- No category
CFAP-6 Audit & Assurance Study Pack - ICAP
advertisement
CFAP - 6 AUDIT, ASSURANCE AND RELATED SERVICES THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN i Second edition published by The Institute of Chartered Accountants of Pakistan Chartered Accountants Avenue Clifton Karachi – 75600 Pakistan Email: studypacks@icap.org.pk www.icap.org.pk © The Institute of Chartered Accountants of Pakistan, June 2023 All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, without the prior permission in writing of the Institute of Chartered Accountants of Pakistan, or as expressly permitted by law, or under the terms agreed with the appropriate reprographics rights organization. You must not circulate this book in any other binding or cover and you must impose the same condition on any acquirer. Notice The Institute of Chartered Accountants of Pakistan has made every effort to ensure that at the time of writing, the contents of this study text are accurate, but neither the Institute of Chartered Accountants of Pakistan nor its directors or employees shall be under any liability whatsoever for any inaccurate or misleading information this work could contain. ii THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN TABLE OF CONTENTS CHAPTER PAGE GUIDANCE FOR OPEN BOOK EXAM 1 Chapter 1 CONCEPT AND NEED FOR ASSURANCE 5 Chapter 2 THE REGULATORY ENVIRONMENT 13 Chapter 3 PROFESSIONAL ETHICS 35 Chapter 4 APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 111 Chapter 5 PROFESSIONAL RESPONSIBILITY AND LIABILITY 161 Chapter 6 THE AUDIT APPROACH 193 Chapter 7 UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 267 Chapter 8 USING THE WORK OF OTHERS 377 Chapter 9 AUDIT EVIDENCE 425 Chapter 10 AUDIT FINALISATION AND REPORTING 465 Chapter 11 MODIFICATION IN THE AUDIT REPORT 499 Chapter 12 SPECIAL AUDITS 567 Chapter 13 REVIEW ENGAGEMENTS 583 Chapter 14 ASSURANCE AND NON ASSURANCE ENGAGEMENTS 613 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN iii iv THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN SPOTLIGHT AT A GLANCE GUIDANCE FOR OPEN BOOK EXAM THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 1 GUIDANCE FOR OPEN BOOK EXAM CFAP 6: AARS 1. APPROACH FOR OPEN BOOK EXAM In the open book mode of examination, students are expected to: - have a deep knowledge of the standard and simultaneously the student should be able to comprehend the scenario based questions in exam environment, - be able to identify the relevant standard involved; and - finally, should be capable enough to draft a solution in accordance with the requirement of the question and relevant standard. As the said approach is a bit different from the conventional way of testing knowledge, a basis guideline for students has been presented as follow to help students prepare for and attempt exams under open book mode. It is important to note that there is no absolute guidance for any subject and students may drive their preparation in any manner deemed necessary for them, suiting their circumstances. Pillars of the Approach Following are the seven (07) pillars to the Open Book Approach that are further elaborated in forthcoming sections: AT A GLANCE Understanding the concepts Mind Mapping of the contents Skimming of the Standard Highlighting and Marking (Building affiliations with standards) Basic Self-Assessment Advanced Self-Assessment Final Mock for Practice from multiple areas 1.1 Understanding the concepts SPOTLIGHT It is strongly suggested that students must not solely rely on the basic level of knowledge acquired at the CAF level of the qualification and are encouraged to take guidance from relevant person(s). As this is an open-book exam, the practical understanding of concepts would play a vital role in the preparation of the exam. It is also suggested to follow complete guidelines provided by counsellor to have a composite understanding of the entire syllabus systematically. 1.2 Mind Mapping of the contents After you have clarified the concepts given in different standards / topics, this book comes to help you. You may either consult this book as guideline for preparation of your own mind maps or you may select this book for building the mind maps of different topics. This book would give you a summary of all the relevant standards cross-linked with relevant para references etc. This is important to remember that in the exams you are not expected to find the answers from the bulky book(s) of Standards. Ideal solution (or a rough sketch) to the case study should strike first in your mind using your mind mapping skills, you may refer the standard to confirm your understanding. If you are not equipped with Proper understanding (unit 1.1), open book approach is not going to help you; rather it would simply waste your time in ICAP exam making the paper more difficult for you under exam pressure. 1.3 Skimming of the Standards After getting understanding and mapping the things in your study notes and mind, it is important to skim the contents given in the standards. If you have a previous understanding (unit 1.1) supported by mind mapping (unit 1.2), reading the original standard would not be a much time consuming element for you. You should skim the contents of relevant standards in a slightly faster pace identifying the key requirements learned earlier. 2 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS GUIDANCE FOR OPEN BOOK EXAM It would generally take approximately half an hour to read any unit/ standard/topic of this book. Before starting from the bare standard, it is recommended to quickly skim the relevant area from this book once again (but with a faster pace this time). After skimming that, start reading and understanding the core paragraphs of the standard. After understanding the theme conveyed in core paragraphs, start connecting explanatory paragraphs (having a prefix of “A”, e.g. A23). These paragraphs can be read at a little faster pace. 1.4 Highlighting and Marking (Building affiliations with the standards) You should use 2 to 3 colors highlighters during the above reading and skimming phase so that you may highlight different paragraphs for future reference. In this way you would be making that standard more user friendly for your revision. After doing the aforementioned steps for any area or the topic, it’s time to assess your preparation as per the benchmark of ICAP exams. You should select some of the questions from the practice questions given in each relevant standard (ideally two-third of the total for that unit). It is important to note that all these practice questions have been taken from your ICAP examinations (previous attempts of the same subject). After reading the question, at first stance, let your mind challenge the questions (recall your mind maps, build a solution in mind and try to find a nearest answer in the standard available with you). After you have prepared a rough answer in your mind; check the solutions given in the ‘Solution’ section of the same and rate yourself. Before checking solution you may also look for the tutorial notes that are guiding you what not to do and some additional points to focus more while developing an answer in mind. AT A GLANCE 1.5 Basic Self-Assessment If you are unable to reach at 70%-80% of the solution, it means that any of the starting pillars are not done properly. If your answer matches substantially with given solution, you are ready for the second last and very crucial phase of your preparation. Select the remaining one-third (1/3rd) questions of each area or topic and write down their answers by yourself using your understanding and the mind maps approach. Provide your solutions to any of your peer or senior to review against the solution given in the book (Get it properly marked). An ideal situation would be two students cross checking the solutions of each other against same chapter. Scored marks should not be less than 55%. (If so; repeat all the previous pillars). 1.7 Final Mock for practice from multiple areas Now when you are comfortable enough with all the topics of the syllabus and have done all previous pillars individually for all the individual topics of the syllabus; you are required to practice a full length mock of 3 hours to assess your final preparation and an ability to retrieve the knowledge from your mind maps and the open book when the relevant area is increased to full syllabus. You may choose latest paper of ICAP exam as this mock. Giving such mock (or latest paper of ICAP) would assure: A good writing practice Self-Assessment Multi-topic testing Practicing time management Know your weaknesses at least 2 weeks before exam THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 3 SPOTLIGHT 1.6 Advanced Self-Assessment GUIDANCE FOR OPEN BOOK EXAM AT A GLANCE SPOTLIGHT 4 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 1 CONCEPT AND NEED FOR ASSURANCE AT A GLANCE SPOTLIGHT 1. The meaning of audit 2. The meaning of assurance 3. Advantages and limitations of statutory audits The external auditor must be independent from the directors; otherwise his report will have little value. If he is not independent, his opinion is likely to be influenced by the directors. ‘Assurance’ means confidence. In an assurance engagement, an ‘assurance firm’ is engaged by one party to give an opinion on a piece of information that has been prepared by another party. The opinion is an expression of assurance about the information that has been reviewed. It gives assurance to the party that hired the assurance firm that the information can be relied on. AT A GLANCE AT A GLANCE The main objective of an audit is to enable an auditor to convey an opinion as to whether or not the financial statements of an entity are prepared according to an applicable financial reporting framework. An audit provides a high, but not absolute, level of assurance that the audited information is free from any material misstatement. This is often referred to as reasonable assurance. A review in contrast to ‘reasonable’ level of assurance provided by an audit, a review into an aspect of the financial statements would provide only a moderate level of assurance that the information under review is free of material misstatement. The resulting opinion is usually (although not always) expressed in the form of negative assurance. There are certain advantages and limitations of audit that are also narrated in this chapter. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 5 SPOTLIGHT IN THIS CHAPTER: CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE CFAP 6: AARS 1. THE MEANING OF AUDIT 1.1 Definition and objective of audit An audit is an official examination of the accounts (or accounting systems) of an entity (by an auditor). When an auditor examines the accounts of an entity, what is he looking for? The main objective of an audit is to enable an auditor to convey an opinion as to whether or not the financial statements of an entity are prepared according to an applicable financial reporting framework. Financial statements -A structured representation of historical financial information, including disclosures, intended to communicate an entity’s economic resources or obligations at a point in time, or the changes therein for a period of time, in accordance with a financial reporting framework. Financial statements have the following components (as per IAS-1): AT A GLANCE Statement of Financial Position (Balance Sheet) Statement of Profit or Loss and other comprehensive income Statement of Changes in Equity Cash Flow Statement Notes to the Financial Statements Comparative information prescribed by the standard Applicable financial reporting framework - The financial reporting framework adopted by management and, where appropriate, those charged with governance in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation. The applicable financial reporting framework is decided by: legislative or regulatory environment within each individual country, and accounting standards (for example, International Accounting Standards / International Financial Reporting Standards). SPOTLIGHT The auditor seeks to express an opinion as the result of the audit work that he does. The type of work carried out by an auditor in order to reach his opinion is described in later chapters. 1.2 Concepts of accountability, stewardship and agency An audit of a company’s accounts is needed because in companies, the owners of the business are often not the same persons as the individuals who manage and control that business. The shareholders own the company. The company is managed and controlled by its directors. The directors have a stewardship role. They look after the assets of the company and manage them on behalf of the shareholders. In small companies the shareholders may be the same people as the directors. However, in most large companies, the two groups are different. The relationship between the shareholders of a company and the board of directors is also an application of the general legal principle of agency. The concept of agency applies whenever one person or group of individuals acts as an agent on behalf of someone else (the principal). The agent has a legal duty to act in the best interests of the principal, and should be accountable to the principal for everything that he does as agent. As agents for the shareholders, the board of directors should be accountable to the shareholders. In order for the directors to show their accountability to the shareholders, it is a general principle of company law that the directors are required to prepare annual financial statements, which are presented to the shareholders for their approval. 6 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE 1.3 The audit report: independence, materiality and true and fair Audit has a very long history. The concept of an audit goes back to the times of the Egyptian and Roman empires. In medieval times, independent auditors were employed by the feudal barons to ensure that the returns from their stewards and their tenants were accurate. Over time, the annual audit was developed as a way of adding credibility to the financial statements produced by management. The statutory audit is now a key feature of company law throughout the world. The key features of the audit report are as follows: The auditors producing the report are independent from the directors producing the financial statements. The report gives an opinion on whether the financial statements “give a true and fair view”, or “present fairly” the position and results of the entity. The report considers whether the financial statements give a true and fair view in all material respects. The concept of materiality is applied in reaching an audit opinion. AT A GLANCE An auditor reports to the shareholders on the financial statements produced by a company’s management. Independence of the auditor In contrast to external auditors, internal auditors may not be fully independent from the directors, although they may be able to achieve a sufficient degree of independence. The concept of ‘internal auditors’ shall be described in details in a later chapter. True and fair view (fair presentation) The auditor reports on whether (or not) the financial statements give a true and fair view, or present fairly, the position of the entity as at the end of the financial period and the performance of the entity during the period. The auditor does not certify or guarantee that the financial statements are correct. In preparing the financial statements, a large amount of judgement is exercised by the directors. Similarly, judgement is exercised by the auditor in reaching his opinion. The phrases ‘true and fair view’ and ‘present fairly’ indicate that a judgement is being given that the financial statements can be relied upon and have been properly prepared in accordance with an appropriate financial reporting framework. Materiality concept The auditor reports in accordance with the concept of materiality. He gives an opinion on whether the financial statements present fairly in all material respects the financial position and performance of the entity. Information is material if, on the basis of the financial statements, it could influence the economic decisions of users should it be omitted or misstated. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 7 SPOTLIGHT The external auditor must be independent from the directors; otherwise his report will have little value. If he is not independent, his opinion is likely to be influenced by the directors. CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE CFAP 6: AARS For example, the shareholders of a company with assets of Rs.1 million will not be interested if petty cash was miscounted with the result that the amount of petty cash is overstated by Rs.100. This is immaterial. However, they will be interested if there are receivables in the statement of financial position of Rs. 200,000 which are not in fact recoverable and which should therefore have been written off as a bad debt. Applying the concept of materiality means that the auditor will not aim to examine every number in the financial statements. He will concentrate his efforts on the more significant items in the financial statements, either: because of their (high) value, or because there is a greater risk that they could be stated incorrectly. 1.4 The statutory requirement for audit Most countries impose a statutory requirement for an annual (external) audit to be carried out on the financial statements of most companies. However, in many countries, smaller companies are exempt from this requirement for an audit. Other entities, such as sole traders, partnerships, clubs and societies are usually not subject to a statutory audit requirement. Small companies and these other entities may decide to have a voluntary audit, even though this is not required by law. AT A GLANCE 1.5 Responsibility of management and those charged with governance With respect to the audit and contrary to what many members of the public think, it is management and those charged with governance which are responsible for: Prevention and detection of fraud Preparation of the financial statements Design and implementation of effective internal controls - for example authorising payments above a certain amount, monthly bank reconciliation and a monthly trade payables control account reconciliation. They are also responsible for: SPOTLIGHT 8 Providing the auditor with: ¯ Access to information relevant to the preparation of the financial statements ¯ Additional information relevant to the audit ¯ Unrestricted access to persons whom the auditor needs access to in order to complete the audit Providing written representations to the auditor at the end of the audit (see later chapter for details) THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE 2. THE MEANING OF ASSURANCE 2.1 Definition of assurance ‘Assurance’ means confidence. In an assurance engagement, an ‘assurance firm’ is engaged by one party to give an opinion on a piece of information that has been prepared by another party. The opinion is an expression of assurance about the information that has been reviewed. It gives assurance to the party that hired the assurance firm that the information can be relied on. Assurance can be provided by: audit: this may be external audit, internal audit or a combination of the two. review. A statutory audit is one form of assurance. Without assurance from the auditors, the shareholders may not accept that the information provided by the financial statements is sufficiently accurate and reliable. The statutory audit provides assurance as to the quality of the information. However, there are differing levels or degrees of assurance. Some assurances are more reliable than others. 2.2 Levels of assurance The degree of assurance that can be provided about the reliability of the financial statements of a company will depend on: the amount of work performed in carrying out the assurance process, and the results of that work. AT A GLANCE The provision of this assurance should add credibility to the information in the financial statements, making the information more reliable and therefore more useful to the user. Reasonable Assurance - A high (but not absolute) level of assurance provided by the practitioner’s conclusion expressed in a positive form. E.g. “In our opinion the accounts are true and fair”. The objective of a statutory audit is to provide reasonable assurance. Limited Assurance - A moderate level of assurance provided by the practitioner’s conclusion expressed in a negative form. E.g. “Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial statements do not give a true and fair view”. The objective of a review engagement is often to provide limited assurance. Assurance provided by audit An audit provides a high, but not absolute, level of assurance that the audited information is free from any material misstatement. This is often referred to as reasonable assurance. The reason why auditor is not expected to provide absolute assurance is that there are inherent limitations of an audit, which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. The inherent limitations of an audit are discussed later in this chapter. Assurance provided by review In contrast to ‘reasonable’ level of assurance provided by an audit, a review into an aspect of the financial statements would provide only a moderate level of assurance that the information under review is free of material misstatement. The resulting opinion is usually (although not always) expressed in the form of negative assurance. Negative assurance is an opinion that nothing is obviously wrong: in other words, ‘nothing has come to our attention to suggest that the information is misstated’. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 9 SPOTLIGHT The resulting assurance falls into one of two categories: CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE CFAP 6: AARS A review does not provide the same amount of assurance as an audit. An external audit provides positive assurance that, in the opinion of the auditors, the financial statements do present fairly the financial position and performance of the company. The higher level of assurance provided by an audit will enhance the credibility provided by the assurance process, but the audit work is likely to be: more time-consuming than a review, and so costlier than a review. 2.3 Elements of an assurance engagement Definition: Assurance engagement An engagement in which a practitioner aims to obtain sufficient appropriate evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the subject matter information (that is, the outcome of the measurement or evaluation of an underlying subject matter against criteria). AT A GLANCE Source: Handbook of International Quality Control, Auditing, Review, Other Assurance, and Related Pronouncements An assurance engagement performed by a practitioner will consist of the following five elements: SPOTLIGHT 10 A three party relationship: ¯ Practitioner - the individual providing professional services that will review the subject matter and provide the assurance. E.g. the audit firm in a statutory audit ¯ Responsible party - the person(s) responsible for the subject matter. E.g. the Directors are responsible for preparing the financial statements to be audited ¯ Intended users - the person(s) or class of persons for whom the practitioner prepares the assurance report. E.g. the shareholders in a statutory audit Subject matter: This is the data such as the financial statements that have been prepared by the responsible party for the practitioner to evaluate. Another example might be a cash flow forecast to be reviewed by the practitioner. Suitable criteria: This can be thought of as ‘the rules’ against which the subject matter is evaluated in order to reach an opinion. In a statutory audit this would be the applicable reporting framework (e.g. IFRS and company law). Evidence: Information used by the practitioner in arriving at the conclusion on which their opinion is based. This must be sufficient (enough) and appropriate (relevant). Assurance Report: The report (normally written) containing the practitioner’s opinion. This is issued to the intended user following the collection of evidence. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE 3. ADVANTAGES AND LIMITATIONS OF STATUTORY AUDITS 3.1 Advantages of statutory audits An external audit provides the following benefits: It increases the credibility of published financial statements. It confirms to management that they have performed their statutory duties correctly. It provides assurance to management that they have complied with non-statutory requirements, such as corporate governance requirements (where these are subject to audit or review). It provides feedback on the effectiveness of internal controls. Where internal controls are weak or inadequate, the auditor will give recommendations for improvement. This will assist management in reducing risk and improving the performance of the company. The main limitations of an audit are as follows: The cost of an audit can be very high. However, if the audit firm is already hired to carry out non-audit work such as advisory work, the additional cost of an audit may be fairly small. The disruption caused to a company’s staff during the audit. The company’s staff may be required to assist the auditors by answering questions, providing documents and other information. Some items in the subject matter might be estimates whose truth and fairness will not be known with certainty until some point in the future. This means the assurance opinion is ultimately subjective and judgmental. Most fraud will include an attempt to deliberately conceal the truth or misrepresent information. In order to balance cost and efficiency the auditor routinely uses sampling rather than tests every item. Irrespective of how robust a client’s systems are, they will always incorporate some degree of inherent limitation. Audit evidence is persuasive rather than conclusive, i.e., they persuade the auditor to believe that a particular assertion has been justified instead of providing a conclusion. Practice Question 01: You were the engagement partner on the audit of a commercial bank which has a network of more than 200 branches, across the country. During a recent meeting, a member of the audit committee referred to an instance of irregularity in a branch, whereby the Branch Manager had extended credit to a close relative without following the bank’s credit disbursement procedures. The member criticized the auditors for their failure to highlight such instances. Required: As an engagement partner, write a letter to the audit committee explaining your point of view in detail with specific references to the International Standards on Auditing, wherever applicable. Solution: Views expressed by the Audit Committee Member were not correct due to following reasons: The objective of an audit of financial statements carried out in accordance with ISA is to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 11 SPOTLIGHT 3.2 Limitations of statutory audits AT A GLANCE Even where a statutory audit is not required, for example due to small company statutory exemption limits (in some countries), an audit will increase the credibility of published financial statements. This may be important for potential lenders to the company. Potential lenders, such as banks, may insist on the company having an audit as a pre-condition for lending money. CHAPTER 1: CONCEPT AND NEED FOR ASSURANCE CFAP 6: AARS For this purpose, the auditor considers internal control relevant for the preparation and fair presentation of the financial statements but is not required to express an opinion on the effectiveness of the entity’s internal control system. An audit opinion does not assure the future viability of the entity nor the efficiency or effectiveness with which management has conducted the affairs of the entity. The audit process is subject to certain limitations which are also recognized by ISA. Such limitations include: use of sampling reliance on internal controls which itself is subject to limitations (for example: possibility of management override or collusion) and the fact that most audit evidence is persuasive rather than conclusive. Moreover, in the context of the specific instance referred by the Audit Committee Member, it may be possible that the subject branch may not have been selected for the purposes of audit due to its relative insignificance in relation to the overall financial statements. AT A GLANCE Moreover, the fact that credit was granted to close relative of branch manager without following normal lending procedures, may not necessarily result in material misstatement in the financial statements. SPOTLIGHT 12 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 2 THE REGULATORY ENVIRONMENT AT A GLANCE SPOTLIGHT 1. The need for regulation of audit and assurance services International Standards on Auditing (ISAs) are set by the International Audit and Assurance Standards Board (IAASB), which is a part of IFAC. 2. Professional standards The IAASB issues a number of international standards like 3. Professional misconduct 4. Consideration of laws & regulations in an audit of financial statements (ISA 250) - International Standards on Auditing (ISAs) - International Standards on Review Engagements (ISREs) AT A GLANCE AT A GLANCE The key reason why audit and assurance services should be regulated is to serve the public interest. Assurance providers give an impartial, professional view on issues that matter to users of financial and other information. - International Standards on Assurance Engagements (ISAEs) - International Standards on Related Services (ISRSs) - International Standards on Quality Management(ISQMs) International standards are drafted to be used internationally and promote consistency in audit and assurance practice. Money laundering can be defined as the process by which criminals attempt to conceal the true origin and ownership of the proceeds of their criminal activities. The requirements of ISA-250 are designed to assist the auditor in identifying material misstatement of financial statements due to non-compliance with laws and regulations. However, the auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 13 SPOTLIGHT IN THIS CHAPTER: CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS 1. THE NEED FOR REGULATION OF AUDIT AND ASSURANCE SERVICES 1.1 The public interest The key reason why audit and assurance services should be regulated is to serve the public interest. Assurance providers give an impartial, professional view on issues that matter to users of financial and other information. It is important that this view can be trusted. Therefore, assurance providers need to operate: within ethical boundaries to consistent standards and within the bounds of local laws and regulation. You know from your previous studies that assurance providers are regulated by: the law of the land in which they operate the ethical standards of the land and the professional body to which they belong the professional standards adopted by their country, for example International Standards on Auditing (ISAs) AT A GLANCE 1.2 Ethical regulation Assurance providers are given ethical guidance by: Professional bodies, for example, The Institute of Chartered Accountants of Pakistan (ICAP) Law International Federation of Accountants (IFAC) You should already be familiar with some of the ethical guidance relevant to this syllabus from your earlier studies, which is revised later in Chapter 3. 1.3 Legal regulation SPOTLIGHT Most countries have legal requirements associated with some assurance providers, particularly auditors. Examples of these legal requirements in Pakistan can be found, for example, in the Companies Act, 2017, Banking Companies Ordinance 1962 and Insurance Companies Ordinance 2000. 1.4 Professional regulation Auditors are required to carry out audits according to professional standards – International Standards on Auditing (ISAs) as applicable in Pakistan. Some assurance work is also covered by professional standards, although this is a developing area and less guidance is available. In many cases, guidance given in auditing standards can be adapted for use in assurance services where there is no specific guidance for that service. As assurance provision goes increasingly ‘global’ the harmonisation of such professional guidance has become necessary. 1.5 Harmonisation of the accountancy and auditing profession The International Federation of Accountants (IFAC) is an international regulatory body for the profession but each country has its own regulatory regime for auditing, which may not necessarily apply the same principles of audit behaviour as those used by IFAC. The same arguments that have been made in favour of the universal adoption of international accounting standards can also be made in respect of other regulatory aspects of the auditing and accounting profession. 14 These include advantages such as the adoption of global auditing standards, which should improve the efficiency of the audit process for multinational companies and should improve transparency in audit reporting. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT Disadvantages include the problems of getting international agreement on auditing practices, and the need for many countries to change their local law to bring it in line with the agreed international practice. A number of initiatives are taking place to harmonise the regulation of the auditing profession internationally. These include the following: Audits of all listed companies in the European Union should now be carried out in accordance with International Standards on Auditing. Moves to establish a more formal, statute-based corporate governance regime (such as Sarbanes-Oxley in the USA). The development of national regulatory models for the profession, headed by a single unified body. New requirements across the European Union, in relation to mandatory audit firm rotation for Public Interest Entities. SPOTLIGHT AT A GLANCE THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 15 CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS 2. PROFESSIONAL STANDARDS 2.1 The international standard-setting process IFAC (International Federation of Accountants) IAASB IESBA (International Auditing and Assurance Standards Board) (International Ethics Standards Board for Accountants) ISAs International Standards on Auditing (ISAs) are set by the International Audit and Assurance Standards Board (IAASB), which is a part of IFAC. AT A GLANCE A subcommittee of IAASB is asked to write an exposure draft of the new standard when IAASB considers that one is required. This draft is then ‘exposed’ to interested parties, who comment on the exposure draft. Interested parties include national standard setters and professional bodies. The comments are reviewed within the IAASB and the draft is amended as required. Finally, a new ISA is issued. In addition, the IAASB also publishes: International Standards on Review Engagements (ISRE); International Standards on Assurance Engagements (ISAE); International Standards on Related Services (ISRS); International Standard on Quality Management (ISQMs); and International Auditing Practice Note (IAPNs). SPOTLIGHT Code of Ethics for Professional Accountants IFAC’s Code of Ethics for Professional Accountants is issued by the International Ethics Standards Board for Accountants (IESBA), which is also a part of IFAC. Similar to many accountancy bodies around the world who are members of IFAC, ICAP’s code of ethics is based on the IESBA’s Code of Ethics for professional Accountants, with minor modifications or specific additions for clarification made where necessary, considering the corporate professional environment of Pakistan. 2.2 The authority of national and international standards International standards are drafted to be used internationally and promote consistency in audit and assurance practice. However, situations may arise where the requirements of the international standards clash with national standards. In this situation, there are a number of matters that should be considered: 16 ISAs are not designed to overrule national requirements, so auditors should follow national requirements. However, as ISAs represent international best practice, countries are encouraged by IFAC to change their national practice so that ISAs can be followed. For example, in the UK, since December 2004, all financial statements have been audited using the UK version of ISAs, known as ISAs (UK and Ireland). These are based on ISAs with any additional, UK-specific, provisions shown in shaded boxes. If there is no comparable guidance to the ISA in the country, then individual ISA practice can be adopted immediately. