ACCA Qualification
ISA260 Communication with Those Charged with Governance
ISA 265 Communicating Deficiencies in Internal Control to Those
Charged with Governance and Management
MODULE:
AUDIT & ASSURANCE
INTERNATIONAL STREAM
PART A
Chapter 3 – Corporate Governance
Prepared by Steven Khor
LEARNING OUTCOME
In this lesson, you will learn how to:
A. Discuss the objective, relevance and importance of corporate governance.
B. Discuss the need for auditors to communicate with those charged with governance.
C. Discuss the requirements and methods of how reporting significant deficiencies in
internal control are provided to management and those charged with governance.[2]
D. Explain, in a format suitable for inclusion in a report to management, significant
deficiencies within a system of internal control and provide control recommendations for
overcoming these deficiencies to management.[2]
E. Discuss the provisions of international codes of corporate governance (such as
Organization for Economic Cooperation and Development (OECD)) are most relevant to
auditors.
F. Describe good corporate governance requirements relating to directors’
responsibilities (e.g. for risk management and internal control) and the reporting
responsibilities of auditors.
G. Evaluate corporate governance deficiencies and provide recommendations to allow
compliance with international codes of corporate governance.[2]
H. Analyze the structure and roles of audit committees and discuss their drawbacks and
limitations.
I. Explain the importance of internal control and risk management
________________________________________________________________________
A).Discuss the
governance.
objective,
relevance
and
importance
of
corporate
1.What is Corporate Governance (CG)?
“Corporate governance is the systems by which companies are DIRECTED and
CONTROLLED in particular of the operation of the board and audit committee as
well as the overall control and risk management framework.”
2.Objective & Importance of CG
• It enhances the overall performance of corporate towards achieving its
objectives.
• It assists management to identify, evaluate and mitigate the risk.
• It provides a framework to safeguard the assets and enhance good
control system.
• It specifies the distribution of rights and responsibilities among
different stakeholders.
• It spells out the rules and procedures for making decisions on corporate
affairs.
• It provides the structure through which the company objectives are set,
and the means of attaining those objectives and monitoring
performance.
Audit & Assurance
Steven Khor
Page 2
•
Good CG can attract new investment into companies.
3.Boards of directors: Unitary Board of Directors Versus Two Tier Board of
Directors .
Unitary BOD (Single BOD)
2-Tier BOD
Common in UK, US & Other English Very common in continental Europe.
speaking nations.
Tier 1= Executive Board- takes daily
decisions in the running of company
Actions of executive directors are
checked by
(a) non executive directors (NED)
(b) audit committee
(c) remuneration committee
Tier 2= Supervisory Board- Made
up by employee representatives,
investors & other stakeholders to
oversee the executive board.
NEDs are normally employed on part Supervisor board is to act as a
time basis and would not take part in checker on the actions of executive
the routine management of the board.
company. They’ve 2 main roles: 1)
Provide experience, 2) Act as a
“corporate conscious”
Limitations
a)Non Executive Directors & the
respective committee are insufficient
well
informed
or
technical
competence
Limitations.
a) Difficult to
cumbersome.
administer
and
b) Supervisor board often the
problem of late information on certain
b) They often fail to detect and decision taken by Executive directors.
monitor the executive directors.
c) Investors are reluctant to discuss
many key issues in the present of
employees representatives
Audit & Assurance
Steven Khor
Page 3
B. Discuss the need for auditors to communicate with those charged with
governance.
4.ISA 260 Communications with Those Charged with Governance.
‘Those charged with governance’ is defined by ISA 260 as ‘the person(s) or
organisation(s) with responsibility for overseeing the strategic direction of the
entity and obligations related to the accountability of the entity’.
‘Management’ is defined by ISA 260 as ‘the person(s) with executive
responsibility for the conduct of the entity’s operations’.
Communication with those charged with governance is important because:
• It assists the auditor and those charged with governance to understand
audit-related matters in context and allows them to develop a
constructive working relationship.
•
It allows the auditor to obtain information relevant to the audit.
•
It assists those charged with governance to fulfil their responsibility to
oversee the financial reporting process, thus reducing the risks of material
misstatement in the financial statements.
