AUE2602 EXAM PACK 2023

Exam pack memo aue Auditing Theory and Practice (University of South Africa) lOMoARcPSD| 1 Assignment 1 is compulsory and due 21 st August 09 (study guide topics 1 3 4) - counts towards final module mark Assignment 2 is compulsory and due 25 th September 09 (study guide topic 5) - counts towards final module mark Assignment 3 is NOT compulsory and doesn't count towards final mark 3 self assessment Exam = 2 hours, consisting of : 70% - questions at Level 1 (knowledge and comprehension) 30% - questions at Level 2 (application) INTRODUCTION TO AUDITING THEORY & AUDIT PRACTICE PART A 3 INTRODUCTION TO AUDITING THEORY Study Topic 2 (text book pg 1/2) 2.1 The need for Auditing Services Jackson & Stent Chapter 1 ISA 200 3 Objectives and general principles governing an audit ISA 610 International Framework for Assurance Engagements External auditors 3 express an independent opinion if the AFS9s of a company fairly present the financial position and results of the company9s operations. NOT an employee of the company. Basically enhances the degree of confidence which users of the financial statements will have of the information they received from the financial statements. Internal auditors 3 perform independent assignments on behalf of senior management of the company 3 normally to evaluate the efficiency, economy and effectiveness of the company9s internal control systems and business activities. Enhances management9s degree of confidence that the company9s systems are functioning as intended. Employee of the company, but should be independent of the department, division or subsidiary which they are auditing. Government auditors 3 evaluate and investigate the financial affairs of government departments and report their findings to senior government therefore increasing the degree of confidence which they have in their departments. Employee of the government, but must be independent of the government department they are auditing. Forensic auditors 3 concentrate on investigating and gathering evidence where there has been alleged financial mismanagement, theft or fraud. Work independent of the entity under investigation and increases the degree of confidence the investigating body has in the evidence which is presented. Page 1 11 lOMoARcPSD| 2 Special purpose auditors 3 specialise in a particular field such as environmental auditors and VAT auditors. Enhance the confidence people have in the correctness= of the information that is being presented. MUST BE INDEPENDENT OF THE ENTITY BEING AUDITED. Auditor required to observe the fundamental ethical principles of : · integrity (straightforward, honest, moral) · objectivity (impartial, fair, non-biased and non-prejudicial) · professional competence and due care 3 maintaining professional knowledge and skill at the required level and performing work diligently · professional behavior 3 comply with laws and regulations and avoid action which discredits the profession · confidentiality 3 respecting the confidentiality of client information. Financial reporting system is the entire process by which the management of a business entity compiles and discloses financial information concerning their financial position and the results of the entity9s operations. All this information is communicated to external parties in the entities financial statement at the end of each accounting period and the financial reporting process must address the needs of users of the financial information (investors, lenders, suppliers and employees). Information must be understandable, relevant, and reliable and prepared on a basis that is comparable with that used by other business entities. Objective of financial statements = to provide information about the financial position, performance and changes in financial position of an enterprise that is useful to a wide range of users in making economic decisions. (From the conceptual accounting framework in the International Standard 3 IAS). Auditing vs. accounting : Management responsibility to prepare the financial statements in accordance to International Financial Reporting Standards (IFRS9s) and also to : · maintain an appropriate accounting system and · design and implement adequate internal controls to ensure the reliability and integrity of the accounting system Accounting = the series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Auditing = examining audit evidence to find sufficient evidential matter to support the comments of management contained in the financial statements, in order to express an opinion in the auditor9s report as to whether or not the financial statements fairly present the affairs of the entity in accordance with International Financial Reporting Standards and the relevant statutory requirements. AUDITOR THEREFORE EXPRESSES AN OPINION ON MANAGEMENT9S FINANCIAL STATEMENTS. Engagement of auditing can either be because of statutory requirements (e.g. companies) or on a voluntary basis : Statutory audits 3 audits required in terms of an Act 3 e.g. Companies Act which state that all companies must be audited on an annual basis. These acts normally spell out the statutory duties and responsibilities of the auditor. Non-statutory audits 3 audits that are requested by clients but are not obligatory in terms of legislation 3 e.g. if member wants audit of a CC. Either engaged for : Audits 3 auditing engagements Related services 3 review engagements or engagements where agreed-upon procedures are carried out and compilation engagements. Objective of : Audit engagement 3 to enable the auditor to express an opinion as to whether the financials statement are prepared (in all material respects) in accordance with an applicable financial reporting framework Review engagement 3 to enable the auditor to state whether or not anything has come to the auditor's attention that causes the auditor to believe that the financial statements are not prepared (in all material respects) in accordance with an identified financial reporting framework. A review engagement is conducted on the basis of procedures that do not provide all the evidence that would be required in an audit. Agreed-upon-procedures engagement 3 for the auditor to carry out procedures of an audit nature to which the auditor and the entity and any appropriate 3 rd parties have agreed and to report on the factual findings Compilation engagement 3 to use accounting expertise as opposed to auditing expertise to collect, classify and summarise financial information. OBJECTIVE OF A FINANCIAL AUDIT (AUDIT OF FINANCIAL STATEMENTS) 3 to provide users of the financial statements of companies with a high degree of assurance about the creditability of the assertions made by the management of the company in its financial statements. The assurance is in the form of an expression of an opinion in the auditor9s report as to whether or not the financial statements are a fair presentation of the company9s operating activities. The determination of fair presentation relates to the financial statements taken as a whole. Fair presentation is determined based on the auditor reporting on the information on the financial position (balance sheet), performance (income statement) and any changes in the financial position of the company (cash flow statement). Page 2 22 Downloaded by Thomas Mboya () lOMoARcPSD| 3 ISA 200 3 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS Auditor must comply with relevant ethical requirements relating to audit engagements. Audit must be conducted in accordance with International Standards on Auditing, but will also have to comply with other professional, legal or regulatory requirements - ISA9s do not override local laws and regulations. Auditor should also plan and perform an audit with an attitude of professional skepticism realising that there may be circumstances resulting