F8 – Chapter 1- Audit framework and regulation

Key Highlights on Chapter 1

Objective of External Audit Engagements:

• Primary objective is to provide assurance on financial statements.
• Enhances confidence in financial information for stakeholders.

Stewardship in External Audit:

• Refers to managing and safeguarding resources on behalf of others.
• Responsibility of management and governing bodies.

Concept of Agency in External Audit:

• Associated with accountability.
• Involves fiduciary relationship between management and stakeholders.

External Auditors’ Responsibility on Accountability:

• Report on stewardship of management.
• Assess effectiveness of resource management.

Assurance Services Provided by External Auditors:

• Includes financial statement audit.
• Aims to enhance confidence in financial information.

Purpose of Providing Assurance on Non-financial Information:

• Increase credibility of non-financial disclosures.
• Enhance transparency and accountability.

Distinction between External Audit Engagements and Internal Audit Activities:

• External audit emphasizes independence.
• Internal audit focuses on operational efficiency.

Purpose of External Audit Engagements:

• Express opinion on fair presentation of financial statements.
• Enhance reliability of financial information.

 Role of Independence in External Audit Engagements:

• Enhances objectivity and credibility of audit opinions.
• Ensures impartiality and integrity of audit process.

. Concept of Assurance in External Audit:

• Refers to providing opinion on absence of material misstatement.
• A key function of external auditors.

. Purpose of Audit Framework:

• Provides guidelines for effective audit conduct.
• Structured approach to auditing processes.

Regulatory Body for Auditing Standards in the UK:

• Financial Reporting Council (FRC).
• Sets auditing standards, including ISAs.

Fundamental Principle of Auditing according to ISAs:

• Independence.
• Ensures objectivity and integrity.

External Users of Financial Statements:

• Include suppliers.
• Individuals or entities outside the organization.

Concept of Materiality in Auditing:

• Threshold beyond which errors could influence economic decisions.
• Key factor in determining significance of misstatements.

Objective of Understanding Auditee’s Internal Control System:

• Assess effectiveness of internal controls.
• Identify areas of potential risk.

Example of an Assurance Engagement:

• Financial statement audit.
• Enhances credibility of financial information.

Characteristic of Audit Report:

• Expresses opinion on accuracy of financial statements.
• Communicates auditor’s findings.

Qualitative Characteristic of Financial Information:

• Comparability.
• Enables meaningful comparisons.

Management’s Responsibility in Financial Reporting Process:

• Evaluating effectiveness of internal controls.
• Designing, implementing, and maintaining internal control systems.

Audit and Assurance (AA) – Chapter: Audit Framework and Regulation

Topic 1. The Concept of Audit and Other Assurance Engagements

1.a Objective and General Principles of External Audit Engagements
The primary objective of an external audit is to provide stakeholders—such as shareholders, creditors, and regulatory bodies—with an independent and objective opinion on whether an entity’s financial statements present a true and fair view in accordance with the relevant financial reporting framework. This opinion reduces information asymmetry between management (who prepare the financial statements) and users (who rely upon them). To achieve this objective, auditors must adhere to four general principles:

1. Independence: Auditors must maintain both actual independence of mind and the appearance of independence. This ensures that they remain impartial and unbiased when evaluating management’s assertions and that stakeholders can trust the auditor’s report. 
2. Professional Skepticism: Auditors approach each engagement with a critical mindset, questioning evidence and seeking corroboration for management’s representations. This attitude guards against overlooking contradictory evidence or being unduly influenced by management. 
3. Professional Judgment: Auditing involves complex judgment calls, such as determining materiality thresholds, assessing risk, and evaluating the sufficiency and appropriateness of audit evidence. Professional judgment combines the auditor’s technical knowledge, experience, and ethical values. 
4. Evidence-Based Reasoning: Conclusions must be backed by sufficient and appropriate audit evidence obtained through procedures such as inspection, observation, confirmation, and recalculation. The quality and quantity of evidence gathered directly impact the auditor’s ability to issue a reliable opinion. 
5. Ethical Conduct: Auditors must demonstrate integrity, objectivity, confidentiality, and professional behavior throughout the engagement, in line with ACCA’s Code of Ethics and Conduct.
   

1.b Nature and Development of Audit and Other Assurance Engagements
Auditing emerged during the nineteenth-century industrial revolution as businesses grew in size and complexity, necessitating independent verification of financial records. Initially focused on verifying compliance with accounting records, audits have evolved into risk-based processes emphasizing the identification and assessment of significant risks of material misstatement.

Other assurance engagements—such as review engagements, agreed-upon procedures, and non-financial assurance—have developed to meet varied stakeholder needs. Review engagements offer limited assurance by applying inquiry and analytical procedures rather than detailed testing. Agreed-upon procedures engagements involve the auditor performing specific tasks as requested by the client, with reporting confined to factual findings. More recently, assurance has expanded to sustainability reporting, internal controls (e.g., SOC reports), and cybersecurity frameworks, reflecting the broadening landscape of stakeholder concerns.