Matters to Be Communicated [Dec 2009 Q2b Explain FOUR examples of matters
that might be communicated to them by the auditor. (4 marks)]
1.The
Auditor’s
Responsibilities in
Relation to the
Financial
Statement Audit
The auditor shall communicate with those charged with
governance the responsibilities of the auditor in relation to
the financial statement audit, including that:
a) The auditor is responsible for forming and expressing an
opinion on the financial statements that have been prepared
by management with the oversight of those charged with
governance; and
b) The audit of the financial statements does not relieve
management or those charged with governance of their
responsibilities.
2. Planned Scope The auditor shall communicate with those charged with
and Timing of the governance an overview of the planned scope and timing of
Audit
the audit; for example:
Audit & Assurance
Steven Khor
Page 4
-How the auditor proposes to address the significant risks of
material
misstatement, whether due to fraud or error.
-The auditor’s approach to internal control relevant to the
audit.
-The application of the concept of materiality in the context
of an audit.
- Where the entity has an internal audit function, the extent
to which the
auditor will use the work of internal audit, and how the
external and
internal auditors can best work together in a constructive
and
complementary manner.
3.
Significant a)The auditor’s views about significant qualitative aspects of
Findings from the the entity’s
Audit
accounting practices, including accounting policies,
accounting
estimates and financial statement disclosures.
b)Significant difficulties, if any, encountered during the audit;
c) Significant matters, if any, arising from the audit that were
discussed, or subject to correspondence with management;
d) Written representations the auditor is requesting;
e) Other matters, if any, arising from the audit that, in the
auditor’s
professional judgment, are significant to the oversight of the
financial
reporting process.
4. Auditor
Independence
a) A statement that the engagement team and others in the
firm as
appropriate, the firm and, when applicable, network firms
have complied
with relevant ethical requirements regarding independence
b) All relationships and other matters between the firm,
Audit & Assurance
Steven Khor
Page 5
network
firms, and the entity that, in the auditor’s professional
judgment,
may reasonably be thought to bear on independence
c) The related safeguards that have been applied to
eliminate
identified threats to independence or reduce them to an
acceptable level.
5.The auditor shall communicate in writing with those charged with governance
regarding significant findings from the audit if, in the auditor’s professional
judgment, oral communication would not be adequate. Written communications
need not include all matters that arose during the course of the audit
6.ISA260 identifies some significant difficulties encountered during the audit may
include such matters as:
•
Significant delays in management providing required information.
•
An unnecessarily brief time within which to complete the audit.
•
Extensive unexpected effort required to obtain sufficient appropriate
audit evidence.
•
The unavailability of expected information.
•
Restrictions imposed on the auditor by management.
•
Management’s unwillingness to make or extend its assessment of the
entity’s ability to continue as a going concern when requested.
7.In some jurisdictions the auditor may be required by law or regulation to, for
example:
•
Notify a regulatory or enforcement body of certain matters
communicated with those charged with governance. For example, in some
countries the auditor has a duty to report misstatements to authorities
where management and those charged with governance fail to take
corrective action;
Audit & Assurance
Steven Khor
Page 6
•
Submit copies of certain reports prepared for those charged with
governance to relevant regulatory or funding bodies, or other bodies such
as a central authority in the case of some public sector entities;
•
Make reports prepared for those charged with governance publicly
available.
8.The form of communication (for example, whether to communicate orally or in
writing, the extent of detail or summarization in the communication, and whether
to communicate in a structured or unstructured manner) may be affected by such
factors as:
•
Whether the matter has been satisfactorily resolved.
•
Whether management has previously communicated the matter.
•
The size, operating structure, control environment, and legal structure of
the entity.
•
In the case of an audit of special purpose financial statements, whether
the auditor also audits the entity’s general purpose financial statements.
•
Legal requirements. In some jurisdictions, a written communication with
those charged with governance is required in a prescribed form by local
law.
•
The expectations of those charged with governance, including
arrangements made for periodic meetings or communications with the
auditor.
•
The amount of ongoing contact and dialogue the auditor has with those
charged with governance.
•
Whether there have been significant changes in the membership of a
governing body.
