ISA (UK) 530: Audit Sampling

 Audit sampling is the practice of applying audit methods to a subset of the items in a population that are relevant to the audit so that all sampling units have a chance of being chosen and the auditor has a solid foundation from which to infer information about the complete population. The goal of the audit procedure and the characteristics of the population from which the sample will be formed must both be taken into account by the auditor when creating an audit sample. The auditor must choose a sample size large enough to lower sampling risk to a tolerable level. The sample's items must be chosen by the auditor in a way that gives each sampling unit in the population a chance to be chosen.

ISA (UK) 530 recognizes that there are many methods of selecting a sample, but it considers five principal methods of audit sampling which are as follows:

§  random selection: This method of sampling ensures that all items within a population stand an equal chance of selection by the use of random number tables or random number generators.

§  systematic selection: The method divides the number of sampling units within a population into the sample size to generate a sampling interval.

§  monetary unit sampling: The method of sampling is a value-weighted selection whereby sample size, selection and evaluation will result in a conclusion in monetary amounts.

§  haphazard selection: When the auditor uses this method of sampling, he does so without following a structured technique.

§  block selection: This method of sampling involves selecting a block (or blocks) of contiguous items from within a population.

On each chosen item, the auditor must conduct audit methods suited to the purpose. The auditor must undertake the audit procedure on a different item if the chosen item does not fall inside the purview of the audit procedure. The auditor must treat a particular item as a deviation from the required control in tests of controls or as a misstatement in tests of details if the auditor is unable to apply the specified audit procedures or appropriate alternative procedures to it.

Any deviations or misstatements must be investigated for their nature and origin by the auditor, who must also assess any potential impact on the audit's overall objective and other audited areas. The auditor must establish with a high degree of certainty that any misstatement or deviation found in a sample that the auditor deems to be an anomaly is not indicative of the population, which happens in very few cases. The auditor must execute extra audit processes to collect adequate, relevant audit proof that the error or deviation does not influence the rest of the population in order to reach this level of assurance.

In designing samples, the auditors identify acceptable misstatements to address the risk that a combination of individual material misstatements may lead to material misstatements in the financial statements and provide a margin of error for misstatements that may go undetected. Tolerable error is the application of performance materiality to a particular sampling procedure. Acceptable misstatement may be equal to or less than the materiality of the performance.

Practice:

When designing an audit sample, the auditor should consider objectives to be achieved and the combination of audit procedures likely to best achieve this goal. Consideration of the nature of the audit evidence sought and possible deviation or misstatement conditions or other characteristics relating to that audit evidence will assist the auditor in defining what constitutes a deviation or misstatement and what population to use for sampling.

 

Reference:     https://bit.ly/3NFhcqk

https://bit.ly/3yhGPYu

ISA (UK) 520: Analytical Procedures

 The term "analytical procedures" refers to financial data evaluations based on the examination of plausible links between financial and non-financial data. Analytical procedures also include any necessary study of discovered variations or associations that are inconsistent with other relevant information or that deviate significantly from predicted values. Analytical procedures may entail making comparisons between the entity's financial data and, for example:

§  Data from previous times that can be compared.

§  Expected results of the entity, such as budgets or projections, or auditor expectations, such as a depreciation estimate.

§  Similar industry data, such as a comparison of the entity's sales-to-accounts-receivable ratio to industry averages or other comparable-sized companies in the same industry.

The auditor's goals are to:

(a) obtain relevant and reliable audit evidence when using substantive analytical procedures; and

(b) design and perform analytical procedures near the end of the audit to help the auditor form an overall conclusion about whether the financial statements are consistent with the auditor's understanding of the entity.

If analytical procedures carried out in accordance with this ISA (UK) identify fluctuations or relationships that are inconsistent with other relevant information or that differ by a significant amount from expected values, the auditor shall investigate such differences by:

(a) questioning management and obtaining appropriate audit evidence relevant to management's responses; and

(b) carrying out other audit procedures as necessary in the circumstances.