in the financial statements being materially misstated. Auditor conducting an audit in accordance with ISA9s has reasonable assurance that the financial statements taken as a whole are free from material misstatement (due to fraud or error). Reasonable assurance allows the auditor to conclude that there are no material misstatements in the financial statements taken as a whole. Management is responsible for identifying risks to the business however the auditor is only concerned with risks that may effect the financial statements. Audit risk = the risk that an auditor may express an inappropriate audit opinion when the financial statements are materially misstated (risk of material misstatement). Detection risk = the risk that the auditor will not detect misstatement of the financial statements. The auditor performs audit procedures to assess the risk of material misstatement and sees to limit detection risk by performing further audit procedures based on that assessment. Risk is a function of the effectiveness of an audit procedure and its application by the auditor and can never be reduced to zero because the auditor never examines the full class of transactions, account balances or disclosure or other factors (e.g. auditor may select an inappropriate audit procedure, misapply an appropriate audit procedure or misinterpret the audit results.) Can normally be addressed through adequate planning, proper assignment of personnel of the engagement team, application of professional skepticism and supervision and review of the audit work performed. Relates to the nature, timing and extent of the auditor9s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. FOR GIVEN LEVEL OF AUDIT RISK - THE ACCEPTABLE LEVEL OF DETECTION RISK BEARS AN INVERSE RELATIONSHIP WITH THE RISK OF MATERIAL MISSTATEMENT AT THE ASSERTION LEVEL, so the greater the risk of material misstatement that the auditor believes exists, the less the detection risk that can be accepted AND the less risk of material misstatement the auditor believes exists, the greater the detection risk that can be accepted. The audit should be planned and preformed to reduce audit risk to an acceptably low level, by designing and performing audit procedures to obtain sufficient appropriate audit evidence to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance is obtained when the auditor has reduced audit risk to an acceptably low level. The auditor is concerned with material misstatements and isn9t responsible for detecting misstatements that are not material to the financials as a whole. Auditor must consider risk of material misstatements on two levels : · overall financial statement level 3 refers to risks of material misstatement relating pervasively to the financial statements as a whole and that potentially affect many assertions. These risks often relate to the entity9s control environment (e.g. management9s override of internal controls) but could also be declining economic conditions, but are mainly relevant due to the risk of material misstatement arising from fraud. Auditor must use knowledge, skill and ability of personnel assigned significant engagement responsibilities, appropriate levels of supervision and if there is any event or condition that may cast significant doubt on the entity9s ability to continue as a going concern. · in relation to classes of transactions, account balances and disclosures and related assertions 3 assists in determining the nature, timing and extent of further audit procedures at the assertion level. Auditor must have sufficient appropriate audit evidence at class of transactions, account balance and disclosure level so that the auditor at completion of the audit can express an opinion on the financial statements taken as a whole at an acceptably low level of audit risk (can use a model that expresses the general relationship of the components of audit risk in mathematical terms to arrive at an appropriate level of detection risk). Risk of material misstatement at the assertion level consists of : · inherent risk = susceptibility of an assertion to a misstatement that could be material (either alone or in total with other misstatements) assuming that there are no related controls. Greater in some assertions and related classes of transactions, account balances and disclosure (e.g. complex calculations are more likely to be misstated then simple calculations, and accounts estimates subject to significant measurement uncertainly pose greater risks then accounts that have relatively routine factual data.) External circumstances giving rise to business risks can also influence inherent risk (e.g. technological developments can made a product obsolete therefore causing inventory to be susceptible to overstatement). Factors in the entity and its environment can also influence the inherent risk related to a specific assertion (e.g. lack of sufficient working capital to continue operations or declining industry characterised by a large number of business failures.) · control risk = risk that misstatement could occur in an assertion that could be material, either individually or in total with other misstatements, and will not be prevented or detected an corrected by the entity9s internal control system. Some risk will always exist because of the inherent limitations of internal control 3 and control risk is a function of the effectiveness of the design and operation of internal control in achieving the entity9s objectives relevant to the preparation of the financials. Inherent and control risks are risks of the entity 3 they exist independently from the audit of financials. The auditor is required to assess the risk of material misstatement at the assertion level as a basis for further audit procedures, but that assessment is a judgment rather then a precise measurement of risk. The assessment of the risk of material misstatement can be expressed in quantitive terms (e.g. percentages) or in non-quantitive terms. Page 3 33 Downloaded by Thomas Mboya () lOMoARcPSD| 4 Auditor9s responsibility = forming and expressing an opinion on the financial statements Management responsibility = preparing and presenting the financial statements in accordance with the applicable financial reporting framework. Must identify that framework and must : · design, implement and maintain internal controls that are free from material misstatement (from either fraud or error) · select and apply appropriate accounting policies · make accounting estimates that are reasonable in the circumstances Financial statements = structured representation of the financial information which are derived from accounting records and are intended to communicate the entity9s economic resources or obligations at a point in time (or changes therein) for a period of time in accordance with a financial reporting framework, normally including notes. FOLLOWING MIGHT NOT YET BE APPLICABLE (ISA notes say to be implemented at future date) : auditor should determine if the financial reporting framework that management has used in preparing the financial statements is acceptable. Acceptable financial reporting frameworks for general purpose financial statements normally show : · relevance · completeness · reliability · neutrality · understandability If auditor makes comparison of the entity9s financials against the requirements of an existing framework and differences are identified, then must consider the reasons for the difference and if the application of the accounting convention could result in misleading financials. If auditor decides that the framework used by management is not acceptable 3 then must consider the implications in relation to engagement acceptance and the auditor9s report. Expressing an opinion on the financials 3 refer to ISA 700 (revised), 701 and 800 when expressing an opinion, but ISA