F8 – Chapter 1- Audit framework and regulation

Audit framework and regulation

Key Highlights on Chapter 1

Objective of External Audit Engagements:

• Primary objective is to provide assurance on financial statements.
• Enhances confidence in financial information for stakeholders.

Stewardship in External Audit:

• Refers to managing and safeguarding resources on behalf of others.
• Responsibility of management and governing bodies.

Concept of Agency in External Audit:

• Associated with accountability.
• Involves fiduciary relationship between management and stakeholders.

External Auditors’ Responsibility on Accountability:

• Report on stewardship of management.
• Assess effectiveness of resource management.

Assurance Services Provided by External Auditors:

• Includes financial statement audit.
• Aims to enhance confidence in financial information.

Purpose of Providing Assurance on Non-financial Information:

• Increase credibility of non-financial disclosures.
• Enhance transparency and accountability.

Distinction between External Audit Engagements and Internal Audit Activities:

• External audit emphasizes independence.
• Internal audit focuses on operational efficiency.

Purpose of External Audit Engagements:

• Express opinion on fair presentation of financial statements.
• Enhance reliability of financial information.

 Role of Independence in External Audit Engagements:

• Enhances objectivity and credibility of audit opinions.
• Ensures impartiality and integrity of audit process.

. Concept of Assurance in External Audit:

• Refers to providing opinion on absence of material misstatement.
• A key function of external auditors.

. Purpose of Audit Framework:

• Provides guidelines for effective audit conduct.
• Structured approach to auditing processes.

Regulatory Body for Auditing Standards in the UK:

• Financial Reporting Council (FRC).
• Sets auditing standards, including ISAs.

Fundamental Principle of Auditing according to ISAs:

• Independence.
• Ensures objectivity and integrity.

External Users of Financial Statements:

• Include suppliers.
• Individuals or entities outside the organization.

Concept of Materiality in Auditing:

• Threshold beyond which errors could influence economic decisions.
• Key factor in determining significance of misstatements.

Objective of Understanding Auditee’s Internal Control System:

• Assess effectiveness of internal controls.
• Identify areas of potential risk.

Example of an Assurance Engagement:

• Financial statement audit.
• Enhances credibility of financial information.

Characteristic of Audit Report:

• Expresses opinion on accuracy of financial statements.
• Communicates auditor’s findings.

Qualitative Characteristic of Financial Information:

• Comparability.
• Enables meaningful comparisons.

Management’s Responsibility in Financial Reporting Process:

• Evaluating effectiveness of internal controls.
• Designing, implementing, and maintaining internal control systems.

Topic 1 The Purpose of External Audit Engagements

An external audit is a form of assurance engagement undertaken by an auditor to provide an impartial assessment of a set of financial statements.

1.1 The Objective of External Audit

The primary aim of auditing financial statements is to enable the auditor to offer an unbiased assessment regarding whether the financial statements have been prepared, in all material aspects, in accordance with a relevant financial reporting framework. An audit of financial statements is a classic example of an assurance engagement.

The fundamental purpose of an external audit is to allow auditors to render an opinion on the financial statements. While an audit may yield secondary outcomes, such as providing guidance to company directors on managing the business, its core goal is to report to the shareholders.

Statutory and Non-Statutory Audits

In many nations, statutory audits are mandated by national legislation for various entities, including limited liability companies. Additional organizations and entities subject to statutory audits might encompass charities, investment firms, and trade unions. For instance, in the UK, under the Companies Act 2006, most companies are obligated to undergo a statutory audit.

Statutory audits can bring multiple benefits to both the company and shareholders. The primary advantage for shareholders is the objective assessment provided by auditors. Furthermore, companies benefit from having professional accountants review their accounts and systems as part of the audit, which can lead to recommendations regarding accounting and control systems, as well as the potential detection of fraud and errors.

Non-statutory audits, on the other hand, are performed at the request of parties such as the company’s owners, proprietors, members, trustees, professional and governing bodies, or other interested stakeholders, rather than being legally required. Consequently, auditing can encompass a wide range of entities that maintain financial records, including clubs, charities (some of which may also require statutory audits), sole traders, and partnerships. Notably, not-for-profit organizations undergo a unique form of audit

Advantages of Non-Statutory Audits

In addition to the benefits shared by all types of audits, non-statutory audits can offer additional advantages. For instance, when auditing the accounts of a partnership, there are various potential benefits, including:

(a) Facilitating the settlement of accounts among partners.