At the assertion level, the auditor's substantive processes may include tests of details, substantive analytical procedures, or a mix of the two. The auditor's judgment regarding the predicted efficacy and efficiency of the various audit procedures to reduce audit risk at the assertion level to an acceptable level is used to choose which audit procedures to execute, including whether to utilize substantive analytical procedures.

The auditor may question management on the availability and reliability of data needed to perform significant analytical procedures, as well as the outcomes of any such procedures performed by the entity. Using analytical data prepared by management may be effective if the auditor is convinced that the data was appropriately prepared.

 

Practice:

The conclusions made from the outcomes of analytical procedures devised and carried out are meant to back up the conclusions reached during the audit of particular financial statement components or elements. This aids the auditor in reaching plausible inferences on which to base his or her findings.

 

Reference:     https://bit.ly/3H3YneV

ISA (UK) 510: Initial Audit Engagements—Opening Balances

 The auditor's objective with respect to opening balances during an initial audit engagement is to obtain sufficient appropriate audit evidence about whether: (a) opening balances contain misstatements that materially affect the current period's financial statements; and (b) appropriate accounting policies reflected in the opening balances have been consistently applied in the current period's financial statements, or changes thereto are appropriately accounted for.

Initial audit engagement: An engagement in which either the prior period's financial statements were not audited or the prior period's financial statements were audited by a predecessor auditor.

Opening balances: Account balances at the start of the term are known as opening balances. Opening balances are calculated using the prior period's closing balances and reflect the effects of past period transactions and events, as well as accounting policies used in the prior period. Contingencies and obligations, for example, are included in opening balances as items that need to be disclosed at the start of the period.

Predecessor auditor: An auditor from a separate audit firm who audited an entity's financial statements in a previous period and has been replaced by the present auditor.

When auditors take on a new client, according to ISA 510 Initial Engagements - Opening Balances, they must ensure that:

§  There are no major misstatements in the opening balances;

§  Prior period closing balances have been accurately brought forward or, where necessary, restated; and

§  Acceptable accounting policies have been consistently used, or changes have been adequately disclosed.

The kind and scope of audit processes required to gather adequate appropriate audit evidence about opening balances are determined by factors such as:

§  The entity's accounting policies.

§  The nature of account balances, transaction types, and disclosures, as well as the risks of substantial misstatement in the financial statements for the current period.

§  The importance of the opening balances in relation to the financial statements for the current period.

§  Whether the financial statements from the previous period were audited and, if so, whether the previous auditor's opinion was modified.

 

If the auditor is unable to gather sufficient appropriate audit evidence on the opening balances, ISA (UK) 705 requires the auditor to offer a qualified opinion or disclaim an opinion on the financial statements. If the auditor concludes that the opening balances contain a misstatement that materially affects the current period's financial statements, and the effect of the misstatement is not properly accounted for, presented, or disclosed, the auditor shall express a qualified or adverse opinion, as appropriate, in accordance with ISA (UK) 705.

 

Practice:

If the previous period was audited by another auditor or was not audited at all, the auditors will need to do more work to satisfy themselves on the opening position. If auditors are unable to satisfy themselves on the previous period, they may have to revise the present audit report.

 

Reference:      https://bit.ly/37IhyxG

https://bit.ly/3l3ZAbU

ISA (UK) 505: External Confirmations

 The trustworthiness of audit evidence is influenced by its source and nature and is reliant on the unique conditions under which it is gathered, according to ISA (UK) 500. The following generalizations about audit evidence are included in the ISA (UK):

·         When audit evidence is collected from independent sources outside the company, it is more dependable.

·         Direct audit evidence obtained by the auditor is more reliable than indirect or inferred audit evidence.

·         When audit evidence is in documentary form, whether on paper, electronic media, or another medium, it is more dependable.