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT 2.3 Preface to International Standards on Quality Management, Auditing, Review, Other Assurance and Related Services Type of standard When applied International Standards on Auditing (ISAs) In the audit of historical financial information International Standards on Review Engagements (ISREs) In the review of historical financial information International Standards on Assurance Engagements (ISAEs) In assurance engagements other than audits or reviews of historical financial information International Standards on Related Services (ISRSs) On compilation engagements, engagements to apply agreed upon procedures to information and other related services engagements International Standards on Quality Management (ISQMs) For all the above services In addition to this preface, ISQMs and certain ISREs, ISAEs, ISRSs are examinable in this paper. These are covered in later chapters. As discussed above, the IAASB’s pronouncements do not override local laws or regulations. If local laws or regulations differ from, or conflict with, the IAASB’s standards then a professional accountant should not state that they have complied with the IAASB’s standards unless they have fully complied with all of those relevant to the engagement. AT A GLANCE The IAASB issues a number of other international standards, in addition to ISAs. The table below sets out these standards, including ISAs, and when the preface says they are to be applied. International Standards on Auditing (ISAs) ISAs are written in the context of an audit of financial statements by an independent auditor. They are to be adapted as necessary when applied to audits of other historical financial statements. SPOTLIGHT Each ISA contains: an introduction objectives definitions (if necessary) requirements which are shown by the word ‘shall’ and are to be applied as relevant to the audit application and other explanatory material which is for guidance only. This structure arose out of the work carried out as part of the IAASB’s “Clarity Project” (see below). International Standards on Quality Management (ISQMs) ISQMs apply to all services carried out under the IAASB’s engagement standards (ISAs, ISREs, ISAEs and ISRSs). Other International Standards The other international standards (ISREs, ISAEs and ISRSs) follow the format of the original ISAs. They contain: basic principles and essential procedures (identified in bold type and by the word ‘should’), and related guidance in the form of explanatory and other material, including appendices. The basic principles and procedures must be followed. In exceptional circumstances, a professional accountant may judge it necessary not to follow a relevant essential procedure in order to achieve their objectives. In these circumstances, the auditor must be prepared to justify the departure from the requirements of the standard. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 17 CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS Authoritative and non-authoritative material The IAASB’s preface describes how the above standards (ISAs, ISREs, ISAEs, ISRSs and ISQMs) are ‘authoritative material’. This means that they MUST be followed when conducting engagements of those types. The IAASB also publishes ‘non-authoritative’ guidance as follows: Consultation Papers – these are used to generate discussion with relevant stakeholders Staff Publications – these raise awareness of new and emerging issues International Auditing Practice Note (IAPNs) – these provide practical assistance to auditors in applying the ISAs in performing an audit Professional judgement The nature of the international standards requires the professional accountant to exercise professional judgment in applying them. 2.4 ISA 200: Overall objectives of the independent auditor and the conduct of an audit in accordance with International Standards on Auditing AT A GLANCE The objectives of the auditor as per ISA 200 are: to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. This allows the auditor to give an opinion on whether or not the financial statements have been prepared in accordance with the applicable financial reporting framework. to report on the financial statements and communicate as required by the ISAs, in accordance with the auditor’s findings. Where the auditor is unable to obtain reasonable assurance and a qualified opinion is insufficient, the auditor must disclaim an opinion or resign. The different types of opinions are covered in a later chapter. In line with what you should remember from your previous studies, ISA 200 requires the auditor to: SPOTLIGHT comply with all ISAs relevant to the audit comply with relevant ethical requirements plan and perform an audit with professional skepticism exercise professional judgment in planning and performing an audit obtain sufficient and appropriate audit evidence to allow them to obtain reasonable assurance. 2.5 Public oversight The global architecture of standard setting in the field of audit, assurance, ethics and education consists of a three-tier structure made up of: standard setting boards supported by IFAC independent oversight by the Public Interest Oversight Board (PIOB) accountability to a monitoring body of public authorities (Monitoring Group). Public Interest Oversight Board (PIOB) The PIOB is the global independent oversight body that seeks to improve the quality and public interest focus of the international standards formulated by the Standard Setting Boards supported by IFAC in the areas of audit and assurance, education and ethics. Through its oversight activities, the PIOB works to bring greater transparency and integrity to the audit profession, thereby contributing to the enhanced quality of international financial reporting. 18 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT The PIOB provides independent oversight throughout the entire process of standard setting to help ensure that standards development is fully responsive to stakeholder needs, accountable and transparent. The public interest responsiveness of standard development requires aligning the priorities of the profession with priorities of all stakeholders. This is the ultimate objective of the current architecture in place, of which the PIOB is an essential component. Independent oversight is necessary for financial markets: investors want to know that the financial information on which they base their capital allocation decisions is credible and reliable. By overseeing the establishment and adherence to high-quality professional standards, the PIOB seeks to further the international adoption and implementation of such standards and improve the comparability of financial statements across the globe. The Securities and Exchange Commission of Pakistan (SECP) The Securities and Exchange Commission of Pakistan (SECP) was set up in pursuance of the Securities and Exchange Commission of Pakistan Act, 1997. The SECP has also been entrusted with oversight of various external service providers to the corporate and financial sectors, including chartered accountants, credit rating agencies, corporate secretaries, brokers, surveyors etc. The SECP’s mission is: To develop a fair, efficient and transparent regulatory framework, based on international legal standards and best practices, for the protection of investors and mitigation of systemic risk aimed at fostering growth of a robust corporate sector and broad based capital market in Pakistan. AT A GLANCE The SECP was initially concerned with the regulation of corporate sector and capital market. Over time, its mandate has expanded to include supervision and regulation of insurance companies, non-banking finance companies and private pensions. The SECP’s strategy is: To develop an efficient and dynamic regulatory body that fosters principles of good governance in the corporate sector, ensures proper risk management procedures in the capital market, and protects investors through responsive policy measures and effective enforcement practices. SPOTLIGHT THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 19 CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS 3. PROFESSIONAL MISCONDUCT 3.1 Facts, etc., to be laid before the Investigation Committee The Secretary of the Institute, any member or any aggrieved person may lay before the Investigation Committee with relevant and necessary facts indicating that A member of the Institute has prima facie been guilty of any professional misconduct specified in Schedule I or Schedule II; or A student has prima facie been guilty of any professional misconduct specified in Schedule III. 3.2 Inquiry by the Investigation Committee The Investigation Committee is of opinion that such facts or complaint require investigation, it shall after giving a notice to the member of the Institute or student whose conduct is in question, hold an inquiry by counsel or by member of institute, provided that opportunity of being heard will be given. The Investigation Committee shall report the result of the inquiry to the Council after inquiry. 3.3 Member or student not found guilty AT A GLANCE If, the member of the Institute or student, is not guilty of any professional misconduct, it shall record its finding accordingly 3.4 Orders by the Council if member found guilty in Schedule I If the Council is of the opinion that the member of the Institute has been guilty of any professional misconduct specified in Schedule I, it may, after giving such member an opportunity of being heard, either personally or through counsel or another member of the Institute, make any of the following orders, namely: reprimand or warn such member; impose such penalty as it may deem necessary not exceeding one thousand rupees; and remove the name of such member from the Register for a period not exceeding five years: SPOTLIGHT Provided that, where Council is of the opinion that the name of such member is to be removed from the Register for a period exceeding five years or permanently, it shall not make any order but shall refer the case to the High Court with its recommendations thereon. SCHEDULE 1 Professional misconduct in relation to chartered accountants in practice (Part 1) A Chartered Accountant in practice shall be deemed to be guilty of professional misconduct, if he- 20 allows any person to practice in his name as a chartered accountant, unless such person is also a chartered accountant in practice and is in partnership with, or employed by, him; pays or allows or agrees to pay or allow, directly or indirectly, any share, commission or brokerage or the fees or profits of his professional business to any person other than a member of the Institute or a partner or a retired partner or the legal representative of a deceased partner. Explanation: - In this clause, "partner" includes a person residing outside Pakistan with whom a Chartered Accountant in practice has entered into partnership which is not in contravention of clause (4) of this part; accepts or agrees to accept any part of the profits of the professional work of a lawyer, auctioneer, broker, or other agent who is not a member of the Institute. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN Places his professional service at the disposal of, or enters into partnership with, an unqualified person in a position to obtain business of the nature in which chartered accountants engage by means which are not open to a member of the Institute: Provided that this paragraph shall not be construed as prohibiting a member from practicing in a country outside Pakistan in association with a person who is entitled under the laws in force in that country to perform functions similar to those of a member of the. Institute is entitled to perform in Pakistan: Solicits clients for professional work either directly or indirectly by circular, advertisement, personal communication or interview or by any other means; Advertises his professional attainments or services, or uses any designation or expression other than chartered accountant on professional documents. Visiting cards, letter head or sign boards, unless it be a degree of a University established by law in Pakistan or recognized by the Federal Government or the Council; Accepts a position as auditor previously held by another member of the Institute without first communicating with him in writing; accepts appointments as auditor of a company without first ascertaining from it whether the requirements of sub-section (6) of section 144 of the Companies Act, 1913 (VII of 1913), in respect of such appointment have been duly complied with; charges or offers to charge, accepts or offers to accept in respect of any professional employment fees which are based on a percentage of profits or which are contingent upon the findings or results of such employment except in cases which are permitted under any law for the time being in force or by an order of the Government; Engages in any business or occupation other than the profession of Chartered Accountants unless permitted by the Council so to engage; Provided that nothing contained herein shall disentitle a Chartered Accountant from being a director of a company unless he or any of his partners is interested in such company as an auditor; accepts a position as auditor previously held by some other Chartered Accountant in such conditions as to constitute undercutting; allows a person not being a member of the Institute or a member not being his partner to sign on his behalf or on behalf of his firm; any balance sheet, profit and loss account, report or financial statement; or gives estimates of future profits for publication in a prospectus or otherwise or certifies for publication the statements of average profits over a period of two years or more without, at the same time, stating the profits or losses for each year separately. Professional misconduct in relation to members engaged in management consultancy (Part 2) A member of Institute engaged in management consultancy shall be deemed to be guilty of professional misconduct, if he advertises or solicits for work or issues any circular, calendar or publicity material; issues brochures, except to existing clients or in response to an unsolicited request; uses designatory letters indicating qualifications of the directors and members of the company on letter head, note-papers, or professional cards excepts as provided in clause (6) of Part 1 of this Schedule; refers to associate firms of Chartered Accountants on his letter head or professional cards or announcements; adopts a name or associates himself as a partner or director of a firm or a company whose name is indicative of its activities; uses the term chartered accountants for his management consultancy firm or company; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 21 AT A GLANCE CHAPTER 2: THE REGULATORY ENVIRONMENT SPOTLIGHT CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS shares profits of remuneration in a manner contrary to clauses (2) and (3) of Part 1 of this Schedule, except when he associates with non- members as stated in clause (10) of this part; or his partner in any firm accepts auditing, taxation, or other conventional accounting work from any client introduced to him for management consultancy services by the client's own professional accountant; uses the term "Management Consultant(s)" except in respect of a company engaged in management consultancy field; associates with non-members for the rendering of various management services except as long as such non-member observes the bye-laws and code of professional ethics of the Institute; does not communicate with the existing professional accountant or consultant, if a member of the Institute, informing him of the special work he has been asked to undertake in the event of an introduction for management consultancy work other than through the existing professional accountant; or AT A GLANCE Under the guise or through the medium of a company or firm does anything which he is not allowed to do as an individual. Professional misconduct in relation to members of the Institute in service (Part 3) A member of the Institute (other than a member in practice) shall be deemed to be guilty of professional misconduct, if he, being an employee of any company, firm or person: pays or allows or agrees to pay directly or indirectly to any person any share in the emoluments of the employment undertaken by the member; accepts or agrees to accept any part of fees, profits or gains from a lawyer, chartered accountant or broker engaged by such company, firm or person or agent or customer of such company, firm or person by way of commission or gratification; or SPOTLIGHT discloses confidential information acquired in the course of his employment except as and when required by law or except as permitted by the employer Professional misconduct in relation to members of the Institute generally (Part 4) A member of the institute, whether in practice or not, shall be deemed to be guilty of professional misconduct, if he includes in any statement, return or form to be submitted to the Institute any particulars knowing them to be false; not being a fellow styles himself as a fellow; does not supply the information called for by the Institute or does not comply with the requirements asked to be complied with or does not comply with any of the directives issued or pronouncements made by the Council or any of its Standing Committees; generally, wilfully maligns the Institute, the Council or its Committee to lower their prestige, or to interfere with performance of their duties in relation to himself or others; has been guilty of any act or default discreditable to a member of the Institute; or contravenes any of the provisions of the Ordinance or the bye-laws made there under. 3.5 Orders by the Council if member found guilty in Schedule II If the Council is of opinion that the member of the Institute is guilty of professional misconduct specified in Schedule II, it shall refer the case to the High Court with its recommendations thereon. High court can take following actions: 22 direct that the proceedings be filed, or dismiss the complaint, as the case may be; reprimand such member; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT remove him from membership of the Institute either permanently or for such period as it may deem fit; or refer the case to the Council for further inquiry and report. Return of certificate If name of a member of the Institute is removed from the Register, whether for a specified period or permanently, every certificate of membership or practice held by such member shall deemed to be stand cancelled from the date of the order for the said period or, as the case may be, permanently. SCHEDULE II Professional misconduct in relation to chartered accountants in practice requiring action by a High Court (Part 1) discloses information acquired in the course of his professional engagement to any person other than his client, without the consent of his client or otherwise than as required by any law for the time being in force; certifies or submits in his name or in the name of his firm a report of a examination of financial statement unless the examination of such statements and the related records has been made by him or by a partner or an employee in his firm or by another chartered accountant in practice; permits his name or the name of his firm to be used in connection with any estimates of earnings contingent upon future transactions in a manner which may lead to the belief that he vouches for the accuracy of the forecast; expresses his opinion on financial statements of any business or any enterprise in which he, his firm or a partner in his firm has a substantial interest, unless he discloses his interest in his report; fails to disclose a material fact known to him which is not disclosed in a financial statement, but disclosure of which is necessary to ensure that the financial statement is not misleading; fails to report a material misstatement known to him to appear in a financial statement with which he is concerned in a professional capacity; is grossly negligent in the conduct of his professional duties; fails to obtain sufficient information to warrant the expression of an opinion or his exceptions are sufficiently material to negate the expression of an opinion; or fails to keep moneys of his client in a separate banking account or fails to use such moneys for purposes for which they are intended. Professional misconduct in relation to members engaged in management consultancy requiring action by a High Court (PART 2) A member engaged in management consultancy shall be deemed to be guilty of professional misconduct, if he discloses information acquired in the course of his professional engagements to any person other than his client, without the consent of his client or otherwise than as required by any law for the time being in force; is grossly negligent in the conduct of his professional duties; or fails to keep moneys of his client in a separate banking account or fails to use such moneys for purposes to which they are intended. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 23 SPOTLIGHT AT A GLANCE A chartered Accountant in practice shall be deemed to be guilty of Professional misconduct, if he- CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS 3.6 Orders by the Council If student found guiltyIf Council is of opinion that the student is guilty of any professional misconduct specified in Schedule III, it shall, after giving such student an opportunity of being heard, either personally or through a counselor a member of the Institute, make any of the following orders, namely: Reprimand or warn the student; or Suspend the student from training, or extend the period of training of the student, for such period as it may deem fit; or Debar the student from training. SCHEDULE III Professional misconduct in relation to the students of the Institute A student of the Institute shall be deemed to be guilty of professional misconduct if he- AT A GLANCE contravenes any of the provisions of the Ordinance or the bye-laws made there under; does not supply the information called for by the Institute; does not comply with any requirements which he is asked by the Institute to comply with; does not comply with any of the directives issued by the Council or any of its committees; discloses confidential information acquired in the course of his training except as and when required by law or except as permitted by his principal; includes in any statement or form to be submitted to the Institute, any particulars knowing them to be false; or has been guilty of any act or omission discreditable to a student of the Institute. 3.7 Publication of findings and decisions Where a member of the Institute or a student is found guilty, the Council shall publish the findings and decisions in the official Gazette or journals as the Council may deem fit: SPOTLIGHT However, it may omit the name of such member or student from publication, if required. 3.8 Appeal and revision Any aggrieved member of the Institute may file an appeal within sixty days of the date of communication of such order to him, to the High Court. The High Court may confirm, modify or set aside the order; impose any penalty or set aside, reduce, confirm or enhance the penalty imposed by the order; remit the case to the Council for such further inquiry as the High Court may consider proper in the circumstances of the case; or pass such other order as it may deem fit: 3.9 Powers of a civil court The Council and the Investigation Committee shall deemed to be a civil court and shall have the same powers as of a civil court like: 24 summoning and enforcing the attendance of any person and examining him on oath; the discovery and production of any document; and receiving evidence on affidavits. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT 4. CONSIDERATION OF LAWS & REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS (ISA 250) This ISA distinguishes auditor’s responsibilities in relation to compliance with two different categories of laws and regulations as follows: Provisions of laws and regulations normally having a direct effect on determination of material amounts and disclosures in financial statements (e.g. tax and pension laws etc); and Other laws and regulations that do not have such a direct effect, but compliance with which may be fundamental to operating aspects of business, ability to continue its business, or to avoid material penalties (e.g. compliance with terms of operating license or compliance with environmental regulations). Nature and circumstances of entity may impact whether relevant laws and regulations are within the first or second category. It is responsibility of management, with oversight of those charged with governance, to ensure that operations are conducted in accordance with provisions of laws and regulations, including compliance with the provisions of laws and regulations determining amounts and disclosures in financial statements. Auditor is not responsible for preventing or detecting all non-compliances. This ISA assist auditor in identifying material misstatement of financial statements due to noncompliance. Detection of non-compliance, regardless of materiality, may also affect other aspects of the audit including, for example, consideration of the integrity of management or employees. AT A GLANCE 4.1 Responsibility for Compliance with Laws and Regulations (Ref: 3-9, A1-A8) Acts of omission or commission intentional or unintentional committed by the entity, or by those charged with governance, by management or by other individuals working for or under the direction of the entity, which are contrary to the prevailing laws or regulations. Noncompliance does not in0clude personal misconduct (unrelated to business activities of the entity). 4.2 Consideration of Compliance with Laws and Regulations (Ref: 13-18, A11-A16) As part of obtaining understanding of entity, auditor shall obtain general understanding of: Legal & regulatory framework applicable to entity and industry in which it operates; and How the entity is complying with that framework. Auditor shall obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations, generally recognized, to have a direct effect on financial statements. They could include those that relate to, for example: The form and content of financial statements; Industry-specific financial reporting issues; Accounting for transactions under government contracts; or The accrual or recognition of expenses for income tax or pension costs. Some provisions in those laws and regulations may be directly relevant to specific assertions (e.g. completeness of income tax provisions), while others may be directly relevant to financial statements as a whole (e.g. required statements constituting a complete set of financial statements). Non-compliance with other provisions of such laws etc may result in fines, litigation or other consequences for the entity, the costs of which may need to be provided for in the financial statements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 25 SPOTLIGHT Definition: Non-compliance CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS 4.3 Procedures to Identify Instances of Non-Compliance (Ref: 15-16, A13-A15) Auditor shall perform the following audit procedures to help identify such instances: Inquiring of management and, where appropriate, those charged with governance, as to whether the entity is in compliance with such laws and regulations; and Inspecting correspondence, if any, with the relevant licensing or regulatory authorities. During audit, auditor shall remain alert to the possibility that other audit procedures applied may bring instances of non-compliance or suspected non-compliance to auditor’s attention. (e.g. reading minutes, inquiring legal counsel or performing substantive test of details etc.) 4.4 Written Representations (Ref: 17-18, A16) Request management and where appropriate, those charged with governance, to provide written representations that all known instances of non-compliance or suspected non-compliance with laws and regulations, whose effects should be considered when preparing financial statements, have been disclosed to auditor. 4.5 Audit Procedures When Non-Compliance Is Identified or Suspected (Ref: 19-22, A17-A25) AT A GLANCE If the auditor becomes aware of information concerning an instance of non- compliance or suspected noncompliance with laws and regulations, the auditor shall obtain: An understanding of nature of the act and the circumstances in which it has occurred; and Further information to evaluate the possible effect on the financial statements including: ¯ The potential financial consequences of non-compliance on financial statements ¯ (e.g. imposition of fines, penalties and enforced discontinuation of operations etc.) ¯ Whether it requires disclosure ¯ Whether these are so serious as to call into question the fair presentation of the financial statements Indications of Non-Compliance with Laws and Regulations (Examples) SPOTLIGHT Investigations by regulatory organizations and Govt. departments or payment of fines or penalties. Payments for unspecified services or loans to consultants, related parties or government employees. Sales commissions or agent’s fees that appear excessive in relation to those ordinarily paid by the entity. Purchasing at prices significantly above or below market price. Unusual payments in cash, purchases in form of bearer cheques or transfers to numbered bank accounts. Unusual transactions with companies registered in tax havens. Payments for goods or services made other than to the country from which goods or services originated. Payments without proper exchange control documentation. Unauthorized transactions or improperly recorded transactions. Adverse media comment. If the auditor suspects that there may be non-compliance: 26 Auditor shall discuss matter with management (unless prohibited by law or regulation) Where appropriate, auditor may discuss the findings with those charged with governance where they may be able to provide additional audit evidence If management/those charged with governance do not provide sufficient information that supports the compliance and in the auditor’s judgment, the effect of the suspected non-compliance may be material to the financial statements, the auditor shall consider the need to obtain legal advice. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT Auditor shall evaluate implications of non-compliance for other aspects of audit, including risk assessment and reliability of written representations, and shall take appropriate action. In certain cases, auditor may consider withdrawal from engagement when management or those charged with governance do not take the remedial action or where identified or suspected noncompliance raises questions about their integrity, even when non-compliance is not material to the financial statements. Auditor may consider appropriate to take legal advice to determine whether withdrawal is appropriate. Even after withdrawing, he is not relieved of complying with other responsibilities under law, regulation or relevant ethical requirements to respond to noncompliance. Unless all those charged with governance are involved in management of entity, auditor shall communicate with those charged with governance (unless prohibited by law or regulation) significant matters involving non- compliance that come to auditor’s attention during the course of the audit. If, in the auditor’s judgment, the non-compliance is believed to be intentional and material, auditor shall communicate the matter with those charged with governance as soon as practicable. If auditor suspects that management or those charged with governance are involved in non-compliance, the auditor shall communicate the matter to the next higher level of authority at the entity, if it exists. (e.g. audit committee). Auditor shall consider the need to obtain legal advice: ¯ Where no higher authority exists; ¯ If the auditor believes that the communication may not be acted upon; or ¯ If the auditor is unsure as to the person to whom to report. AT A GLANCE 4.6 Communication and Reporting Identified or Suspected Non-Compliance with those charged with governance (Ref: 23-25) If auditor concludes that the non-compliance has a material effect on the financial statements, and has not been adequately reflected in financial statements, auditor shall express a qualified or an adverse opinion. If auditor is precluded by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the financial statements has, or is likely to have, occurred, auditor shall express a qualified opinion or disclaim opinion. If auditor is unable to determine whether non-compliance has occurred because of limitations imposed by the circumstances rather than by management or those charged with governance, auditor shall evaluate the effect on the auditor’s opinion in accordance with ISA 705. Law or regulation may preclude public disclosure by either management, those charged with governance or auditor about a specific matter (e.g. a communication, or other action, that might prejudice an investigation by an appropriate authority, as it may alert the entity). Auditor may consider obtaining legal advice to determine the appropriate course of action. Practice Question 03: You are the manager incharge responsible for the audit of Day Pharma Limited, a subsidiary of a multinational pharmaceutical company. One of the drugs being imported/marketed by the company is VITABE. It was introduced a few months back but contributes significantly to the company’s revenues. While the audit was in progress, you came across a news item in a wellknown publication, according to which the authorities in many countries have banned the use of VITABE as some of its ingredients were considered dangerous for human health and required further testing. While going through some files you have discovered that the parent company had informed Day Pharma Limited about the harmful effects of the drug. However, it had not given any further instruction in this regard. You have discussed this matter with the CEO who has THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 27 SPOTLIGHT 4.7 Implications on Auditor’s Report (Ref: 26-28, A26-A27) CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS informed you that the company had not called off the medicine nor has it provided any information in this regard to the users of the drug or the general public as the management is of the view that there is very limited risk of any harm being caused by the drug. However, you had discussed this matter with a senior physician who believes that these types of products are also banned in Pakistan. Required: Assess the above situation and describe what measures the auditor should take in such circumstances. Solution: Auditor should perform audit procedures to further confirm this noncompliance of health/safety regulation. That is: Inquiring from the original manufacturer of the product. Requesting assistance from the audit firm’s branches or associates in the countries where authorities have banned the product. AT A GLANCE If it is probable that the product is harmful or there is potential noncompliance with health and safety regulations, the auditors should consider the following actions: i. SPOTLIGHT Communicate with those charged with governance/ audit committee/ supervisory board about the potential noncompliance with the safety regulations. ii. With the permission of client, seek legal opinion from company’s lawyer. iii. Encourage the management of Day Pharma Limited to announce the problem publicly. There will obviously be reluctance to do this. However, the auditors should try to explain and hopefully convince the management that this would be the ethically correct way to proceed. iv. Consider the impact of the above situation on the financial statements related audit procedures and on the auditor’s report specially with respect to the following: ¯ Any hazardous inventory that would need to be written off. ¯ Provisions that may become necessary for refund of returned products, when the matter becomes known. ¯ Disclosures relating to contingent liabilities that may need to be recognized in respect of damages that may be claimed by the customers. v. If the auditor concludes that the noncompliance has a material effect on the financial statements, which has not been properly reflected in the financial statements, the auditor should express a qualified or an adverse opinion. vi. If the company refuses to disclose the matter itself the auditor should consider whether it need to communicate with regulatory and enforcement authorities. While making such a decision, disclosure should not be made without proper and specific authority to do so, or unless there is a legal or professional right or duty to disclose. vii. The auditor may need to seek legal advice in such circumstances, giving due consideration to the auditor’s responsibility to the public interest. viii. Obtain clarification on view of parent company. ix. The auditor may conclude that withdrawal from the engagement is necessary if the entity does not take the remedial action that the auditor considers necessary in the circumstances. Factors that would affect the auditor’s decision in this regard, include the following: ¯ implications on the integrity of the highest authority within the entity which may affect the reliability of management representations; ¯ the effects on the auditor, of continuing association with the entity. 