is only effective for audits of financials on or after 15 th December 2005! Amendment to ISA 200 states that auditor can (in exceptional circumstances) depart from a basic principle or an essential procedure in order to achieve the objective of the audit. In that case the auditor may still represent compliance with ISA9s provided the departure is appropriately documented. Advantages of audit of financial statements 3 assures the creditability of the financial statements to various users such as: · banks and loan giving companies · SARS for tax collection · investors who base investment decisions on auditing info · employers relying on audited info when taking decisions affecting employee benefits · creditors for decisions regarding the extending of trade credit · settlement of claims e.g. insurance claims Audit helps auditor to advise the company on : · improvements to the accounting system if necessary · ways of increasing efficiency and profits Auditors offer either assurance engagement or non-assurance engagement services : Assurance engagements In terms of International Framework for Assurance Engagementsan assurance engagement is where a professional accountant (auditor) expresses a conclusion that will enhance the degree of confidence in the intended users about the outcome of the evaluation or measurement of subject matter against the criteria. i.e. the registered auditor assures the shareholders that the directors responsible for the AFS9s have compiled accurate results of operations and that the financial position of the company complies with the International Financial Reporting Standards. · audit of financial statements 3 assurance engagements 3 registered auditor gathers sufficient appropriate evidence to pass an opinion on whether the directors have applied the International Financial Framework appropriately in present fairly the financial position, performance and cash flow of the company for the financial year · other assurance engagements : Ø to report on the effectiveness of a client9s internal control system (must measure against the criteria) Ø to report on whether the client is complying with the requirements of the Sarbannes-Oxley Act 2002 relating to corporate governance Non-assurance engagement Any other engagements that don9t meet the definition of an assurance engagement 3 e.g. might not be a 3 rd party involved or there may not be any suitable criteria (benchmarks) against which to measure the subject matter of the engagement. So therefore the auditor will not express an opinion or comment on the subject matter of the engagement. Reasonable assurance 3 auditor doesn9t certify or confirm the absolute correctness of financial information, instead expresses an opinion on its fair presentation (cos audit is to provide reasonable assurance that the financial statements taken as a whole are free of material misstatement NOT that they are 100% correct. Page 4 44 Downloaded by Thomas Mboya () lOMoARcPSD| 5 ISA 3 Objective and General Principals provides list of factors : · use of testing 3 auditor cannot examine every single transaction in the business so does test check= (check a sample of transactions and balances). Obviously If has only test checked then can9t say that everything is 100% correct cos hasn9t tested everything. · inherent limitations of account and internal control systems 3 auditor has to rely on the client9s systems to provide financial information and these systems will have limitations which may result in failure to detect errors or frauds (so information that auditor is using to supply an opinion may be flawed.) · audit evidence is usually persuasive rather then conclusive 3 auditor can only be persuaded= that an event or transaction took place by looking at the documents or information that management provides. Didn9t actually witness the event · subjectivity in the financial statements and in the auditor9s approach to the audit 3 many account balances in the financials contain balances which are subjective (fixed) and many current assets are affected by estimates (subjective) of depreciation impairment, stock obsolescence and bad debts. Cos impossible for auditor to know which debtors will not pay or which stock will become obsolete so the auditor9s decisions as to which type of tests and the timing and extend of those tests will all be subjective 3 i.e. one auditor will not necessarily conduct the audit in the same way as another auditor. Assurance engagements broken up into : · reasonable assurance 3 objective is reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioner9s conclusion · limited assurance engagements 3 objective is reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where the risk is great then for a reasonable assurance engagement as the basis for a negative form of expression of the practitioner9s conclusion. Differences between reasonable assurance engagements and limited assurance engagements Reasonable Assurance Engagements Limited Assurance Engagements Objective Reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioner9s conclusion Reduction in the assurance engagement risk to a level that is acceptable in the circumstance of the engagement, but where the risk is greater then for a reasonable assurance engagement as the basis for a negative form of expressing of the practitioner9s conclusion Evidence gathering procedures Sufficient appropriate evidence obtained as part of a systematic engagement process including : · obtaining understanding of the engagement circumstances · assessing the risks · responding to the assessed risks · performing further procedures using combination of : Ø inspection Ø observation Ø confirmation Ø recalculation Ø re-performance Ø analytical procedures Ø inquiry using substantive procedures including corroborating information and tests of the operating effectiveness of controls if necessary · evaluating the evidence obtained Sufficient appropriate evidence is obtained as part of a systematic engagement process that includes obtaining an understanding of the subject matter and other engagement circumstances, but in which procedures are deliberately limited relative to a reasonable assurance engagement Assurance report Description of the engagement circumstances and a positive form of expression of the conclusion Description of the engagement circumstances and a negative form of expression of the conclusion Read International Framework for Assurance Engagements Elements of an Assurance Engagement pgs 287-300 for definitions and information on the following elements : · three party relationship (practitioner, responsible part and intended users) · subject matter · criteria (benchmarks with relevance, completeness, reliability, neutrality and understandability) · evidence (taking into account professional skepticism, sufficiency and appropriateness of evidence, materiality, assurance engagement risk, nature and timing and extent of evidence-gathering procedures and quantity and quality of available evidence) · assurance report Page 5 55 Downloaded by Thomas Mboya () lOMoARcPSD| 6 Audit therefore provides REASONABLE assurance that the financial statements taken as a whole are free from material misstatement, but cannot provide ABSOLUTE assurance that the financial statements are free from any misstatements. Always limitations on an audit cos of : · use of testing / sampling · inherent limitations of any accounting and internal control system · audit evidence is often persuasive rather then conclusive · auditor9s work is governed by his judgment, especially regarding : Ø gathering of audit evidence (nature, extent and timing of audit procedures) Ø drawing of conclusions based on the audit evidence gathered · other limitations that can affect the persuasive force of available evidence 3 e.g. transactions between related parties. Auditing postulates (auditing basis of thinking or starting point of auditing) : · no conflict of interest between the auditor and management / employees of the entity being audited 3 so everyone wants the audit to prove that the financial statement are a fair presentation, but that if management doesn9t want a fair presentation (i.e. to hide fraud or to make the company appear more favourable financially) then it is impossible for a normal audit. Therefore the auditor may have to view management9s integrity with professional skepticism and should not just take what is said by management as being the truth · auditor must act exclusively as an auditor in order to offer an independent and objective opinion on the fair presentation of financial information (i.e. the auditor9s opinion can only be relied upon if is free of bias (independent) and has devoted all his energy to the audit · professional status of the independent auditor imposes commensurate professional obligations 3 professional auditor has to live up to expectations of due care, service before personal interest, efficiency and competence and have responsibility as professional practitioner · financial data if verifiable 3 difficult to verify paperless transactions or e-commerce transactions and therefore cannot get a level of assurance by verifying the financial data so can9t form opinion on fair presentation of the financial information · internal controls reduce the probability of errors and irregularities 3 so the better the internal controls and checks the higher the chance that the financial information is truthful=. If no internal controls then auditor might be forced to refrain from offering an opinion or to conduct an extremely detailed audit examination. Without internal control the financial data is not verifiable · application of IRFS results in fair presentation 3 so if stick to the suggested framework then there will be fair financial presentation. Auditor9s opinion is therefore based on a generally accepted standard and not on personal preferences and the auditor has something against which to judge the fairness of the financial information for the audit · that which held true in the past will hold true in the future (in the absence of contrary evidence) 3 historical evidence is crucial. Decisions about the future are made and accounted for on the basis of historical information and could even say that the integrity of the entity9s director do not alter from year to year. Auditor has to draw on past experience when assessing judgments about the future, but that doesn9t mean that things don9t change · financial statements submitted to the auditor for verification are free of collusive and other unusual irregularities 3 so the auditor take assume that management has taken adequate steps to ensure that the statements are correct= and that employees and members of the management team haven9t colluded in the presentation of the financial statements. Cynical view now might be that managers and employees are not always honest and that this postulate is no longer true, however if the auditor didn9t assume that the financial statements are correct= then the objective and the focus of the audit would change from an opinion on fair presentation to a search for fraud and other irregularities. SA Institute of Chartered Accountants (SAICA) says professional has certain characteristics including : · mastery of a particular intellectual skill acquired by training and education · acceptance of duties to society as a whole in additional to duties to the client or employer · outlook which is essentially objective and · rendering personal services to a high standard of conduct and performance. SA Institute of Chartered Accountants (SAICA) Independent Regulatory Board for Auditors (IRBA) In terms of Auditing Professional Act, anyone wanting to offer auditing services must be registered with IRBA. People registered with IRBA are then registered auditors=. Only people registered in terms of the Auditing Professions Act 2005 can practice as independent auditors. see definition of audit on pg 1/13 of text book AUDIT OBJECTIVE IS TO EXPRESS OPINION ON WHETHER THE FINANCIAL STATEMENTS ARE FAIRLY PREPARED IN ACCORDANCE WITH THE FINANCIAL REPORTING FRAMEWORK. AUDITOR9S OPINION IS NOT ASSURANCE OF THE FUTURE VIABILITY OF THE ENTITY OR THE EFFICIENCY OF MANAGEMENT IN RUNNING THE AFFAIRS OF THE ENTITY Page 6 66 Downloaded by Thomas Mboya () lOMoARcPSD| 7 NOT OBJECTIVE TO DISCOVER OR PREVENT FRAUD OR TO ENSURE COMPLIANCE WITH THE LAW (management9s responsibility) Companies Act states that all companies (public and limited interest companies 3 i.e. private companies) must be audited. Shareholders must appoint directors and also an auditor. Act regulates who may be appointed as directors and auditors and also how they can be dismissed or may resign and also provides legal backing for the financial reporting standards. Also requires the appointment of an audit committee to enhance the audit function and provides the auditor with the right to access the company9s records. Also gives requirements which must be fulfilled by the auditor before he can report an opinion to the shareholders (e.g. if the financial statements are in agreement with the accounting records) and places a duty on the auditor to report to the shareholders. Act also stipulates that the auditor9s report must contain the auditor9s opinion on whether the report of the directors to the shareholders fairly presents the financial position of the company at the specified date and the results of its operation for the period ending on that date. Assertions of management in the AFS9s (i.e. their representations about the company9s assets, equity, liabilities, transactions and events). As laid down in ISA 500 3 Audit Evidence · completeness 3 all assets, liabilities, transactions or events which should have been recorded have been recorded · occurrence 3 a transaction or event which has been recorded took place and pertains to the entity · existence 3 asset, liabilities and equity interest exist at a given date · cut off 3 transaction and events have been recorded in the correct accounting period · accuracy 3 amount and other date relating to recording transactions and events have been recorded appropriately · classification 3 transactions and events have been recorded in proper accounts · rights and obligations 3 entity holds or controls the rights to assets, and liabilities are the obligations of the entity · valuation and allocation 3 assets, liabilities and equity interest are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments (e.g. depreciation or obsolescence) are appropriately recorded · presentation and disclosure Ø occurrence and rights and obligations, disclosed events, transactions and other matters have occurred and pertain to the entity Ø completeness 3 all disclosures that should have been included in the financial statements have been included Ø classification and understandability 3 financial information is appropriately presented and described and the disclosures are clearly expressed Ø accuracy and valuation 3 financial and other information is disclosed fairly and at appropriate amounts see example pg 1/16 of text book in 5.2 Auditor9s responsibility to obtain sufficient appropriate evidence that the assertions in the financial statements are fairly presented. Different auditing services are : · independent (external) audits · internal audits · operational audits · management audits · comprehensive audits · forensic audits · governmental audits (audit work in the public sector) Operational audit 3 appraises the effectiveness with which managements objectives are being carried out, identifies shortcomings and makes recommendations to management. Achieved by weighing up the effectiveness and operation of sections within the entity against