1.c Concepts of Accountability, Stewardship and Agency
Accountability refers to the obligation of management to provide a transparent account of its stewardship of resources. Stewardship is the duty of managers to safeguard assets and manage resources on behalf of owners. Agency theory describes the relationship between principals (owners) and agents (managers), highlighting inevitable information asymmetry and potential conflicts of interest. External audits mitigate agency costs by enhancing the credibility of financial information, thereby aligning agent behavior with principal interests.

1.d Definition and Objectives of an Assurance Engagement
An assurance engagement is defined as one in which an auditor or assurance practitioner engages to assess and report on the conformity of a subject matter against suitable criteria, enhancing the confidence of intended users. The objectives include increasing the reliability of information, supporting decision-making, and reducing users’ measurement and evaluation risk.

1.e The Five Elements of an Assurance Engagement
Assurance engagements comprise:

1. Three-Party Relationship: Involving the practitioner, the responsible party (who prepares the subject matter), and the intended users. 
2. Subject Matter: The specific financial or non-financial information being examined, such as financial statements, internal controls, or sustainability metrics. 
3. Criteria: The benchmark against which the subject matter is evaluated—examples include IFRS for financial statements, COSO for internal controls, or GRI standards for sustainability reporting. 
4. Evidence: Audit procedures designed to gather sufficient and appropriate evidence to support the practitioner’s conclusion. 
5. Conclusion and Reporting: The practitioner issues a report expressing a conclusion that provides either reasonable or limited assurance, depending on the nature of the engagement. 

1.f Types of Assurance Engagements

• Reasonable Assurance Engagements: Provide high (but not absolute) assurance; the auditor obtains sufficient evidence to reduce engagement risk to an acceptably low level. The standard external audit is a reasonable assurance engagement. 
• Limited Assurance Engagements: Provide moderate assurance; the auditor performs primarily inquiry and analytical procedures to conclude that nothing has come to attention indicating material modification is needed. 
• Agreed-Upon Procedures Engagements: Engage to perform specific procedures agreed with the client; no assurance opinion is provided, and the report is restricted to factual findings. 
• Other Specialized Assurance Engagements: May focus on compliance audits, IT system security, or performance metrics, tailored to stakeholder requirements. 

1.g Level of Assurance Provided and True and Fair Presentation
Reasonable assurance engagements seek to provide high confidence that the subject matter is free from material misstatement. Limited assurance engagements offer a lower level of confidence, reflecting less extensive procedures. In the context of financial reporting, auditors conclude that financial statements present a true and fair view—meaning that they are free of material misstatement and faithfully represent the entity’s financial position, performance, and cash flows.

Topic 2. External Audits

2.a Regulatory Environment
External audits operate within a framework of legislation, professional standards, and oversight bodies. 

Companies Acts and audit regulations establish statutory requirements for audit engagements, while professional standards—principally the International Standards on Auditing (ISAs) issued by the IAASB—set out auditing principles and procedures. National bodies, such as audit oversight authorities, monitor auditor compliance and enforce disciplinary measures.

2.b Reasons and Mechanisms for Regulation of Auditors
Regulation exists to protect the public interest by ensuring audit quality and maintaining confidence in financial reporting. Mechanisms include mandatory firm registration, auditor licensing, continuing professional development requirements, and periodic practice reviews or inspections conducted by regulatory oversight bodies.

2.c Statutory Regulations Governing Appointment, Rights, Removal, and Resignation of Auditors
Statutes typically require auditors to be appointed by a resolution of shareholders at the Annual General Meeting. Auditors have statutory rights to access company books and records. Removal requires a special resolution, with auditors entitled to state their reasons and make representations to shareholders. Resignations must be formally notified to both the company and the relevant regulator, often accompanied by an explanatory statement.

2.d Regulations Governing Duties and Rights of Auditors
Auditors are legally obliged to exercise due care, confidentiality, and professional diligence. They must report material irregularities or fraud to those charged with governance and, in certain jurisdictions, to regulatory authorities. Auditors also possess the right to receive all necessary information and explanations from management.

2.e Limitations of External Audits
External audits are subject to inherent limitations. Auditors often use sampling rather than examining every transaction, rely on management’s representations, and may be unable to detect collusion or fraud orchestrated by management. Time and budget constraints further limit the scope of audit procedures.

2.f Development and Status of International Standards on Auditing (ISAs)
ISAs are issued by the International Auditing and Assurance Standards Board (IAASB) to promote consistency and high quality in audit engagements globally. They undergo periodic revisions—recent examples include enhancements to fraud risk assessment and engagements involving group audits.

2.g Relationship Between ISAs and National Standards
Many countries adopt ISAs directly or adapt them into national auditing standards. Where differences exist, national standards may provide additional requirements or guidance to address local legal or regulatory nuances, but they must not conflict with the core principles of ISAs.

2.h Overall Objectives and Importance of Quality Management Procedures
Quality management procedures ensure that audit firms maintain consistent engagement quality, comply with ethical requirements, and respond effectively to emerging risks. Robust quality management safeguards the firm’s reputation and protects stakeholders from audit failures.