28 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT If the firm finally decides to resign, it may circularize a ‘statement of circumstances’ which would describe the reason for the resignation. However, in reaching such a conclusion, the auditor would ordinarily seek legal advice. Practice Question 04: The following matters relating to different clients are under the consideration of Mr. Jameel, who is the engagement partner: The management of Muneer Limited had been illegally dumping its chemical waste in the neighboring plot of land. When confronted, the chief financial officer, instead of providing an assurance to address the issue, informed the audit senior that the management is least bothered about the minor fines that may be levied by the regulatory agencies. Required: Evaluate each of the above situations and briefly describe what course of action the engagement partner would be expected to adopt. The students should fully mention the illegal act of the company and its implications. Auditor’s response should also be given in case those charged with governance failed to take appropriate action. Some issues should also be considered while answering the question like cleaning costs and their provision, possibility of a major disaster in case the non-compliance continues and its repercussions and the careless attitude of the management which raises questions on the quality of management controls, systems and procedures. Solution: AT A GLANCE Tutorial Notes: The fines levied by the regulatory authority maybe immaterial but the same could have significant implications on ML as any mishap may lead to severe legal action especially in case a mishap occurs. The engagement partner should discuss the matter with those charged with Governance and advise them to take necessary steps to avoid future non- compliances. The engagement partner should consult the legal advisor about the laws and regulations and the possible impact of the non-compliance on the client. If engagement partner is not satisfied with the opinion of ML’s legal advisor it should consult with its own lawyer, relating to possible legal consequences. If those charged with governance agree to rectify the situation, the auditor need to consider the cost of cleaning up the site and ask the client to make necessary provision. If necessary, the partner may ask ML to obtain opinion from the relevant expert as regards the present condition of the plot and the cost of the measures necessary to cleanup the site in accordance with the requirements of law. The partner should consider the possibility of similar non-compliance in other areas. In case no action is taken by those charged with governance, the partner must consider: ¯ The impact on the audit report. ¯ Withdrawing from the engagement now or not accepting the assignment for the next year, as may be appropriate. The engagement partner should consider the legal responsibilities to report to the authorities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 29 SPOTLIGHT Dumping of waste CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS Practice Question 05: During the audit of Leather Goods Limited (LGL), it came to the knowledge of the audit team that LGL has been dumping its chemical waste in an open area outside the city, without proper treatment as per the required standards. When confronted, the Chief Financial Officer did not consider it a serious issue and informed that LGL has managed to receive the required certificate from the relevant regulatory authority. Required: Evaluate the above situation and explain what course of action the auditor would need to take. Tutorial Notes: Main point of concern for auditor should be assessing the attitude of management towards compliance of laws and regulations, necessary for conduct of business which entailed a big question mark on the management’s concern for ethical values and also indicated a fraud risk factor. This, in turn, required a review of the audit approach with regard to nature, timing and extent of audit procedures. Possibility of similar non-compliances and unexplained cash payments needed to be critically inspected also. Solution: AT A GLANCE Evaluation of the situation: Even though LGL manages to get its required certificate, the same could have significant implications on LGL as any mishap may lead to severe legal action in future. Furthermore, violation of laws and regulations is a fraud risk factor and also brings in doubt the ethical values and the attitude of the management towards the conduct of business. Course of action: i. Auditor should inquire how the management has obtained the certificate despite not disposing the waste as per the required standards and consider the possibility that the certificate was obtained illegally. ii. Audit team should critically inspect cash payments and any unexplained payments made during the year. iii. Auditor should assess the risk of material misstatement due to fraud and its implication on nature, timing and extent of audit procedures. iv. Due to the non-compliance of laws and regulation and the attitude of management towards its compliance, auditor should also consider the reliability of written representation provided by the management. v. Auditor should discuss the matter with those charged with governance and advise them to take necessary steps to avoid future non-compliances. vi. Auditor should consult the legal advisor about the laws and regulations and the possible impact of the non-compliance on the client. If auditor is not satisfied with the opinion of LGL’s legal advisor it should consult with its own lawyer, relating to possible legal consequences. vii. If those charged with governance agree to rectify the situation, the auditor need to consider: ¯ the cost of cleaning up the site and ask the client to make necessary provision. ¯ the possibility of similar non-compliance in other areas. viii. In case no action is taken by those charged with governance, the partner must consider: ¯ the impact on the audit report. ¯ withdrawing from the engagement. ¯ including a key audit matter section regarding the risk of fraud, bribery and corruption. ix. Auditor should consider the legal responsibilities to report the non-compliance to the authorities. SPOTLIGHT 30 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT Practice Question 06: You are the manager responsible for the audit of Hafiz Limited (HL), a listed company, whose fieldwork in respect of the statutory audit is in progress. You are reviewing the following issues which were brought to your attention by the audit team: HL has paid a substantial amount of consultancy fee to a firm in another foreign country. The management of HL is unable to provide a convincing explanation for such a payment. An employee of HL has unofficially informed the audit senior that the amount was paid to avoid paying a fine. However, the management has denied this allegation. Required: Discuss how would you deal with each of the above issues and what may be the implications thereof on your audit report. Tutorial Notes: Explanation of the payment made in a foreign country. Impact on initial risk assessment and to revise the audit procedures accordingly. Potential financial consequences of the non-compliance on the financial statements including, the imposition of fines and penalties and the impact thereof on the Company’s ability to carry out its business. Reporting the matter to the concerned authorities. Evaluate the reasons provided by the management for making this payment, to assess whether the amount paid in the circumstances was reasonable. If the management is unable to provide satisfactory explanation, it may be indicative of the following: AT A GLANCE Some important matters students should consider in addition to regular procedures are: ¯ That the amount paid was not for the purposes of the company’s business. ¯ There was a non-compliance with a law as has been unofficially claimed by an employee. In either case, the auditor should consider the impact thereof on his initial risk assessment and to revise the audit procedures accordingly. The indication of non-compliance with laws and regulations may require the auditor to consider the potential financial consequences of the non-compliance, on the financial statements including, the imposition of fines and penalties and the impact thereof on the company’s ability to carry out its business. The auditor may discuss his findings with those charged with governance if the auditor considers that they will be able to provide with additional audit evidence in relation to the transaction. If management or those charged with governance do not provide sufficient appropriate audit information to the auditor, the auditor may consider it appropriate to consult with the entity’s legal counsel or auditor’s own legal counsel if the auditor is not satisfied with the entity’s legal counsel. The auditor may also consider whether it is necessary for him under the relevant laws and regulations to report the matter to the concerned authorities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 31 SPOTLIGHT Solution: CHAPTER 2: THE REGULATORY ENVIRONMENT CFAP 6: AARS Impact on Audit Report If the auditor concludes that the non-compliance has a material effect on the financial statements which has not been adequately reflected therein, the auditor shall express a qualified opinion or an adverse opinion. If the auditor concludes that the expenditure incurred is not for the purpose of the business, the auditor shall express a qualified opinion or an adverse opinion depending upon the materiality of the transaction. If the auditor is precluded by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the financial statements has, or is likely to have occurred, the auditor shall express a qualified opinion or disclaim an opinion on account of scope limitation. Practice Question 07: The following situations have arisen at different audit clients of your firm. The year-end in each case is 31 March 2019: AT A GLANCE Afzal Limited is a listed company. During its audit of financial statements, the provincial sales tax authority has seized the accounting records of the company on the charges of tax evasion. Required: Discuss your firm’s course of action along with the implications on the audit report. Tutorial Notes: Along with other procedures, students should pay attention to the fact that what should be the course of action if the integrity of the management was doubtful. Solution: SPOTLIGHT Since the records of a significant portion of revenue have been seized by the tax authorities in order to probe an allegation of tax evasion, the auditor will consider the scope limitation imposed by circumstances beyond management control on the sufficiency and appropriateness of audit evidence. We will consider the possible effect on audit report in the form of a qualified or disclaimer of opinion depending upon the materiality and pervasiveness of the issue. Furthermore, we will also evaluate whether management has adequately disclosed the contingency or recorded additional taxes and fines that the entity may face as a result of probe by involving our own tax expert and by contacting the company’s legal advisor. In case appropriate accounting/disclosures have not been made, we will have to express a qualified opinion. The auditor should also consider whether the tax evasion was intentional. If it is determined that the evasion was intentional, the auditor should consider its earlier assessment regarding integrity of the management and consider informing the fact to those charged with governance. Auditor should also consider resigning from the assignment and obtain legal opinion in this regard and shall determine whether there is a responsibility to report to the regulatory authorities. 4.8 Reporting Non-Compliance to appropriate authority outside entity (Ref: 29, A28-A34) If the auditor has identified or suspects non-compliance with laws and regulations, auditor shall determine whether law, regulation or relevant ethical requirements: 32 Require the auditor to report to an appropriate authority outside the entity. (e.g. statutory requirements of a financial institution may require to report occurrence, or suspected occurrence, of non-compliance to supervisory authority) THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 2: THE REGULATORY ENVIRONMENT Establish responsibilities under which reporting to an appropriate authority outside the entity may be appropriate in the circumstances, such as: ¯ Auditor has determined that it is in accordance with relevant ethical requirements; or (e.g. IESBA Code requires auditor to take steps to respond to such non-compliance and determine whether further action is needed including reporting to outside authority). ¯ Law, regulation or relevant ethical requirements provide auditor with right to do so (e.g. when auditing financial statements of financial institutions, auditor may have legal right to discuss matters such as identified or suspected non-compliance with a supervisory authority). 4.9 Documentation (Ref: 30, A35-A36) Identified or suspected non-compliance with laws and regulations; Procedures performed, significant professional judgments made and conclusions reached; Discussions of significant matters related to non-compliance with management, those charged with governance and others, including how they responded to the matter. SPOTLIGHT Law, regulation or relevant ethical requirements may also set out additional documentation requirements regarding identified or suspected non-compliance with laws and regulations. AT A GLANCE Auditor shall include: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 33 CHAPTER 2: THE REGULATORY ENVIRONMENT AT A GLANCE SPOTLIGHT 34 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3 PROFESSIONAL ETHICS AT A GLANCE SPOTLIGHT 1. The fundamental principles 2. Integrity, objectivity and independence 3. Confidentiality and conflicts of interest 4. Corporate financial advice 5. Responding to noncompliance with laws and regulations 6. PAIB requirements for Chartered accountants in practice The application of the fundamental principles in the Code of Ethics is considered within a conceptual framework. This framework, applies to chartered accountants in business and in practice and acknowledges that the fundamental principles may be threatened in a broad range of circumstances. Chartered accountant shall apply the conceptual framework to: a) Identify threats to compliance with fundamental principles; b) Evaluate the threats identified; and c) Address the threats by eliminating or reducing them to an acceptable level. Although ICAP Code provides a conceptual framework, which recognises that it is impossible to define every situation that creates threats and specify the appropriate safeguards, specific guidance is provided in some of the following key areas: - Fees - Compensation and Evaluation Policies - Gifts and Hospitality - Actual or Threatened Litigation - Financial Interests - Loans and Guarantees - Business Relationships - Family and Personal Relationships - Recent Service with an Audit Client - Serving as a Director or Officer of an Audit Client - Employment with an Audit Client - Temporary Personnel Assignments - Long Association of Personnel - Provision of Non-Assurance Services to an Audit Client * Accounting and Bookkeeping Services * Administrative Services * Valuation Services * Tax Services * Internal Audit Services * Information Technology Systems Services * Litigation Support Services * Legal Services * Recruiting Services * Corporate Finance Services THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 35 SPOTLIGHT IN THIS CHAPTER: AT A GLANCE AT A GLANCE CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS 1 THE FUNDAMENTAL PRINCIPLES 1.1 Introduction: rules of conduct for professional accountants The professional bodies that regulate the auditing profession set high standards of behaviour for their members (including students). Their codes of practice apply to all members, whether in public practice or not. The detailed rules of conduct vary between the professional bodies, but all the major bodies have codes that are broadly similar. In setting a code of practice, each professional body is complying with one of its regulatory functions, which is to ensure that professional services related to accountancy and audit are performed only by ‘fit and proper’ persons who act with professional integrity and perform quality work. ICAP has adopted the IESBA’s Code of Ethics into its own localised code called ‘The ICAP Code of Ethics for Chartered Accountants’ (the Code). The Code’s substance remains largely unchanged from the IESBA’s original code. AT A GLANCE The Code must be followed by all members (including students) whether they are working in professional practice (such as providing external audit or advisory services), or professional accountants in business (such as working in the finance department or internal audit). The Code also applies to the staff of an ICAP practice, regardless of whether they are members of ICAP or any other professional body. 1.2 The fundamental principles of the ICAP Code of Ethics A chartered accountant shall comply with each of the five fundamental principles of the Code set out below: SPOTLIGHT Principle Explanation Integrity A professional accountant should be straightforward and honest in all professional and business relationships. Objectivity A professional accountant should not allow bias, conflict of interest or undue influence of others to override his or her professional or business judgements. Professional competence and due care A professional accountant has a continuing duty to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional service based on current technical and professional standards and relevant legislation. A professional accountant should act diligently and in accordance with applicable technical and professional standards when providing professional services or working for an employer. Confidentiality A professional accountant should respect the confidentiality of information acquired as a result of professional or business relationships and should not disclose any such information to third parties without proper and specific authority unless there is a legal or professional right or duty to disclose. Confidential information should not be used for the personal advantage of the professional accountant or third parties. Professional behaviour A professional accountant should comply with relevant laws and regulations and should avoid any action or conduct which discredits the profession. You need to know these five fundamental principles and what each of them means. An exam question may require you to discuss the relevance of the five fundamental principles to a particular situation in a case study. 1.3 The conceptual framework The application of the fundamental principles set out above is considered by the ICAP Code within a conceptual framework. This framework, applies to chartered accountants in business and in practice, acknowledges that these principles may be threatened in a broad range of circumstances. 36 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS A chartered accountant shall apply this conceptual framework to: a) Identify threats to compliance with the fundamental principles; b) Evaluate the threats identified; and c) Address the threats by eliminating or reducing them to an acceptable level. Exercise of Professional Judgment Reason to be concerned that potentially relevant information might be missing from the known facts and circumstances Inconsistency between the known facts and circumstances and CAs’ expectations. Whether CAs’ expertise and experience are sufficient to reach a conclusion. Need to consult with others with relevant expertise or experience. The information provides a reasonable basis on which to reach a conclusion. Preconception or bias might affect the exercise of professional judgment. Other reasonable conclusions could be reached from the available information. Threats to the fundamental principles fall into one or more of the following categories: Self-interest threat. This arises when the accountant or the audit firm has a financial interest or other interest in a matter. Typically, this means that the accountant’s decisions may be influenced by selfinterest and the accountant will therefore not act with objectivity and independence e.g. if the auditor earns a large proportion of their revenue from a particular client they may be unwilling to upset that client by issuing an unfavorable audit report. AT A GLANCE CAs are required to exercise professional judgement in undertaking all professional activities. In exercising professional judgement, CAs apply their relevant training, professional knowledge, skill and experience. CAs might consider below factors in exercising professional judgement: Business Practice financial interests, loans or guarantees from the employer. direct financial interest in a client. incentive-based compensation offered by the employer. accept new engagement with a low fee that deters quality of professional services. close business relationship with a client. inappropriate personal use of corporate assets. access to confidential information for personal gain. offered a gift or special treatment from a supplier. concern over employment security. a CA discovering a significant error when evaluating the results of a previous professional service performed by CA’s firm. commercial pressure from outside the employing organization. contingent fee arrangements. close personal or business relationships. holding a financial interest in a client or jointly holding a financial interest with a client. undue dependence on fees from a client. Self-review threat. This occurs when an accountant is required to review or re-evaluate (for a different purpose) a previous judgement they have made or action that they have taken. Self-review threats can also apply to audit firms. For example, if an audit firm prepared the financial statements for a client company and then acted as auditor, it would be reviewing its own work and would be reluctant to criticise or question it. This would be a threat to objectivity and independence. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 37 SPOTLIGHT Circumstances that could give rise to self-interest threats for CAs in: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Circumstances that could give rise to self-interest threats for CAs in: AT A GLANCE Business Practice determining the appropriate accounting treatment for a business combination after performing the feasibility study supporting the purchase decision. providing assurance on the operation of financial systems after being involved in their design or implementation. business decisions or data being reviewed by the same person who made those decisions or prepared that data. a CA prepared the original data used to generate records that are the subject matter of the assurance engagement. being in a position to exert direct and significant influence over an entity’s financial reports. the discovery of a significant error during a re-evaluation of the work undertaken by the member. a member of the assurance team being, or having recently been, employed by the client in a position to exert direct and significant influence over the subject matter of the engagement. performing a service for a client that directly affects the subject matter of an assurance engagement. Advocacy threat. This occurs when the accountant is in a position where they are expected to defend or justify the position of the client, and act as an ‘advocate’ for the client’s position or point of view, for example in a legal case. This would be a threat to objectivity and independence. Circumstances that could give rise to self-interest threats for CAs in: SPOTLIGHT Business Practice opportunity to manipulate information in a prospectus in order to obtain favorable financing. promoting shares in a listed company which is also an audit client. commenting publicly on future events. situations where information is incomplete or where the argument being supported is against the law. acting as an advocate for an audit client in litigation or dispute with third parties. lobbying in favor of legislation on behalf of an audit client. Intimidation threat. This occurs when the accountant is deterred from acting with objectivity due to threats against them or their firm. The nature of the threat may be a threat by the client that it will take work away from the audit firm unless it agrees with the point of view of the client management. Another example might be a strong finance director intimidating junior members of the audit team and persuading them not to report errors found during their testing. Circumstances that could give rise to self-interest threats for CAs in: Business Practice threat of dismissal or replacement of the member, or a close family member, over a disagreement about the application of an accounting principle or the way in which information is to be reported. the threat of dismissal because a disagreement about a professional matter. pressured to agree with a judgement because the audit client has more expertise on the matter in question. a dominant personality attempting to influence the member’s decisions e.g. regarding the awarding of contracts or the application of accounting principles. informing a CA that a planned promotion will not occur unless a CA agrees with an inappropriate accounting matter. accepted a significant gift from a client and being threatened that acceptance of this gift will be made public. 38 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Familiarity threat. This occurs when the accountant becomes too sympathetic with the client’s position due to close relationships, for example due to a long association over many years in carrying out the annual audit. Business Practice A CA is responsible for the financial reporting when an immediate or close family member in the organization makes decisions that affect the financial reporting. having a close or immediate family member who is a director or officer of the client over-familiarity with the management of the organisation such that professional judgment could be compromised. long association with business contacts influencing business decisions. a former partner of the firm being a director or officer of the client or an employee being in a position to exert direct and significant influence over the subject matter of the engagement. An audit team member having a long association with the audit client. Members are required to identify, evaluate and respond to such threats. If identified threats are anything but clearly insignificant, members must implement safeguards to eliminate the threats or reduce them to an acceptable level so that compliance with the fundamental principles is not compromised. CAs shall do so by: AT A GLANCE Circumstances that could give rise to self-interest threats for CAs in: Eliminating the circumstances, including interests or relationships, that are creating the threats; Applying safeguards, where available and capable of being applied, to reduce the threats to an acceptable level; or iii. Declining or ending the specific professional activity. EXAM TECHNIQUE POINT: In any scenario-based question regarding the five fundamental principles or any of the situations causing the five threats to independence, it is important that don’t only state the basic requirements of the code that are being breached but also relate them to the given scenario. Also, it helps to give some commentary in relation to the significance of a threat i.e. if the situation relates to a more senior person on the audit firm (such as the Engagement Partner) the threat is likely to be significant, with no safeguards being able to eliminate or reduce it to acceptable levels. Practice Question 01: Mr. Omar is incharge of the quality control department of an audit firm. While reviewing the working papers relating to some audit engagements of the firm he came across the following situations: i. The spouse of a partner in the firm is a legal consultant and is assisting an audit client of that firm in filing its tax return. ii. The audit manager engaged on the audit of a company has been offered a job by that company. He has been asked to join on March 1, 2010 when the current CFO would retire. The audit is expected to be completed on December 15, 2009. iii. A meeting of the CEO of ABC & Company Limited and the audit engagement partner was held to discuss the draft financial statements of the company for the year ended September 30, 2009. Serious difference emerged between the two sides on the accounting treatment and the disclosures of certain items and consequently the CEO informed the engagement partner that unless the auditors agree to the company’s point of view, they would not be reappointed for the next year. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 39 SPOTLIGHT i. ii. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS iv. The engagement partner on the audit of XYZ Limited has been its engagement partner for the past six years. Required: Identify the category of threat involved in each of the situations described above and explain how would it affect the objectivity and independence of the auditor. Also explain the responsibility (if any) of the firm and the concerned member of the audit team. Solution: i. ii. AT A GLANCE This situation does not contain any threat. Self-Interest Threat: Subsequent employment with the assurance client is of personal interest to the audit manager which will impair. Moreover, if the company is listed, then as per Code of Corporate Governance (CCG) it shall not appoint any member of the audit engagement team or his close relative as its CEO/CFO/Internal auditor/director at any time during the next 2 years of his/her involvement in the audit. In case it’s not a listed company, manager shall immediately inform the engagement partner about his intentions and the firm should arrange proper replacements. iii. Intimidation Threat: The CEO of the client has actually threatened of replacement in case there is a disagreement by the auditor over the issues. Partner should discuss the issue with the other partners in the firm. Disclose to the audit committee or others charged with governance and may decide to withdraw from the current year engagement. iv. Familiarity Threat: The prolonged period of time during which partner has been the engagement partner could lead to a close relationship with the company. This could affect his objectivity as he may decide not to discuss contentious matters with the management, to maintain good relationship. If the company is listed the firm is required by CCG to rotate the partner incharge after 5 years. If it is a non-listed company this approach may be followed as best practice to avoid familiarity threat. SPOTLIGHT 40 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS 2 INTEGRITY, OBJECTIVITY AND INDEPENDENCE Introduction The revised ICAP code contains “International Independence Standards” (parts 4A and 4B). The discussion below is relating to part 4A that relate to independence for audit and review engagements. 2.1 The requirement for independence Independence is required by the ICAP Code and it is in the public interest that CAs in public practice and their firms are independent when performing audit, review and other assurance engagements. Independence comprises: Independence in appearance (Perceived independence) The auditor is free from bias, influence or pressure from others when making decisions, thereby acting with integrity, and exercise objectivity and professional skepticism. How others view the auditor in concluding whether the auditor’s integrity, objectivity or professional skepticism has been compromised. AT A GLANCE Independence of mind (Actual independence) For an audit report to be of value, the auditor: must be independent, and also must be seen to be independent. These principles of both being and being seen to be independent are at the centre of the role played by independence in auditing. Illustration: Independence of mind and independence in appearance Independence of mind describes a state of mind that permits the auditor to express a conclusion without being affected by influences or prejudices that compromise their professional judgment. This allows the auditor to act with integrity and exercise objectivity and professional scepticism. Independence of appearance means the avoidance of facts and circumstances that are so significant that a reasonable and informed third party, having knowledge of all relevant information (including any safeguards applied) would reasonably conclude that a firm’s, or a member of the assurance team’s, integrity, objectivity or professional scepticism has been compromised. For example, if an auditor owned shares in an audit client then a reasonably informed third party could safely assume that the auditor will not be truly objective as they would not want to see the value of their investment in the client reduced. The presumption is that if an auditor is not independent in appearance then they cannot possibly think with objectivity (i.e. be independent of mind). Even if this may not technically be true it is a presumption that must be held in order to protect the reputation of auditors. Independence of the auditor is a matter of public confidence in the audit process. Auditors need to be fully aware of situations that may impair their independence and objectivity. Such situations are referred to as threats to auditor independence. Any threats to independence may be mitigated by safeguards that are implemented by an audit practice (audit firm). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 41 SPOTLIGHT The opinion of an auditor must be an independent opinion given by a professional person with appropriate skills in audit work, and the opinion must not be influenced by anyone else, and in particular must not be influenced by the opinions and views of the management of the company whose financial statements have been audited. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS The ICAP Code takes the form of guidance on independence, rather than specific rules. It is left to the individual member to apply judgement about how the guidelines should be applied in practice. The guidance sets out a number of general categories of threat to independence, and then goes on to list specific threats and associated guidance. Professional Skepticism Exercising professional skepticism is at the heart of the auditing profession. Standards require CAs to exercise professional skepticism when planning and performing audits, reviews and other assurance engagements. In an audit of financial statements, compliance with the fundamental principles, individually and collectively, supports the exercise of professional skepticism. 2.2 Threats to independence – key areas Threats to the fundamental principles are matters that could result in the Chartered Accountant or audit firm acting with compromised integrity, without considering competence, without ensuring confidentiality or in a way that may discredit the profession. However, threats to the fundamental principles are largely threats to the independence and objectivity of the Chartered Accountant or the audit firm. AT A GLANCE Although the ICAP Code provides a conceptual framework, which recognises that it is impossible to define every situation that creates threats and specify the appropriate safeguards, specific guidance is provided in a number of key areas where independence may be under threat, or may be seen to be under threat. The main areas are discussed below. 2.3 Fees (s410) The nature and level of fees or other types of remuneration might create a self-interest or intimidation threat. Relative size of fees SPOTLIGHT Where the total fees generated from an audit client represent a large proportion of either an audit firm’s total fees or an individual audit partner or one office of the firm, the dependence on that client and concern about the possibility of losing that client may create a self-interest or intimidation threat. Specific safeguards might include: increasing the client base in the firm or for the partner to reduce dependence on the audit client taking steps to reduce dependency on that client (for example, by refusing lucrative non-audit services or taking those on and resigning as auditor) having external quality control reviews consulting a third party, such as ICAP or another professional accountant. It may be particularly difficult for new audit practices to mitigate the above threats; therefore, particular care on independence is required. For public interest entities (such listed entities in Pakistan), if the total fees from the client and its related entities represent more than 15% of the total fees received by the firm expressing the opinion on the financial statements of the client for two consecutive years, the firm is required to: 42 Disclose the fact and fees to those charged with governance; Arrange a chartered accountant, who is not a member of the firm or a professional body to perform: ¯ ‘pre-issuance quality control review’ before issuing the audit opinion on the second year’s financial statement. ¯ ‘post-issuance quality control review’ after issuing the audit opinion on the second year’s financial statements but before issuing the opinion on the third year. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS ICAP directive 4.23 ICAP has issued a directive in 2019 recommending reference fees for certain types of entities. In the directive it states that “in best public interest, development of the audit profession and taking into account the above factors the Council has approved the Schedule of Audit Fee for members in practice as recommended reference fee.” Overdue fees If fees from an audit client remain unpaid for a long time, a self-interest threat may arise. This will certainly be the case if a significant part of the overdue amount is not paid before the next year’s report is issued. If the fees are unpaid for a long period of time, overdue fees might be equivalent to a loan to the client. discussing the level of outstanding fees with the audit committee or other appropriate persons at the client. obtaining partial payment of the overdue fee. involving an additional chartered accountant who did not take part in the assurance engagement to provide advice or to review the work performed. Practice Question 02: You are the quality control partner of Lotus & Co. Chartered Accountants. You have been assigned additional responsibilities for assessment of risks associated with the firm’s clients. At present, the following matters are under your consideration: Clean Limited (CL) has failed to pay the fee for review of its half yearly accounts for the six month ended 30 June 2017. The issue was discussed with the management in the planning meeting for the audit of the year ending 31 December 2017. The management has assured that the amount would be paid in about 30 days. During the discussion, the audit manager was also informed that CL has been facing liquidity issues and it has closed two of its plants. The management has also requested for a reduction in the audit fee for the year ending 31 December 2018 because of the decline in the volume of business. Further, the management has requested the firm to consider some relief as regards audit fee for the current year. Required: Discuss the categories of threats involved in above situation and advise the possible course of action that may be followed. Tutorial Notes: Appropriate comments on some of the main issues must be given while answering: With regard to non-payment of audit fee, do specify the important step that the auditor should bring the matter to the knowledge of the audit committee and/or to those charged with governance. Discussion on significance of the threat also would be appreciated and is normally expected by examiner, even when not expressly asked. The allocated marks normally also suggest the same. Reduction in fee due to work reduction as a result of closure of plants. Solution: The discussion in the meeting with the management of Clover Limited (CL) highlights two aspects which would have an impact on the ethical considerations: i. ii. Outstanding fee Reduction in fee THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 43 SPOTLIGHT AT A GLANCE The Code therefore recommends that payment of such fees should be required before the report is issued. Other safeguards might include: CHAPTER 3: PROFESSIONAL ETHICS i. CFAP 6: AARS Outstanding fee: A self-interest threat may be created if fees due from an audit client remain unpaid for a long-time, especially if the review fee is not paid before the issuance of the audit report for the year ended 31 December 2017. Our firm should ensure that the outstanding fee is received as early as possible to avoid the above threat. In this regard we should consider discussing this matter with the audit committee or those charged with governance. If the fee remains unpaid, the existence and significance of any threat shall be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. Such a safeguard is, having an additional chartered accountant who did not take part in the audit engagement provide advice or review the work performed. According to Code of Ethics, the overdue fee might even be regarded as being equivalent to a loan to the client and in case the amount is considered significant, we may consider whether it is appropriate to continue the audit engagement. ii. Reduction in fee: AT A GLANCE A self-interest threat to professional competence and due care is created if the fee quoted is so low that it may be difficult to perform the engagement with applicable technical and professional standards in that price. Even though CL has closed one of its major product lines, it does not necessarily mean that quantum of work will materially differ from the quantum of work carried out by us previously. Instead, because of the weak financial position of the company, we may encounter more challenging audit areas that would require additional work and more extensive areas of professional judgement and greater skepticism such as for determining impairment of assets and going concern, etc. SPOTLIGHT In view of the above, we may agree to a reduction in fee only if we are satisfied that we would be able to perform all the necessary procedures and there would be no undue pressure in this regard because of the reduction in fee. Moreover, regardless of the audit fee, we should ensure that: adequate time is spent on the assignment; and audit personnel with sufficient expertise and experience are assigned to the job. We should only accept management’s request of a reduction in fee, if we are able to ascertain that the quantum of work will reduce accordingly. Practice Question 03: XYZ Limited has been an audit client of your firm for the last several years. The engagement has been assigned to you and you have received the following briefing from the engagement partner: i. ii. The recovery of fee on this client has become very low over the years. In the past few years, audit managers have been rotated twice on the request of the client. iii. Over the years, several significant decisions were taken by the company which were communicated to audit teams at the time of finalisation of audits. Required: As the audit manager what will be your strategy to improve the relationship at this client? 44 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Tutorial Notes: The main mistake to be avoided is focusing on the independence issues and on suggestions for improving the performance of the audit team, whereas it is more of a client issue. Other common mistakes may be: Misunderstanding of the scenario as if the fee was actually not being received by the firm. Not mentioning a need for discussing the matter with the client (CFO, CEO, Audit Committee, Board of Directors etc.). Solution: Discuss with the partner, the reasons for changes of audit managers and address the issues appropriately. Arrange meeting between the partner and CEO well before the start of the audit for discussing business issues/ challenges and developments during the current year. Highlight the potential audit issues and make specific inquiry regarding expected dates of finalisation of audit. Have meeting with the finance department well before the start of the audit and obtain understanding of their processes and controls including any changes introduced during the year and the issues that were faced in the previous audit and identify root causes for the issues. Send and discuss the Audit plan to the Board/Audit Committee for clear communication of issues. The business issues and developments and their potential audit impacts and audit strategy needs to be discussed in order for the Board/Audit Committee to acknowledge the efforts of auditor. Float the list of requirements for audit on a timely basis. Conduct frequent meetings with client’s staff and give input on timely basis in order to smooth out the client relationship. Ensure that the field work is completed on a timely basis. Perform timely review, ensure timely involvement of engagement partner and timely submission of client deliverables for onward submission to Board/Audit Committee. Write a memo to the Board/Audit Committee in which the issues faced during the audit and foreseeable reasons thereof may be identified. Once this has been done, discuss with the Board/Audit Committee regarding enhancement of fees. Pricing When an assurance firm obtains an assurance engagement at a significantly lower level than that charged by the previous firm, or quoted by other firms (known as “low-balling”) a self-interest threat arises. This threat will not be reduced to an acceptable level unless: the firm is able to demonstrate that appropriate time and qualified staff are available, and all applicable assurance standards and quality control procedures are being complied with. Practice Question 04: Identify and evaluate the threats involved and explain how these threats can be reduced to an acceptable level, in each of the following situation: A limited assurance engagement has been accepted at a fee which is lower than the fee charged by the predecessor auditor. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 45 SPOTLIGHT AT A GLANCE My strategy for improving relationship at client, would be as follows: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Solution: By agreeing to perform the engagement at a lower fee than that charged by the predecessor firm, or quoted by other firms, a self-interest threat has been created. Safeguards: The self-interest threat created may be reduced to an acceptable level if the firm is able to demonstrate that: Appropriate time and qualified staff are assigned to the task. All applicable assurance standards, guidelines and quality control procedure are being complied with. Contingent fees AT A GLANCE Contingent fees (direct or indirect) are fees that are calculated on a pre-determined basis, relating to the outcome or result of a transaction or the work performed. A contingent fee charged through an intermediary is an example of an indirect contingent fee. A contingent fee may be an engagement on a ‘no win no fee’ basis, or on the basis that the audit firm will receive a percentage amount of the money it succeeds in saving or making for the client. Clearly a contingent fee creates self-interest threat. The threat is considered insurmountable and therefore the Code does not allow contingent fee arrangements. For example, if an audit firm is asked to provide an assurance report in support of a loan application, it may be offered a fee which is only payable by the client if the application is successful. This would be a contingent fee and this fee arrangement must be refused. Similarly, a fee for taxation services that will be calculated as a percentage of the tax saved for the client would be a contingent fee and is not permissible. Fees should be charged on the basis of the experience of the person doing the auditor assurance work and the time spent on the work. Practice Question 05: SPOTLIGHT You are the quality control partner of Lotus & Co. Chartered Accountants. You have been assigned additional responsibilities for assessment of risks associated with the firm’s clients. At present, the following matters are under your consideration: During the review of working papers of Daffodil Limited (DL), the engagement manager came to know that a large consignment of import of raw material is stuck with the custom authorities. On his query he was informed that the DL’s clearing agent was unable to resolve the matter. However, now DL has approached another custom clearing agent for clearing the said consignment and the matter with the custom authorities would be resolved shortly. DL has agreed to pay 1.4% of the value of consignment to the clearing agent. A junior member of the team has informed the engagement manager that clearing agent appointed by DL is the brother of the audit senior. Required: Discuss the categories of threats involved in above situation and advise the possible course of action that may be followed. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced here. 46 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS “According to this scenario, a client which was in a weak financial position had failed to pay the audit fee for review of half yearly accounts and the management had also requested the audit firm to give some relief as regards audit fee of current year. With regard to non-payment of audit fee, the candidates generally could not specify an important step that the auditor should bring the matter to the knowledge of the audit committee and/or those charged with governance. Moreover, it was also important to assess the significance of the threat which was also missed by the majority. Furthermore, many candidates mentioned about declining the engagement whereas according to the scenario it had already been accepted. With regard to reduction in fee, many students did not make any comment on the management’s contention that work would reduce as a result of closure of plants. On the other hand, many students were completely in agreement with the management’s view in this regard. They did not consider the other aspect of the situation i.e. closure of factories is also an indication of weakening financial position because of which the auditor may have to face more challenges such as risk of intentional misstatement and more issues involving professional judgment, such as impairment of assets and going concern and therefore it was not necessary that closure of plants may result in reduction in work. A large number of students were of the incorrect view that audit fee cannot be reduced under any circumstances.” AT A GLANCE The performance remained below average mainly because the students could not give appropriate comments on some of the main issues as discussed below: Self-interest threat or intimidation threat may be created due to a close business relationship between a member of the audit team’s immediate family and the audit client. The relationship of the audit senior and the clearing agent comes under the definition of close family member instead of immediate family member. However, the code recognizes the fact that it is impossible to define every situation, and there could be many variations in circumstances that create threats to independence and can deter a Chartered Accountant from concluding that a situation is permitted if it is not specifically prohibited. Therefore, even though the clearing agent is not an immediate family member of the audit senior, our firm should consider the possibility and significance of threats to the independence of the audit senior. Depending upon the significance, we may also consider: Removing the audit senior from the engagement team. Having a chartered accountant review the work of the audit senior. Practice Question 06: You are the partner in charge of your Firm’s risk management department and in the said capacity your responsibilities include advising the firm’s engagement partners /managers on different aspects of the assurance and non-assurance services, in accordance with the applicable regulatory and independence framework. You have been requested for guidance on the following issues: Olive Limited has approached your firm to act as their advisors to the first public issue of the company which shall be used to finance a new project. Your responsibilities would include drafting the prospectus, assistance in completing listing formalities and negotiations with and appointment of Bankers to the issue. Previously you have also carried out a due diligence exercise in respect of the said project. Olive limited has suggested different fee levels corresponding to the amount of eventual subscription received. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 47 SPOTLIGHT Solution: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Required: a) Advise the concerned partners/managers as regards the acceptance of the above assignments. b) Suggest possible modification in the scope or terms of engagement or possible safeguards, if any, to avail the opportunities within permissible limits. Solution: a) Since Olive Limited is not an audit client, therefore the requested services may be provided. AT A GLANCE In term of the Chartered Accountants Ordinance, 1961 and the code of ethics a member should not enter into any contingent or conditional fee arrangement and the member is guilty of professional misconduct if he/she enters into such arrangement. Hence, fee based on amount of subscription received should not be agreed upon. b) An appropriate caveat should be built in the engagement letter wherein we should describe the management’s responsibility and disassociate the firm from the responsibility of taking management decisions on behalf of the client. The fee arrangement should be reconsidered and brought in line with permissible mode like fixed fee or hours charged basis. Practice Question 07: a) MF Momin, Shams & Company is a firm of chartered accountants (the firm) which was initially registered with two partners namely Momin and Shams, in the year 2011 with offices in Karachi and Islamabad. In 2020, the firm got affiliation with a reputed international firm namely Missouri Fox (MF) which resulted in increase in clientele of the firm especially in the province of Punjab. As a result, the firm has established its new office in Lahore. SPOTLIGHT You are the quality control partner in the firm. While reviewing the annual revenue earned by the firm for the year ended 31 December 2020, you have extracted the following information from the firm’s books of accounts: Firm’s offices Firm’s partners Clients Karachi Islamabad Lahore Momin Shams Others --------------- Rs. in ‘000 --------------Audit and assurance services Pervez Limited (PL) 2,730 2,730 Amin (Pvt) Ltd (APL) 1,680 1,680 Salman Limited (SL) 4,000 4,000 Tania Limited (TL) 1,100 1,100 Other clients 3,800 3,000 6,000 3,000 1,800 8,000 Consultancy and other services Pervez Limited (PL) 500 2,000 500 3,000 Amin (Pvt) Ltd (APL) 1,480 1,480 Salman Limited (SL) 1,500 1,300 2,800 Tania Limited (TL) 200 - 200 Other clients 4,170 6,000 2,040 3,000 3,170 6,040 14,000 15,000 13,000 10,000 9,000 23,000 48 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Other information: i. PL, SL and TL are listed companies whereas APL is the first multinational client of the firm. ii. All the clients have already re-appointed the firm for their subsequent statutory audit. iii. Shams is also entitled to 20% additional commission of the total fees earned from PL. Required: (a) In the light of ICAP’s Code of Ethics for Chartered Accountants, evaluate the implications of revenue earned from PL, APL, SL and TL on the firm and suggest the safeguard(s), if any, available to the firm and partners. b) Other clients in (a) include Hafiz Limited (HL) and Chand Limited (CL) which have not yet paid the audit fees for the year ended 30 June 2020. The audit report for HL was issued three months ago but HL has still not paid the balance 50% of audit fee, while the audit report for CL has not been issued due to certain pending issues. Required: Solution: a) When the total fees generated from an audit client by the firm expressing the audit opinion represent a large proportion of the total fees of that firm, the dependence on that client and concern about losing the client create a self-interest or intimidation threat. AT A GLANCE Discuss the course of action available to the firm in the above situation. Revenue earned from PL is 30.3% of Shams’s revenue and 23% of Karachi office. It represents a large proportion of the revenue from one partner and one office of the firm. The significance is further increased as Shams is also entitled to earn additional 20% commission on total revenue of Rs. 5.73 million generated from PL so his objectivity might be compromised. Even though the revenue from PL is still below 15% of the firm’s total revenue given in the code, it needs to be under consideration that any further increase in the fee charged to PL or any additional assignment may make it above the 15% threshold. Safeguard available to the firm The firm should consider increasing the client base of Shams to mitigate the risk and reduce the dependence on the audit client. The firm should also consider rotating this client to some other partner. Shams should reduce dependency on PL by refusing other assignments or rotate it to some other partner when providing those services. An appropriate review should also be conducted by a reviewer who does not take part in the engagement review process. Amin (Pvt.) Limited (APL): The revenue earned from APL is 24.3% of Lahore revenue which represents a large proportion of the revenue of one office of the firm. The significance is further increased as APL is the first multinational client of the firm so it is qualitatively significant to the firm. It further increases the significance as Lahore office is also a newly established office. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 49 SPOTLIGHT Pervez Limited (PL): CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Safeguard available to the firm Although Lahore office is a newly established office, the client base will eventually grow and the office dependence on APL might further decrease in future. In the meantime, the firm should consider to increase client base of the office by assigning other assignments. The firm may also consider assigning the other assignments of PL to Lahore office if acceptable to the client. Salman Limited (SL): The revenue earned from SL is 16% of firm’s total revenue which exceeds 15% threshold given in the Code. The significance is further increased as revenue earned from SL is 26.7% of Islamabad office revenue and 40% of Momin’s revenue which represents a large portion of the Islamabad office and Momin’s Revenue. Safeguard available to the firm The firm shall disclose the fact to those charged with governance that the total of such fees represents more than 15% of the total fees received by the firm. AT A GLANCE Prior to the audit opinion being issued on the financial statements, a chartered accountant, who is not a member of the firm expressing the opinion on the financial statements, performs an engagement quality control review of that engagement; or a professional body performs a review of that engagement that is equivalent to an engagement quality control review (“a pre-issuance review”). After the audit opinion on the financial statements has been issued, and before the audit opinion being issued on the next year’s financial statements, a chartered accountant, who is not a member of the firm expressing the opinion on the financial statements, or a professional body performs a review of the second year’s audit that is equivalent to an engagement quality control review (“a post-issuance review”). Tania Limited (TL): SPOTLIGHT The revenue earned from TL does not represent a large proportion of the revenue of the firm or Karachi office. Since it is 14.4% of Sham’s total revenue, therefore it needs to be considered that any further increase in revenue or any additional assignment may make it large proportion for Shams’ revenue. Safeguard available to the firm Firm should closely monitor any additional billing to TL so that it remains within the prescribed limits. b) Hafiz Limited (HL): Even though 50% of the fees has been received from HL, a significant part is still outstanding for last three months. The firm shall: determine whether it is appropriate for the firm to be re-appointed or continue the audit engagement. consider whether the overdue fees might be equivalent to a loan to the client. Safeguard available to the firm If the outstanding fees is not paid before next year’s report, the firm shall discuss with the audit committee and those charged with governance to pay the fee at earliest. Chand Limited (CL): Since the audit report of CL has not been issued due to some pending matters, the firm should ask the client to pay audit firm a significant part of the fees. 50 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Safeguard available to the firm The firm should also appoint an appropriate reviewer who did not take part in the audit engagement. If the outstanding fees is not paid before next year’s report, the firm shall discuss with the audit committee and those charged with governance to pay the fee at earliest. 2.4 Compensation and Evaluation Policies (s411) A firm’s evaluation or compensation policies might create a self-interest threat. Selling non-assurance services materiality of the compensation seniority of the audit team member whether its influences promotion decisions Safeguards to reduce the threat include: removing the person from the audit team appropriate review of the work performed by the audit team member Key audit partner is prohibited from being evaluated or compensated based on selling non-assurance services to the audit client. AT A GLANCE When an audit team member is compensated (such as commission or bonus) or the performance is evaluated for selling non-assurance services to the audit client, the level of the self-interest threat will depend on: Accepting gifts or hospitality from an audit client might create a self-interest, familiarity or intimidation threat. The Code specifies that gifts or hospitality shall only be accepted where the value is clearly trivial and inconsequential. Those in a position to influence the conduct and outcome of the audit and immediate family members of such persons shall not accept hospitality from the audited entity, unless it is reasonable in terms of its frequency, nature and cost. Accept or offering gifts and hospitality to/from an audit client a where the intent is to improperly influence behavior is not allowed even if the value is trivial and inconsequential. It may be noted that what constitutes trivial and/or reasonable gift and hospitality could vary across cultures. Question in the exam in relation to gifts and hospitality usually require candidates to apply professional judgment and discuss in detail the consequences on either party involved in addition to the impact there could be on stakeholders. 2.6 Actual and threatened litigation (s430) When litigation with an audit client occurs, or appears likely, self-interest and intimidation threats are created. In some cases, a client entity (or some of its shareholders) may threaten the audit firm with litigation as a result of something the audit firm, or a member of the audit team, has (or has not) done. The significance of the threat will depend on the materiality of the litigation, the nature of the engagement and whether the litigation relates to a prior audit engagement. Safeguards should include: if the litigation involves a member of the audit team, removing that individual from the audit team. appointing a professional to review the work done and assess the nature of the litigation threat. If such safeguards do not reduce the threats to an acceptable level, the only appropriate action is to withdraw from, or decline, the audit engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 51 SPOTLIGHT 2.5 Gifts and hospitality (s420) CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS 2.7 Financial interests (s510) Holding a financial interest in an audit client might create a self-interest threat. A financial interest in an audit client exists where shares or debt instruments are held either directly or indirectly. A direct financial interest is one held by an individual or the firm or by a collective investment vehicle (such a trust or estate) controlled by them. An indirect financial interest is one held by an individual or the assurance firm via a collective investment vehicle not controlled by them. The following shall not hold financial interest or a material indirect financial interest in an audit client: the firm audit team member or their immediate family other partners in the office where an engagement partner practices or their immediate family other partners or managers who provide non-audit services to the audit client or their immediate family, except where the involvement is minimal firm, audit team members and their immediate family members hold financial interest or a material indirect financial interest in an entity which has a controlling interest in the audit client AT A GLANCE Furthermore, firm, audit team members and their immediate family members should not hold financial interest or a material indirect financial interest in an entity which has a controlling interest in the audit client. Therefore, the only safeguards would be to: dispose of any direct financial interest dispose of any indirect financial interest or reduce the holding to such a level that it is no longer material remove the individual from the assurance team resign from the audit. If holdings are acquired by an individual or immediate family members as a gift or inherited or as employment rights (employee share options): SPOTLIGHT they should be disposed of as soon as practicable, or the individual should be removed from the assurance team. Other situations A self-interest is created when firm, audit team members and their immediate family members hold financial interest or a material indirect financial interest in an entity where the audit client also holds a financial interest. A self-interest, familiarity, or intimidation threat is created when firm, audit team members and their immediate family members hold financial interest or a material indirect financial interest in an entity where a director, officer or controlling owner of the audit client also hold a financial interest. A self-interest threat is created if an audit team member knows that a close family member has a direct financial interest or a material indirect financial interest in the audit client. A self-interest threat is created if an audit team member knows that a financial interest in the audit client is held by either other partners and professional employees of the firm or individuals with a close personal relationship with an audit team member. The safeguards would be to: 52 dispose of the interest or reduce it to a level it becomes immaterial remove the individual from the audit team have an appropriate reviewer review the work of the audit team member ensure audit client or director/officer cannot exercise significant influence over the entity THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS If a retirement benefit plan of a firm (such as pension scheme) holds a direct or material indirect financial interest in an audit client, appropriate safeguards should be applied to reduce self-interest threat. Practice Question 08: Mr. Mahmood is the engagement partner for the audit of Khyber Limited (KL), a listed company. In a meeting of the partners of the firm he had declared that Better Life Trust (BLT), in which he is a trustee, intends to purchase fifty thousand shares of KL from the open market. Required: a) State how should the firm deal with the above situation. b) What would the firm’s response be if Mr. Mahmood inadvertently fails to disclose the above fact before the purchase of shares and it comes to the knowledge of the firm after the shares have been purchased? Solution: Mr. Mahmood or any of his immediate family members is not a beneficiary of the trust; The value of shares purchased is not material to BLT (Trust); Even after purchase of shares, BLT will not be able to exercise significant influence over the assurance client; and AT A GLANCE a) Circumstances in which the shares of KL can be purchased by BLT: If BLT makes investment in shares of KL Mr. Mahmood may continue to act as the audit engagement partner of KL as well as a Trustee in BLT, if: Mr. Mahmood and the firm does not have significant influence over any investment decision involving a financial interest in KL. In case the answer to any of the above is in negative, the firm shall require that the shares held by the Trust are disposed of or shall have to change the engagement partner. b) Circumstances and Actions: If Mr. Mahmood has inadvertently not disclosed the fact about purchasing shares of KL and the shares are subsequently purchased, the firm should take the following steps in order to ensure that the independence of the firm is not impaired: In case where Mr. Mahmood discloses the fact regarding purchase of shares to the firm immediately after the purchase of shares, the firm should require him to either ensure that the shares are sold by the Trust immediately. If that is not possible, he should be removed from the engagement team. In case where Mr. Mahmood does not disclose the fact regarding purchase of shares to the firm immediately after the purchase of shares, the firm should consider involving an additional chartered accountant who did not take part in the assurance engagement to review the work done by Mr. Mahmood. Practice Question 09: You are the quality control partner of Nasir and Company, Chartered Accountants (NCC) and presently following matters are under your consideration: While appreciating the services rendered by your firm, the managing director of a client has informed the engagement partner that an audit trainee has helped him in the purchase of a plot of land. On investigation, the engagement partner was able to establish that the trainee works part-time in an estate agency and receives 0.5%commission on all deals. Required: Identify and evaluate the threats involved and explain what actions you would take in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 53 SPOTLIGHT CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Tutorial Notes: Apart from mentioning self-interest threat, other important issues to be discussed are materiality and significance of the financial interest involved and whether the trainee’s conduct was in accordance with the firm’s policies. Solution: A close business relationship between a member of assurance team and the management of the client will involve a common financial interest and may create self-interest threat. The materiality and significance of the financial interest, needs to be evaluated. If the financial interest is immaterial or relationship is clearly insignificant then the audit trainee may be allowed to work on that client, otherwise only safeguard available is to not to allocate that audit trainee on the client. If the conduct of the trainee is not in accordance with the firm’s policies, appropriate action may be taken. Practice Question 10: AT A GLANCE You are the manager in Quality and Risk Management department in a firm of Chartered Accountants. A partner of the firm has informed you about the following: Audit of Nadir Limited (NL), a non-listed company, is in the finalization stage as almost 85% of the field work has been completed. NL has acquired 51% holding in Hamid Limited (HL), a listed company, few days ago. A partner of the firm holds 500,000 shares valuing Rs. 20 million in HL. The partner has agreed to sell the shares; however, it would take some time as the shares of HL are not actively traded. Required: Give your views on above situation with regard to Code of Ethics. Tutorial Notes: Important point to be considered is that 85% of the work had been completed. SPOTLIGHT Solution: After the acquisition, HL has become related entity of NL and as per the Code of Ethics, reference to Audit Client includes reference to its related entities. Therefore, after the acquisition, the partner holds direct financial interest in a related entity and it would create a self-interest threat. As the amount of holding is material to the partner and NL can exercise significant influence over HL, the self-interest threat created would be so significant that no safeguards could reduce the threat to an acceptable level. However, as 85% of the audit work has been completed, the remaining work can be completed in a short period of time and, in such case if those charged with governance request the firm to complete the audit without disposing off the interest, the firm can continue the engagement, provided that the firm: 54 discusses the evaluation of threat with those charged with governance. ensures that relevant partner is not the member of the audit team nor the partner responsible for engagement quality control review. has deputed a Chartered Accountant to review the audit work. has deputed another Chartered Accountant, other than the members of the audit team, to perform a review that is equivalent to engagement quality control review. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 11: You are the partner in a firm of Chartered Accountants having three partners. Presently, following matters are under your consideration: Your firm has been approached by Javed Limited for advice regarding investment in Kamran Limited (KL). The spouse of a partner of the firm holds 500,000 shares in KL. Required: Evaluate threats involved in the above situations and suggest related safeguard(s), if any. Solution: The interest of relevant partner and Javed Limited, with respect to Kamran Limited are in conflict and it will create a threat to objectivity. The firm is required to evaluate: the significance of relevant interest or relationships. the significance of the threats created by performing the professional services. Closely monitor the implementation of policies within the firm with regard to procedures to limit access to client files, the use of confidentiality agreements and/or the physical and electronic separation of confidential information. Regular review of the application of safeguards by a senior individual not involved with the client engagement(s). Having a chartered accountant who is not involved in providing the service or otherwise affected by the conflict, review the work performed to assess whether the key judgments and conclusions are appropriate. Consulting with third parties, such as a professional body, legal counsel or another chartered accountant. AT A GLANCE The following safeguards shall be applied to reduce the threats to an acceptable level: Nisar Khalid & Co. Chartered Accountants (NKC) has been approached by Hector Limited (HL) a listed company, for appointment as HL’s auditors for the year ending 30 April 2019. The core departments of NKC along with the names of the partners are as follows: Assurance Department Nisar Hashmat Moin Rashid Arif Quality Control Department Ali Usman Tax & Corporate Advisory Department Khalid Ovais Hasan NKC intends to appoint Rashid as the engagement partner. As part of the client acceptance procedures, an email was circulated to all the staff of the firm to disclose any investment in HL and its related parties by any partner/employee or their family member(s). A summary of response of Rashid and his staff is as follows: Rashid has confirmed that he does not hold any shares in HL although his wife has invested Rs. 2 million in a mutual fund. The mutual fund has invested 14% of its total investment in shares of HL. Zahid has been working as an audit manager with Rashid. Zahid has disclosed that he has invested Rs. 50,000 in the shares of Troy Limited (TL). HL owns 20% shareholding in TL. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 55 SPOTLIGHT Practice Question 12: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Response by other partners of the firm are as follows: Ali has invested Rs. 45,000 in the shares of Achilles Limited, which is the holding company of HL. Ovais has confirmed that his son has invested Rs. 500,000 in the debentures issued by HL. Response by other staff of the firm: Some of the junior audit staff who are not working with Rashid and the staff of the firm’s accounts department have confirmed holding in shares of HL of nominal amounts ranging from Rs. 5,000 to Rs. 60,000. Required: In the light of Code of Ethics for Chartered Accountants, evaluate the above situation and discuss the threats (if any) in each case along with the available safeguards, if NKC decides to accept the assignment. Tutorial Notes: AT A GLANCE Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: “Majority of the students were only able to obtain a few marks on the basis of their comments on shareholding of the engagement partner’s wife’s. Most of the candidates tried to give generalised comments on the scenario as a whole instead of analyzing each situation separately. Many students did not consider the partners giving non-audit services as part of audit team and hence made incorrect conclusions. Similarly, only a few students touched on the threats arising due to holdings of other employees as majority concluded that no threats would arise due to holdings of other employees” Solution: SPOTLIGHT Holding a financial interest in an audit client may create a self-interest threat. However, the significance of the threat may vary in different circumstances, each of which is discussed below: Rashid Even though Rashid does not have any financial interest in HL. However, his wife being an immediate family member holds an indirect financial interest, since she beneficially owns shares in HL through a collective investment trust. It needs to be assessed whether the amount invested in the mutual fund is material to her. If yes, a self-interest threat would be created. Then the firm should not accept the assignment unless the units of mutual fund are disposed of or a sufficient amount is disposed of so that the remaining amount is no longer material. Zahid Since HL owns 20% shares in TL, HL can exercise significant influence over TL. However, the materiality of the interest both for HL in TL and Zahid in TL needs to be evaluated. In case the financial interest is material to any of the parties the threat created would be so significant that it can only be reduced if Zahid disposes of his entire shareholding or reduces it to such an extent that it no longer remains material. Ali & Ovais: Persons performing quality control for the engagement or providing consultation regarding technical issues for the engagement are also included in the audit team. 56 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS A self-interest threat may be created due to Ali’s holding of shares in the holding company of HL if the investment in HL is material to AL. If the investment is material to AL, then firm should not appoint Ali as the engagement quality control partner unless he disposes of his entire investment. If Ovais’s son is not dependent on him, then NKC can accept the assignment. However, if Ovais is to be considered as the tax advisory partner, then his son being a close family member, would have to dispose of all of his holding or a sufficient amount is disposed of so that the remaining amount is no longer material, even if he is not dependent on Ovais. However, if his son intends to retain the investment, then NKC should consider to have a chartered accountant review the work performed by Ovais or remove Ovais from the team. If Ovais’s son is dependent on him, then it would be a direct investment in an audit client by an immediate family member and NKC could not accept the assignment, unless he disposes of all his investment. Self-interest threat may be created, but it’s significance would depend on whether any of these individuals have any relationship with the audit team and the firm’s organizational, operating and reporting structure. Depending upon the significance of the threat, NKC may: remove any audit team member who have any relationship with such an employee; exclude any such employee from any significant decision making; or have a chartered accountant review the work of such member of the audit team AT A GLANCE Other employees: 2.8 Loans and guarantees (s511) A loan or a guarantee of a loan with an audit client might create a self-interest threat. If the audit client is a not a bank or similar institution the self-interest threat would be so great that no safeguard could reduce the threat to an acceptable level, unless the loan is immaterial to both the firm/member and the client. 2.9 Business Relationships (s520) A commercial or common financial interest between an audit firm or a member of the audit team and a client or its management may create a self-interest and intimidation threat. The Code gives the following examples of such relationships: A material financial interest in a joint venture with the audit client or its senior management. Arrangements to combine services or products, marketed with reference to both parties. The firm acting as a distributor or marketer of the client’s products or services or vice versa. If the relationship relates to the audit firm, unless the financial interest is immaterial and the relationship clearly insignificant to the firm, the Code states that there are no safeguards which could reduce the threat to an acceptable level. Therefore, the only possible courses of action are to: terminate the Business Relationship, reduce the level of the relationship so that the financial interest becomes immaterial and the relationship insignificant, or refuse the assurance engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 57 SPOTLIGHT If the audit client is a bank or similar institution, no threat to independence is created where the loan is made on normal terms to the audit firm or a member of the audit team. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS If the relationship relates to a member of the audit team, as opposed to the firm, unless the financial interest is immaterial and the relationship clearly insignificant to the individual, the only appropriate safeguard would be to remove the individual from the assurance team. The purchase of goods and services from an audit client by the firm or a member of the audit team would not generally create a threat to independence provided: the transaction is in the normal course of business, and on an arm’s length. However, the nature or number of such transactions could create a self-interest threat and safeguards would need to be applied such as: eliminating or reducing the transactions removing the individual from the assurance team AT A GLANCE For example, a new member of an audit team may have bought goods or services from the audit client in the past, on normal commercial terms and at normal prices. This does not create any problem. However, if the audit team member intends to continue using the goods or services of the client to a significant extent, there may be some threat of a loss of independence. If so, the individual should be asked not to buy from the client entity in the future; if the individual does not wish to do this, he or she should probably be taken off the audit team. Example: commercial transaction with an audit team member An audit firm has a client company, Zoomco, which operates a motor racing circuit. The audit firm has discovered that the audit manager for the Zoomco audit keeps a racing car at Zoomco’s circuit and uses the race track regularly. Because they are the audit manager, Zoomco allows them 50% off normal charges for garaging the car and for use of the race track. What is the ethical position and what measures should the audit firm take to deal with this situation? Answer SPOTLIGHT The transaction between Zoomco and the audit manager is a normal commercial transaction for Zoomco, but it is not at arm’s length because the audit manager gets 50% off normal prices. The transaction may not be material for Zoomco, but it is likely to be material for the audit manager. Consequently, there has been a breach of the ethical code by the audit manager. The audit manager has created a self-interest threat (and possibly a familiarity threat) by entering into the transaction with Zoomco. The ethics partner of the audit firm should be consulted and asked to assess the materiality of the transaction between Zoomco and the audit manager and to consider whether disciplinary action is appropriate. The audit manager should be removed immediately from the Zoomco audit team and replaced by someone else. In view of the threat to the objectivity and independence of the former audit manager, the audit plan for the Zoomco audit should be reviewed and amended if this is considered necessary. The ethics partner may also wish to check whether the former audit manager has entered into commercial arrangements on favourable terms with any other audit client. 2.10 Family and personal relationships (s521) Family and personal relationships between a member of the audit team and a director, officer or certain employees (depending on their role) of the audit client may create a self-interest, familiarity or intimidation threat, depending on the specific circumstances. The significance of these threats will depend on: 58 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS the individual’s responsibilities on the audit team, the closeness of the relationship, and the role of the family member or other individual within the client. Clearly, a greater threat will exist where, say, the wife of one of the partners at the assurance firm is the finance director at a client then if, say, an audit junior’s sister is the receivables ledger clerk at a client. Where an immediate family member (i.e. spouse or dependent) of a member of the audit team is: a director, officer or employee of the audit client, and is in a position to exercise direct and significant influence over the subject matter of the audit engagement or was in such a position during any period covered by the engagement or the financial statements. then the only appropriate safeguard is to remove the individual from the audit team. So, in the example above, that particular partner should have no involvement with the assurance engagement at his wife’s company. Even then, this may not be a sufficient safeguard if all the partners enjoy a close relationship and the only safe approach may be not to take on that company as a client at all. removing the individual from the audit team. where possible, structuring the responsibilities of the audit team in such a way that the member of the audit team does not deal with matters which are the responsibility of the family member (so, in the example above, the audit junior would not be assigned to the receivables section of the audit). putting in place policies and procedures to allow audit staff to communicate to senior staff at the audit firm any independence issues which concern them. AT A GLANCE For a close family member (parent, non-dependent child, brother or sister) in the same position safeguards might include: Threats are not restricted to the family relationships defined above. It is the audit firm’s responsibility to consider any other personal relationships which might have a bearing on independence and consider what safeguards need to be put in place. You are the audit manager in Farhad and Company, Chartered Accountants. You have specific responsibility for assessing the risks associated with the firm’s existing and proposed listed clients. Presently, the following matters are under your consideration: Sherbano Limited (SL) has requested your firm to provide a consent letter for acting as its auditors. The wife of a partner in your firm is the Director Marketing in SL. Required: Discuss the categories of threats involved in each of the above situations and advise the partners as regards the possible course of action that may be followed. Solution: Sher Bano Limited: Family and personal relationships between a member of the assurance team and SBL Director Marketing may create: threat to independence; self-interest threat; familiarity threat; or intimidation threat The significance of the above threat should be evaluated and the following safeguards should be considered to reduce the threat to an acceptable level: Removing the individual from the assurance team; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 59 SPOTLIGHT Practice Question 13: CHAPTER 3: PROFESSIONAL ETHICS - - CFAP 6: AARS Where possible, structuring the responsibilities of the assurance team so that the professional does not deal with matters that are within the responsibility of the immediate family member; Policies and procedures to empower staff to communicate to senior levels within the firm any issue of independence and objectivity that concerns them. Practice Question 14: ABC and Company, Chartered Accountants, have been requested to give their consent for appointment as the auditor of Sindh Limited (SL), in place of XYZ and Company, Chartered Accountants. The matter of appointment of ABC and Company is to be placed in the annual general meeting of SL. Required: i. AT A GLANCE ii. Explain the responsibility of ABC and Company and the steps that it needs to take before acceptance of the audit. What would be the retiring auditor’s responsibilities with respect to the above and the responsibility of ABC and Company, in case the retiring auditor does not fulfil its responsibility? i. New Auditor’s (ABC and Company) responsibility before acceptance of audit: Solution: ABC and Company should consider whether the acceptance of new client would create any threats to compliance with fundamental principles. Evaluate significance of threats before accepting the audit engagement. If the threats are other than clearly insignificant, safeguards should be considered and applied as necessary, to eliminate them or reduce them to an acceptable level. Communicate with the retiring auditor to establish the facts and circumstances behind the proposed change, however, before communicating it shall seek permission of the client for such communication. SPOTLIGHT ii. 60 Comply with relevant legal and other regulations in communicating with retiring auditor. Retiring Auditor’s responsibility: Retiring auditor is responsible to respond to any communication by the incoming auditor. However, before giving any information about the client, he should seek client’s permission. While communicating with the auditor, the retiring auditor need to meet the legal and ethical requirements related to such communication and disclosure. The retiring auditor should promptly transfer to the new auditor all books and papers related to SL, which may be held after the appointment has been effected and should also advise SL accordingly. Incoming Auditor’s Course of action if SL and retiring auditor do not fulfil their responsibility: In case ABC and Company is unable to communicate with the retiring auditor due to any reason, it should try to obtain information about any possible threats by other means such as inquiries from third parties or background investigation of senior management or those charged with governance. If unable to reduce threats through alternative procedures, it may decline the engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 15: You are the partner incharge of quality control department of Mian and Company, Chartered Accountants. The following independent matter is under your consideration: Engagement partner’s brother-in-law has joined as CFO on an audit client. Required: Identify and evaluate the threats involved (if any), in above situation and explain the actions which should be taken as regards the above matters. Practice Question 16: You are the partner in a firm of Chartered Accountants having three partners. Presently, following matters are under your consideration: Your firm is conducting the audit of Tahir Limited (TL). A partner in your firm is a close friend of Kashif, who is the financial controller in TL Required: Evaluate threats involved in the above situations and suggest related safeguard(s), if any. Solution: Self-interest, familiarity or intimidation threats may be created due to a personal relationship between the partner and the finance controller of TL. The existence and significance of any threat will depend on factors such as: The nature of the relationship between the partner and the finance controller; The interaction of the partner with the assurance team; The significance of any threat shall be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. Examples of such safeguards include: Structuring the partner's responsibilities to reduce any potential influence of the partner over the assurance engagement; or engagement team. Having a chartered accountant review the relevant assurance work performed. Practice Question 17: Sameer works as manager assurance in your firm. He has close personal relationship with Saqib, who is the CFO at one of your audit clients. However, you haven’t assigned that client to Sameer. Required: Evaluate the above situation and identify threat(s), if any, and related safeguards. Tutorial Notes: Sameer’s close relationship with Saqib and their managerial positions both should be discussed. Be sure to give relevant safeguards as well. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 61 SPOTLIGHT Partner’s brother in law has joined as CFO: Partner’s brother in law does not come under the definition of close or immediate family member. However, this may be perceived as a close personal relationship in our society and it would threaten the perceived independence (independence in appearance) of the engagement partner. The close relationship between engagement partner and CFO may give rise to self-interest, familiarity and intimidation threats. The appropriate safeguard would be to rotate the partner and do not allow him to involve in any matter pertaining to that client. In case no other partner is available then it would be better to withdraw from the engagement. AT A GLANCE Solution: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Solution: Due to close personal relationship between Sameer and Saqib, self-interest, familiarity and intimidation threats may be created. The threats are significant due to close personal relationship and managerial positions of Saqib and Sameer. The significance will also depend on the interaction of Sameer with the assurance team; Safeguards may include: structuring Sameer’s responsibilities to reduce any potential influence over the assurance engagement; or having the relevant assurance work reviewed by a chartered accountant. 2.11 Recent service with an audit client (s522) If a former director, officer or employee of an audit client becomes a member of the audit team there may be a self-interest, self-review or familiarity threat. This will particularly be the case if, as a member of the audit team, the individual has to report on work they carried out. They may also be reluctant to criticise the work of former colleagues. AT A GLANCE The Code specifies that individuals who worked for an audit client as a director, officer or employee in a position to exert a significant influence over the preparation of the client's accounting records or the financial statements on which the firm will express an opinion, the threat created would be so significant that no safeguards could reduce the threat to an acceptable level. Consequently, such individuals shall not be assigned to the audit team. Threats are also created if the services were prior to period covered by the audit report. For example, a threat would be created if a decision made or work performed by the individual in the prior period, while employed by the client, is to be evaluated in the current period as part of the current audit engagement. The existence and significance of any threat will depend on factors such as: the length of time elapsed, the individual’s position with the client, the role of the individual on the audit team. SPOTLIGHT Safeguards might include conducting a review of the work done by the individual as a member of audit team. Example: recent service with an audit client Sadeeq served as the finance director of Ramble, an audit client for three years prior to joining Ramble’s auditors, Tahir & Co., in March 2015 as a partner. Sadeeq is prohibited from being a member of the audit team for Ramble’s 2015 statutory audit because he was employed at the audit client (Ramble) in a position to exert direct and significant influence over the subject matter during the period under review. 2.12 Serving as a Director or Officer of an Audit Client (s523) Serving as a director or officer of an audit client creates self-review and self-interest threats. It is prohibited for a partner or employee of the audit firm to serve as a director or employee of an audit client. The threats created would be so significant that no safeguards could reduce the threat to an acceptable level. A partner or employee of the firm may serve as a company secretary for an audit client if: 62 this is allowed under the legislation, management makes all decisions, and the function is routine and administrative in nature (such as preparing minutes and maintaining statutory returns). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS 2.13 Employment with an Audit Client (s524) Employment relationships with an audit client might create a self-interest, familiarity or intimidation threat. Individuals who have previously been on the audit team could leave the audit firm to work for the audit client. A significant familiarity or intimidation threat could arise depending on: the seniority of the individual when they were on the audit team. the position they have taken up at the client i.e. whether they can exert significant influence over the preparation of the financial statements subject to the audit. the amount of future involvement they will have with the audit team (as a member of the client’s staff). the length of time that has passed since they were on the audit team. This will be the case particularly if strong personal or financial links remain between the individual and the remaining members of the audit team or the audit firm. the individual concerned must not be entitled to any benefits or payments from the firm, unless these are fixed, pre-determined arrangements. any amounts owed to the individual (for example, in the case of an ex-partner) must not be so significant that they could threaten independence. the individual must no longer take part (or appear to take part) in the firm’s business. Other safeguards might include: modifying the audit plan (perhaps to increase the amount of work on the area the ex-team member will be involved with). assigning an audit team of sufficient expertise compared to the individual who has left (i.e. a team which will not be intimidated by the ex-team member). arranging for an additional chartered accountant to review the work done. carrying out a quality control review of the engagement. For Public interest entities: No public interest entities shall appoint a person as a director or officer (such as CEO), or as an employee in a position to exert significant influence over the financial statements preparation (such as the CFO) who was a partner of the firm of its external auditors (or an employee involved in the audit of the public interest entity). Independence would be deemed to be compromised unless, subsequent to the partner ceasing to be a key audit partner, the public interest entity had issued audited financial statements covering a period of not less than twelve months and the partner was not a member of the audit team with respect to the audit of those financial statements. Only exception to the previous paragraphs is where the circumstances has arisen as a result of a business combination, and there are not outstanding benefits or payments due to the former partner or amounts owed are immaterial, the former partner does not participate in the firm’s activities and position was not taken in contemplation of the business combination. Similar threats could also arise where a member of the audit team knows they are to join the client in the future or has entered negotiations to do so. If the individual were to remain on the audit team, objectivity could be impaired as the individual might be keen not to upset their potential future employer (self-interest threat). Safeguards would include: the firm having policies and procedures in place to require individuals to notify the firm when they are entering into such negotiations with an audit client removing the individual from the audit team THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 63 SPOTLIGHT AT A GLANCE The Code specifies that: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS having an appropriate reviewer review any significant judgments made by that individual while on the team 2.14 Temporary personnel assignments (s525) The loan of personnel to an audit client might create a self-review, advocacy or familiarity threat. When the firm becomes too closely aligned with the views and interests of management of the audit client, safeguards are often not available. A firm shall not loan personnel to an audit client unless: assistance is provided only for a short period of time. prohibited non-assurance services are not performed. management responsibilities are not assumed, and the audit client is responsible for directing and supervising the activities of the personnel. Other safeguards include: AT A GLANCE conduct an additional review of the work performed by the loaned personnel. exclude the loaned personnel from the audit team. do not give the loaned personnel audit responsibility for any function or activity that the personnel performed during the assignment. 2.15 Long association of senior personnel (Including Partner Rotation) with an audit client (s540) Using the same individual on an audit engagement over a long period of time may create a familiarity and selfinterest threat. A self-interest threat might be created as a result of an individual’s concern about losing a longstanding client or an interest in maintaining a close personal relationship with a member of senior management or those charged with governance. The significance of threats will depend upon in relation to the individual: SPOTLIGHT the length of individual’s relationship with the client including if relationship existed while the individual was at a prior firm. how long the individual has been on the audit team? the role of the individual on the audit team and extent of the work reviewed or supervised. the extent to which the individual can influence the outcome of the audit. the closeness of the individual’s personal relationship with senior management or those charged with governance. the nature and frequency of the individual’s interaction with the senior management or those charged with governance. The significance of threats will depend upon in relation to the audit client: the nature and complexity of audit client’s accounting and reporting issues. whether the client's management team has changed. whether there have been any structural changes in the client’s organization impacting interactions between the individual and senior management of those charged with governance. Safeguards might include: rotating senior staff of the audit team; for example, changing the audit engagement partner every five years. arranging for a chartered accountant to review the work done by the senior staff. regular independent internal or external quality reviews of the engagement. 64 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 18: You are the quality control partner in a medium size audit firm and have been asked to give your views on the following situations: One of your firm’s large clients, a listed company, has requested that the current year’s audit should be carried out by the same team which audited the last year’s financial statements. The request has been justified on the grounds that the accounts department is extremely busy on a special assignment and a new team would take a lot of their time. You have also been informed that Mr. Shams has been the manager in charge of that audit during the last three years. Required: Discuss the category of threat involved in each of the above situations. Also explain the safeguards available with the firm which may eliminate or reduce the threat to an acceptable level. Rotating the senior personnel (other than the audit team) Involving an additional chartered accountant who was not a member of the assurance team to review the work done by the senior personnel or otherwise advise as necessary; Independent internal quality reviews. Practice Question 19: You are the partner in a firm of Chartered Accountants and presently following matters are under your consideration: Annual audit of Kamran Limited (KL) for the year ending 31 December 2016 is due to commence in a few weeks. Jamal has been an audit team member for eleven years; two years as the job incharge, three years as manager and six years as partner. KL was listed on the Pakistan Stock Exchange in July 2016. Required: i. Identify the threats in the above situation and discuss the significance thereof. ii. Discuss the need for rotation of engagement partner in each of the following situations: The firm has adequate resources and personnel who can replace Jamal as engagement partner but Jamal does not want to leave this assignment. The firm is unable to find a suitable replacement. Tutorial Notes: Point of confusion was that the company had been listed during the current year only and hence the rotation of the partner was not necessary under the given circumstances. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 65 SPOTLIGHT Client’s request for certain staffs The audit firm should assess whether the reason given by the client is valid under the circumstances because if there is any other reason, it may affect the independence of the audit. Moreover, as a matter of principle, the audit firm should not encourage such requests from the client. Long association of Mr. Shams i. Using the same senior personnel on an assurance engagement over a long period of time may create a familiarity threat. ii. The significance of the threat should be evaluated and, if the threat is other than clearly insignificant, safeguards should be considered and applied to reduce the threat to an acceptable level. Such safeguards might include: AT A GLANCE Solution: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Solution: (i) As Jamal is associated with KL since last eleven years it will create a familiarity and selfinterest threats. The threats created are significant as: association of Jamal with KL is of 11 years; Jamal has a key/main role in the audit engagement of KL, being the engagement partner; and the engagement is a statutory audit. Other factors on which the significance of threats will depend are: Structure of the firm; Whether the client’s management team has changed; (ii) AT A GLANCE Whether the nature or complexity of the client’s accounting and reporting issues has been changed. As Jamal has served the audit client for six or more years when the KL becomes a listed company, however as per the requirements of Code of Ethics Jamal can still continue to serve as an engagement partner for a maximum of two additional years. Further, Jamal can continue to serve as an engagement partner for more than the period specified, provided an independent regulator has provided an exemption from partner rotation. If such an exemption is not provided, then the auditor should leave the audit engagement. Practice Question 20: SPOTLIGHT Alpha Textile Limited (ATL) is a long standing listed audit client of your firm. Haris has been the audit engagement partner of ATL for the last five years. The firm is considering to appoint Munir as ATL’s engagement partner and Haris either as ATL’s quality control review partner or client relationship partner. Required: In the light of Listed Companies (Code of Corporate Governance) Regulation, 2017 and ICAP’s Code of Ethics, discuss the validity of Haris’s appointment either as ‘quality control review partner’ or ‘client relationship partner’. Tutorial Notes: Linking the requirements of Code of Corporate Governance (CCG) and Code of Ethics (CE) is required rather than providing two separate conclusions i.e. one under CCG and other under CE. Solution: Code of ethics requires that an individual shall not be a key audit partner for more than seven years unless the law prescribes a shorter period. Since Pakistan law i.e. code of corporate governance requires rotation of engagement partner after 5 years, the requirements of Pakistan law will apply. Code of ethics also requires that after such time, the individual shall not be a member of the engagement team or be a key audit partner for the client for two years. The code defines key audit partner as the engagement partner, individual responsible for engagement quality control review partner and other partners who make key decision or judgements on significant matters with respect to the audit of the financial statements. Considering the above, Haris cannot be appointed as engagement partner or quality control partner. 66 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Appointment as Client Relationship Partner If Haris would be in a high level contact with the management or the audit committee, there is a possibility that he would be able to directly influence the outcome of the engagement. In such a case he could not be appointed as client relationship partner. However, code of ethics allows an additional year to a key audit partner only in rare circumstances outside the firms’ control whose continuity is especially important as long as the threat to independence can be eliminated or reduced to an acceptable level by applying safeguards. The fact that no review or discussion was made by the engagement partner regarding the progress of the audit and the implications related to its ethical and professional issues. Matters which need to be discussed with those charged with governance when a breach has been identified. Engagement shall only be continued when concurrence of those charged with governance has been taken. Solution: No discussion on the progress of the audit work by the engagement partner indicates that elements of ISA 220 (REVISED) related to review of the engagement have been breached. ISA 220 (REVISED) states that reviews should happen on a timely basis throughout the audit to enable problems to be resolved at an appropriate time. Further, ISA 220 (REVISED) also state that the audit partner need not review all audit documentation, but no discussion with the audit team indicate that areas of risk or critical judgement have not been reviewed. Reviews should also be hierarchical and it appears that the audit partner has not reviewed the work of the audit manager. The significance of this issue is further increased because the audit manager is close friend of the CFO which is not disclosed by him to the firm. Therefore, a very thorough review could have been performed by the engagement partner of the work of the audit manager. Audit manager being the close friend of CFO created familiarity, self-interest and intimidation threat. Therefore, the audit manager not disclosing his friendship with the CFO is a breach of the provision of ICAP code of ethics. The firm should immediately remove him as the audit manager and perform an independent quality control review. However, when a breach is identified, the firm shall discuss the breach and the action as soon as possible, with those charged with governance. The matters to be discussed shall include: The significance of the breach, including its nature and duration; How the breach occurred and how it was identified; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 67 SPOTLIGHT Salman Qasim is an audit senior of Ibrahim & Company, Chartered Accountants. He joined the ongoing audit of Kalam Limited (KL) which was under completion stage. During the audit, he came to know that the newly appointed Chief Financial Officer (CFO) is a close friend of the audit manager which was not disclosed by him to the firm. He decided to disclose this matter to the engagement partner; however, he came to know that the engagement partner has been out of country for last one month and has not yet discussed the progress of the audit with the audit team. He then wrote an email to the firm’s quality control partner and brought all such observations in his knowledge. Required: Discuss the professional and ethical issues arising in the above situation and advise the course of action that the firm’s quality control partner should take. Tutorial Notes: Points to be focused are: AT A GLANCE Practice Question 21: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS AT A GLANCE The action taken or proposed to be taken and the firm's rationale for why the action will satisfactorily address the consequences of the breach and enable it to issue an audit report; The conclusion that, in the firm's professional judgment, objectivity has not been compromised and the rationale for that conclusion; and Any steps that the firm has taken or proposes to take to reduce or avoid the risk of further breaches occurring. Firm shall only continue with the engagement if they obtain the concurrence of those charged with governance that action can be, or has been, taken to satisfactorily address the consequences of the breach. Public interest entities The individual shall not act as an engagement partner, or quality reviewer, or other key partner role for a period of more than seven years unless local prescribes a shorter period. After the time-on period, a cooling off period of five consecutive years applies. Where the individual has been appointed as responsible for the engagement quality control review and has acted in that capacity for seven cumulative years, the cooling-off period shall be three consecutive years. If the individual has acted as a key audit partner other than in the capacities of key audit partner or quality reviewer for seven cumulative years, the cooling-off period shall be two consecutive years. Example: cooling off period SPOTLIGHT An individual who served as engagement partner for four years followed by three years off can only act thereafter as a key audit partner on the same audit engagement for three further years (making a total of seven cumulative years). Thereafter, that individual is required to cool off as per the requirements of the Code. However, because the threat could be so great for an audit client, the Code specifies the following for the audit of listed clients (as required by the Pakistan Securities and Exchanges Commission’s Code of Corporate Governance): All banks and development finance institutions (DFIs) are required to ensure that the external auditors are rotated on expiration of five years. In case of banks / DFIs having two audit firms jointly auditing their accounts and both of them complete their five years’ period at the same time, one of them will be rotated on completion of five years and the other one in the next year. All listed companies in the financial sector shall change their auditors every five years. Financial sector for this purpose means Non-Banking Finance Companies (NBFCs), Modarabas and Insurance Companies. All listed companies other than those mentioned above shall at a minimum rotate the engagement partner after every five years. A partner rotating after five years should not resume the lead engagement partner role until a further period of time, normally two years, has elapsed. 