ISA (UK) 505: External Confirmations

 The trustworthiness of audit evidence is influenced by its source and nature and is reliant on the unique conditions under which it is gathered, according to ISA (UK) 500. The following generalizations about audit evidence are included in the ISA (UK):

·         When audit evidence is collected from independent sources outside the company, it is more dependable.

·         Direct audit evidence obtained by the auditor is more reliable than indirect or inferred audit evidence.

·         When audit evidence is in documentary form, whether on paper, electronic media, or another medium, it is more dependable.

As a result, audit evidence in the form of external confirmations received directly by the auditor from confirming parties may be more reliable than evidence generated internally by the entity, depending on the conditions of the audit. The purpose of this ISA (UK) is to assist auditors in creating and executing external confirmation procedures in order to collect relevant and credible audit evidence. When implementing external confirmation methods in response to a risk of material misstatement, an auditor's goal is to develop and implement such procedures in order to collect relevant and credible audit evidence.

External confirmation is the process of acquiring and analyzing audit evidence directly from a third party in response to a request for information on a specific item from the auditor. Such audit evidence, when combined with audit evidence from other audit techniques, may help to reduce the evaluated risk to a level that is acceptable. External confirmations are of two types.

Positive confirmation request - A request for the confirming party to react directly to the auditor, either by agreeing or disagreeing with the information in the request or by giving the desired information.

Negative confirmation request — A request that the confirming party reacts immediately to the auditor only if the information provided in the request is incorrect.

·         External confirmations are frequently used to confirm the following:

·         bank balances, loans, guarantees, and other information from bankers;

·         bank accounts opened in connection with imprests (e.g. delegations);

·         amounts held at financial intermediaries at year-end;

·         accounts receivable or accounts payable balances.

Practice:

The auditor should determine if the results of the external confirmation process, along with the results of any other audit processes completed, provide sufficient, relevant, and credible audit evidence for the assertion under scrutiny, or whether more audit procedures are required.

 

 

Reference:      https://bit.ly/3v28dJI

                        https://bit.ly/3K7Vg5o

ISA (UK) 500: Audit Evidence

 The primary goal of an auditor's job in an audit engagement is to achieve reasonable assurance that the financial statements as a whole are free of material misstatement so that the auditor can make an opinion on the financial statements and reflect accordingly in the auditor's report. The auditor must develop and implement audit processes to acquire sufficient relevant audit evidence to be able to draw reasonable inferences on which to base the auditor's opinion, which is a high but not absolute level of certainty.

Audit evidence — Information used by the auditor to reach the conclusions that constitute the basis of the auditor's opinion. Information from the accounting records that underpin the financial statements, as well as information gathered from other sources, are included in audit evidence.

The relevance and reliability of the information on which all audit evidence is based have an impact on its quality. The logical link with, or impact on, the goal of the audit method and, where appropriate, the assertion under consideration is referred to as relevance. The source and nature of the information to be used as audit evidence, as well as the conditions under which it is received, including the controls over its production and maintenance if applicable, all influence the audit evidence's reliability.

Obtaining and assessing audit evidence, which is generally produced from audit processes carried out during the engagement but can also be obtained from other sources, is a substantial component of the effort involved in performing an audit. For example, past audits; provided that any modifications that have occurred in the meantime have been properly considered; or the firm's quality control methods, particularly those relating to customer acceptance and continuation.

The auditor obtains audit evidence by performing: 

(a) risk assessment procedures; and 

(b) additional audit procedures, which include:

(i)         controls tests, when required by the ISAs (UK) or when the auditor chooses to do so; and

(ii)   substantive procedures, including tests of details and substantive analytical procedures.

The auditor must decide how to pick things for testing that are successful in satisfying the purpose of the audit method while creating controls and detail tests. If: (a) audit evidence obtained from one source differs from that obtained from another, or (b) the auditor has doubts about the reliability of information to be used as audit evidence, the auditor must determine what changes or additions to audit procedures are required to resolve the issue, as well as the impact of the issue, if any, on other aspects of the audit.

Practice:

The auditor may use inspection, observation, external confirmation, recalculation, reperformance, analytical procedures, inquiry, etc. as risk assessment procedures, tests of controls, or substantive procedures, depending on the context in which they are applied by the auditor.

 

Reference:      https://bit.ly/37TwybO

https://bit.ly/3M7quLh

ISA (UK) 402: Audit Considerations Relating to an Entity Using a Service Organization

 When a user entity utilizes the services of one or more service organizations, this International Standard on Auditing (UK) (ISA (UK)) addresses the user auditor's responsibilities to gather adequate appropriate audit evidence. It explains how the user auditor can use ISA (UK) 315 and ISA (UK) 330 to gain a sufficient understanding of the user entity, including relevant internal controls, to identify and assess the risks of material misstatement, and to design and perform additional audit procedures in response to those risks. When services provided by a service organization, as well as the controls over them, are part of the user entity's information system, including related business activities, relevant to financial reporting, they are relevant to the audit of the user entity's financial statements. The user auditor must comprehend how a user entity uses the services of a service organization in the user entity's activities when developing an understanding of the user entity in accordance with ISA (UK) 315.

When a user entity uses the services of a service organization, the user auditor's objectives are to:

(a) gain a sufficient understanding of the nature and significance of the service organization's services and their impact on the user entity's internal control relevant to the audit to identify and assess the risks of material misstatement; and

(b) design and perform audit procedures responsive to those risks.

Maintenance of the user entity's accounting records is an example of a service organization service that is important to the audit. Regardless of the controls in place at the service organization, the user entity may establish controls over the service organization's services that the user auditor can test, allowing the user auditor to conclude that the user entity's controls are operating effectively for some or all of the related assertions. If a user entity, for example, hires a service organization to conduct its payroll transactions, the user entity can set up controls over the submission and receipt of payroll data to prevent or identify serious misstatements.

 

Practice:

The user auditor shall evaluate the design and implementation of relevant controls at the user entity that relates to the services provided by the service organization, including those that are applied to the transactions processed by the service organization, when obtaining an understanding of internal control relevant to the audit in accordance with ISA (UK) 315.

 

 

Reference:      https://bit.ly/3Mm0kVB