Audit & Assurance
Steven Khor
Page 7
C) Discuss the requirements and methods of how reporting
significant deficiencies in internal control are provided to
management and those charged with governance.[2]
9. ISA 265COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO
THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
Deficiency in internal control exists when:
(i) A control is designed, implemented or operated in such a way that it is unable
to prevent, or detect and correct, misstatements in the financial statements on a
timely basis;
(ii) A control necessary to prevent, or detect and correct, misstatements in the
financial statements on a timely basis is missing.
(b) Significant deficiency in internal control – A deficiency or combination of
deficiencies in internal control that, in the auditor’s professional judgment, is of
sufficient importance to merit the attention of those charged with governance.
The auditor shall also communicate to management at an appropriate level of
responsibility on a timely basis:
(a) In writing, significant deficiencies in internal control that the auditor has
communicated or intends to communicate to those charged with governance,
unless it would be inappropriate to communicate directly to management in the
circumstances;
(b) Other deficiencies in internal control identified during the audit that have not
been communicated to management by other parties and that, in the auditor’s
professional judgment, are of sufficient importance to merit management’s
attention
Audit & Assurance
Steven Khor
Page 8
D) Explain, in a format suitable for inclusion in a report to
management, significant deficiencies within a system of internal
control and provide control recommendations for overcoming
these deficiencies to management.[2]
10.The auditor shall include in the written communication of significant
deficiencies in internal control:
(a) A description of the deficiencies and an explanation of their potential effects;
(b) Sufficient information to enable those charged with governance and
management to understand the context of the communication. In particular, the
auditor shall explain that:
(i) The purpose of the audit was for the auditor to express an opinion on the
financial statements;
(ii) The audit included consideration of internal control relevant to the preparation
of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of internal control;
(iii) The matters being reported are limited to those deficiencies that the auditor
has identified during the audit and that the auditor has concluded are of sufficient
importance to merit being reported to those charged with governance.
11. Indicators of significant deficiencies in internal control include, for
example:
• Evidence of ineffective aspects of the control environment, such as:
- Indications that significant transactions in which management is financially
interested are not being appropriately scrutinized by those charged with
governance.
- Identification of management fraud, whether or not material, that was not
prevented by the entity’s internal control.
- Management’s failure to implement appropriate remedial action on significant
deficiencies previously communicated.
Audit & Assurance
Steven Khor
Page 9
• Absence of a risk assessment process within the entity where such a process
would ordinarily be expected to have been established.
• Evidence of an ineffective entity risk assessment process, such as
management’s failure to identify a risk of material misstatement that the auditor
would expect the entity’s risk assessment process to have identified.
• Evidence of an ineffective response to identified significant risks (for example,
absence of controls over such a risk).
• Misstatements detected by the auditor’s procedures that were not prevented, or
detected and corrected, by the entity’s internal control.
• Restatement of previously issued financial statements to reflect the correction
of a material misstatement due to error or fraud.
• Evidence of management’s inability to oversee the preparation of the financial
statements.
E) Discuss the provisions of international codes of corporate governance
(such as OECD) that are most relevant to auditors.
12.What are main 6 OECD principles?
The Organization for Economic Co-operation and Development (OECD)
Principles of Corporate Governance set out the rights of shareholders, the
importance of disclosure and transparency and the responsibilities of the board
of directors.
The OECD principles represent a common basis that OECD member countries
consider essential for the development of good CG practice. The principles are
intended to be concise, understandable and accessible to the international
community. The principles are not to substitute for the government or private
sector to develop more detailed best practice.
OECD 6 Principles
1. Ensuring the basis for an effective CG framework (e.g. Competency,
accountability, transparency etc)
2. The right of shareholders and key ownership functions should be protected.
3. The equitable treatment of shareholders (including minority and foreign
shareholders)
Audit & Assurance
Steven Khor
Page 10
4. The role of stakeholders in CG should be recognized.
5. Disclosure and transparency (ie. Timely and accurate disclosure of all material
matters)
6. The responsibilities of the board (ie. Board’s accountability to the company)
13. The responsibilities of the BOD under OECD can further break down into:
(a) Reviewing and guiding corporate strategy, major plan of action, risk policy,
annual budgets and business plan, setting performance objectives,
monitoring, implementation and corporate performance and overseeing
major capital ,expenditures, acquisition and diversification.