As a result, audit evidence in the form of external confirmations received directly by the auditor from confirming parties may be more reliable than evidence generated internally by the entity, depending on the conditions of the audit. The purpose of this ISA (UK) is to assist auditors in creating and executing external confirmation procedures in order to collect relevant and credible audit evidence. When implementing external confirmation methods in response to a risk of material misstatement, an auditor's goal is to develop and implement such procedures in order to collect relevant and credible audit evidence.

External confirmation is the process of acquiring and analyzing audit evidence directly from a third party in response to a request for information on a specific item from the auditor. Such audit evidence, when combined with audit evidence from other audit techniques, may help to reduce the evaluated risk to a level that is acceptable. External confirmations are of two types.

Positive confirmation request - A request for the confirming party to react directly to the auditor, either by agreeing or disagreeing with the information in the request or by giving the desired information.

Negative confirmation request — A request that the confirming party reacts immediately to the auditor only if the information provided in the request is incorrect.

·         External confirmations are frequently used to confirm the following:

·         bank balances, loans, guarantees, and other information from bankers;

·         bank accounts opened in connection with imprests (e.g. delegations);

·         amounts held at financial intermediaries at year-end;

·         accounts receivable or accounts payable balances.

Practice:

The auditor should determine if the results of the external confirmation process, along with the results of any other audit processes completed, provide sufficient, relevant, and credible audit evidence for the assertion under scrutiny, or whether more audit procedures are required.

 

 

Reference:      https://bit.ly/3v28dJI

                        https://bit.ly/3K7Vg5o

ISA (UK) 500: Audit Evidence

 The primary goal of an auditor's job in an audit engagement is to achieve reasonable assurance that the financial statements as a whole are free of material misstatement so that the auditor can make an opinion on the financial statements and reflect accordingly in the auditor's report. The auditor must develop and implement audit processes to acquire sufficient relevant audit evidence to be able to draw reasonable inferences on which to base the auditor's opinion, which is a high but not absolute level of certainty.

Audit evidence — Information used by the auditor to reach the conclusions that constitute the basis of the auditor's opinion. Information from the accounting records that underpin the financial statements, as well as information gathered from other sources, are included in audit evidence.

The relevance and reliability of the information on which all audit evidence is based have an impact on its quality. The logical link with, or impact on, the goal of the audit method and, where appropriate, the assertion under consideration is referred to as relevance. The source and nature of the information to be used as audit evidence, as well as the conditions under which it is received, including the controls over its production and maintenance if applicable, all influence the audit evidence's reliability.

Obtaining and assessing audit evidence, which is generally produced from audit processes carried out during the engagement but can also be obtained from other sources, is a substantial component of the effort involved in performing an audit. For example, past audits; provided that any modifications that have occurred in the meantime have been properly considered; or the firm's quality control methods, particularly those relating to customer acceptance and continuation.

The auditor obtains audit evidence by performing: 

(a) risk assessment procedures; and 

(b) additional audit procedures, which include:

(i)         controls tests, when required by the ISAs (UK) or when the auditor chooses to do so; and

(ii)   substantive procedures, including tests of details and substantive analytical procedures.

The auditor must decide how to pick things for testing that are successful in satisfying the purpose of the audit method while creating controls and detail tests. If: (a) audit evidence obtained from one source differs from that obtained from another, or (b) the auditor has doubts about the reliability of information to be used as audit evidence, the auditor must determine what changes or additions to audit procedures are required to resolve the issue, as well as the impact of the issue, if any, on other aspects of the audit.

Practice:

The auditor may use inspection, observation, external confirmation, recalculation, reperformance, analytical procedures, inquiry, etc. as risk assessment procedures, tests of controls, or substantive procedures, depending on the context in which they are applied by the auditor.

