Audit Engagement Letter (ISA-210)

 The auditor's goal is to accept or continue an audit engagement only after the basis on which it will be performed has been agreed upon, which includes:

(a) determining whether the preconditions for an audit are present; and

(b) confirming that the terms of the audit engagement are understood by the auditor, management, and, where appropriate, those charged with governance.

Management or those in charge of governance, as applicable, must agree to the parameters of the audit engagement. The following items must be included in an audit engagement letter or another suitable form of a written agreement:

(a) the objective and scope of the financial statement audit;

(b) the auditor's responsibilities;

(c) management's responsibilities;

(d) identification of the applicable financial reporting framework for the preparation of the financial statements; and

(e) reference to the expected form and content of an audit report

(f) a statement that a report's form and substance may deviate from what is expected in certain instances.

Except for the fact that such law or regulation applies and management acknowledges and understands its responsibilities, the auditor does not need to record the terms of the audit engagement referred to above in a written agreement if the terms of the audit engagement referred to above are prescribed in sufficient detail by law or regulation. On recurring audits, the auditor must determine if the terms of the audit engagement need to be updated and whether the business needs to be reminded of the existing audit engagement terms.

If there is no reasonable justification, the auditor will not consent to a change in the terms of the audit engagement. If the auditor is asked to convert the audit engagement to one that provides a lower level of assurance before it is completed, the auditor must consider whether there is a reasonable rationale for doing so.

If the audit engagement's conditions change, the auditor and management must agree on and document the new terms in an engagement letter or other suitable form of a written agreement. If the auditor is unable to agree to a change in the audit engagement terms and is not permitted by management to continue the original audit engagement, the auditor shall:

(a) Withdraw from the audit engagement where possible under applicable law or regulation; and 

(b) Determine whether there is any contractual or other obligation to report the circumstances to other parties, such as those charged with governance, owners, or regulators.

 

Practice:

It is in both the entity's and the auditor's best interests to minimize misunderstandings about the audit. The auditor, thus, should issue an audit engagement letter before the start of the audit.

Source: https://bit.ly/3nZ6Ur6

ISA (UK) 200: Objectives of the Auditor

ISA (UK) 200 deals with the independent auditor’s overall responsibilities when conducting an audit of financial statements in line with International Standards on Auditing UK (ISAs UK).

The objective of an audit is to boost the amount of confidence of intended users in the financial statements. This is accomplished by the declaration of an opinion by the auditor on whether the financial statements are prepared in accordance with relevant financial reporting mechanism.

There are few elements to ISA (UK) 200

1. Objectives

2. Definitions of the key terms

3. Requirements


1. Objectives:

ISA (UK) 200 states there are two overall objectives of the auditor. First: 'To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.' Secondly: 'To report on the financial statements, and communicate as required by the ISAs in accordance with the auditor's findings

2. Definitions of the key terms given in standard:

· Applicable financial reporting framework

· Audit evidence

· Audit risk

· Auditor

· Detection risk

· Financial statements

· Historical financial information

· Management

· Misstatement

· Professional judgment

· Professional skepticism

· Reasonable assurance

· Risk of material misstatement


3. Requirements:

ISA (UK) 200 carries five separate requirements.

a) Ethical Requirements Relating to an Audit of Financial Statements— Comply with relevant ethical requirements.

b) Professional Skepticism— plan and perform an audit with professional skepticism.

c) Professional Judgment— exercise professional judgment in planning and performing

d) Sufficient Appropriate Audit Evidence and Audit Risk— sufficient appropriate audit evidence to reduce audit risk to an acceptably low level

e) Conduct of an Audit in Accordance with ISAs— comply with all ISAs relevant to the audit, understand the entire areas of ISA.



Practice

As we discussed above that according to ISA (UK) 200 there are basically two overall objectives, (a) to obtain reasonable assurance, (b) to report on financial statements. Experts suggest that ISA (UK) 200 is of vital importance therefore due care should be given to its compliance while conducting audit. The auditor shall design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity. ISA 200 contains an objective relating to situations where reasonable assurance cannot be obtained, in which case the auditor, depending on the circumstances, may qualify the audit opinion, or disclaim an opinion, or withdraw from the assignment.