(b) Monitoring the effectiveness of the company’s governance practice.
(c) Selecting, compensating, monitoring and replacing key executive and
overseeing succession planning
(d) Aligning key executive and board remuneration with the long term
interests of the company
(e) Monitoring and managing potential conflicts
management, board members and shareholders
of
interests
of
(f) Ensuring the integrity of the financial reporting system
(g) Overseeing the process of disclosure and communications.
Audit & Assurance
Steven Khor
Page 11
F&G). Describe good corporate governance requirements relating to
directors’ responsibilities (e.g. for risk management and internal
control) and the reporting responsibilities of auditors & Evaluate
corporate governance deficiencies and provide recommendations to
allow compliance with international codes of corporate governance.[2]
14.Directors’ responsibilities in relating to good corporate governance are:
a. Designing and implementing adequate and appropriate system of control
to identify, evaluate and mitigate the risks.
b. Adhere to the best practice guidelines and legal framework to enhance
overall performance.
c. Provide a framework for the company to pursue its strategy in an ethical
and effective way and safeguard the assets against misuse of resources.
d. Directors are accountable for their actions to all the stakeholders.
e. Directors must be fair to take into account everyone who has a legitimate
interest in the company.
f. Directors should voluntary increase the transparency in corporate affairs
g. The Board of Directors should consist of a balanced of power between
executive directors and non executive directors.
h. Instill capital market confidence in the company.
i.
To review the effectiveness of internal control system, risk management
and legal compliance.
j.
To examine the financial and operating information
k. To review the procedures of safeguard the assets
l.
To review the implementation of corporate objectives.
m. To maintain the independence of auditing activities
Audit & Assurance
Steven Khor
Page 12
15.Segregation of roles between chairman’s role and chief executive’s role.
Combined Code recommends the roles of chairman and chief executive should
be different persons.
Chairman’s role.
The chairman is a non executive. His/Her roles are to:
- ensure full information and full discussion at board meetings.
- Ensure satisfactory channels of communication with the external auditors
- Run the board of directors
- Ensure the effective operation of sub committees of the board.
Chief executive officer (CEO)’s role.
The chief executive is executive officer. His/Her main role is to ensure the
company functions effectively
H) Analyze the structure and roles of audit committees and discuss their
drawbacks and limitations.
16.Audit Committee
“An audit committee is a committee consisting of non executive directors which
is able to view a company’s affairs in a detached and independent way and
liaise effectively between the main board directors and the external
auditors.”
17.The roles of audit committee are:
▪
To monitor the integrity of the financial statements of the company and
review significant financial reporting judgments in the financial statements
▪
To review the company’s internal financial controls and the internal
control and risk management systems
▪
To monitor and review the effectiveness of the company’s internal audit
function
▪
To make recommendation to the boards concerning the appointment of
the external auditor and to approve the remuneration and terms of
engagement of the external auditors
▪
To develop and implement policy on the engagement of the external
auditor to supply non audit services and ethical guidance
Audit & Assurance
Steven Khor
Page 13
▪
To report to the Board, identifying any matters in respect of which it
considers that action or improvement is needed and making
recommendations as to the steps to be taken.
18.ISA260 states that audit committees exist in many jurisdictions. Although their
specific authority and functions may differ, communication with the audit
committee, where one exists, has become a key element in the auditor’s
communication with those charged with governance.
Good governance principles suggest that:
• The auditor will be invited to regularly attend meetings of the audit committee.
• The chair of the audit committee and, when relevant, the other members of the
audit committee, will liaise with the auditor periodically.
• The audit committee will meet the auditor without management present at least
annually.
18.Objectives, Advantages & Disadvantages of Audit Committee
Objectives and Advantages of Audit
Committee
1.Increase public confidence in the credibility of
published accounts because it has been
reviewed by an independent committee.