 

Reference:      https://bit.ly/37TwybO

https://bit.ly/3M7quLh

ISA (UK) 402: Audit Considerations Relating to an Entity Using a Service Organization

 When a user entity utilizes the services of one or more service organizations, this International Standard on Auditing (UK) (ISA (UK)) addresses the user auditor's responsibilities to gather adequate appropriate audit evidence. It explains how the user auditor can use ISA (UK) 315 and ISA (UK) 330 to gain a sufficient understanding of the user entity, including relevant internal controls, to identify and assess the risks of material misstatement, and to design and perform additional audit procedures in response to those risks. When services provided by a service organization, as well as the controls over them, are part of the user entity's information system, including related business activities, relevant to financial reporting, they are relevant to the audit of the user entity's financial statements. The user auditor must comprehend how a user entity uses the services of a service organization in the user entity's activities when developing an understanding of the user entity in accordance with ISA (UK) 315.

When a user entity uses the services of a service organization, the user auditor's objectives are to:

(a) gain a sufficient understanding of the nature and significance of the service organization's services and their impact on the user entity's internal control relevant to the audit to identify and assess the risks of material misstatement; and

(b) design and perform audit procedures responsive to those risks.

Maintenance of the user entity's accounting records is an example of a service organization service that is important to the audit. Regardless of the controls in place at the service organization, the user entity may establish controls over the service organization's services that the user auditor can test, allowing the user auditor to conclude that the user entity's controls are operating effectively for some or all of the related assertions. If a user entity, for example, hires a service organization to conduct its payroll transactions, the user entity can set up controls over the submission and receipt of payroll data to prevent or identify serious misstatements.

 

Practice:

The user auditor shall evaluate the design and implementation of relevant controls at the user entity that relates to the services provided by the service organization, including those that are applied to the transactions processed by the service organization, when obtaining an understanding of internal control relevant to the audit in accordance with ISA (UK) 315.

 

 

Reference:      https://bit.ly/3Mm0kVB

ISA (UK) 450: Evaluation of Misstatements Identified During the Audit

 A difference between the reported amount, classification, presentation, or disclosure of a financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in compliance with the applicable financial reporting framework is referred to as a misstatement. Errors or fraud can lead to misstatements. When the auditor expresses an opinion on whether the financial statements are presented fairly, in all material respects, or give a true and fair view, misstatements also include any adjustments to amounts, classifications, presentation, or disclosures that the auditor believes are required for the financial statements to be presented fairly, in all material respects, or to give a true and fair view. Except for those that are manifestly inconsequential, the auditor must keep track of any misstatements discovered throughout the audit.

The auditor's goals, according to ISA 450, are to examine the following: The impact of recognized misstatements on the audit, and the impact of uncorrected misstatements, if any, on the financial statements. A misrepresentation happens when anything in the financial accounts is not treated appropriately, implying that the applicable financial reporting framework, particularly IFRS, has not been applied effectively.

The following are some examples of misstatement that can occur as a result of human error or fraud:

§  An inaccurate amount was recognized, such as when an asset was not appraised in compliance with the appropriate IFRS requirement.

§  An item is misclassified - for example, finance costs are included in cost of sales in the profit and loss statement.

§  The presentation is ineffective; for example, the results of discontinued operations are not displayed individually.

§  A contingent liability disclosure is missing or inadequately detailed in the notes to the financial statements, for example a disclosure related to contingent liability is not correct or deceptive disclosure has been added as a result of management bias.

Management is responsible for correcting any errors brought to their attention by the auditor. If management refuses to rectify any or all of the misstatements, ISA 450 requires the auditor to learn about management's reasons for not making the corrections and to include that information when determining whether the financial statements are free of material misrepresentation as a whole.

 

Practice:

According to ISA 450, the auditor must inform those in charge of governance of uncorrected misstatements and the impact they would have on the auditor's report's conclusion, either individually or collectively. The auditor's communication should identify important uncorrected misstatements one by one, and it should request that the misstatements be addressed. The auditor may examine the reasons for, and the ramifications of, a failure to correct misstatements with those in charge of governance, as well as probable repercussions for future financial statements.