References:

https://www.accaglobal.com/sg/en/member/discover/cpd-articles/audit-assurance/isa-200.html

https://www.researchgate.net/publication/46534009_Recently_aspects_regarding_International_Auditing_Standard_200_Overall_Objectives_of_the_Independent_Auditor_and_the_Conduct_of_an_Audit_in_Accordance_with_International_Standards_on_Auditing

ISA (UK) 220: Quality Control for an Audit of Financial Statements

 

The auditor is responsible for the quality control of the audit of financial statements. This responsibility is not solely outlined through ISA 220, but also through ISQC 1 and is further to be corroborated through the applicable ethical requirements. Each audit firm is responsible for the implementation and maintenance of a quality control system in order to ensure that the firm and its personnel comply with the ethical, legal, and regulatory requirements [L&RR] and that the audit reports issued by the firm are appropriate.

Responsibilities of an Engagement Partner

Being the leader of the audit team, the engagement partner observes a higher need for the maintenance of quality control throughout the audit. He, being responsible for the overall quality of the audit engagement, should stay alert and skeptical for any instance of non-compliance with the ethical and regulatory requirements by any member of the audit team.

Ethical Requirements

While the ethical requirements may vary from jurisdiction to jurisdiction, the fundamental principles of ethics laid down by the IESBA Code of Ethics include Integrity, Objectivity, Professional Competence, Confidentiality, and Professional Behavior. Additional ethical requirements may be imposed on an auditor through the local codes of conduct prevalent in different jurisdictions.

Engagement Team and Performance

The engagement partner must ensure that the team deployed on the audit of financial statements under his audit engagement is competent and capable enough to comply with the professional standards and applicable L&RR. The audit team must have the necessary competence to enable an audit report under the given circumstances.

The responsibility for the audit report and its validity, however, rests with the engagement partner. He is also responsible for the direction, oversight, and performance of the audit engagement in accordance with the applicable LR&R and professional standards.

Practice

While accepting or continuing an audit engagement, an engagement partner shall obtain information from the firm and network firms to identify any potential threats of non-compliance with the applicable quality control requirements. In the instance of identifying any such threat, an auditor is advised to immediately report the matter in his reporting line, or seek the application of safeguards that reduce the threat to an acceptably low level, or where appropriate, withdraw from the audit engagement. Any inability to resolve a given matter should be disclosed to the firm immediately for appropriate action.

It is also advised to conduct a thorough and rigorous review of the audit documentation and working papers before or on the date of the audit report to be satisfied that sufficient and appropriate audit evidence has been obtained by the audit team to base the audit opinion on.

References:

https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

ISA (UK) 210: Agreeing the terms of an Audit Engagement

Before an auditor accepts an audit engagement, he is responsible for agreeing on certain engagement terms with the management, and where required, with those charged with governance. ISA 210 requires the auditor to accept an audit engagement only when the following bases for an audit has been established:

1.    Preconditions for the audit are present.

2.    The auditor and management conform to a common understanding of the terms of the audit engagement.

Agreeing to the terms of an audit engagement is particularly important as it enables both the parties i.e. the auditor and the management to understand their respective responsibilities towards the conduct of an audit.

Preconditions for an audit engagement

The preconditions for an audit entail the following.

1.    Adoption of an acceptable financial reporting framework (FRF) by the management for the preparation of the entity's financial statements.

2.    Management's acceptance of its responsibility for the preparation of financial statements in accordance with the applicable FRF, implementation of adequate internal controls, and provision of access to the auditor to all the required information.

The acceptability of the FRF adopted by the entity varies with the nature of the entity, the nature, and purpose of the financial statements, and the requirements of the applicable law and regulations.