Disadvantages of Audit
Committee
1. Fear that their purpose is
to catch management out
2.Assist the non executive directors to fulfill any 2.Non Executive directors
obligations under corporate governance to being burdened with details
implement and maintain an appropriate system
of internal control
3.Strengthening the independent position of a 3. Two tier BOD problem
company’s external auditor by providing a clear
and additional channel of communication.
4.Improve
the
accounting.
quality
of
management 4.Incur additional cost &
time involved
5.Lead to better communication between
directors , external auditors and management
6. It provides the internal audit department with
Audit & Assurance
Steven Khor
Page 14
an independent reporting mechanism compared
to reporting to the directors who may wish to
hide or amend unfavorable internal audit reports
.
7. The audit committee will assist the internal
auditor by ensuring that recommendations in
internal audit reports are implemented.
8. Appointment of external auditors
If an audit committee is established, then this
committee can recommend the appointment of
the external auditors. The committee will have
the time and expertise to review the quality of
service provided by the external auditors,
removing the independence issue.
9. Corporate governance requirements –
best practice
Establishing an audit committee will show that
the board is committed to maintaining
appropriate internal systems in the company
and providing the standard of reporting expected
by large companies.
.
I) Explain the importance of internal control and risk management
19.Internal Control, risk management & CG
Generally, CG covers the need for financial controls, the conduct and
remuneration of directors, operational control & risk
20.What are the impacts of CG on internal control?
A well structured of internal control and risk management would provide a
good assurance concerning the effectiveness of the good CG practice.
The internal control system should concern the following areas:(a)
risk requirement
(b)
the nature and extent of the risks
(c)
the threat of such risk to the organization
(d)
the ability to reduce their occurrence and impact of risk
(e)
the costs and benefits relating to operating relevant controls system
Audit & Assurance
Steven Khor
Page 15
21.The Importance of Internal Control & Risk Management
1. To promote , govern and check upon various activities for the purpose of
meeting the company’s objectives
2. Identify and mitigate the risks (business risk/ operation risk) to the
minimum.
3. Safeguard the assets. To stop things going missing and to make some
sense of how the business is doing.
4. Secure completeness. It is important that all transactions are recorded,
processed and properly authorized.
5. Review the performance by analyzing the actual results against the
budgets.
(In summary: Internal Control helps organizations counter risks, maintain the
quality of financial reporting and comply with the laws and regulations. They
provide reasonable assurance that organizations will meet their strategic
objectives)
Examination Question Practice
Question 1
You are a recently qualified Chartered Certified Accountant in charge of the internal audit
department of ZX, a rapidly expanding company. Turnover has increased by about 20% p.a. for
the last five years, to the current level of $50 million. Net profits are also high, with an acceptable
return being provided for the four shareholders.
The internal audit department was established last year to assist the board of directors in their
control of the company and to prepare for a possible listing on the stock exchange. The Managing
Director is keen to follow the principles of good corporate governance with respect to internal
audit. However, he is also aware that the other board members do not have complete knowledge
of corporate governance or detailed knowledge of International Auditing Standards.
Required: Write a memo to the board of ZX that:
(a) Explains how the internal audit department can assist the board of directors in fulfilling their
obligations under the principles of good corporate governance. (10 marks)
(b) Explains the advantages and disadvantages to ZX of an audit committee. (10 marks)
(20 marks)
Question 2 (June 2009 Q4a)
Conoy Co designs and manufactures luxury motor vehicles. The company employs 2,500 staff
and consistently makes a net profit of between 10% and 15% of sales. Conoy Co is not listed; its
Audit & Assurance
Steven Khor
Page 16
shares are held by 15 individuals, most of them from the same family. The maximum
shareholding is 15% of the share capital.
The executive directors are drawn mainly from the shareholders. There are no non-executive
directors because the company legislation in Conoy Co’s jurisdiction does not require any. The
executive directors are very successful in running Conoy Co, partly from their training in
production and management techniques, and partly from their ‘hands-on’ approach providing
motivation to employees.
The board are considering a significant expansion of the company. However, the company’s
bankers are concerned with the standard of financial reporting as the financial director (FD) has
recently left Conoy Co. The board are delaying provision of additional financial information until a
new FD is appointed.