 

Reference:      https://bit.ly/3wRCcpe

https://bit.ly/3wVJNTA

ISA (UK) 330: The Auditor’s Responses To Assessed Risks

 The auditor's goal is to collect enough suitable audit evidence to support the evaluated risks of material misstatement, as well as to create and implement effective solutions to such risks. The auditor is responsible for developing and implementing overall remedies to the risks of substantial misstatement in the financial statements.

Test of controls as defined by ISA (UK) 330 – An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.

Examining a sample of purchase orders to confirm that they have been properly authorized would be a control test. A 'yes' response indicates that the internal control requiring purchase order permission is operational, whereas a 'no' response indicates that the internal control does not appear to be operational, necessitating further audit inquiry.

 

Substantive procedure as defined by ISA (UK) 330 – An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise:

(i) Tests of details (of classes of transactions, account balances, and disclosures); and

(ii) Substantive analytical procedures.

According to ISA 330, the auditor must always execute substantive procedures on material items, regardless of the risk of substantial misstatement, and must design and perform substantive procedures for each material class of transactions, account balance, and disclosure. Invariably, substantive procedures will need more effort than control testing. Consider the example of a manufacturing company's purchasing system and the assertion of account balances' existence in the statement of financial position. Typical detail checks would entail receiving and examining the closing purchase ledger account balances for a sample of purchase ledger accounts with selected suppliers, as well as some physical verification of year-end balances outstanding. Typically, this entails agreeing on the closing balance figure with the supplier's statement, or even asking third-party confirmation of the amount owing from the supplier.

An effective control environment may enable the auditor to have greater confidence in internal control and the reliability of audit evidence generated internally within the entity, allowing the auditor, for example, to conduct some audit procedures at an interim date rather than at the end of the period. Deficiencies in the control environment, on the other hand, have the opposite impact; for example, an ineffective control environment may prompt the auditor to:

§  Conduct more audit processes at the end of the period rather than at an interim date;

§  Obtaining more extensive audit evidence from fundamental procedures;

§  Expanding the audit scope to include more locations.

 

Practice:

Control tests are often brief, rapid audits, whereas substantive procedures will necessitate more extensive auditing. The auditor must create and perform substantial processes for each type of transactions, account balance, and disclosure, regardless of the assessed risks of material misstatement, according to ISA 330.

 

Reference:      https://bit.ly/34QrvaI

https://bit.ly/3uawuvw

ISA (UK) 315: Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and Its Environment

 The auditor's goal is to detect and analyze the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, so that responses to the estimated risks of material misstatement can be designed and implemented. ISA 315 (Revised) outlines the reasons "why" risk assessment processes should be performed, as well as "what" has to be evaluated and "how" it should be assessed.

The following steps for risk assessment must be followed:

(a)        Inquiries of management, suitable personnel within the internal audit function (if    one exists), and others inside the organization who, in the auditor's opinion,   may have knowledge that can help detect substantial misstatement risks due to   fraud or error.

(b)        Analytical procedures.

c)         Inspection and observation

In September 2019, the International Audit and Assurance Standards Board (IAASB) authorized major revisions to ISA 315. The modifications will apply to financial statement audits for periods beginning on or after December 15, 2021. The adjustments will have far-reaching consequences, requiring businesses of all kinds to rethink their risk-assessment strategies. The key areas of the revisions are shown below.

§  Subjectivity, complexity, uncertainty, change, and susceptibility to misstatement due to managerial bias or fraud are five new inherent risk characteristics that have been introduced to aid in risk assessment.

§  A new risk spectrum has emerged, with major dangers at the higher end.

§  The risk evaluation must be based on "adequate, appropriate" evidence acquired via risk assessment methods.

§  There will be a lot greater emphasis on IT, particularly on IT general controls.

§  More on audit-relevant controls, as well as the design and implementation effort that goes into them.

§  The removal of smaller entity considerations as a separate category of paragraph and the inclusion of that content inside the main body of the text, as well as the addition of new material.