Agreement on the terms of an audit engagement

An auditor shall ensure that the management adequately understands and agrees to the terms of an audit engagement. These terms primarily include the scope and objective of the audit, the responsibilities of the auditor and the management, reference to the applicable FRF, the form and content of the audit report, and other relevant information. Once agreed, these terms are to be set out in the audit engagement letter.

Implications for Recurring Audits

The auditor is not required to send a new engagement letter for recurring audit engagements. However, certain circumstances may necessitate the revision or reiteration of the existing audit terms. These might include a significant change in the senior management or ownership of the entity, misapprehension of the previously laid out terms, change in the reporting requirements, etc.

Practice

It is only if the above-stated criteria are met that an auditor should accept and continue an audit engagement. In case the preconditions are not met, the auditor must take up the matter with those charged with governance. An auditor might often be required to change the terms of the engagement once the audit engagement has been accepted. However, such changes shall not be accepted until there is a reasonable justification to do so. For example, the conversion of a public entity into a private entity exempt from the requirements of audit of its financial statements. An auditor must issue a new engagement letter in case of a change in audit engagement terms.

References:

https://www.frc.org.uk/getattachment/b245bc7f-453f-49b8-ad9b-2ce992f6ca67/ISA-(UK)-210_Revised-June-2016_Updated-July-2017.pdf

Auditing and Assurance Standards in UK

Auditing standards are professional standards or requirements for the performance of an audit of financial statements. They include objectives for the auditor, together with requirements and related application and other explanatory material. Preparation of a uniform set of standards for auditing practice in UK was started back in March 1976 when the Auditing Practices Committee (APC) was established by the Consultative Committee of Accountancy Bodies (CCAB) to formalize the existing co-operation of the CCAB bodies on audit practices. At the time of its establishment the role of the Auditing Practices Committee was defined as:

“To provide a framework of practice for the exercise of an auditor's individual judgement, by proposing for the approval of the Councils of the governing bodies statements of explanation and guidance on auditing, and definitive statements of auditing standards.”

In 2004 the Financial Reporting Council (FRC) took over responsibility for the setting of audit standards through the Auditing Practices Board (APB) which became a subsidiary board of the FRC. The FRC was also charged with monitoring and enforcing these auditing standards. In the same year of 2004, the UK’s Auditing Practices Board (APB) took the decision to base UK and Irish auditing standards on ISAs. One of the reasons for this alignment was to benefit from future improvements to them.

New standards were issued by the International Federation of Accountants (IFAC) through the IAASB and were adopted in the UK in October 2009 as ISAs (UK), and apply to audits of financial statements for periods ending on or after 15 December 2010. Where necessary, the APB has augmented the international standards with a small number of additions to address specific UK and Irish legal and regulatory requirements. The FRC, in June 2016, stated that references to Standards (UK) have been amended to Standards (UK).

The Financial Reporting Council (FRC) is now the authorized body for setting auditing standards in the UK in accordance with the Companies Act of 2006 and Statutory Instrument on Statutory Auditors (Amendment of Companies Act 2006 and Delegation of Functions etc.) Order 2012 (SI 2012/1741). The Companies Act of 2006 establishes mandatory audit requirements (statutory audits) for all companies unless they qualify for exemptions based primarily on size, nature of activity and company type, or whether they are dormant.

To sum up the discussion, all financial statement audits in UK must be conducted in accordance with International Standards on Auditing (UK) issued by the FRC. The current International Standards on Auditing (UK) are based on the International Standards on Auditing (ISAs) of the same titles that have been issued by the International Auditing and Assurance Standards Board, published by the International Federation of Accountants, with some additions to account for UK Company law.

 

References:  

                      https://bit.ly/2VmXF8K

https://bit.ly/2TQkDoh

https://bit.ly/3je2o4Z

https://bit.ly/3lnG2kb

https://bit.ly/3rUddNl

https://bit.ly/2TOJHMm

Comparison: Old vs Revised ISA (UK) 220

While the revised standard mandates application of the revised guidelines for the financial statement audits commencing on or after 15th December 2022, it has also allowed voluntary early application to ensure the quality of the audit is maintained throughout the audit engagement. Here’s a comparison of the old standard vs. revised standard on quality of audit for financial statements.