(b) Enhancing the acceptability of accounts to tax authorities, which can be useful for determining an individual partner’s tax liability when audited accounts are available.

(c) Simplifying the sale of the business or the negotiation of loans or overdraft facilities, as audited accounts can instill confidence.

(d) Providing a valuable audit for “sleeping partners,” who may have limited means of verifying business accounts and their share of profits.

Topic 2  Accountability, Stewardship, and Agency

An audit offers assurance to a company’s shareholders and other stakeholders by providing an independent and unbiased evaluation of the financial statements.

The Nature and Evolution of Audit and Other Assurance Engagements

The accounting and auditing professions have been subject to significant public scrutiny for many years. Numerous changes have been instituted in response to various events related to audit and assurance engagements.

The late 1990s witnessed a stock market bubble and speculation surrounding the future of “dotcom” companies. This period was followed by a revelation that senior management at Enron, a U.S. energy company, had deceived investors through fraudulent overstatements of profitability. Enron’s auditor, Arthur Andersen, was found to lack objectivity in evaluating Enron’s accounting methods, leading to Arthur Andersen’s downfall in 2002.

Other companies embroiled in corporate frauds included WorldCom, Parmalat, Cable & Wireless, and Xerox, among others. These frauds prompted a loss of confidence in corporate governance and auditing practices. In the U.S., the Sarbanes-Oxley Act of 2002 was enacted, resulting in significant changes in the regulation of the accounting profession within the U.S., influencing similar issues globally.

In September 2008, Lehman Brothers filed for bankruptcy, triggering a severe global financial crisis. Lehman Brothers had aggressively expanded into property-related investments, including sub-prime mortgages, and was found to have concealed its insurmountable debts through accounting maneuvers. Lehman’s auditors had issued a clean audit report for the year ending November 30, 2007. This event led to the collapse of Lehman Brothers International Europe and sparked investigations into the conduct of Lehman Brothers’ auditors.

Following Lehman Brothers’ collapse, other banks worldwide failed, requiring government support to continue. This crisis had far-reaching effects on the global economy, with many businesses struggling or failing. This period of economic instability and sovereign debt crises extended into 2010 and 2011/2012, necessitating multiple restructuring efforts.

In the wake of the global financial crisis, regulators have been revisiting the effectiveness of audits and the role of auditors in preventing, or at least warning of, corporate and financial institution collapses in the future. One critical aspect under scrutiny is the need for professional skepticism to enhance audit quality.

Provision of Assurance – June 2013

Several corporate governance requirements necessitate communication between directors and shareholders. As previously discussed in Section 1, directors of all companies are typically obligated to prepare annual financial statements that provide a true and fair representation of the company’s financial position and profit or loss for the period. They are also encouraged to communicate with shareholders regarding matters such as director remuneration and benefits (a legal requirement for public limited companies), going concern, and risk management.

However, how can shareholders ascertain the accuracy and fairness of the directors’ communications? This brings us back to the issue Peter faced in the scenario presented earlier in this section. Peter was aware that Vera’s perspective might be biased differently from his own and sought assurance on the information he received.

The IAASB International framework for assurance engagements serves as a reference guide for professional accountants when conducting assurance engagements. It provides the following definition of an assurance engagement:

An assurance engagement is one in which a practitioner offers a conclusion designed to enhance the confidence of intended users, other than the responsible party, in the subject matter information (i.e., the result of the assessment or measurement of a subject matter against criteria).

Components of an Assurance Engagement – June 2010

An assurance engagement conducted by a practitioner consists of the following elements:

(a) A three-party relationship involving the intended user, the responsible party, and the practitioner. (Each party is described in the key terms box below.)

(b) A subject matter, which comprises data prepared by the responsible party for evaluation and can take various forms, including financial performance (e.g., historical financial information), non-financial performance (e.g., key performance indicators), processes (e.g., internal control), and behavior (e.g., compliance with laws and regulations).