 

Practice:

The improvements attempt to improve the quality and consistency of risk evaluations while also encouraging professional skepticism. Understanding the nature and scope of the required modifications will be a major task for those conducting ISA audits. ISA 315 (Revised) contains new and updated content for understanding IT and general IT controls, as well as expanded auditor concerns relating to IT. The auditor must be aware of how the entity handles data and how it is used within the organization. The accounting records, how information is gathered and maintained, and how these flow into the accounts in the financial statements should all be understood.

 

References:    https://bit.ly/3vRIswE

https://bit.ly/34ujhF2

https://bit.ly/3HSVLPO

https://bit.ly/3Kv5nlt

ISA (UK) 265: COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT

 The auditor's goal is to report to those charged with governance and management any flaws in internal control that the auditor discovered during the audit and that, in the auditor's professional opinion, are important enough to warrant their attention. When identifying and assessing the risks of material misstatement, the auditor must have a thorough understanding of the internal controls that are relevant to the audit.  In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. Internal control deficiencies may be discovered by the auditor not only during the risk assessment process but also at any other stage of the audit. This ISA (UK) defines which detected problems the auditor must notify to those charged with governance and management.

The auditor may examine the following factors when deciding whether a defect in internal control or a combination of failures constitutes a substantial deficiency.

§  The possibility of major misstatements while preparing the financial statements in the future as a result of internal control weaknesses.

§  The associated asset's or liability's susceptibility to loss or fraud.

§  Estimated amounts, such as fair value accounting estimates, are prone to subjectivity and complexity.

§  The amounts on the financial statement that are vulnerable to flaws.

§  The amount of activity in the account balance or class of transactions exposed to the shortfall or deficiencies that have occurred or could occur.

§  The value of controls in the financial reporting process, such as:

 

ü  General monitoring controls (such as oversight of management).

ü  Maintains control over fraud prevention and detection.

ü  Has authority over the selection and application of major accounting policies.

ü  Maintains control over major transactions involving associated parties.

ü  Has authority over large transactions that occur outside of the normal course of business.

ü  Period-end financial reporting process controls (such as non-recurring journal entry controls).

§  The reason for the exceptions found as a result of control flaws, as well as the frequency with which they occur.

§  The interaction of the weakness with other internal control problems.

Practice:

Internal control problems that have been identified may call into doubt management's integrity or competence. For example, there could be proof of management fraud or purposeful non-compliance with rules and regulations, or management could show an incapacity to oversee the preparation of the proper financial statements, raising questions about management's competency. As a result, it may not be acceptable to inform management about such deficiencies immediately. When an auditor discovers or suspects fraud involving management, ISA (UK) 240 establishes requirements and provides guidance on how to communicate with those charged with governance.

Reference:      https://bit.ly/35NC6U9

ISA (UK) 240: The auditor's responsibilities relating to fraud in an audit of financial statements

 Financial statement misstatements can result from either fraud or human error. The difference between fraud and error is whether the underlying conduct that causes the financial statements to be misstated is deliberate and involves deception or is unintentional. Although fraud is a broad legal notion, the auditor is concerned with fraud or suspected fraud that produces a material misstatement in the financial statements for the purposes of the ISAs (UK). The auditor is concerned with two sorts of intentional misstatements: those resulting from dishonest financial reporting and those originating from asset misappropriation.

Members of the audit committee should take an active part in preventing fraud by challenging management and auditors to verify that enough is being done to prevent and identify fraud throughout the organization. When financial crises make the news, the most pressing question is who bears blame and who could have stopped it. The auditing standard ISA 240 governs the auditor's responsibilities in relation to fraud, and many amendments have taken effect in both the UK and Ireland. In May 2021, the FRC issued a revised ISA (UK) 240 in response to the Brydon Review's recommendations to clarify auditor roles.

For auditors, what has changed?

-       Professional skepticism is getting more attention.

-       The significance of keeping vigilant and investigating further if conditions indicate that material submitted to auditors may not be real or has been tampered with is emphasized.

-       The auditor must evaluate both qualitative and quantitative elements of the fraud when determining whether it is material.