Old Vs. Revised ISA (UK) 230 - Key Differences

Particulars	Old Standard	Revised Standard
Focus	More focus on exercising control over the Quality of the audit engagement.	Focusing the overall Quality of the audit is Managed responsibly.
Audit Concern	The firm’s policy decides the process, objectives and controls of the audit engagement.	Considering each firm’s risks, the audit quality management, process, objectives, procedures, and control should be decided.
Emphasis	The audit engagement should be accurately and effectively adhere to the audit quality controls.	More accurate and complete information and communications to maintain the quality of the audit.
Specific Requirements	Overall leadership responsibilities.	Active participation from the key auditor as well as the team members emphasizing on the accountability as well.
Documentation of Processes	Documenting and testing of the processes is not specified.	Specifically requires processes to be documented and tested.
Reference to ‘Resources’	The resources refer to the Human only	Wider reference so as to include Humans, intellectual, technological components

 

Challenges on the Practical Implication 

• The main challenge will be of an overall application as there are a lot of requirements and making all of those work together would be a bit of a hardship.

• The revised standard requires documentation and testing of the processes, which is quite challenging as the methods might be in place but documenting them could be cumbersome.

• The requirement of the risk-based approach makes it complicated to set the objectives, procedures based on the individual firm’s risks and threats. Such an approach will then become too subjective.

The best strategy to manage the transition period would be to match your firm’s objectives with the revised standard and create policies and procedures that meet the standard’s requirements.

References: 

1. ISA (UK) 220_Revised July 2021_final

2. https://www.frc.org.uk/getattachment/615b6684-314e-44ae-a47f-1fc8ffa92bac/ISA-(UK)-220_Revised-November-2019-With-Covers.pdf

3. New standards continue drive toward better audits

Quality Management for an Audit of Financial Statements

The ISA (UK) 220 (revised July 2021) on Quality Management for Audit of Financial Statements will be applicable for the audits of financial statements on or after 15 December 2022. The recent revision imposes significant responsibilities on the engagement partner (key auditor) to conduct the audits most effectively to maintain the audit quality so that the audit quality is maintained throughout. Let’s discuss these responsibilities in detail with the help of a practical example. 

Overview and the Purpose of this Standard

The standard focuses on the responsibilities carried out by the auditor to conduct the audit following the applicable professional standards, rules, and regulations. 

The standard requires from the key auditor the following to maintain the quality of the audits:

• Leadership responsibilities 

• Ethical compliances including independence of the auditor

• Determining policies and procedures to accept and continue the relationships with the clients and the audits  

• Availability of sufficient resources and the environment to the audit team from time to time

• Take responsibility to direct and supervise the work carried out by the audit team and review their work.

• Documentation, monitoring, and remediation related responsibilities 

Practical Implication with the Help of an Example

The Key Auditor and his team are conducting an audit of a stock broking company. To verify the transactions of such a vast company, the auditor will need a well-equipped Information Technology set-up at his firm. He will also need such an audit team that knows how to run verification reports. 

In the above example, the revised standard requires the key auditor of the firm to take leadership in maintaining the quality of the audit. His duty will be to direct and supervise the audit team members on how to verify the transactions of the stockbroking company and the understanding of how to conduct the entire audit effectively to ensure adherence to the standard. 

He is also responsible for making available necessary audit environment that enables the team members to conduct the audit more efficiently. The availability of sufficient IT infrastructure in the given example would be the responsibility of the key auditor. 

Thus, there have been substantial changes concerning the engagement partner’s responsibilities (key auditor) through the revised standard. The purpose is to maintain the utmost quality of the audit where the early adoption of the standard is also allowed.  

References:

1. ISA (UK) 220_Revised July 2021_final

2. The FRC's new requirements of auditors