2.i Quality Management Procedures Over Engagement Resources, Engagement Performance, Monitoring and Remediation, and Ethical Compliance

• Engagement Resources: Hiring and assigning personnel with appropriate competence and capabilities; ensuring sufficient staffing levels. 
• Engagement Performance: Establishing policies for planning, supervision, and review; documenting significant judgments and conclusions. 
• Monitoring and Remediation: Conducting internal inspections and external peer reviews; implementing corrective actions where deficiencies are identified. 
• Ethical Compliance: Performing independence checks; maintaining conflict-of-interest registers; enforcing policies on gifts and hospitality. 

2.j Evaluating Quality Management Deficiencies and Recommendations
When deficiencies arise—such as inadequate training, inconsistent application of procedures, or insufficient supervision—firms should perform root-cause analysis and implement targeted improvements. Recommendations may include enhanced training programs, tighter documentation requirements, stronger review controls, and more frequent internal inspections.

Topic 3. Corporate Governance

3.a Objectives, Relevance, and Importance of Corporate Governance
Corporate governance comprises the systems and processes by which companies are directed and controlled. Sound governance promotes transparency, accountability, and ethical behavior, thereby protecting shareholder interests, reducing agency costs, and improving access to capital.

3.b Provisions of International Codes of Corporate Governance Relevant to Auditors
The OECD Principles of Corporate Governance set international benchmarks, emphasizing board responsibilities, risk oversight, and disclosure. Auditors rely on these principles—particularly those concerning audit committee composition, internal control frameworks, and transparency—to assess governance quality and inform their risk assessments.

3.c Directors’ Responsibilities and Reporting Responsibilities of Auditors
Directors are responsible for establishing and maintaining effective risk management systems and internal controls. Auditors report significant deficiencies or material weaknesses in internal control to those charged with governance, often recommending improvements to strengthen the control environment.

3.d Evaluating Corporate Governance Deficiencies and Recommendations
Auditors should assess board structure, independence of directors, and effectiveness of board committees. Deficiencies—such as an absence of independent directors, poor risk oversight, or opaque reporting—warrant recommendations like appointing additional non-executive directors, enhancing board training, or improving disclosure practices.

3.e Structure, Roles, Benefits, and Limitations of Audit Committees
Audit committees usually consist of independent non-executive directors and serve as a liaison between management, internal audit, and external auditors. They oversee financial reporting, monitor internal controls, and evaluate auditor performance. While audit committees enhance oversight, they may be constrained by limited technical expertise or insufficient authority to enforce recommendations.

3.f Importance of Internal Control and Risk Management
Internal control frameworks—such as COSO—provide structured approaches to identify and manage risks, establish control activities, and monitor effectiveness. Effective risk management ensures that potential threats to organizational objectives are identified, assessed, and mitigated in a timely manner, supporting reliable financial reporting and safeguarding assets.

Topic 4. Professional Ethics and ACCA’s Code of Ethics and Conduct

4.a Fundamental Principles

• Integrity: Auditors must be honest and trustworthy in all professional and business relationships. 
• Objectivity: Auditors must not allow bias, conflict of interest, or undue influence to override professional judgments. 
• Professional Competence and Due Care: Auditors must maintain professional knowledge and skill at the required level, acting diligently and in accordance with applicable technical and professional standards. 
• Confidentiality: Auditors must respect confidentiality of information acquired during the course of their work and not disclose it without proper authority. 
• Professional Behavior: Auditors must comply with relevant laws and regulations and avoid any conduct that discredits the profession. 

4.b Conceptual Framework and Threats to Fundamental Principles
The conceptual framework requires auditors to identify threats to compliance with fundamental principles and evaluate their significance. Key threats include self-interest (e.g., financial interests), self-review (e.g., auditing one’s own work), advocacy (e.g., promoting a client’s position), familiarity (e.g., long association with a client), and intimidation (e.g., threats from a client).

4.c Safeguards to Mitigate Threats
Safeguards may be at three levels:

• Professional: Continuing professional education, external quality reviews, professional body guidance. 
• Regulatory: Audit oversight, mandatory partner rotation, independence requirements. 
• Firm-Level: Internal policies on acceptance of new clients, staff rotation, conflict-of-interest registers, ethical training programs. 

4.d Auditor’s Responsibility for Independence, Conflicts of Interest, and Confidentiality
Auditors must decline or withdraw from engagements where independence is compromised. They should proactively identify and manage conflicts of interest—such as providing non-audit services—and ensure client confidentiality is maintained, except when disclosure is required by law or professional standards.

4.e Steps for Addressing Breaches of ACCA’s Code of Ethics and Conduct
When a breach of the Code is identified, the auditor should:

1. Assess the Breach: Determine the nature and significance of the breach and the threats it poses to fundamental principles. 
2. Consult: Engage with senior firm personnel or technical advisors to evaluate appropriate responses. 
3. Document: Record the identified threats, evaluation process, and any safeguards applied. 
4. Implement Safeguards: Apply or enhance safeguards, such as rotating personnel or declining to provide non-assurance services. 
5. Report: For serious or unresolvable breaches, inform the appropriate regulatory authority or ACCA’s disciplinary body.