(c) Appropriate criteria against which the subject matter is assessed or measured to form an opinion.

(d) Gathering sufficient, relevant evidence to support the required level of assurance.

(e) The issuance of an assurance report in a format suitable for a reasonable assurance engagement or a limited assurance engagement, which contains the practitioner’s opinion.

Intended users are the individuals or class of individuals for whom the practitioner prepares the assurance report.

The responsible party is the individual (or individuals) responsible for the subject matter (in the context of a direct reporting engagement) or the subject matter information in the assurance engagement.

The practitioner is the professional who reviews the subject matter and provides assurance.

One way to remember these five elements of an assurance engagement is by using the mnemonic “CREST”:

– Criteria

– Report

– Evidence

– Subject matter

– Three-party relationship

In the following section, we will explore various types of assurance engagements.

It is essential to comprehend and be able to explain the elements of an assurance engagement, as this area has been answered poorly in previous exams. Utilize the memory aid provided above to prepare for such questions.

Objectives of an Assurance Engagement

The objective of an assurance engagement varies depending on the level of assurance provided. We will first examine a reasonable assurance engagement, which offers a high but not absolute level of assurance.

ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information, was updated in September 2013 and applies to assurance reports dated on or after December 15, 2015. The revised ISAE distinguishes between two types of assurance engagements:

– Reasonable assurance engagements

– Limited assurance engagements

In a reasonable assurance engagement, the objective is to reduce the assurance engagement risk to an acceptably low level in the engagement’s circumstances as the basis for the assurance practitioner’s conclusion. The conclusion is typically expressed in a positive form. To provide reasonable assurance, a substantial amount of testing and evaluation is required to support the conclusion.

Limited assurance, on the other hand, offers a lower level of assurance. The procedures carried out in a limited assurance engagement involve fewer activities compared to those in a reasonable assurance engagement. Nevertheless, these procedures should be planned to obtain a meaningful level of assurance, as determined by the practitioner’s professional judgment. In a limited assurance engagement, the conclusion conveys whether the practitioner’s attention has been drawn to any matter that causes them to believe the subject matter information is materially misstated. This conclusion is typically expressed using negative wording.

For both reasonable and limited assurance engagements, the revised ISAE mandates that the practitioner provide a summary of the procedures undertaken within the assurance report.

Topic 3 Types of Assurance Services 

Assurance services encompass a variety of tasks, ranging from external audits to review engagements.

Other Assurance Engagements

As previously discussed in this chapter, an audit can provide assurance to different stakeholders on a wide range of matters. However, audits are designed to deliver a high level of assurance, involving extensive testing and therefore incurring substantial costs. In some cases, stakeholders may find that a less detailed engagement, such as a review, provides them with sufficient assurance. A review serves as a cost-effective alternative to an audit, especially when an audit is not legally required, and offers limited assurance.

The primary objective of a review engagement is to attain limited assurance regarding whether the subject matter information is free from significant misstatements. Recipients of a review engagement should expect a lower level of assurance compared to an audit, even though the procedures involved in a review engagement are similar to those in an audit.

Alternatively, if the engagement does not pertain to financial statements, ISAE 3000 (Assurance Engagements other than Audits or Reviews of Historical Financial Information) states that it could be either a reasonable assurance or a limited assurance engagement, based on the circumstances.

Varieties of Review Engagements

There are two types of assurance engagements: attestation engagements and direct engagements. The main distinction between the two lies in who evaluates the underlying subject matter against the criteria.

(a) Attestation Engagement: In this type of engagement, the practitioner does not measure or evaluate the underlying subject matter. Instead, the practitioner concludes whether the subject matter information is free from significant misstatement. For example, the review of a sustainability report, prepared by management, is an attestation engagement. Here, management assesses the extent to which the company has achieved its sustainability targets, and the practitioner offers a conclusion on whether the measurement and evaluation are free from significant misstatements.

(b) Direct Engagement: In this engagement, the practitioner evaluates the underlying subject matter and then presents conclusions about the reported outcome in the assurance report. For instance, if the practitioner is engaged to review the effectiveness of a company’s internal control system, they would assess the internal controls and report the review’s outcome.