-       To undertake a risk assessment, audit methods, or evaluate evidence obtained, the audit team must examine whether specialist skills are required.

-       The audit team is likely to have more discussions, including exchanging ideas about how management or others within the entity could commit or hide fraud.

The ISA 240 modification was made in response to recent complaints that auditors aren't doing enough to uncover substantial fraud. It aims to clarify auditor responsibilities and place a greater emphasis on the auditor's role to look for suspected fraud. The auditor's job is to design and conduct an audit so that he or she may have reasonable assurance that the financial statements are free of serious misstatement due to fraud. This is a welcome clarification that will help auditors identify and analyze the risk of a significant misstatement as a result of fraud, as well as design processes to manage those risks.

 

Practice:

Both those charged with governance and management bear major responsibilities for fraud prevention and detection. It is critical that management, under the supervision of those charged with governance, place a high emphasis on fraud prevention, which may minimize possibilities for fraud, and fraud deterrence, which may encourage individuals not to commit fraud due to the risk of detection and punishment. This necessitates a commitment to cultivating a culture of honesty and ethical behavior, which can be maintained through active governance supervision.

Reference:     

https://bit.ly/3JQ9h86

https://bit.ly/3JTIyaO

ISA (UK) 250: Consideration of Laws and Regulations in an Audit of Financial Statements

The impact of laws and regulations on financial statements varies greatly. The legal and regulatory framework is made up of the rules and regulations that an entity is bound by. Some laws or regulations have a direct impact on financial statements because they determine the reported amounts and disclosures in the financial statements of a company. Other laws or regulations must be followed by management or establish the conditions under which the corporation is permitted to operate, but they have no direct impact on the financial statements. Some businesses are involved in highly regulated industries (such as banks and chemical companies). Others are solely bound by the numerous laws and regulations that apply to the business's operational aspects (such as those relating to occupational safety and health and equal employment opportunity). Noncompliance with rules and regulations could result in penalties, litigation, or other consequences for the company, all of which could have a major impact on the financial statements.

Management responsibility

Management is responsible for ensuring that the entity's operations are done in conformity with rules and regulations, with oversight from those concerned with governance. Laws and regulations can have a variety of effects on an entity's financial statements. For example, they can alter the specific disclosures that the entity must make in its financial statements, or they can dictate the applicable financial reporting structure. They may also establish the entity's legal rights and liabilities, some of which will be reflected in the financial statements. In addition, violation of rules and regulations may result in sanctions.

Objectives of Auditor under ISA 250

According to paragraph 11 of ISA 250, the auditor's objectives are:

§  to gather adequate relevant audit proof of conformity with the provisions of those laws and regulations commonly recognized to have a direct impact on the assessment of material amounts and disclosures in financial statements.

§  to carry out certain audit procedures in order to detect instances of non-compliance with other laws and regulations that could have a major impact on the financial statements.

§  to respond appropriately to any suspected or identified non-compliance with laws and regulations discovered during the audit.

 

Practice:

When an auditor detects noncompliance with rules and regulations, he or she must tell those responsible for governance. However, the auditor must exercise caution because if the auditor suspects individuals in charge of governance are engaged, the auditor must notify the next highest level of authority, which might include the audit committee. If a higher level of authority is not available, the auditor will consider seeking legal advice. The auditor must also assess if the noncompliance has a material impact on the financial statements and, as a result, the influence on their report.

 

Reference:      https://bit.ly/3rVILnG 

https://bit.ly/3gRhOLA

ISA (UK) – 260: COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE

According to ISA (UK) 260, auditors must convey audit concerns of governance interest to persons charged with governance. It is critical that individuals in charge of governance are aware of all serious issues that have surfaced as a result of the audit process. The board of directors (executive and non-executive) of a firm, as well as members of an audit committee if one exists, are all entrusted with governance in the United Kingdom. It frequently comprises similar persons such as partners, proprietors, management committees, or trustees for various sorts of entities. Communication with individuals charged with governance should be considered as a critical audit reporting 'output.' It permits management to be aware of serious issues raised throughout the audit process, as well as the opportunity to reply to the auditor and take action to enhance the entity's accounting and financial reporting functions.