Conoy Co does have an internal audit department, although the chief internal auditor frequently
comments that the board of Conoy Co do not understand his reports or provide sufficient support
for his department or the internal control systems within Conoy Co. The board of Conoy Co
concur with this view. Anders & Co, the external auditors have also expressed concern in this
area and the fact that the internal audit department focuses work on control systems, not financial
reporting. Anders & Co are appointed by and report to the board of Conoy Co.
The board of Conoy Co are considering a proposal from the chief internal auditor to establish an
audit committee. The committee would consist of one executive director, the chief internal auditor
as well as three new appointees. One appointee would have a non-executive seat on the board of
directors.
Required:
Discuss the benefits to Conoy Co of forming an audit committee. (12 marks)
Question 3: Corporate governance
The objective of a system of corporate governance is to secure the effective, sound and efficient
operation of companies. This objective transcends any legislation or voluntary code. Good
corporate governance embraces not only making the company prosper but also doing business in
a legal and ethical manner. A key element of corporate governance is the audit committee. The
audit committee is a committee of the board of directors and is of a voluntary nature regulated by
voluntary codes.
Required
(a) Explain how an audit committee could improve the effectiveness of the external auditor's
work.
(b) Discuss the problems of ensuring the 'independence' of the members of the audit committee.
(c) Discuss the view that the role of the audit committee should not be left to voluntary codes of
practice but should be regulated by statute.
Audit & Assurance
Steven Khor
Page 17
Answer
Question 1
Memo
From: Chief Internal Auditor
To: Board of ZX
Subject: Role of Audit Committee
Date: June 2005
(a) Areas where the internal audit department can assist the directors with the implementation of
good corporate governance in an organization include:
Board reports
Reviewing reports to the board and reports produced by the board to ensure that they do present
a balanced and understandable assessment of the company’s position and prospects. The
internal audit department will have good knowledge of the operations of the company as well as
access to accounting information. The department can effectively ‘audit’ board reports to ensure
they are accurate and understandable.
Internal controls
The board need to maintain a sound system of internal control. The internal audit department will
be able to review existing controls and recommend improvements to ensure this objective is met.
Application of ISA and IASs
The board need to have a policy for applying appropriate International Statements on Auditing
(ISA) and International Accounting Standards (IAS) to the organization. Internal audit will certainly
be aware of new auditing standards and will have the technical expertise (especially where
internal audiors are professionally qualified) to identify changes required by accounting
standards. Amendments to control systems for new auditing standards and financial accounting
systems for new accounting standards can therefore be recommended.
Communication with external auditors
Under corporate governance regulations, communications with external auditors will normally be
via the audit committee, although the board must maintain an appropriate relationship with the
external auditors. However, internal and external auditors can also work together to ensure that
the internal control system is sufficient; possibly by external audit delegating work to internal
audit, and each auditor reviewing the work of the other auditor. The board will therefore receive
reports from both sets of auditors which will be accurate because they have been properly
checked.
Communication to the board
The internal auditor can also check that appropriate information is provided to the board from the
external auditor. ISA 260 Communications of audit matters with those charged with governance
provides a list of matters which should be communicated to the board and the internal auditor can
work with the external auditor to ensure that this information is provided.
(b) The advantages of an audit committee include:
Audit & Assurance
Steven Khor
Page 18
Public confidence
It will increasing public confidence in the creditability and objectivity of published financial
information. This will be particularly important for ZX if listing arrangements go ahead. While an
internal audit department is not normally necessary for incorporated companies, the provision of
that department will provide additional confidence in the accuracy of the financial statements and
hopefully make ZX an attractive investment.
Financial reporting
It will support the directors in fulfilling their financial reporting obligations. The directors have to
prepare financial statements for ZX. The committee can assist by checking the financial
statements to ensure that they comply with appropriate reporting requirements. This is especially
important where the board do not have detailed knowledge of accounting requirements.
Channel of Communication
It will enhance the role of ZX’s external auditors by providing an appropriate channel of
communication. Use of the audit committee will enable the external auditor to discuss issues with
the financial statements with the internal auditor, prior to providing a final summary of key points
to the board.
