropriate evidence. That the auditor will express an opinion.

Audit reports

Scope Paragraph

Standards under which the audit was conducted, the processes and the test basis as well as the appropriateness of policies and disclosures.


Do the statements present a true and fair view? Are they prepared according to applicable GAAP and legislation?

Auditors signature

Auditor or firm is registered and authorised to conduct the audit.

Date of the Report Signed after approved by directors on the same day.

Auditors address

le on specific elements of the FS.

Audit reports

If the auditor disagrees with some aspect of the financial statements or

is unable to state that they provide a true and fair view, then a

modified audit report will be issued.

There are two types of modified audit report:

An unqualified audit report with an ‘emphasis of matter paragraph’

A qualified audit report.

Emphasis of matter

If the auditor wishes to draw attention to a particular matter, but agrees

with the financial statements an ‘emphasis of matter’ paragraph will be

included in the audit report.

The matter referred to will be fully disclosed in the accounts and the

auditor is simply drawing the users’ attention to it.

The paragraph will make it clear that the opinion is not qualified and will be given a separate heading after the opinion paragraph.

Qualified Reports

There are two reasons that an auditor may qualify an audit report:


Limitation of scope


A qualified report for the reason of disagreement will be issued if the auditor disagrees with the application of accounting policies, the

policies used, treatment of a particular item or the adequacy of


The disagreement can be such that it is either:


Material and pervasive


A material disagreement will mean that the auditor agrees with the rest of the financial statements, but disagrees with that particular

element of them.

In this situation the auditor will qualify the audit with an ‘except forparagraph i.e. In our opinion, except for the effect on the financial

statements of the matter referred to in the preceding paragraph, the

financial statements give a true and fair view,

Material and pervasive

A disagreement which is material and pervasive is of such

significance that the financial statements do not give a true and fair


In such a situation an adverse opinion is issued i.e. the financial statements do not give a true and fair view.

Limitation of scope

If the auditor is unable to form an opinion, then the report will be qualified for limitation of scope.

Limitation of scope will be due to being unable to obtain sufficient evidence which should have been available.

A material limitation of scope will mean that the auditor agrees with the rest of the financial statements, but is unable to agree with that particular element of them.

In this situation the auditor will qualify the audit with an ‘except forparagraph i.e. In our opinion, except for the matter referred to in the preceding paragraph, the financial statements give a true and fair view,

Limitation of scope

A limitation of scope which is material and pervasive is of such significance that auditor is unable to state whether the financial

statements give a true and fair view.

In such a situation a disclaimer of opinion is issued i.e. the auditors do not express an opinion on the financial statements.