corporate and industry standards Management audit 3 evaluates the entity9s management systems and determines if the management systems are operating effectively and if not, what are the risks for the entity. Comprehensive auditing 3 combined operational and management audit is performed instead of an external audit. Therefore evaluates the effectives and functions of management objectives and management systems, identifies shortcomings and makes recommendations to management. Forensic audit 3 combination of accounting, auditing and investigative expertise is used to gather evidence of criminal conduct and the financial implications of this conduct. Can be asked to assist with the determination or rebuttal of possible claims for damages Governmental audit 3 Auditor General performs audits on all government and State revenue and expenses and reports to parliament. Normally uses independent auditors to do so. ISA 610 3 CONSIDERING THE WORK OF THE INTERNAL AUDIT (Providing standards and provide guidance to external auditors in considering the work of internal auditing) Internal auditing = appraisal activity established within an entity as a service to the entity, and also includes monitoring controls. Page 7 77 Downloaded by Thomas Mboya () lOMoARcPSD| 8 Factors influencing the scope and objectives of internal auditing 3 dependent on the size and structure of the entity and the requirements of management : · monitoring of internal controls 3 establishing adequate internal controls as well as review and monitor the operation and recommend improvements · examine financial and operating information 3 including reviewing how information is identified, measured, clarified and reported and also involving detailed testing of transactions, balances and procedures · review the economy, efficiency and effectiveness of operations 3 including non-financial controls of the entity · review compliance with laws and regulations 3 and also with management policies and directives and other internal requirements. Differences between internal and external auditing : Internal auditing External auditing management function (objectives vary according to management9s requirements) attestation function (auditing function) reports to management & including the audit committee reports to shareholders functions independently within the organisation, but remains part of the organisation independent, external auditors mandate from management / audit committee regulated by legislation Understanding and preliminary assessment of internal auditing : · external auditor should obtain a sufficient understanding of the internal audit activities to identify and assess the risks of material misstatement of the financial statements and perform other audit procedures · effective internal auditing will allow the external auditor to modify the nature of and reduce the timing and extent of his auditing process, but cannot eliminate them entirely. · external auditor9s assessment of the internal audit function will influence his judgment about the use he makes of internal auditing in modifying the nature, timing and extent of external audit procedures · external auditor should perform an assessment of the internal audit function if the internal auditing is relevant to the external audit · to obtain an understanding and perform an assessment of the internal audit function must use : Ø organisational status 3 specific status of internal auditing in the entity and the effect this has on its objectiveness. Ideal situation is that internal auditing reports to the highest level of management and is free from any other operating responsibility (any constraints or restrictions placed on internal auditing by management need to be carefully considered). Internal auditors must be able to freely and fully communicate with the external auditor Ø scope of function 3 nature and extent of internal auditing assignments performed. External auditor also needs to consider if management acts on internal audit recommendations and how this is proved Ø technical competence 3 is internal auditing performed by persons with adequate technical training and proficiency? (external auditor may have to review the policy for hiring and training internal auditing staff and their experience and professional qualifications) Ø due professional care 3 is internal auditing properly planned, supervised, reviewed and documented? Existence of audit manuals, work programmes and working papers is a clue. Timing of liaison and co-ordination External auditor needs to consider the internal auditor9s tentative plan for the period if planning to use his work. If need to use his work then need to have a timing of the work, extent of the audit coverage, proposed methods of sample selection, documentation of the work performed and the review and reporting procedures. Meetings should be held at appropriate intervals during the period 3 external auditor will need to be advised of and have access to relevant internal auditing reports and to be informed of any significant matter that comes to the internal auditor9s attention. External auditor would also have to inform the internal auditor of any significant matters that may effect internal auditing. Evaluating the work of the Internal Auditor Before using the work of the internal auditor, the external auditor should evaluate the work and confirm it adequacy. Evaluation can consider the adequacy of the scope of work and related programmes and if the assessment of the internal auditing remains appropriate. Page 8 88 Downloaded by Thomas Mboya () lOMoARcPSD| 9 Must consider if : · work is preformed by people with adequate technical training and proficiency as internal auditors and the work of assistants is properly supervised, reviewed and documented · sufficient appropriate audit evidence is obtained to be reasonable · conclusions reached are appropriate in the circumstances and any reports prepared are consistent with the results of the work performed · any exceptions or unusual matters disclosed by internal auditing are properly resolved Nature, timing and extent of the specific work of internal auditing will depend on the eternal auditor9s judgment as to the risk of the area concerned and the assessment and evaluation of the specific work by internal auditing. (Can test by reexamining items already examined by internal auditing, examining similar items and observing internal auditing procedures.) External auditor must record conclusions regarding the specific internal auditing work that has been evaluated. If external auditor is deciding if the work of internal audit can be relied on, then must use the following criteria : · organisational status : Ø does the internal auditor report to the highest authority (influences the internal auditor9s independence and objectivity) Ø are there any restrictions placed on the work of the internal auditors Ø are the internal auditors free to communicate fully with the external auditors · scope of the function : Ø the nature and extent of internal audit assignments performed Ø effects of reports / management reaction to recommendations · technical competence : Ø adequacy of technical training and proficiency as internal auditors Ø employment policy (hiring and training) of internal auditors Ø internal auditor9s experience and professional qualifications · due professional care : Ø proper planning, supervision, reviewing and documentation of internal audit work Ø adequacy of audit manuals, work programmes and working papers. Study Topic 2.2 3 The Audit Practice AUDITING PROFESSIONAL ACT 26 of 2005 3 SECTIONS 37 to 40 Individual will not be registered as an auditor if he : · has been removed from an office of trust for misconduct · has been convicted of theft, fraud, forgery or perjury and has been sentenced to imprisonment without the option of a fine · is declared by a competent court to be of unsound mind or unable to manage his own affairs · is disqualified under a sanction imposed by the Act · is an unrehabilitated insolvent or has been provisionally sequestrated. Registration of different business types of registered auditors : · partnership where all partners are registered auditors · sole proprietors (if proprietor is registered auditor) · company applying with the following : Ø company is unincorporated and registered in terms of the Companies Act, must have share capital and the memorandum of association must provide that all present and past directors are jointly and severally liable together with the company, for all debts and liabilities contracted during their periods of office Ø only natural persons who are public accountants and auditors can be members or shareholders of the company Ø if the company ceases to conform to either of these then it will immediately cease to engage in public practice · shareholders and directors of company : Ø each shareholder will be a public accountant and auditor Ø each shareholder must be a director of the company i.e. ONLY shareholders can serve as directors Ø company9s articles of association must provide that a member of the company may not appoint a person who is not a member of the company to attend any meeting of the company in his stead, or to speak or vote in his stead · if a shareholder dies or no longer qualifies to be a public accountant : Ø he or his estate can continue to hold the relevant shares for interest for 6 months from the date he ceased to conform to the requirements or from date of death (or from a longer date if approved by the Board) Ø no voting rights are attached to any of these shares for 6 months and the shareholder may not act as a director of the company and cannot received director9s fees or remuneration or participate in the income or profits earned by the company · shares in the company : Ø company can purchase any shares held in it without its authorised share capital being reduced if its articles of association allow it, and on its own conditions Page 9 99 Downloaded by Thomas Mboya () lOMoARcPSD| 10 Ø shares in the company which have been purchased must be available for allotment in terms of the company9s articles of association. Structure of an audit practice Controlled by auditors in partnership, each of which is registered as an accountant and auditor with the Independent Regulatory Board for Auditors. Partners elect a managing partner. Partnership appoints audit managers who are members of staff with certain academic levels and expertise and they are responsible for planning, performance, control and completion of specific audits. Audit partners are responsible for the auditor9s report and so co-operate closely with the audit managers on each audit. Audit clerks and trainee accountants are appointed in terms of a training contract to assist the audit managers. Normally divided into audit section and specialist sections. Staff employed to perform audits and report on financial information of the practice9s clients. Specialists normally provide clients with taxation, computer and management consultation services. Typical set up of an audit practice : Control in an audit practice It is important that practitioners manage their practices in a cost effective and efficient manner and put in the correct procedures to ensure the quality of audit work. Controls in the audit practice include : · control over staff of an audit practice 3 performance of every member of staff from junior to senior level must be monitored on a regular basis and stuff must receive continuous training · control over costs and the time spent on auditing 3 must have time and cost budgets for all audit work- actual time spent and costs incurred must be frequently checked against the budgets and clients must be informed if the budgets are exceeded and the reason why) · control over the maintenance of professional standards 3 audit practice must introduce internal quality control mechanisms in order to control the standards of auditing work performed on individual audits and monitor the professional conduct of individual auditors of the firm. The auditors in the firm are jointly and individually liable for any negligence in respect of work done by their colleagues so need to formulate quality control policies and procedures for the continuous assessment of the quality of auditing work by each auditor to maintain proper professional standards. do questions in section 2.1 of tutorial 102 and check answers in the key of section 2.1 of tutorial 103 do questions in section 2.2 of tutorial 102 and check answers in the key of section 2.2 of tutorial 103 PART B 3 INTRODUCTION TO AUDIT PRACTICE Study Topic 3.1 3 History & Development of the auditing profession Jackson & Stent pg 1/10 to 1/13 SAICA Code of Professional Conduct (preface), IRB Manual of Information (Chapter 2) Auditing Professional Act 2005 3 section 7, 37, 39 to 41 Jackson & Stent- Pronouncements regulating the profession If high standards of ethics, conduct and skill must be set and maintained by all professional accountants or public confidence will be undermined. Legislation, regulation and standards are set out in the following pronouncements : · Auditing Professional Act 2005 · Companies Act 1973 · Constitution and By-laws of SAICA Page 10 10 Downloaded by Thomas Mboya () lOMoARcPSD| 11 · IFAC Code of Ethics for Professional Accountants · Code of Conduct and Disciplinary Rules of IRBA · International Standards of : Ø Auditing 3 ISA Ø Review Engagements 3 ISRE Ø Assurance Engagements 3 ISAE Ø Related Services 3 ISRS · International Auditing Practice Statements (IAPS) · SA Auditing Practice Statements (SAAPS) Responsibility for developing and issuing high quality standards on auditing, assurance and related service engagements and quality control stands for use around the world rests with the International Auditing and Assurance Standards Board. Financial statement audit engagement 3 assurance engagement and must be conducted by registered auditor. SAICA Code of Professional Conduce (Preface) states: that professional are characterised by : · mastery of a particular intellectual skill 3 acquired by training and education · acceptance of duties to society as a whole in addition to duties to the client or employer · an essentially objective outlook · personal services rendered of a high standard of conduct and performance. The code is established on the basis that unless a limitation is stated, then these objectives and fundamental principles are valid for all professional accountants if they are in public practice, business, public sector or education. IRB Manual of Information 3 Chapter 2states : In terms of Auditing Profession Act of 2005 registration as an Registered Auditor (RA) can only take place once the person has complied with the education, training and competency requirements of the Independent Regulatory Board for Auditors (IRBA) and that registration will only take place after the person has passed the Public Practice Examination (PPE). Admission requirement for the Public Practice Examination 3 must complete : · recognised academic programme and · recognised core assessment programme · recognised training programme 3 registered with IRBA at least 18 months before the first day of the month in which the exam is to be done. Only training programmes recognised by the IRBA are training contacts in public practice administered by SAICA and registered with IRBA · recognised education programme 3 valid for 5 calendar years starting the year in which the programme was completed · recognised academic programme 3 CTA or equivalent from SAICA accredited universities for admission to Part 1 of the Qualifying Exam of SAICA · recognised core assessment programme 3 evaluation