‘Friend’ of the Board
The audit committee may also act as a ‘critical friend’ to the board by monitoring the work of the
board and providing helpful guidance, where corporate governance requirements do not appear
to be being met. The audit committee should have detailed knowledge of corporate governance
as part of its monitoring function of the company and can share this with the board who may not
have the time to obtain detailed information.
The disadvantages of an audit committee include:
Lack of understanding of function
As the directors in ZX do not have much knowledge of corporate governance, they may see the
additional involvement of the audit committee as a threat to their authority or taking away some of
their responsibilities.
This memo has hopefully outlined the advantages of an audit committee in supporting the work of
the directors, removing this as a problem.
Role of non-executive directors
As the audit committee will be made up mainly from non-executive directors, the board may see
this as a means of decreasing their power and possibly letting other people run the company.
Again, the audit committee must be seen as fulfilling a supporting role for the main board. It will
utilise the special knowledge of account production and internal controls from the external auditor
and business non-executives to provide appropriate review of information being given to the
board.
Cost
The audit committee will increase the expenditure of the company as the non-executive directors
will require some remuneration due to their additional responsibilities. While this cannot be
avoided, the benefits of the committee in terms of providing assistance to the board and raising
the profile of ZX ready for possible listing must not be forgotten.
External auditor responsibilities regarding detection of fraud
Overall responsibility of auditor
Audit & Assurance
Steven Khor
Page 19
The external auditor is primarily responsible for the audit opinion on the financial statements
following the international auditing standards (ISAs). ISA 240 (Redrafted) The Auditor’s
Responsibilities Relating to Fraud in an Audit of Financial Statements is relevant to audit work
regarding fraud.
The main focus of audit work is therefore to ensure that the financial statements show a true and
fair view. The detection of fraud is therefore not the main focus of the external auditor’s work. An
auditor is responsible for obtaining reasonable assurance that the financial statements as a whole
are free from material misstatement, whether caused by fraud or error.
The auditor is responsible for maintaining an attitude of professional scepticism throughout the
audit, considering the potential for management override of controls and recognising the fact that
audit procedures that are effective for detecting error may not be effective for detecting fraud.
Materiality
ISA 240 states that the auditor should reduce audit risk to an acceptably low level. Therefore, in
reaching the audit opinion and performing audit work, the external auditor takes into account the
concept of materiality. In other words, the external auditor is not responsible for checking all the
transactions. Audit procedures are planned to have a reasonable likelihood of identifying material
fraud.
Discussion among the audit team
A discussion is required among the engagement team placing particular emphasis on how and
where the entity’s financial statements may be susceptible to material misstatement due to faud,
including how fraud might occur.
Identification of fraud
In situations where the external auditor does detect fraud, then the auditor will need to consider
the implications for the entire audit. In other words, the external auditor has a responsibility to
extend testing into other areas because the risk of providing an incorrect audit opinion will have
increased.
Question 2
Benefits of audit committee in Conoy Co
Assistance with financial reporting (no finance expertise)
The executive directors of Conoy Co do not appear to have any specific financial skills – as the
financial director has recently left the company and has not yet been replaced. This may mean
that financial reporting in Conoy Co is limited or that the other non-financial directors spend a
significant amount of time keeping up to date on financial reporting issues.
An audit committee will assist Conoy Co by providing specialist knowledge of financial reporting
on a temporary basis – at least one of the new appointees should have relevant and recent
Audit & Assurance
Steven Khor
Page 20
financial reporting experience under codes of corporate governance. This will allow the executive
directors to focus on running Conoy Co.
Enhance internal control systems
The board of Conoy Co do not necessarily understand the work of the internal auditor, or the
need for control systems. This means that internal control within Conoy Co may be inadequate or
that employees may not recognise the importance of internal control systems within an
organisation.
The audit committee can raise awareness of the need for good internal control systems simply by
being present in Conoy Co and by educating the board on the need for sound controls. Improving
the internal control ‘climate’ will ensure the need for internal controls is understood and reduce
control errors.
Reliance on external auditors
Conoy Co’s internal auditors currently report to the board of Conoy Co. As previously noted, the
lack of financial and control expertise on the board will mean that external auditor reports and
advice will not necessarily be understood – and the board may rely too much on external auditors
If Conoy Co report to an audit committee this will decrease the dependence of the board on the
external auditors. The audit committee can take time to understand the external auditor’s
comments, and then via the non-executive director, ensure that the board take action on those
comments.