 Internal Audit Reviews

Internal auditors are part of an organization’s control system, with their responsibilities determined by management and often covering a wide range of functions. Internal auditing involves the examination, assessment, and monitoring of the adequacy and effectiveness of internal control.

Up to this point, we have discussed assurance services where an independent external entity provides an opinion on financial information. However, assurance can also be offered to management and other parties by internal auditors.

As discussed in Chapter 3, all directors are advised to evaluate the effectiveness of the company’s risk management and internal control systems as part of good corporate governance. They should also consider the need for an internal audit function to aid them in their duties.

In larger organizations, full-time staff may be appointed to monitor and report on the company’s operations. Internal audit staff are a type of control. While some of their work overlaps with that of external auditors, there are significant differences between the two in terms of their responsibilities, scope, and relationship with the company, as we will explore in more detail in Chapter 5.

Internal auditors can carry out various assignments, including:

(a) Value for Money (VFM) audits that assess the economy, efficiency, and effectiveness of activities and processes.

(b) Information Technology (IT) audits, which test controls in specific areas of the business.

(c) Best value audits, as required by the UK government for local authorities to assess and review all their functions over a five-year period. Internal audit can conduct this review.

(d) Financial, operational, and procurement audits.

Topic 4. Assurance and Reports

The auditors’ report concerning a company’s financial statements is framed in terms of truth and fairness. In essence, this signifies that financial statements should possess the following attributes:

– Being based on factual information

– Being devoid of any form of bias

– Accurately representing the commercial essence of the business’s transactions

4.1 Truth and Fairness 

Below, you’ll find an illustrative auditor’s report on a company’s financial statements. This particular report conveys an unmodified opinion, signifying that the financial statements are indeed true and fair and have been correctly prepared.

An audit provides readers with a high level of assurance regarding the truth and fairness of the financial statements, but it does not guarantee their absolute correctness. It signifies that the financial statements are true and fair within a reasonable margin of error.

One of the reasons for not providing absolute assurance is the intrinsic limitations of the audit process, which are further discussed below.

Audit Limitations and Materiality

External audits offer reasonable assurance that the financial statements are devoid of significant misstatements. The level of assurance provided by auditors is subject to several factors, including the auditors’ exercise of judgment in selecting audit procedures and drawing conclusions. Furthermore, it is affected by inherent limitations inherent to every audit. These limitations are depicted in the following diagram.

In financial statements, there may exist misstatements that hold significance for the readers, and auditors structure their work accordingly, guided by professional skepticism. The notion of ‘significance to readers’ corresponds to the concept of materiality, which will be covered in more detail in Chapter 6.

Materiality essentially represents the relative importance or significance of a specific matter within the broader context of the financial statements. An issue is deemed material if its exclusion or misrepresentation could reasonably impact the economic decisions made by users relying on the financial statements. Materiality assessment hinges on the size of the item or error evaluated within the specific circumstances of its exclusion or misstatement.

The auditors’ primary responsibility is to determine whether the financial statements provide a genuine and fair representation. However, auditors are not tasked with verifying the accuracy of every single detail. This is because verifying even the minutest transaction can consume a substantial amount of time and effort, which may not be justified by the resultant benefit. Additionally, financial accounting inherently involves a degree of estimation, making financial statements inherently imprecise.

While the definition of materiality refers to the decisions made by the recipients of the audit report (the company’s members), the decisions of these recipients can often be influenced by other entities relying on the financial statements, such as banks, for example.

Assurance Levels

The extent of confidence offered by the unbiased expert is contingent on the specific task at hand.

In this context, ‘assurance’ signifies the level of confidence that the auditors have regarding the reliability of a declaration made by one party, intended for use by another party.

Directors are responsible for compiling financial statements with the objective of benefiting the company’s members. They affirm that the financial statements accurately represent the financial position. Auditors, in turn, supply assurance concerning this affirmation. In order to provide such assurance, auditors are required to:

– Evaluate risk

– Devise an audit strategy

– Execute the audit procedures

– Evaluate the outcomes

– Convey their professional judgment

The degree of satisfaction attained and, consequently, the level of assurance that can be furnished is contingent upon the nature of the procedures performed and the outcomes obtained.