conducted by professional body to assess the core competence of a candidate (such as Part 1 of the Qualifying Exam of SAICA) · recognised training programme 3 training programme of professional body that develops professional competence appropriate to the practice of an RA in a public practice environment (training contracts administered by SAICA and registered with IRBA) · recognised education programme 3 education programme of professional body that develops professional competence of a student to a standard appropriate to the practice of an RA at entry point (auditing specialism courses accredited by SAICA) Recognition principles General principles applying to the recognition of academic, core assessment, training and education programmes by the IRBA : · recognition 3 status granted by the Board to academic, core assessment, training and education programmes of certain professional bodies that meet the recognition standards defined by the IRBA (minimum requirements necessary to achieve the objectives of the programme and if person achieved the standard is assessed by the Public Practice Examination · applications for accreditation 3 in terms f the accreditation model prescribed by the IRBA · relationships with regard to recognition and monitoring 3 no direct relationship between the IRBA and the various institutions that provide recognised programmes. · monitoring recognised programmes 3 must continue to meet the recognition standards as defined by the IRBA. If professional body uses various institutions to deliver the recognised programme then IRBA will monitor the professional body NOT the providers of the programme. Membership of professional bodies - simply passing the PPE doesn9t automatically mean that membership is granted to any professional body 3 admission requirements for membership is are determined by each specific professional body. Page 11 11 Downloaded by Thomas Mboya () lOMoARcPSD| 12 Recognition guidelines IRBA monitors programmes that lead to registration as a registered auditor through co-operation with professional bodes and uses the following guidelines as basis for application of the accreditation model : · accreditation is partnership between IRBA and professional bodies where their programmes lead to registered auditor registration · recognition process not based on prescription of specific and consistent quantitative measures but rather encourages diverse and coherent learning programmes that lead to registration of registered auditor · recognition process aim is to proved access to and progression within the auditing profession for those who want to and have ability to register as registered auditors · recognition seeks to achieve and maintain constant high standards in learning programmes · Registered auditors should be professionally competent people who can adapt to change and are committed to lifelong learning process in order to enable them to make a meaningful contribution to the profession · standards of programmes that lead to registration must be on par with international standards Structure of accreditation model Components of learning path to ensure admission to PPE and registration as a registered auditor · recognised academic programme · recognised core assessment programme · recognised training programme · recognised education programme Objectives to be achieve in each of these components are defined in each of these policy statements : · academic policy · core assessment policy · training policy · education policy so sections of the training path that enables admission to the PPE are like this Programmes in the learning path to registration as a Registered Auditor : Auditing Professional Act of 2005 3 Section 7 (pg 1-10)states that : Regulatory Board must : · either recognise or withdraw the recognition of the educational qualifications or programmes in the auditing profession of educational institutions and accredited professional bodies, either in full or part · either recognise or withdraw recognition of any accredited professional body to conduct a qualifying exam Page 12 12 Downloaded by Thomas Mboya () lOMoARcPSD| 13 If does withdraw recognition for either of above, then must give notice of withdrawal in writing to the educational institution or accredited professional body of intention to withdraw and reasons therefore, and must give them no less then 21 day and not more then 30 days to give reasons why the recognition shouldn9t be withdrawn. If found that the withdrawal of recognition would not in the best interests of the public then can implement whatever conditions it considers appropriate in order for the institution or professional body to remain recognised. Regulatory Board must publish the withdrawal of recognition · prescribe requirements for and conditions of continued education, training and professional development · prescribe training requirements for the period of training and the form of the training contracts · approve and register training contracts entered into by prospective registered auditors · prescribe competency requirements and · recognise or withdraw the recognition of registered auditors as training officers either conditionally or unconditionally Regulatory Board may : · establish mechanisms for registered auditors to gain recognition of qualifications in other countries and enter into agreement with professional bodies outside SA for this purpose · establish and administer an education fund for the purpose of training, professional development and continued education for auditors and hopeful auditors · advise, assist or consult with any statutory or professional body regarding the training, educating or professional development of registered auditors and hopeful auditors Auditing Professional Act of 2005 3 Section 37 (pg 1-24)states that : Individuals must apply to the Regulatory Board for registration on the prescribed application form and if Board is satisfied that applicant : · has complied with prescribed education, training and competency requirements for registered auditor · has arranged for his continual professional development (if not member of an accredited professional body) · is resident in SA · is a fit and proper person to practice the profession · has met any additional requirements under section 6 Then Board must register the applicant, put his name in the register and issue him a certificate of registration once prescribed fee has been received. CANNOT register someone if person : · has been removed from office of trust because of misconduct · has been convicted (either in SA or anywhere else 3 but Board should take congnisance of the circumstances if in foreign country) of fraud, theft or forgery or any other act involving dishonesty and was sentenced to imprisonment without the option of a fine · has been declared to be of unsound mind or unable to manage his own affairs · is disqualified by a sanction imposed under this act · MAY decline to register unrehabilitated insolvent who has entered into compromise with creditors or has been provisionally sequestrated. Auditing Professional Act of 2005 3 Section 39 (pg 1-26)states that : Board must cancel the registration of any registered auditor who : · after registration becomes subject to any of the disqualifications in section 37 · whose registration was made in error or by using information which is subsequently proved to be false · prior to registration, was guilty of improper conduct which causes the Board to think that he is not a fit and proper person to be registered · whose estate is sequestrated or provisionally sequestrate or who enters into a compromise with creditors · ceases to be a member of an accredited professional body and doesn9t provide written proof within 6 months that he has made arrangements for his continuing professional development Prior to canceling his registration, the