 

Matters to be communicated

§  Responsibilities of the Auditor in Relation to the Financial Statement Audit

§  Scope and timing of the audit as are planned

§  The Audit's Most Important Findings

§  Matter of Auditor’s independence in case of audit of a listed company

§  Other Supplementary Matters

 

Timing of Communication

A healthy two-way interaction between those responsible for governance and the auditor is aided by timely communication during the audit. However, depending on the conditions of the engagement, the best time to communicate would differ. The importance and nature of the issue, as well as the expected action by those in charge of governance, are all relevant circumstances. For example, communications about planning issues are frequently made early in the audit engagement and, in the case of an initial engagement, as part of agreeing on the engagement conditions. However, the auditor may communicate results from the audit, including his or her thoughts on the qualitative aspects of the entity's accounting practices as part of the final conversation.

 

Practice:

The many modes of communication that should be used are discussed in ISA 260. In most circumstances, communication will be in writing, which is a requirement of the standard in the UK and Ireland. Even if the auditor has no issues to bring to the notice of those charged with governance, a letter should be sent out noting that there are no important findings from the audit that need to be shared. In the case of oral communication, minutes provided by the entity may be included in the audit documentation as part of the oral communication documentation.

 

Source:           https://bit.ly/3soBWKg

  https://bit.ly/34MeRt9

How to make a plan for conducting an audit engagement (ISA-300)

 Establishing the overall audit strategy for the engagement and producing an audit plan are both part of the planning process for an audit. The type and scope of preparatory activities will vary depending on the entity's size and complexity, the past experience of key engagement team members with the entity, and changes in circumstances that occur throughout the audit engagement. Planning is not a distinct phase of an audit; rather, it is a continuous and iterative process that often begins soon after (or in conjunction with) the completion of the prior audit and continues until the current audit engagement is completed.

The audit approach and plan

According to ISA 300, audit planning activities should include:

§  establishing the overall audit strategy for the engagement; and

§  developing an audit plan.

Audit Strategy

The audit strategy lays out in broad terms how the audit will be done, as well as the audit's scope, timing, and direction. After that, the audit strategy directs the creation of the audit plan, which includes the comprehensive responses to the auditor's risk assessment.

Audit Plan

The audit plan is more specific than the overall audit strategy since it specifies the nature, time, and scope of audit procedures that engagement team members will undertake. Prior to the auditor's identification and assessment of the risks of material misstatement, planning includes such matters as:

§  The analytical procedures to be used as risk assessment procedures must be considered.

§  Getting a general grasp of the legal and regulatory framework that applies to the entity, as well as how that framework is being followed.

§  The process of determining materiality.

§  The participation of experts.

§  Performing of other risk assessment techniques.

Benefits of Audit Planning

The audit of financial statements benefits from adequate planning in various ways, including the following:

§  assisting the auditor in devoting adequate attention to critical areas of the audit

§  assisting the auditor in identifying and resolving potential issues in a timely manner.

§  assisting the auditor in appropriately organizing and managing the audit engagement in order for it to be completed in a timely and effective manner.

§  assisting in the selection of engagement team members with the necessary talents and expertise to respond to predicted risks, as well as the suitable assignment of tasks to them.

§  facilitating the direction, supervision, and evaluation of engagement team members' work.

§  assisting, if appropriate, in the coordination of work done by component auditors and experts.

Practice:

At the start of every audit engagement, the auditor must include the following in the audit documentation: (a) the overall audit strategy; (b) the audit plan; and (c) any major changes to the overall audit strategy or the audit plan made during the audit engagement, as well as the reasons for such changes.

 

Source: https://bit.ly/3Gok0V9

  https://bit.ly/3rnf5iZ