Appointment of external auditors
At present, the board of Conoy Co appoint the external auditors. This raises issues of
independence as the board may become too familiar with the external auditors and so appoint on
this friendship rather than merit.
If an audit committee is established, then this committee can recommend the appointment of the
external auditors. The committee will have the time and expertise to review the quality of service
provided by the external auditors, removing the independence issue.
Corporate governance requirements – best practice
Conoy Co do not need to follow corporate governance requirements (the company is not listed).
However, not following those requirements may start to have adverse effects on Conoy. For
example, Conoy Co’s bank is already concerned about the lack of transparency in reporting.
Establishing an audit committee will show that the board of Conoy Co are committed to
maintaining appropriate internal systems in the company and providing the standard of reporting
expected by large companies. Obtaining the new bank loan should also be easier as the bank will
be satisfied with financial reporting standards.
Given no non-executives – independent advice to board
Currently Conoy Co does not have any non-executive directors. This means that the decisions of
the executive directors are not being challenged by other directors independent of the company
and with little or no financial interest in the company.
The appointment of an audit committee with one non-executive director on the board of Conoy Co
will start to provide some non-executive input to board meetings. While not sufficient in terms of
corporate governance requirements (about equal numbers of executive and non-executive
directors are expected) it does show the board of Conoy Co are attempting to establish
appropriate governance systems.
Audit & Assurance
Steven Khor
Page 21
Advice on risk management
Finally, there are other general areas where Conoy Co would benefit from an audit committee.
For example, lack of corporate governance structures probably means Conoy Co does not have a
risk management committee. The audit committee can also provide advice on risk management,
helping to decrease the risk exposure of the company.
Question 3: Corporate governance
(a) Improving the effectiveness of audit
􀁸 Increasing assurance from stronger corporate governance and internal controls
􀁸 Providing an opportunity to discuss the terms and scope of external audit in an impartial
Way.
􀁸 Strengthening the ability of the external auditor to request changes in control systems
􀁸 Ensuring that there is minimal duplication of work where internal auditors are involved, by
discussing the audit plan with the external auditors via the audit committee
􀁸 Ensuring that directors' statements on internal control as required by Cadbury are reviewed
by the audit committee
􀁸 Reviewing going concern issues and ensuring that appropriate disclosures are made
􀁸 Acting as a forum for resolving problems between the directors and the external auditors
􀁸 Resolving difficulties over the availability of information and key client personnel
􀁸 Reviewing draft financial statements before presentation to the auditors and the executive
board
(b) Independence of audit committees
􀁸 The members should be independent and declare any interests in the company.
􀁸 Non-executive directors often sit on several boards, so conflicts of interest can easily arise.
􀁸 Salaries are paid by the company so financial independence can be compromised.
􀁸 Members of the audit committee tend to have other roles at the client, eg personnel. They
act in several capacities and independence may be impaired.
􀁸 Members may have had previous involvement in executive positions and could have share
options or pension schemes, again compromising independence.
(c) Statutory regulation
Statutory regulation could impose additional costs and regulatory burdens, which might not
justify the end in all cases and could sometimes be detrimental to shareholders.
However, an argument in favour of statutory regulation is that voluntary codes of practice may
not be applied consistently by companies. Another is that the non-executive audit committee may
not feel able to criticise management unless they have statutory backing.
Audit & Assurance
Steven Khor
Page 22
Shareholders do not readily understand the role of the audit committee. If it was appointed by
statute and governed this role might be better understood, but this is not necessarily the case.
There is no evidence that shareholders understand legal regulations any better than voluntary
ones in many cases. It is difficult to arrive at a 'model' audit committee suitable for all entities,
as would be required if statutory regulation were introduced. Companies are unique and have
unique requirements.
A statutory monitoring report upon the audit committee would be required. This would further
increase costs for the company. It would be very difficult to set standards for non-executive
directors on audit committees.
Audit & Assurance
Steven Khor
Page 23