Board must give notice in writing to the registered auditor concerned of the intention to cancel and the reasons for the cancellation and give him not less then 21 and not more then 30 days to submit grounds for not proceeding with the cancellation. If registration is of a registered auditor as partnership, sole proprietor or company then that automatically lapses as well. Registration will automatically lapse if auditor doesn9t pay the prescribed free prescribed by the Regulatory Board. At written request the Board must remove the registered auditor9s name from the register, but this removal doesn9t affect any liability he has incurred prior to the removal date. Cancellation or removal of registration doesn9t mean that that Board can9t institute disciplinary proceedings for misconduct prior to the cancellation or removal. Once registration has been cancelled or removed the Board must publish a notice of the cancellation or removal specifying the auditor9s name. Auditing Professional Act of 2005 3 Section 40 (pg 1-26)states that : Registered auditor must apply in prescribed manner for renewal of his registration 3 any auditor de-registered in terms of Section 39 or cancelled in terms of Section 51 may apply for re-registration in a manner prescribed by the Board Page 13 13 Downloaded by Thomas Mboya () lOMoARcPSD| 14 Auditing Professional Act of 2005 3 Section 41 (pg 1-27) states that in terms of the conduct by and liability of registered auditors in practice : only a registered auditor can engage in public practice or use the description registered auditor, public accountant, certified public accountant, registered accountant and auditor, accountant and auditors in public practice= or any other description that will create an impression of being a registered auditor in public practice. Person who is NOT registered in terms of this Act CANNOT : · perform any audit · pretend to be a person registered in terms of the Act · use the name of any registered auditor · perform any act indicating or calculated to lead persons to believe that he is registered in terms of this Act NOT prohibited in terms of Act : · any person performing an audit under the control or direction of or in association with a registered auditor who is responsible for the performed audit · any using the title internal auditor= or accountant= · any member of a not-for-profit organisation or club from acting as the auditor of that body if he doesn9t get paid or received any other consideration for the audit · the Auditor General from appointing any person who is not a registered auditor from carrying out on his behalf any audit in terms of Public Audit Act 25 of 2004. Unless consented by the Board a registered auditor cannot not knowingly employ : · any person who is suspended from public practice under any provision of this Act · any person who is no longer registered as a result of this termination of registration in terms of Section 39 or cancellation of his registration in terms of Section 51 · any person who applied for registration under Section 37 but whose application was declined Registered auditor who is not in public practice as an individual practitioner can only practices as a member of a firm if the firm itself is a registered auditor. Registered auditor MAY NOT : · practice under a firm name or title unless on every letterhead with the firm9s name and title there is : Ø the registered auditor9s name (or initials) and surname Ø if partnership 3 names of managing partners or active partners Ø if company 3 the names of the directors as required by the Companies Act 61 of 1973 · sign any account, statement or report that purports to represent an audit by that registered auditor unless the audit WAS performed by that registered auditor / under the personal supervision or direction of that registered auditor or was under the supervisors or direction of one of his partner9s co-directors or co-members in accordance with the prescribed auditing standards (unless previous auditor was unable complete an audit due to death, disability or other unforeseen circumstances and the auditor has been engaged to complete the audit). Registered auditor can also sign the firm name or title under which the registered auditor practices. · perform audits unless adequate risk management practices and procedures are in place · engage in public practice during any period in respect of which the registered auditor has been suspended from public practice or · share any profit derived from performing an audit with a person that is not a registered auditor · engage in public practice unless has paid all the applicable prescribed fees. Study guide pg 38 Professional person generally have superior skills or expertise in their field and their work is based on the knowledge and skills that they have 3 not just working for a source of income. Skills offered to the general public by professional based on intellectual skills and expertise that is members possess 3 they attain a high level of formal education qualifications and technical competence that gives them superior skills Characteristics of a professional : · collective organisation 3 professionals are self-regulated rather then being regulated by the State, which assumes that the are capable of organizing, controlling and regulating themselves by co-operative and collective means. Professionals work together to form voluntary institutions or boards that interact on their behalf with the general public and the State · credentialling 3 superior expertise of professionals is accredited by professional body that has a system of credentialling, which sets them apart from unqualified people who may offered the services on a more casual basis · professional standards and disciplinary control 3 need for autonomy in performing professional work as area of work is complete and requires judgment (so cannot be completely standardised). Board has responsibility for setting out the standards of performance for the work carried out by its members and needs to have appropriate mechanisms in place to monitor compliance with standards and to exercise disciplinary control over it9s members · ethical element 3 professionals have public respect and trust and in return have to undertake to organise, educate and train their members to proved a competent and ethical service 3 professional standards and disciplinary control can only succeed if Board has integrity in the marketplace Page 14 14 Downloaded by Thomas Mboya () lOMoARcPSD| 15 Principals or criteria of professionals are applicable to auditing profession in SA : · specialist knowledge and skills 3 people wanting to be admitted by the Board have to have formal educational qualifications and must pass the Public Practice Examination in Accounting and Auditing and serve the applicable period under a training contract · collective organisation only persons registered with the IRBA (statutory board governing accounting and auditing profession) can function and represent themselves as auditors. Also have professional instructions that promote the interests of the profession by maintaining programmes that establish appropriate standards for professional work as well as monitoring adherence to those standards and laying down the codes of professional conduct for their members. SOUTH AFRICAN INSTITUTE OF CHARTERED ACCOUNTANTS (SAICA) currently has largest proportion of registered members of the accounting and auditing profession, but there are 14 other professional institutes and only members of these institutes who are registered auditors can carry out the external or public auditing function in terms of statutory requirements · credentialling 3 only people registered as accountants and auditors in terms of the Auditing Professional Act of 2005 can use the designation Registered Accountant and Auditor (RAA). Mem