2.16 Provision of non-assurance services to an Audit Client (s600-610) The provision of non-assurance services is now common among audit firms of all sizes, consistent with members’ skills and expertise. Most audit firms recognise the potential threat to compliance with the fundamental principles and their independence and they try to deal with threats through their internal organisational structure. 68 Larger firms will operate in a number of separate departments, each with its own partners and members of staff. By dividing the work of the audit firm into different functions, employees involved in audit work will not be the same as those involved in providing, say, consultancy advice to the same client. In some of the largest practices, the consultancy department has been legally separated from the accounting/auditing arm of the firm as a further step towards preserving auditor objectivity and independence. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS A similar approach is often taken by smaller audit firms. Although these firms may not be large enough to be organised in separate departments, efforts are usually made to ensure that different members of staff and partners are responsible for different services provided to clients. Example: non-audit work and safeguards An audit firm has completed the annual audit for a client company and the audit team has identified a number of weaknesses in internal controls that have been notified to the client’s management. As a result, the client has asked the firm to carry out a review of its financial IT systems. What are the ethical issues to consider in this situation and how might the problems be dealt with? Answer The management of the client company must recognise that they have the responsibility for internal controls in the company. This responsibility cannot be passed on to the auditors. The engagement team will not be required to act in a management capacity in any way. For example, they must not be given any responsibility for the implementation of any improvements in internal control that they recommend. There must be sufficient controls against a self-review threat. For example, the individuals assigned to the engagement team to do the work should not include anyone who will also be a member of the audit team. AT A GLANCE The engagement would involve non-audit work. The audit firm can accept this engagement subject to certain conditions: The non-assurance work may provide a large amount of income that makes the audit firm economically dependent on the company (self-interest threat). In addition, employees of the audit firm who carry out the audit may be required to audit the work that has been done for the company by colleagues in the audit firm. It might be difficult for them to find faults with the work that has been done by other employees of the firm (self-review threat). Moreover, the firm may present its client’s case in front of tax commissioner (Advocacy threat) New business practices, the evolution of financial markets and changes in information technology, are among the developments that make it impossible to draw up an all-inclusive list of non-assurance services that might be provided to an audit client. However, the ICAP Code considers various categories of non-assurance work, including the following which is not an exhaustive list of all non-assurance services: Accounting and bookkeeping services Administrative services Valuation services Tax services Internal audit services IT systems services Litigation support services Legal services Recruiting services Corporate finance services THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 69 SPOTLIGHT The ICAP Code recognises that the independence of an audit firm may be threatened when the firm carries out either a material non-assurance work or multiple non-assurance services for an entity that is also its audit client. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS General guidance on non-assurance services Although non-assurance services are generally considered acceptable, subject to appropriate safeguards, the following activities are prohibited by the Code: Authorising, executing or completing a transaction. Directing and taking responsibility for the actions of employees in relation to the employees’ work for the entity. Deciding which recommendation of the firm should be implemented. Reporting, in a management role, to senior management of the client. Setting policies and strategic direction. Hiring or dismissing employees. Controlling or managing bank accounts or investments. Taking responsibility for the preparation of financial statements and designing, implementing, monitoring or maintaining internal controls. Any of the above would involve the firm acting in a management capacity and therefore constitute a threat to the firm’s objectivity for which no safeguards are available to mitigate threats. AT A GLANCE Appropriate safeguards for other activities would include the following: SPOTLIGHT The firm having policies and procedures such that an individual is prevented from making any management decision on behalf of the client. Discussing independence issues with the audit committee or senior management at the client. The firm having policies covering oversight responsibility for the provision of other work to audit clients. Involving an additional chartered accountant in a review of independence or an aspect of the engagement. The client acknowledging responsibility for the results of the work performed by the firm. Disclosing to the audit committee or similar body the nature and extent of fees charged. Personnel carrying out the non-assurance services not taking part in the audit engagement. Practice Question 22: You are the manager in Quality and Risk Management department in a firm of Chartered Accountants. A partner of the firm has informed you about the following: An audit manager of the firm has effectively negotiated a non-assurance assignment with an audit client. Such deals are usually considered in the annual appraisal of the managers. Required: Give your views on above situation with regard to Code of Ethics. Solution: A self-interest threat is created when a member of the audit team is evaluated on or compensated for selling non-assurance services to the audit client. The significance of the threat will depend on: 70 The proportion of the individual’s compensation or performance evaluation that is based on the sale of such services; The role of the individual on the audit team; and Whether promotion decisions are influenced by the sale of such services. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS The significance of the threat shall be evaluated and, if the threat cannot be reduced to an acceptable level, the firm shall either revise the compensation plan or evaluation process for that individual or apply safeguards to eliminate the threat or reduce it to an acceptable level. Examples of such safeguards include: Removing such members from the audit team; or Having a Chartered Accountant review the work of the member of the audit team. Accounting and booking keeping services Providing accounting and bookkeeping services to an audit client might create a self-review threat. These services comprise a broad range including but not limited to preparing financial statements, recording transactions and payroll services. determining accounting policies and the accounting treatment in accordance with those policies deciding on or changing journal entries without the client’s approval authorising or approving transactions preparing source documents or originating data (including decisions on valuation assumptions). The audit process also necessitates dialogue between the firm and management regarding above e.g. proposing adjustments as a result of the audit which is considered to be a normal part of the audit process, as long as client makes the decision. Furthermore, the provision of advice on accounting principles and presentation in the financial statements given during the course of an audit is also considered to be part of the normal audit process. AT A GLANCE In providing such services, firms must not make management decisions such as: For audit clients that are not public interest entities, accounting or book-keeping services, including payroll services, of a routine or mechanical nature may be provided with appropriate safeguards such as: the service not being performed by a member of the audit team the firm having policies and procedures such that an individual is prevented from making any management decision on behalf of the client requiring the source data for accounting entries to be originated by the client requiring the underlying assumptions to be originated and approved by the client obtaining the client’s approval for any changes to the financial statements. SPOTLIGHT Practice Question 23: You are a chartered accountant in practice. The following situations have arisen in connection with two of your clients: Your firm is the external auditor of a listed company. Recently the management of the company has requested your firm to provide the following services: (i) Reconciling the creditors’ ledger with the statements submitted by the suppliers. (ii) Estimating the compensation payable to the employees who were seriously injured while carrying out the trial run of the plant. Required: Explain the threats involved in accepting the above assignments and identify the steps the firm should take to fulfill its professional responsibilities and obligations. Solution: (i) Preparation of such reconciliations may be used by the client as base document of accounting entries. Therefore, it may create a self-review threat when the financial statements are subsequently audited by the firm. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 71 CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS While providing such assistance, the auditor should not involve in making management decision which include: Determining or changing journal entries, or the classifications for accounts or transaction or other accounting records. Authorizing or approving transactions; and Preparing source documents or originating data or making changes to such documents or data. The significance of any threat created should be evaluated and, if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to reduce the threat to an acceptable level. Such safeguards might include: Making arrangements so such services are not performed by a member of the assurance team; Implementing policies and procedures to prohibit the individual providing such services from assisting in preparation of accounting records and making any managerial decisions on behalf of the audit client; AT A GLANCE (ii) The estimation of compensation may be used by the client as a basis for making provisions in the accounts. Therefore, it may create a self-review threat. The significance of threat will depend upon the following factors: The materiality of the amounts involved; The degree of subjectivity inherent in the matter concerned; and The nature of the engagement i.e. the purpose and objective of estimation. The firm should evaluate the significance of threat and if it is significant then apply the necessary procedures to eliminate the threat or reduce it to an acceptable level. Such safeguards may include: Policies and procedures to prohibit individuals assisting the audit client from making managerial decisions on behalf of the client. Using professional who are not members of the assurance team to perform the service; The involvement of others such as independent experts. SPOTLIGHT Practice Question 24: You are the quality control partner in a firm of chartered accountants. The following independent situations are under your consideration. The client has written a letter of appreciation showing their gratitude for the involvement and guidance provided by an audit manager on various issues regarding application of accounting standards. Required: Identify and evaluate the threats involved and explain what actions should be taken in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. Solution: Involvement of audit personnel and guidance to client on accounting principles are an appropriate means to promote the fair presentation of financial statements and the audit process routinely requires dialogue between the firm and management of the audit client and such types of activities are considered to be a normal part of the audit process and do not, generally, create threats to independence Self-review threat will be involved in above situation, if the auditor assumes management responsibility while providing guidance to the client’s management. Safeguards should be applied to prevent the auditor from assuming management responsibility when providing advice. Safeguards could include: 72 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Obtaining acknowledgement of responsibility from the client for any actions or decisions made. Evaluating the ultimate decision of the client and ensuring that the reasons for their decisions are self-determined The risk is further reduced when the firm gives the client the opportunity to make judgments and decisions based on an objective and transparent analysis and presentation of the issues. Practice Question 25: You are the partner incharge of quality control department of Mian and Company, Chartered Accountants. The following independent matter is under your consideration: On an unlisted audit client, the audit engagement team prepares financial statements from the trial balance and proposes adjusting entries. Required: Solution: The following safeguards can be applied to reduce the threat to an acceptable level: it may Obtaining client approval for any proposed adjustments/ avoid managerial decision making. Requiring the underlying assumptions / source data for accounting to be originated and approved by the audit client. Having a qualified person, who is not a member of the audit team, take responsibility for performing the non-audit services Establishing procedures and policies to guide persons performing such services AT A GLANCE Identify and evaluate the threats involved (if any), in above situation and explain the actions which should be taken as regards the above matter. Your firm, Hatim Manzoor and Company, Chartered Accountants is the auditor of Paints Limited (PL) for the year ending 31 December 2019. On 1 December 2019, PL has acquired controlling interest in Brush Limited (BL). Your firm also has a contract with BL for providing accounting and bookkeeping services until 31 December 2020. BL has requested your firm to keep providing the services until an alternate solution is worked out. Required: Evaluate the threat(s) in the above scenario and discuss whether the firm can continue providing the services to both the clients till conclusion of the audit. Tutorial Notes: Following points should not be missed: Discussing with those charged with governance why the interest cannot reasonably be terminated by the effective date of the acquisition. Engaging another firm to evaluate the results of non-assurance service Engaging another firm to re-perform the non-assurance service to the extent necessary to enable it to take the responsibility. Solution: Since such a current interest or relationship cannot reasonably be terminated by the effective date of the acquisition, the firm shall evaluate the self-review threat. The financial statements of BL and PL would be consolidated and the firm would have to review its own work. Furthermore, PL and BL would now be related entities and the restriction imposed by the code of ethics on PL would also be applicable on BL. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 73 SPOTLIGHT Practice Question 26: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS The firm shall discuss with those charged with governance the reasons why the interest cannot reasonably be terminated by the effective date of the acquisition and the evaluation of the significance of the threat. If those charged with governance request the firm to continue as an auditor, the firm shall do so only if: the interest or relationship will be terminated as soon as reasonably possible and in all cases within six months of the effective date of the acquisition. any individual who performed that non-assurance service should not be made part of the audit team. a chartered accountant reviews the audit work as appropriate. a chartered accountant, who is not a member of the firm expressing the opinion on the financial statements, perform a review that is equivalent to an engagement quality control review. another firm is engaged to evaluate the results of the non-assurance service or another firm is engaged to reproduce the non-assurance service to the extent necessary to enable it to take responsibility of the service. AT A GLANCE For audit clients that are public interest entities, accounting or book-keeping services of a routine or mechanical nature may only be provided to the divisions or related entities of the public interest entity where the divisions or related entities for which the service is provided are collectively immaterial to the financial statements. Administrative services Providing administrative services, such as assisting clients with their routine or mechanical tasks within the normal course of operations, to an audit client does not usually create a threat. Example of such services include: SPOTLIGHT Word processing services Preparing administrative or statutory forms for client approval. Submitting such forms as instructed by the client. Monitoring statutory filing dates, and advising an audit client of those dates. Valuation services A self-review or advocacy threat might arise where an audit firm performs a valuation of an item which is to be included in the financial statements to be audited. Therefore, audit firms should not provide valuation services where: the matter is material to the financial statements, and involves a significant degree of subjectivity. In other cases, appropriate safeguards might include: the client acknowledging responsibility for the results of the work. having a professional who was not involved in providing the valuation services review the audit or valuation work performed. the client confirming their understanding of and approving the underlying assumptions and methodologies used. the individuals carrying out the work not being involved in the audit. Practice Question 27: You are the audit manager in Farhad and Company, Chartered Accountants. You have specific responsibility for assessing the risks associated with the firm’s existing and proposed listed clients. Presently the following matters are under your consideration: 74 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Romeo Supermarket Limited (RSL), a large chain of super markets, has approached your firm to perform financial due diligence of one of your audit client, Juliet Limited (JL), which is a listed company. RSL intends to acquire 80% shareholding in JL. Required: Discuss the categories of threats involved in above situations and advise the partners as regards the possible course of action that may be followed. Solution: Romeo Supermarket Limited: Providing due diligence services to the client (RSL) whose interests are in conflict with your other assurance client (Juliet Limited) in relation to the transaction in question may create a self-review threat or threat to objectivity or confidentiality or professional behavior. The use of separate engagement teams; Additional procedures to restrict access to confidential information to concerned personnel only; Clear guidelines to members of the engagement team on issues of security and confidentiality; The use of confidentiality agreements signed by employees and partners of the firm and; Regular review of the application of safeguards by a senior individual not involved in relevant client engagements. AT A GLANCE However, the firm can provide such services provided it notifies JL of the firm’s business interest or activities that may represent a conflict of interest, and obtains its consent for accepting the assignment. In such case the following safeguards should also be considered: You are the quality control partner in Pirzada and Company, Chartered Accountants. The following matters are under your consideration: Your firm has been approached for appointment as external auditors of Watto Limited (WL), a listed company. Your firm has been providing valuation services to WL. Required: Identify and evaluate the threats involved and explain what action would you take in the above circumstances including the steps required, if any, to reduce the risk to an acceptable level. Tutorial Notes: The students are expected to know that the response of the firm would be different depending upon whether the items being valued were material to the financial statements or involved subjectivity or not. Solution: Watto Limited a) A self-review threat may be created if the results of the valuation carried out by the firm are required to be incorporated in the client’s financial statements. b) If the firm has carried out valuation of items material to the financial statements or the valuation involves a significant degree of subjectivity, the firm would not be in a position to reduce the self-review threat to an acceptable level by the application of any safeguard, and should not accept the audit engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 75 SPOTLIGHT Practice Question 28: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS c) If the valuation services are not material either separately or in aggregate, or if they do not involve a significant degree of subjectivity, the following actions may be taken to reduce the self-review threat to an acceptable level: Involve another chartered accountant who will not be a member of the assurance team, to review the work done or provide necessary advice. Obtain confirmation from the audit client about their understanding of the underlying assumptions of the valuation and the methodology being used for valuation Obtain approval of the client regarding use of the methodology and assumptions in the valuation. Obtain the client’s acknowledgement of responsibility for the results of valuation services performed by the firm. Ensure that personnel who had been providing such services do not participate in the audit engagement. Practice Question 29: AT A GLANCE You are the quality control partner in Wiew and Company, Chartered Accountants. You have been assigned additional responsibilities for assessment of risks associated with the firm’s existing and proposed clients. At present, the following matters are under your consideration: The government has invited ‘expression of interest’ for selling its strategic shares in Iqbal Limited (IL). One of your clients’ Zain Limited is interested in the deal and has requested your firm to carry out a due diligence exercise. Mian Limited has also approached your firm for carrying out a business valuation of IL. Required: Discuss the categories of threats involved in above situation and advise the partners as regards the possible course of action that may be followed. Tutorial Notes: SPOTLIGHT The firm is serving two different clients with conflicting interest. Solution: Iqbal Limited: i. ii. 76 A threat to objectivity or confidentiality may be created when a Chartered Accountant in practice performs services for clients whose interests are in conflict. The above threat may be reduced to an acceptable level by taking the following steps: Notifying both the parties that we are acting for both of them, and obtaining their consent to so act; The use of separate engagement teams; Procedures to prevent access to information (e.g., strict physical separation of such teams, confidential and secure data filing); Clear guidelines for members of the engagement team on issues of security and confidentiality; The use of confidentiality agreements signed by employees and partners of the firm; and Regular review of the application of safeguard by a senior individual not involved with relevant client engagements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 30: a) An audit client has approached your firm for advice on various issues concerning a financing arrangement. The client has provided you information regarding terms of financing offered by three different financial institutions including draft agreements which the client may be required to sign. Required: Identify threats involved in the above case and also suggest related safeguards, if any. b) Assuming that two of the above financial institutions are audit clients of your firm, explain whether such situation would result in a conflict of interest, under the Code of Ethics for Chartered Accountants. Solution: The firm should ensure that while giving advice to the audit client, it does not commit the client to the terms of the transaction or consummate transaction on behalf of a client. If the advice to the client involves any of the above acts, then the firm should not accept such an engagement, because accepting such an engagement would create a threat to independence that are so significant that no safeguard could reduce the threat to an acceptable level. After considering the above, if the assignment relating to the advice on the financing arrangement is accepted then it would still create threats to advocacy and self-review threat. AT A GLANCE a) Threats: Policies and procedures to prohibit individuals assisting the assurance client from making managerial decision on behalf of the client; Using professionals who are not members of the assurance team to provide the service; and b) If the audit client intends to enter into financing arrangement with the financial institutions which are also your audit clients, this will not create any conflict of interest as obtaining loan from bank does not produce any apparent conflict of interest between the client and the bank. A conflict of interest might exist between two financial institutions, which are providing the finance, but as your firm is not providing the said service to these institutions, hence no threat will be created and this assignment can be accepted. However, the confidentiality requirements and relevant safeguards should be considered while carrying out the said assignment. Practice Question 31: You are the quality control partner in a firm of chartered accountants. Your firm has been approached by Beta (Private) Limited (BPL) for appointment as the auditors for the year ending 30 June 2019. Your firm was also hired by BPL for valuation of its investment in an unlisted company on August 2018. The valuation engagement had concluded in September 2018 and the amount of investment is material to BPL’s financial statements. Required: Being the quality control partner, advise whether the audit of BPL could be accepted by the firm. Also discuss the relevant threats, if any. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 77 SPOTLIGHT Safeguards that should be considered include: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Tutorial Notes: Majority of the students may not pay attention to the fact that valuation service was provided prior to appointment as auditor so the appointment could have been accepted. Consequently, the correct safeguards may be missed. Solution: Under the code of ethics, the firm could not have accepted the valuation service, had the valuation service been requested after the appointment as auditors, However, since the valuation service was provided prior to appointment as auditors, the audit engagement could be accepted. A self-review threat would be created because the amount is material to the financial statements, is highly subjective and is included in the financial statements of the period which the firm will subsequently audit. In order to reduce the threat to an acceptable level the following safeguards should be applied: AT A GLANCE Not including personnel who provided the non-assurance service in the audit team. Having a chartered accountant to review the audit and the valuation as appropriate Engaging another firm to evaluate the results of the valuation engagement or having another firm to re-perform the non-assurance service to the extent necessary to enable it to take responsibility for the service. Practice Question 32: You are the partner incharge of quality control department of Mian and Company, Chartered Accountants. The following independent matters are under your consideration: Your firm has been asked to verify the results of an award competition being organized by an audit client. Required: SPOTLIGHT Identify and evaluate the threats involved (if any), in above situation and explain the actions which should be taken as regards the above matters. Solution: Verify results of award competition If the award competition materially affects the information/results of financial statements, self-review threat may be created. Significance of threat need to be evaluated that whether the award competition is material to the audit client and to what extent affects the figures appearing in the financial statements. If the threat is significant then the assignment should be declined. The threat involved in this situation is self-review threat. Tax services Taxation services comprise a broad range of services, including: 78 Tax return preparation; Tax calculations for the purpose of preparing the accounting entries; Tax planning and other tax advisory services; and Assistance in the resolution of tax disputes. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS While taxation services provided by a firm to an audit client are addressed separately under each of these broad headings; in practice, these activities are often interrelated. Performing certain tax services create a self-review or advocacy threat. The existence and significance of any threats will depend on factors such as: The system by which the tax authorities assess and administer the tax in question and the role of the firm in that process; The complexity of the relevant tax regime and the degree of judgment necessary in applying it; The particular characteristics of the engagement; and The level of tax expertise of the client's employees. Tax Return Preparation Providing such services does not generally create a threat to independence if management takes responsibility for the returns including any significant judgments made. Preparing calculations of current and deferred tax liabilities (or assets) for an audit client for the purpose of preparing accounting entries that will be subsequently audited by the firm creates a self-review threat. The significance of the threat will depend on: The complexity of the relevant tax law and regulation and the degree of judgment necessary in applying them; The level of tax expertise of the client's personnel; and AT A GLANCE Tax Calculations for the Purpose of Preparing Accounting Entries Audit clients that are not public interest entities. Using professionals who are not members of the audit team to perform the service; If the service is performed by a member of the audit team, using a partner or senior staff member with appropriate expertise who is not a member of the audit team to review the tax calculations; or Obtaining advice on the service from an external tax professional. Audit clients that are public interest entities Except in emergency situations, in the case of an audit client that is a public interest entity, a firm shall not prepare tax calculations of current and deferred tax liabilities (or assets) for the purpose of preparing accounting entries that are material to the financial statements on which the firm will express an opinion. Tax Planning and Other Tax Advisory Services A self-review threat may be created where the advice will affect matters to be reflected in the financial statements. Assistance in the Resolution of Tax Disputes An advocacy or self-review threat may be created when the firm represents an audit client in the resolution of a tax dispute once the tax authorities have notified the client that they have rejected the client's arguments on a particular issue and either the tax authority or the client is referring the matter for determination in a formal proceeding, for example before a tribunal or court. The existence and significance of any threat will depend on factors such as: Whether the firm has provided the advice which is the subject of the tax dispute; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 79 SPOTLIGHT The materiality of the amounts to the financial statements. Safeguards shall be applied when necessary to eliminate the threat or reduce it to an acceptable level. Examples of such safeguards include: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS The extent to which the outcome of the dispute will have a material effect on the financial statements on which the firm will express an opinion; The extent to which the matter is supported by tax law or regulation, other precedent, or established practice; Whether the proceedings are conducted in public; and The role management plays in the resolution of the dispute. The significance of any threat created shall be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. Examples of such safeguards include: Using professionals who are not members of the audit team to perform the service; Having a tax professional, who was not involved in providing the tax service, advise the audit team on the services and review the financial statement treatment; or Obtaining advice on the service from an external tax professional. AT A GLANCE Where the taxation services involve acting as an advocate for an audit client before a public tribunal or court in the resolution of a tax matter and the amounts involved are material to the financial statements on which the firm will express an opinion, the advocacy threat created would be so significant that no safeguards could eliminate or reduce the threat to an acceptable level. Therefore, the firm shall not perform this type of service for an audit client. What constitutes a "public tribunal or court" shall be determined according to how tax proceedings are heard in the particular jurisdiction. Practice Question 33: You are the quality control partner of Nasir and Company, Chartered Accountants (NCC)and presently following matters are under your consideration: Your firm has issued an unmodified opinion on the financial statements of Salim Limited (SL) for the year ended 31 December 2012. The tax authorities have recently launched an investigation against SL, alleging that SL has under declared its income for the year ended 31 December 2012. NCC is also acting as the tax advisor of SL. SPOTLIGHT Required: Identify and evaluate the threats involved and explain what actions you would take in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. Tutorial Notes: Most of the students may discuss the issue of permissible and non-permissible services under the Code of Ethics. However, some important considerations also could be what else can go wrong in the given situation, such as possibility of misstatements in the financial statements or misstatement in tax returns. Obviously, misstatement in either or both of the above documents would warrant various actions by the auditors. Solution: (a) Investigation by tax authorities 80 The tax authorities have launched an investigation against SL on suspicion of underdeclaring income. This implies one of the following: The financial statements are materially misstated. The tax return is misstated. The tax official’s suspicions are unjustified. The quality control partner may engage another chartered accountant to review the financial statements as well as the tax return to investigate the allegations leveled against the client. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 3: PROFESSIONAL ETHICS If Financial Statements are Misstated: Quality control partner may ask the engagement partner to review the situation and establish whether the financial statements need to be revised. Quality Control Partner may like to know whether the mistake could have been avoided if the Quality control policies of the firm had been followed. If there is a lapse on the part of the firm’s employees, appropriate action would be taken and the capacity of the reviewer would also be questioned. If the mistake was such that it could not have been detected using the standard audit procedures of the firm, the firm’s policies and procedures may be reviewed to ensure that weaknesses, if any, are properly addressed. If Tax Return are Misstated: If it is established that tax returns filed by NCC on behalf of the client are materially misstated, then NCC should ensure that proper remedial actions (such as revision of tax returns etc.) are followed subsequent to the discovery of misstatement. If the above actions are not taken by the client, the auditor should consider the firm’s legal responsibilities. In the case of error in the financial statement or the tax return, quality control partner would need to assess whether the error was made intentionally by the management. If it is established that the misstatement was made intentionally the auditor would need to review whether it would be appropriate to discontinue its relationship with the client. Internal audit services AT A GLANCE CFAP 6: AARS the client being responsible for the internal audit activities (using a designated, preferably senior management, employee) and acknowledging its responsibility for the system of internal controls. the client and audit committee approving the scope, risk and frequency of the work. the client being responsible for evaluating recommendations and deciding which are to be implemented. the client evaluating the adequacy of the procedures performed. the findings and recommendations being reported to the audit committee or similar body. In addition, the firm should consider whether such services should only be provided by individuals not involved in the audit. In the case of an audit client that is a public interest entity, a firm shall not provide internal audit services that relate to: A significant part of the internal controls over financial reporting; Financial accounting systems that generate information that is, separately or in the aggregate, significant to the client's accounting records or financial statements on which the firm will express an opinion; or Amounts or disclosures that are, separately or in the aggregate, material to the financial statements on which the firm will express an opinion. Practice Question 34: You are the partner in a firm of Chartered Accountants and presently following matters are under your consideration: Your firm has received request from a listed audit client to assess the quality of the internal audit function and give recommendations as regards improving the structure of the internal audit department and the quality of its staff. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 81 SPOTLIGHT A self-review threat might arise where an audit firm provides internal audit services to an audit client. The following safeguards must be applied: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Required: Evaluate the above situation and identify threats, if any and related safeguards. Tutorial Notes: This is important to appreciate that since the work did not involve any management decision or taking management responsibility, therefore it comes under the purview of allowed services under the code of ethics and listing regulations. Solution: Since the services comprise of reviews and recommendations (as quality assessment) for improvement of the client's Internal Audit function and giving recommendations with respect to improving the structure of the internal audit department and the quality of its staff, does not seem to involve any management decision or taking management responsibility, therefore these are the allowed services under code of ethics and listing regulations. However, if it appears that the recommendations are binding on management which may be the case if the management is not competent to evaluate the recommendations or exercise its own judgment, then these services cannot be performed, AT A GLANCE Practice Question 35: An audit client of Akbar Ali & Co. has approached your firm for appointment as internal auditor. Your firm and Akbar Ali & Co. Chartered Accountants have a common quality control department and share common quality control policies and procedures. Required: Discuss the above scenario in the light of Code of Ethics assuming the said client is a public interest entity. Tutorial Notes: SPOTLIGHT Important point is to consider that the two firms were network firms and therefore each firm would be subject to the same independence requirement while accepting an assignment involving clients of the network firms, as would be applicable in case of its own clients. Solution: Our firm and Akbar Ali and Company are Network firms due to common quality control department and common quality control policies and procedures. The firm shall be independent of the audit client of the network firms, also. Therefore, the provision of internal audit services will create a self-review threat to independence, in the same manner, as if the assignment was taken by the firm itself. Since our client is a public interest entity, we shall not provide the internal audit services relating to the following: A significant part of the internal controls over financial reporting. Financial accounting systems that generate information that is significant to the client’s accounting records or financial statements on which the firm will express an opinion: or Amounts or disclosures that are material to the financial statements on which the firm will express an opinion. The firm may accept the engagement except for the above mentioned internal audit service but it should ensure that it does not get involved in management decision making. If the firm gets involved in management decision making, the threat created would be so significant that no safeguards would reduce the threat to an acceptable level. 82 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 36: Eagle Limited (EL) is an unlisted company and operates a chain of 30 restaurants. The management has established effective internal controls especially over cash receipts and payments to employees and suppliers. The internal audit department of EL has been playing an important role in continuous evaluation and monitoring of these internal controls. However, the chief internal auditor (CIA) has recently resigned along with his two assistants. Your firm has been the auditor of Eagle Limited (EL) for the last many years. The CEO of EL has approached your firm for help in resolving the situation and has proposed the following alternatives: i. ii. EL would outsource its internal audit department to your firm. Your firm would recruit an individual for the position of CIA to fill the vacancy. Inconsideration, EL would pay a fee equivalent to two months’ gross salary of the CIA. iii. EL would recruit the CIA and your firm would provide audit staff on secondment for six months to assist the CIA in understanding and accomplishing the tasks. The CEO has showed his inclination to hire Mr. Kiwi, the manager responsible for the audit of EL. Comment on each of the above alternatives as follows: Discuss the threat involved and explain the safeguards, if any, available to the firm which may eliminate or reduce the threat to an acceptable level. Solution: AT A GLANCE Required: Alternative 1: Outsourcing of Internal Audit Department When the firm undertakes the outsourcing of internal audit activities, any self-review threat created may be reduced to an acceptable level by ensuring that there is a clear separation between the management and control of the internal audit by client management and the internal audit activities themselves. The firm may accept this alternative if appropriate safeguards are put in place to reduce the threat to an acceptable level. The safeguard may include the following: i. The audit client is responsible for internal audit activities and acknowledges its responsibility for establishing, maintaining and monitoring the system of internal controls; ii. The audit client designates a competent employee, preferably within senior management, to be responsible for internal audit activities; iii. The audit client, the audit committee or supervisory body approves the scope, risk and frequency of internal audit work; iv. The audit client is responsible for evaluating and determining which recommendations of the firm should be implemented; v. The audit client evaluates the adequacy of the internal audit procedures performed and the findings resulting from the performance of those procedures by, among other things, obtaining and acting on reports from the firm; and vi. The findings and recommendations resulting from the internal audit activities are reported appropriately to the audit committee or supervisory body. vii. Internal audit services should be provided only by personnel not involved in the financial statement audit engagement and with different reporting lines within the firm. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 83 SPOTLIGHT A self-review threat may be created when a firm provides internal audit services to a financial statement audit client. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Alternative 2: Recruitment of CIA on EL’s behalf The recruitment of senior management for an assurance client, such as those in a position to affect the subject matter information of the assurance engagement, may create current or future self-interest, familiarity, and intimidation threats. In any case, the firm should not make management decisions and the decision as to whom to hire should be left to the client. However, the firm could provide such services as: i. Reviewing the professional qualifications of a number of applicants and providing advice on their suitability for the post. ii. producing a short-list of candidates for interview, provided it has been drawn up using criteria specified by the assurance client. However, a contingent fee charged by a firm creates self-interest and advocacy threats that cannot be reduced to an acceptable level by the application of any safeguard. Accordingly, the firm should not enter into any such fee arrangement. Alternative 3: Providing audit staff on secondment to assist CIA AT A GLANCE A self-review threat may be created when a firm provides internal audit services to a financial statement audit client. The firm can provide its staff on secondment to the client subject to the application of safeguards given in alternative 1. IT systems services Where such services provided by the audit firm involve the design and implementation of Financial Information Technology Systems (FITS) a self-review threat might arise. Without the following safeguards the Code considers that this threat will probably be too significant for the work to be accepted: SPOTLIGHT The client acknowledging its responsibility for the system of internal controls. The client designating a competent employee, preferably senior management, to be responsible for management decisions in respect of the design and implementation of the system. The client making all such management decisions. The client evaluating the adequacy and results of the design and implementation of the system. The client being responsible for the operation of the system and the data generated by it. In the case of an audit client that is a public interest entity, a firm shall not provide services involving the design or implementation of IT systems that: form a significant part of the internal control over financial reporting; or generate information that is significant to the client's accounting records or financial statements on which the firm will express an opinion. Practice Question 37: You are the partner in charge of your Firm’s risk management department and in the said capacity your responsibilities interlaid include advising the firm’s engagement partners /managers on different aspects of the assurance and non-assurance services, in accordance with the applicable regulatory and independence framework. You have been requested for guidance on the following issues: Crimson Limited, an unlisted audit client has engaged a software company to automate its accounting and finance functions. The company wants to engage your firm to help in the implementation of the system. Required: a) Advise the concerned partners/managers as regards the acceptance of the above assignment. 84 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS b) Suggest possible modification in the scope or terms of engagement or possible safeguards, if any, to avail the opportunities within permissible limits. Solution: a) Since the company is unlisted, therefore accepting such an assignment is not altogether restricted by ICAP’s code of ethics. However, provision of such services may create selfreview threat. The client acknowledges its responsibility for establishing and monitoring the system of internal controls. The client makes all management decisions with respect to the design and implementation process. The client evaluates the adequacy and results of the design and implementation of the system. The client is responsible for the operation of the system (hardware or software) and the data used or generated by the system. The team engaged on the assignment should be different from the team employed on the audit engagement. Practice Question 38: AT A GLANCE b) In order to address the issue of self-review threat the auditor should apply appropriate safeguards i.e. ensure that: You are the quality control partner in Pirzada and Company, Chartered Accountants. The following matters are under your consideration: Required: Identify and evaluate the threats involved and explain what action would you take in the above circumstances including the steps required, if any, to reduce the risk to an acceptable level. Tutorial Notes: It is pertinent to remember that the allegation may or may not be true. Consequently, a structured response is required assuming both alternates. Solution: If the allegation by the client that the Systems Auditor has compromised the information relating to the company’s customers is correct, retaining the employee would pose similar threat at other clients also. Therefore, we should immediately take the following actions: a) Remove the Systems Auditor from all jobs till the matter is investigated and the allegation is confirmed or refuted. b) If the System Auditor is found guilty, he shall be dismissed immediately. c) The above situation casts doubt about the firm’s recruitment and training policies. These would need to be reviewed and re-evaluated. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 85 SPOTLIGHT To evaluate the network security system of Babar Limited (BL), your firm had acquired the services of a Systems Auditor. The Finance Director of BL has accused the Systems Auditor for compromising information relating to the company’s customers and providing their contact details to a competitor. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Practice Question 39: You are the quality control partner in a firm of chartered accountants. The following independent situations are under your consideration. Your firm has received a proposal from an audit client for implementation of a new IT system which the company has acquired. Required: Identify and evaluate the threats involved and explain what actions should be taken in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. Tutorial Notes: The fact to be remember is that the listed companies’ regulations clearly stipulate that prohibited services include financial information technology system design and implementation and such services can only be undertaken if the auditor conclude that it is not significant to overall financial statements. Solution: AT A GLANCE The listing regulations clearly stipulate that prohibited services by the auditors include financial information technology system design and implementation, significant to overall financial statements. However, if the auditor concludes that it is not significant to overall financial statements and is therefore permissible under the listing regulations, the situation would need to be assessed from the point of view of Code of Ethics, which states that: The provision of services involving design and implementation of information systems that are used to generate information forming part of financial statements may create a self-review threat. The self-review threat is likely to be too significant to allow the provision of such services to a financial statement audit client unless appropriate safeguards are put in place ensuring that; SPOTLIGHT The audit client acknowledges its responsibility for establishing and monitoring the system of internal controls; The audit client designates a competent employee preferably in the senior management cadre, with the responsibility to make all management decisions with respect to the design and implementation of the hardware or software system; The audit client evaluates the adequacy and result of the design and implementation of the system; and The audit client is responsible for the operation of the system (hardware or software) and the data used or generated by the system. Consideration should also be given to whether such non-assurance services should be provided only by personnel not involved in the financial statement audit engagement and with different reporting lines within the firm. Litigation support services Such services may include: acting as an expert witness calculating estimated damages assistance with document management and retrieval and could create a self-review or advocacy threat, depending on the materiality of the amounts involved and the subjectivity of the matter concerned. 86 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Safeguards might include: the service not being performed by a member of the audit team the firm having policies and procedures such that an individual is prevented from making any management decision on behalf of the client the involvement of independent experts. You are the quality control partner in Wiew and Company, Chartered Accountants. You have been assigned additional responsibilities for assessment of risks associated with the firm’s existing and proposed clients. At present, the following matters are under your consideration: JKL Limited, a listed audit client of your firm, has been in dispute with a supplier. JKL is of the view that it has suffered losses on account of breach of contract by that supplier. JKL intends to file a suit in a civil court and has asked you to estimate the amount of damages that may be claimed and provide a detailed calculation thereof. Required: Discuss the categories of threats involved in above situation and advise the partners as regards the possible course of action that may be followed. Tutorial Notes: A demarcation should be understood between litigation support services and legal services before attempting this question. Solution: AT A GLANCE Practice Question 40: JKL Limited: i. A self-review threat may be created when the litigation support services provided to a financial statement audit client include the estimation of the possible outcome and thereby affects the amounts or disclosures to be reflected in the financial statements. The significance of any threat created will depend on: ii. The materiality of the amounts involved: The degree of subjectivity inherent in the matter concerned; Wiew and Company, should evaluate the significance of any threat created and, if the threat is other than clearly insignificant, it should: Inform JKL that the decision with regard to the filing of suit and all allied matters is at the sole discretion of its management. The employees on the assignment should be clearly advised, not to participate in any managerial decision making. The professional on this assignment should not be involved in the assurance engagement. The involvement of others, such as independent experts should be considered, if necessary Legal services The threat will depend on the nature of the service, whether the provider is also a member of the assurance team and the materiality of the matter. Safeguards are likely to include those listed under general non-audit services above. Acting for an audit client in the resolution of a dispute or litigation where the amounts involved are material to the financial statements creates such significant an advocacy or self-review threat that the work should not be taken on. A partner or employee of the firm or the network firm shall not serve as General Counsel for legal affairs of an audit client THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 87 SPOTLIGHT CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Recruitment services The recruitment services for an audit client may create a self-interest, familiarity or intimidation threat. The level of the threat will depend on the role of the person to be recruited and the type of assistance sought. The firm is prohibited from acting as a negotiator on the client’s behalf. The firm is prohibited from providing recruitment services in relation to a director or senior management (such as CFO) in a position to exert significant influence over the preparation of the financial statements. For other roles, the firm may review CVs and draw up a short-list of candidates for interview but the decision as to who is hired, determining salary and benefits must be made by the client. Practice Question 41: You are the quality control partner in a medium size audit firm and have been asked to give your views on the following situations: Pentagon Limited, an unlisted assurance client, has requested your firm to assist them in the recruitment of the Chief Financial Officer (CFO) of the company. While shortlisting the candidates, it was found that the applicants include CFOs of two of your existing assurance clients. AT A GLANCE Required: Discuss the category of threat involved in above situation. Also explain the safeguards available with the firm which may eliminate or reduce the threat to an acceptable level. Solution: i. SPOTLIGHT Recruitment of senior management may create current or future self-interest, familiarity and intimidation threats. ii. Applications from CFOs of existing assurance clients has also created a threat to objectivity, as we perform services for these clients whose interests will be in conflict with Pentagon in respect of appointment of CFO. iii. The significance of the threat created should be evaluated and, if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to reduce the threat to an acceptable level. iv. The safeguards available to the engagement partner are the following: The firm should not make management decisions and engagement should be restricted to advising suitable qualification and making a list of suitable candidates. The decision as to whom to hire should be left to the client. The use of separate engagement team Procedures to prevent access to information (e.g., strict physical separation of such teams, confidential and secure data filing); Clear guidelines for members of the engagement team on issues of security and confidentiality. Practice Question 42: You are the quality control partner of Nasir and Company, Chartered Accountants (NCC)and presently following matter is under your consideration: Josh Limited (JL), an unlisted audit client of your firm has approached your firm to recruit a chartered accountant for the position of finance director in JL. In response to an advertisement published in the newspaper, NCC received various applications which include individuals working at some of your clients and some of your ex-employees. Required: Identify and evaluate the threats involved and explain what actions you would take in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. 88 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Tutorial Notes: Following points may be inadvertently missed while answering this question: Use of separate teams for audit and recruitment procedures. Confidentiality of the assignment and procedures to prevent access to confidential information. Solution: The recruitment of finance director for JL may result in self-interest, familiarity and intimidation threat. The service to be provided shall not involve making management decision and the decision as to whom to hire should be left to JL. A threat to Objectivity will be created, because the recruitment team may become biased while dealing with the applications of their former colleagues or if the recruitment team members know the employees of the clients who have applied for the job. Significance of threat should be evaluated and if the threat is other than clearly insignificant, safeguards should be considered, which may include: Procedures to prevent access to information (e.g. strict physical separation of audit and recruitment teams, confidential and secure data filing); and Clear guidelines for members of the engagement team and recruitment teams on issues of objectivity, confidentiality. The use of confidentiality agreements to be signed by employees and partners of the firm Practice Question 43: AT A GLANCE Use of separate engagement teams for the audit and recruitment procedure. You are the quality control partner in a firm of chartered accountants. The following independent situations are under your consideration. Required: Identify and evaluate the threats involved and explain what actions should be taken in the above circumstances including the steps required, if any, to reduce the risks to an acceptable level. Solution: Supervising employees of assurance client in the performance of their normal recurring activities may create self-review or self-interest threats. The significance of threats should be evaluated and if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to eliminate the threat or reduce to an acceptable level. Such safeguards might include: Making arrangement so that personnel providing such services do not participate in the assurance engagement; Involving an additional chartered accountant to advise on the potential impact of the activities on the independence of the firm and the assurance team; Corporate finance services Certain types of corporate finance services may create such significant an advocacy or self-review threat that the work should not be taken on. Audit firms should not: promote, deal in or underwrite an audit client’s shares commit an audit client to the terms of a transaction or complete a transaction on an audit client’s behalf THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 89 SPOTLIGHT Kamal, a manager in the firm is assigned on deputation for training of the newly hired staff in the accounts department of a brokerage house. The brokerage house is also an audit client of your firm. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS provide advice which depends on a particular accounting treatment or presentation in the financial statements (having a material impact) on which the firm will express an opinion In other cases, safeguards, such as not making management decisions and using individuals who are not members of the assurance team, should be considered. Practice Question 44: You are a chartered accountant in practice. The following situations have arisen in connection with two of your clients: A multinational company (MNC) which is planning to establish a place of business in Pakistan by forming a public limited company under the Companies Ordinance, 1984, has requested your firm to provide the following services: i. ii. Receive the funds remitted by the MNC. Make disbursements in accordance with the instructions of the MNC. Required: Explain how you would meet your professional obligations and responsibilities while carrying out the above assignment. AT A GLANCE Solution: i. While taking up the assignment, we should keep in mind the following: SPOTLIGHT A chartered accountant in practice should not assume custody of client’s monies unless permitted to do so by law. It creates a self-interest threat to professional behavior and may be a self-interest threat to objectivity. To safeguard against such threats, we would: ¯ keep such monies separately from firm’s assets. ¯ use such money only for the purpose for which they are intended; ¯ at all times, be ready to account for these assets, and any income, dividends or gains generated, to any persons entitled to such accounting. ¯ comply with all relevant laws and regulations relevant to the holding of and accounting for such assets ii. We should be aware of threats to compliance with the fundamental principles through association of such assets. For example, money derived from illegal activities. In order to safeguard against these threats, we should: ¯ make appropriate inquires about the source of such assets; ¯ consider their legal and regulatory obligations. ¯ seek legal advice. There is no bar to accepting this business as MNC is not our financial statements audit client. Practice Question 45: Your firm has been appointed as an advisor to Jupiter Limited (JL) an unlisted public company, which is an assurance client of your firm. JL wants to dispose of its shares in Pluto Limited, to a foreign buyer. As part of the assignment, your firm is required to act as an intermediary between the foreign buyer and JL, negotiate the payment terms, receive payments on behalf of JL and ultimately make disbursement to JL after the transfer of shares. Required: Identify the nature of threat(s) involved and explain how you would meet your professional obligations and responsibilities while carrying out the above assignment. 90 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: “This question required the students to identify the threats involved when a chartered accountant in practice acts as an intermediary between prospective buyers and the client, negotiating payment terms, securing payments, etc. The students were expected to identify the two main aspects giving rise to the threats, namely, the provision of advisory services (that may result in self-review threat and threat to independence), and having custody of assets (resulting in self-interest threats to professional behavior and objectivity). There was a mixed response from students with some identifying both aspects and the related threats and others identifying only one. However, almost all those who identified the threats correctly were also able to state the professional responsibilities and procedures required from the auditor. Solution: Acting as an intermediary between the perspective buyer and the client negotiating the payment terms, making arrangements for securing payments and ultimately making disbursements to the group of shareholders to a non-audit assurance client, will involve two aspects, i.e. Provision of advisory services Having custody of JL Assets i. Provision of advisory services Self-review threat and threat to independence would arise if services performed by your firm affect the subject matter information of assurance engagement performed by your firm. The significance of threats created should be evaluated and if the threat is other than clearly insignificant, safeguards should be considered and applied as necessary to reduce it to an acceptable level, which may include: Policies and procedures to prohibit professional staff from making management decision or assuming management responsibility for such decision. Discussing independence issues related to the provision of non-assurance services and nature and extent of fees charged, with those charged with governance, such as audit committee. Policies within the assurance client regarding the oversight responsibility for provision of non-assurance services by the firm. Involving an additional chartered accountant to advice on the potential impact of the non-assurance engagement on the independence of the member of the assurance team. Involving an additional chartered accountant outside of the firm to provide assurance on a discrete aspect of the assurance engagement. Obtaining the assurance client’s acknowledgement of responsibility for the results of the work performed by the firm. Making arrangements so that personnel providing non-assurance services do not participate in the assurance engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 91 SPOTLIGHT i. ii. AT A GLANCE Some students did not segregate their answers amongst the two issues and tried to provide a combined answer which resulted in various errors and omissions” CHAPTER 3: PROFESSIONAL ETHICS ii. CFAP 6: AARS Having custody of JL Assets While taking up the assignment, we should consider whether taking custody of client’s assets is permitted by law. Even if the law allows, it will still create a self-interest threat to professional behavior and may be a self-interest threat to objectivity. To safeguard against the threats identified, we should, keep such money separately from firm assets; use such money only for the purpose for which they are intended; at all times, be ready to account for the money received, and any income, dividends or gains generated, to any persons entitled to such accounting; comply with all relevant laws and regulations relevant to the holding of and accounting for such assets. We should be aware of threats to compliance with the fundamental principles through association of such assets. For example, money derived from illegal activities. In order to safeguard against these threats, we should: AT A GLANCE make appropriate inquiries about the source of such assets; consider their legal and regulatory obligations. seek legal advice. 2.17 Safeguarding independence The responsibility for safeguarding independence is shared between: the individual auditor (or audit practice) and the profession as a whole. The responsibilities of individual auditors and audit practices SPOTLIGHT There should be a culture of independence and a belief in auditors’ independence that is shared by all partners and employees in an audit firm. Where possible, there should be rotation of the engagement partner (the partner in charge of the audit) and of senior staff. Rotation means that an individual should not be involved in the annual audit of the same client company for more than a maximum number of years. In addition, an audit firm should have the following procedures in place: 92 Appropriate training, including training in how to maintain an independent opinion during audit work. Quality control procedures. A firm should have procedures for quality control to ensure that independence is considered in respect of all work undertaken by the audit firm. Consultation procedures. A firm should have internal procedures for consultation, whereby questions arising in relation to independence can be discussed. If an auditor becomes aware of a situation that may be seen to threaten their independence, appropriate action should be taken to resolve the issue. The action to be taken will depend on the circumstances, but might include any of the following: It may be possible to remove the threat to independence by a simple action, such as not accepting an offered gift or for an audit partner to dispose of shares that they hold in a client company, and so on. Sometimes, it may be necessary to reject a proposed appointment as auditor. For example, an audit firm may have to reject its appointment as auditor of a new client company where the guidance on fee income level would be breached (because the fee income from the client would exceed the maximum limits established by the professional guidelines). With an existing client, if an independence issue cannot be resolved, the ultimate action is to resign from the audit of the client. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS The responsibilities of the profession Professional bodies expect their members to comply with codes of conduct relating to independence and will take disciplinary action as appropriate. Such action might lead to a fine, reprimand or exclusion from membership. The profession and other interested parties regularly suggest new practices and procedures designed to improve auditor independence. Suggestions include: the regular rotation of auditors, to avoid too close a relationship developing between the auditor and the client over a long period of time. the use of audit committees. The responsibility for safeguarding independence is seen as shared between the individual auditor (or audit practice) and the profession as a whole. 2.18 Period During which Independence is Required The engagement period, which starts when the audit team begins to perform the audit; and The period covered by the financial statements. For recurring audits, independence is required until the notification by either party that the professional relationship has ended or the issuance of the final audit report. Example: Period of independence AT A GLANCE Independence shall be maintained during both: This situation presents threats to independence (self-interest and self-review) due to provision of non-assurance services to FMC during the period covered by the financial statements (January – December 2020). Hence, appropriate safeguards, such as ensuring team members provided non-assurance services are not part of the audit team, should be applied to mitigate underlying threats. 2.19 Mergers and Acquisitions In the current economic climate and due to continuing globalization, mergers and acquisitions are very common. However, independence is threatened when an entity become a related entity of an audit client because of a merger or acquisition. Threats are largely due to previous or current interests or relationships between the firm and such a related entity. The firm is required to end any interests or relationships that are not permitted by the Code, effective from the date of merger or acquisition. However, as an exception, those charged with governance may allow the firm to continue with such interests or relationships, subject to applying appropriate safeguards, but the interest or relationship must end no later than six months from the merger or acquisition. Safeguards in this situation include: Require a CA to review the audit or non-assurance work as appropriate. Require an engagement quality control review from a CA independent of the firm. Engage another firm to evaluate the results of the non-assurance service or having another firm reperform the non-assurance service to the extent necessary to enable the other firm to take responsibility for the service. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 93 SPOTLIGHT ZH Chartered Accountants have just accepted an audit of FMC Limited for 31 December 2020 and signed the audit acceptance in October 2020. The firm previously provided tax advice to FMC on a tax matter in June 2020 and also seconded an advisory staff to their finance team for a period of 4 months from April – July 2020. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Practice Question 46: Identify and evaluate the threats involved and explain how these threats can be reduced to an acceptable level, in following situation: During the year, Jamil Limited (JL) had acquired Sarfraz Limited (SL) and the companies were subsequently merged. The due diligence exercise for the acquisition was performed by the same firm which carries out the annual audit of JL. At the time of planning, the auditor found that a significant provision has been made against SL’s inventories and accounts receivables. The management informed the auditor that the fact that the value of these assets was impaired came to its knowledge after taking control of SL. JL and SL are unlisted public companies. Tutorial Notes: Be sure to also consider the advocacy threat and its impact. Solution: Threats Faced: i. Self-Review Threat: AT A GLANCE Since judgments and conclusions reached during the due diligence exercise needs to be reviewed again for the purpose of the audit, there exists a self-review threat. The situation is all the more complex on account of the fact that impairment in the value of these assets could not be identified during the due diligence exercised. ii. Advocacy Threat: The auditor has an interest in concluding that no impairment has taken place and the previous valuation (as per the due diligence exercise) was correct. Hence there is an advocacy threat. Safeguards: SPOTLIGHT On account of above threats, the staff who had participated in the due diligence work should not be made part of the audit team. Even if the audit is carried out by staff other than the staff who carried out the due diligence exercise, the firm may take the following safeguards: Involve an additional chartered accountant to review the work done or otherwise advise as necessary. Consult an independent third party such as a professional regulatory body. Involve another firm to perform or re-perform part of the engagement. If the firm still wants to include the same team members, then besides the above safeguards the following additional safeguards would be advisable: 94 Not assigning work to team members (who had participated in the earlier assignment) in the audit areas, which were connected with the due diligence work. Reviewing their work carefully. Keeping the audit committee or those charged with governance of KL informed about the inclusion of the members in the audit team that were involved in due diligence. Assigning more senior staff to audit team than would be required if no such impairment in the value of assets had occurred. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Practice Question 47: You are the manager in Quality and Risk Management department in a firm of Chartered Accountants. A partner of the firm has informed you about the following: Zaheer Limited has approached your firm for transaction advisory services related to acquisition of Javed Limited, which is your audit client. Required: Give your views on above situation with regard to Code of Ethics. Solution: Implementing mechanisms to prevent unauthorized disclosure of confidential information as the interests of the two clients may be are in conflict. This could include: ¯ Using separate engagement teams who are provided with clear policies and procedures on maintaining confidentiality. ¯ Creating separate areas of practice for separate functions within the firm, which may act as a barrier to passing of confidential client information from one practice area to another within a firm. ¯ Establishing policies and procedures to limit access to client files, the use of confidentiality agreements signed by employees and partners of the firm and/or the physical and electronic separation of confidential information. Obtaining consent from Javed Limited, relating to acceptance of assignment from ZL. Regular review of the application of safeguards by a senior individual not involved with the two engagements. Requiring a chartered accountant who is not involved in providing the services or otherwise affected by the conflict, to review the work performed to assess whether the key judgments and conclusions are appropriate. Consulting with third parties, such as a professional body, legal counsel or another Chartered Accountant. 2.20 Making referrals An audit firm may enter into an arrangement with another entity, whereby the other entity agrees to pay a fee to the audit firm for referring clients. For example, a software company may specialise in selling accounting software packages or writing bespoke accounting software. It may enter into an arrangement with an audit firm whereby the audit firm will receive a fee every time it refers a client to the software firm with a view to buying a software package or software services. This type of arrangement could create a self-interest threat for the audit firm. However, it is permissible, provided that suitable safeguards are in place. Suitable safeguards might include the following: When making a referral, the audit firm should notify the client that it will receive a fee for the referral. This means that the client will be made fully aware of the financial benefit for the audit firm. The audit firm should monitor the quality of the products or services provided. In the case of referrals to a software company, this means having to keep the quality of the software packages and services under review, to make sure that they meet appropriate standards. (It is important that audit clients should not be referred to someone who provides poor-quality goods or services.) The firm should also obtain verification from all staff involved with the audit of a client who is referred, that they do not personally have any financial interest in the company or other entity to which the referrals are made. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 95 SPOTLIGHT AT A GLANCE Accepting of assignment from Zaheer Limited will result in conflict of interest, which will result in threat to objectivity. Significance of threat need to be evaluated and relevant safeguards should be applied to reduce the threats to an acceptable level. Such safeguards may include: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Furthermore, a Chartered Accountant in public practice may purchase all or part of another firm on the basis that payments will be made to individuals formerly owning the firm or to their heirs or estates. Such payments are not generally regarded as commissions or referral fees. Practice Question 48: You are the audit manager in Farhad and Company, Chartered Accountants. You have specific responsibility for assessing the risks associated with the firm’s existing and proposed listed clients. Presently the following matters are under your consideration: One of your assurance clients has requested your firm to provide consultancy services in relation to a proposed transaction with a company based in Singapore. As your firm does not have the expertise to undertake that assignment, it is considering to refer the assignment to Marvi & Company, Chartered Accountants. It is expected that your firm would receive a commission of15% of the assignment fee from Marvi & Company. Required: Discuss the categories of threats involved in the above situation and advise the partners as regards the possible course of action that may be followed. AT A GLANCE Solution: The payment of such referral fee create a: ¯ self-interest threat to objectivity; and ¯ Self-interest threat to professional competence and due care. Before referring the assignment, your firm should disclose to the client about the arrangement to receive a referral fee from Marvi & Company. Practice Question 49: SPOTLIGHT You are the quality control partner in Pirzada and Company, Chartered Accountants. The following matters are under your consideration: Your finance department has issued an invoice to Qamar Software Services (QSS) against referral fees for recommending services of QSS to an assurance and a non-assurance client. Your permission has been sought before sending the bill to QSS. Required: Identify and evaluate the threats involved and explain what action would you take in the above circumstances including the steps required, if any, to reduce the risk to an acceptable level. Solution: Qamar Software Services: a) Receiving of a referral fees for referring the services of QSS to clients may create a selfinterest threat to objectivity, professional competence and due care. b) (It should be ensured that the arrangement between Pirzada and Company, Chartered Accountants and QSS, regarding referral fees, is fully disclosed to the clients. 2.21 Mini case studies Case study 1: Tahir and Shafique A Pakistani audit firm, Tahir and Shafique, is faced with the following situations: Situation 1 Mr Tahir is one of the audit firm’s partners. He and his wife have been invited by the managing director of a private company, Entity X, to a weekend of celebrations in Dubai to mark the 20 th anniversary of the incorporation of Entity X. Mr Tahir has been the engagement partner throughout this time 96 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Situation 2 The firm has been approached by the directors of Entity Y, with a view to being appointed as auditors. One of the firm’s audit managers, Mr Kashif, is a company secretary of Entity Y, although he takes no part in its management. His parents are the sole directors and shareholders of Entity Y. Situation 3 The finance director of Entity Z, a private limited company, has requested that only certain staff are to be included on the audit team to prevent unnecessary interruption to the entity’s accounting department during the audit. In particular, he has requested that Dawood, who has been the accountant in charge of the audit for the last two years, be assigned to the audit and that the team contain no new trainees. Required What threats to objectivity are present in each of these situations and how should the audit firm deal with them? Situation 1 The fact that Mr Tahir and his wife have been invited to a ‘free’ weekend in Dubai represents a threat to the firm’s independence, because it would be perceived that they are too close to Entity X and therefore not truly independent. The offer should be refused as goods, services or hospitality should only be accepted when the value is clearly insignificant, which it is not to Mr Tahir and his wife in this case. AT A GLANCE Answer Situation 2 Mr Kashif takes no part in the management of Entity Y. However, if he is involved with the audit there may be actual or perceived threats to his objectivity as his immediate family members, his parents, are the directors of Entity Y. The firm must ensure that Mr Kashif is not part of the audit team and is not in a position to influence any members of the audit team. If this cannot be demonstrated, then the firm should not accept the audit engagement. Situation 3 The key ethical issues that arise in this situation are familiarity and possible intimidation. There is a risk that if Dawood is assigned to the audit over too long a period he might become unduly familiar with the client and its staff and lose his objectivity in relation to the assignment. The finance director’s request could amount to intimidation if there is any question that the audit would be withdrawn if the request was not complied with. Best practice is that audit firms should not allow clients to dictate staffing issues as it is important that audit firms staff their teams in the most appropriate way in terms of safeguarding against ethical threats, quality control on the audit and technical expertise. If the firm considers it not appropriate to comply with the finance director’s request, they should not do so, while assuring them that if different staff are assigned, they are required by professional standards to have obtained a good knowledge of the business and to be directed, supervised and reviewed well, hopefully therefore causing minimum disruption to operations. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 97 SPOTLIGHT Even if the invitation is declined, there is a potential problem with regard to the length of time that Mr Tahir has been the engagement partner – 20 years. He is by now likely to be overfamiliar with the client, and may be too trusting and/or sympathetic. The firm should strongly consider safeguards to independence in this situation such as rotating Mr Tahir away from this engagement. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Case study 2: Happy Days Your firm is the auditor of Happy Days, an entity which provides hospitality packages at racecourses around a single country. The managing director of Happy Days has suggested the following to your managing partner: All members of the audit team are to be offered two free tickets to a major event at the racecourse of their choice. Last year’s audit senior should be seconded to the organisation for a six-month period. The current year’s audit is not yet underway. Required Discuss which, if any, of the above proposals would be acceptable to your firm (and if not state why not), and set out the main safeguards, if any, which would be required. Answer AT A GLANCE Free tickets – not acceptable. The ICAP Code states that gifts or hospitality should only be accepted where the value is clearly insignificant (self-interest threat). This would be likely to be a considerable “perk” for audit team members and, in any case, would not give an appearance of independence. Secondment – acceptable with the following safeguards. The senior should not be involved in future audits (as there would be self-review and familiarity threats) and also shouldn’t be involved with the results of the previous audit. The composition of the current year’s audit team should be reviewed to ensure that the secondee would not be likely to have significant influence over the members of that team (through personal relationships) (familiarity and intimation threats). The secondee should not be in a position to influence management decisions and management must take responsibility for all such decisions. SPOTLIGHT 98 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS 3 CONFIDENTIALITY AND CONFLICTS OF INTEREST 3.1 The basic principle The ICAP Code of Conduct applies IFAC’s Code of Ethics regarding confidentiality. In both codes the duty of confidentiality is a fundamental principle of professional behaviour that information obtained in the course of professional work should not be disclosed to others or used unless: disclosure is permitted by law and consent has been obtained from the party to whom the duty of confidentiality is owed; or disclosure is required by law; or there is a professional duty or right to disclose, when not prohibited by law. Part of the rationale behind this requirement is that auditors need full and frank disclosure of information from a client in order to carry out their duties. If the client is not assured of confidentiality of this information, they may be unwilling to provide all relevant information to the auditor. Disclosure permitted by law and authorised by the client or employer For example: when an auditor is asked to report to a bank in relation to compliance with a loan covenant the auditor will seek the client’s authorisation before disclosing confidential information to the bank; when an auditor is asked to report to a listing authority (stock exchange) in relation to listing rules, again the auditor will seek the client’s authorisation before disclosing confidential information to the listing authority. Disclosure required by law An ICAP member may be required by law to disclose confidential information to an appropriate legal authority. In such circumstances the requirements of the law override the duty of confidentiality. The ICAP Code of Conduct provides the following illustrations of when disclosure is required: Producing documents or other evidence in the course of legal proceedings; or Disclosure to the appropriate public authorities of infringements of the law that come to light. One specific example is, where an ICAP member is required by law to make disclosure to the relevant legal authorities if they know, or have reason to suspect that a client has committed money laundering. Professional duty or right to disclose, when not prohibited by law Disclosure of confidential information is also permitted when an accountant has a professional duty or right to disclose, when not prohibited by law. The ICAP Code of Conduct gives a number of illustrations of when this applies: To comply with the quality review of a member body or professional body. To respond to an inquiry or investigation by a member body or regulatory body. To protect the professional interests of a Chartered Accountant in legal proceedings (for example when it is reasonably necessary to protect the interests of the member in making a defence against an official accusation of professional negligence). To comply with technical standards and ethics requirements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 99 SPOTLIGHT 3.2 Recognised exceptions to the duty of confidentiality AT A GLANCE Each of these three situations is discussed in more detail below. CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Other considerations In deciding whether or not to disclose confidential information, Chartered Accountants should consider the following points: Whether the interests of all parties, including third parties whose interests may be affected, could be harmed if the client or employer consents to the disclosure of information by the Chartered Accountant; Whether all the relevant information is known and substantiated, to the extent that it is practicable; when the situation involves unsubstantiated facts, incomplete information or unsubstantiated conclusions, professional judgment should be used in determining the type of disclosure to be made, if any; and The type of communication that is expected and to whom it is addressed; in particular, Chartered Accountants should be satisfied that the parties to whom the communication is addressed are appropriate recipients. It is possible that a member may be in doubt as to whether they have a right or duty to disclose information. Under such a circumstance they should seek legal advice or consult with ICAP for advice. 3.3 Improper use of information AT A GLANCE An ICAP member should not use, or appear to use, confidential information gained in the course of professional work for their personal advantage or for the advantage of a third party. For example: SPOTLIGHT A member should not deal in the shares of a client company in such a way that it might seem that information obtained in a professional capacity has been used for their personal advantage (so-called ‘insider dealing’). Where a member has confidential information from Client 1, which affects an assurance report on Client 2, they cannot provide an opinion on Client 2 that they already know, from this other source, to be untrue. If the member is to continue as auditor to Client 2, they must carry out normal audit procedures to enable the same information to be obtained from another source. Under no circumstances should there be any disclosure of confidential information outside the firm. Ultimately the auditor may have to resign. 3.4 Confidentiality of working papers An accountant’s working papers, which contain confidential client information, are the property of the accountant and should not normally be made available to outside parties. However, situations may arise where government agencies (for example, tax authorities) ask to see the accountant’s working papers relating to a particular client. In such situations, the accountant should act in the best interests of their client. If they feel that releasing the papers is in the best interests of their client, and the client has no objections, then the papers should be made available. Ultimately, the tax authorities are likely to have legislative powers to obtain the papers. Any lack of co-operation on behalf of the auditor or their client may add to any existing suspicions. Occasionally, the authorities may ask to see a sample of working papers from a firm of accountants but not in relation to any particular client. This may occur when the authorities have doubts about the quality of the work performed by that practice. Again, a ‘best interest’ approach should be adopted, allowing the authorities to review the papers if the accountant judges that this is in the best interests of the practice and its clients. An appropriate practical compromise may be achieved in this situation by arranging for an independent accountant to review the work and issue a report to the authorities. Practice Question 50: You have worked as a job in charge on the audit of financial statements of a multinational listed company, engaged in pharmaceutical business. During the course of your audit, you became aware of various facts and details about the company. 100 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS a) One of your close relative has got an offer for appointment as director marketing of the said client. He wants to be aware of the levels of remuneration at comparable positions in order to negotiate his remuneration properly. b) A manager in your firm (other than the engagement manager for the said client) has inquired about the internal controls in place, in respect of a specific process. Assuming that the same would be effective, he intends to recommend the same as best practice to a local pharmaceutical client. c) Your sister has asked you about the ingredients of a specialized nutritional product for children, being marketed by the company, which she is using for her child. You are aware of all the details about the said product, as you got the opportunity to perform tests on the costing of that product. d) One of your friends is working in the Ministry of Health, Government of Pakistan. He has asked you as to whether the company has complied with certain statutory requirements. You are aware of the fact that the company is not complying with the same and you have already included the matter in the management letter. With reference to specific provisions of law, he has convinced you that it is his duty to enquire about the same, and you are responsible to disclose the relevant information to the Ministry. He has also informed you that in case of no response, you may be served with a legal notice. e) Your younger brother intends to commence distribution business. He has asked you about the rate of commission and volume rebates being allowed by the said client to its distributors, as he wants to work out the feasibility of business. f) Your father invests his surplus funds in the capital market. Being aware of the fact that companies like that always have a five to ten year’s plan in place. He has asked you about the trend of earnings per share of the said company for the last five years, and the expected growth in the net profits for the next five years. AT A GLANCE It was a long engagement for which you had to move out of the city of your residence. Consequently, a number of people around you, including family, friends and colleagues, are aware of the fact that you were job in charge on the said audit. Some of them are interested in having certain information as discussed below: Discuss each situation to conclude as to whether or not you can provide the requisite information and the extent to which the same can be disclosed without compromising the professional ethics. Support your conclusions, with appropriate arguments. Solution: a) Information requested can be disclosed, to the extent of the remuneration of the chief executive, because in case of a public listed entity, it is public information. b) The information related to executive directors is disclosed in the financial statements on aggregate basis, hence it is not public and it would not be appropriate to disclose the same. c) You cannot provide him the information directly about his question, as according to the code of ethics, the confidentiality is applicable even in case of colleagues within the firm. d) However, code of ethics does not restrict the professional accountant to use his/her prior knowledge and experience, even on a new job. Accordingly, you can use your knowledge as benchmarks, if you form your independent view that these are appropriate for consideration as benchmarks. e) Information can be disclosed to the extent to which the details are made public by the company, which is a common practice and requirement of law in the nutrition sector. f) According to the Code of Ethics, a professional accountant may be required to disclose confidential information when: disclosure is permitted by law and is authorized by the client or the employer. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 101 SPOTLIGHT Required: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS disclosure is required by law. (For example in the course of legal proceedings or disclosure to appropriate public authorities if infringement of law is discovered.) In case a written notice is received from the Ministry of Health, the relevant information may be provided after ensuring that it is actually required by law. However, even in such case, the client should at least be informed before sending the information. g) You cannot provide any information. h) Past information of earnings per share may be disclosed; as the same is public information but future projections should not be disclosed as it is confidential information of the entity. 3.5 Conflicts of interest Conflicts between members and clients ICAP members or firms should not accept or continue an engagement where there is a conflict of interest between the member or firm and its client. The test is whether or not a “reasonable and informed third party” would consider the conflict of interest as likely to affect the judgement of the member or the firm. AT A GLANCE Examples of this might be: SPOTLIGHT when a CA is acting for two or more clients whose interests in relation to the matter are in conflict, such as: ¯ acting for seller and buyer relating to same transaction ¯ representing two clients in the same legal matter ¯ preparing valuation for two parties who are in adversarial position with respect to the asset when a CA competes with the client i.e. interests relating to the matter are in conflict providing advice to an entity seeking to acquire an audit client, where the firm is privy to confidential information during the audit relevant to the transaction advising a client to invest in a business in which the spouse of the CA has a financial interest advising a client on acquiring a business which the firm is also interested in acquiring the receipt of commission from a third party for the introduction of a client (for example, an accounting firm may be paid a commission by another entity, such as a firm of brokers, for introducing the entity to its client companies). Safeguards Accountant should have procedures in place to: identify possible conflict of interest situations evaluate the possible problem, and where necessary, take action to manage or avoid the conflict. Possible procedures include the following: Review relationships with all clients on a regular basis. Take care to consider potential conflicts of interest when deciding whether or not to take on new clients. If a potential conflict is identified, decide on an appropriate course of action. An appropriate course of action may be any of the following: ¯ Notify the clients involved and discuss the matter with them. ¯ Set up ‘Chinese walls’ to manage the problem. A Chinese wall is set up by using different members of staff on the assignments for each of the clients and locating them in different offices. The two groups of staff act independently of each other and do not communicate with each other except in an official capacity. 102 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS ¯ Consider resigning (or declining the new engagement offered) in respect of one of the two competing clients. Conflicts between competing clients A firm might act for two clients that are in direct competition with each other. The firm has a professional duty of confidentiality and so will not disclose confidential information about one client company to its competitor. Again, the test is whether a “reasonable and informed third party” would consider the conflict of interest as likely to affect the judgement of the firm. The approach that the accounting firm should take will be a matter of judgement and should reflect the circumstances of the case. Where the acceptance or continuance of an engagement would materially prejudice the interests of any client, the appointment should not be accepted or continued. Giving careful consideration to whether or not it is appropriate to accept an assurance engagement from a new client that is in direct competition with an existing client, it may be appropriate to decline the offer from the potential new client. Careful management of the clients, for example by ensuring that different members of staff are used on the two engagements. Full and frank disclosure to the clients of the potential conflict, together with suitable steps by the firm to manage the potential conflict of interest. Procedures to prevent access to information (such as physical separation of the teams and confidential and secure data filing). Such an approach is known as creating “Chinese walls”. Establishing clear guidelines on security and confidentiality and the use of confidentiality agreements. Regular review of safeguards in place. Advising one or both clients to seek additional independent advice. Disclosure and consent A CA is required to exercise professional judgement to determine whether specific disclosure and explicit consent are necessary to mitigate the threat created by the conflict of interest. Disclosures might be “General”, such as a common commercial practice by the CA or “Specific”, such as only to the affected clients of the circumstances of the particular conflict. Members are encouraged to make disclosure or consent in writing. However, if these are not in writing, a CA should sufficiently document the nature of the circumstances, safeguards applied, and consents obtained. For situations where the client refuses to provide explicit consent to the CA to provide services, the professional services or relevant relationships should be ended. A CA shall remain alert to confidentiality when making disclosures or sharing information within the firm. Confidentiality might be breached when seeking consent to perform: A transaction-related service for a client in a hostile takeover of another client of the firm. A forensic investigation for a client regarding a suspected fraud, where the firm has confidential information from its work for another client who might be involved in the fraud. When confidentially is breached, the firm shall only accept or continue an engagement if: The firm does not act in an advocacy role for any one client Adhere confidentiality between the engagement teams serving the two clients THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 103 SPOTLIGHT AT A GLANCE In other cases, possible safeguards might include the following: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS Practice Question 51: You are the statutory auditor of two listed companies, Alpha Limited and Gama Limited. Both the companies are in conflict with each other and involved in two major litigations. Required: Identify the threats involved in the above situation and also suggest related safeguards, if any. Solution: A threat to objectivity or confidentiality may be created when a chartered accountant in practice performs services for clients that are in dispute with each other. Following safeguards should be considered and applied as necessary to eliminate or reduce the threats to an acceptable level: AT A GLANCE The use of separate engagement teams. Procedures to prevent access to information (e.g., strict physical separation of such teams, confidential and secure data filing). The use of confidentiality agreements signed by employees and partners of the firm. Regular review of the application of safeguards by a senior individual not involved with relevant client engagement. Having a chartered accountant who is not involved in providing the service review the work performed to assess whether the key judgements and conclusions are appropriate. Consulting with third parties, such as professional body, legal counsel, etc. Disclose the nature of conflict of interest and the related safeguards to the clients in litigation. Where a conflict of interest poses a threat to one or more of the fundamental principles, including objectivity, confidentiality or professional behavior, that cannot be eliminated or reduced to an acceptable level through the application of safeguards, the chartered accountant may withdraw from the engagement. Practice Question 52: SPOTLIGHT (a) Dynamic (Private) Limited (DPL) is a client of your firm. At the finalization stage of annual audit, it was discovered that a senior member of the assurance team is the co-owner of a property, for the possession of which DPL has filed a legal case. On investigation, the member informed that the said case is pending for the last three years and he did not consider necessary to disclose it at the time of commencement of audit. Required: Discuss the matters that should be considered and the course of action which may be followed in the above situation. (b) Murree Limited (ML) and Bhurban Limited (BL) are listed assurance clients of your firm. BL has filed a claim of Rs. 50 million in the court in respect of low quality of goods delivered by ML. Upto last year ML had not acknowledged the claim of BL. However, in the planning phase, you were informed by ML’s management that in order to avoid bad reputation in the market and to continue its business relationship with BL, ML intends to settle the dispute by making a payment of Rs. 20 million to BL. The debt of Rs. 50 million is fully provided in the books of BL. Required: Being the auditor of both the companies, identify and evaluate the threats for the firm and explain how these can be reduced to an acceptable level. 104 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: a) According to the situation given in this part, litigation between the client and a senior assurance team member was discovered during finalization stage of the audit. On inquiry, the concerned member had informed that he knew of the litigation but did not consider it necessary to disclose it. The candidates were required to discuss the matter and specify the course of action that the firm may adopt. b) According to the situation given in this part of the question, a firm was the auditor of two listed companies. One of the companies had filed a claim of Rs. 50 million against the other company for supply of low quality products. The performance in this part was good as majority of the candidates were able to fulfil the requirement of identifying the related threats and the measures to mitigate such threats. Many candidates secured full marks also. AT A GLANCE Most of the students were able to identify the related threats, discuss the significance of the threat and the measures to mitigate such threat. However, very few of them could look beyond that. They did not realize that the possible reason for failure of the assurance team member to disclose the fact was important. His statement that he didn’t felt the need to disclose this information was indicative of the fact that the firm had no policy in this regard or this policy was not clearly stated or communicated to the staff. This aspect was not covered by majority of the students. Solution: Disclosing to the audit committee or others charged with governance, the extent and nature of litigation. Involving an additional chartered accountant in the firm who was not a member of the assurance team to review the work done or otherwise advise as necessary. If the assurance team member knew about the suit filed and he does not disclose the fact to the firm then, it raises questions related to independence and integrity of the assurance team member, and possible course of action, in additions to the steps taken above may include: If the employee avoided declaring his interest by making an incorrect declaration, appropriate action should be taken against him as per the firm’s policies. If no such declaration is required under the firm’s policies, then the QCR policies of the firm need to be reviewed and revised appropriately. Assurance member’s argument that he did not consider it necessary to disclose the matter is indicative of deficiency in the training program of the firm and needs improvement. b) A threat to objectivity or confidentiality may be created when a chartered accountant in practice performs services for clients that are in dispute with each other. Significance of threats should be evaluated, if threats are other than clearly insignificant, following safeguards should be considered and applied as necessary to eliminate them or reduce them to an acceptable level: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 105 SPOTLIGHT a) When litigation takes place, or appears likely, between the firm or a member of the assurance team and the assurance client, a self-interest or intimidation threat may be created. The significance of the threat created will depend upon materiality of the litigation. In this regard, the following steps may be undertaken: CHAPTER 3: PROFESSIONAL ETHICS AT A GLANCE Notifying the client of the firm’s business interest or activities that may represent a conflict of interest and obtaining their consent to act in such circumstances; Notifying all known relevant parties that the chartered accountant in practice is acting for two parties in respect of a matter where their respective interests are in conflict, and obtaining their consent to do so; Notifying the client that the chartered accountant in practice does not act exclusively for any one client in the provision of proposed services and obtaining their consent to so act; The use of separate engagement teams; Procedures to prevent access to information (e.g., strict physical separation of such teams, confidential and secure data filing); Clear guidelines for members of the engagement team on issues of security and confidentiality; The use of confidentiality agreements signed by employees and partners of the firm; Regular review of the application of safeguards by a senior individual not involved with relevant client engagement. Where a conflict of interest poses a threat to one or more of the fundamental principles, including objectivity, confidentiality or professional behavior, that cannot be eliminated or reduced to an acceptable level through the application of safeguards, the chartered accountant may resign from the engagement. SPOTLIGHT 106 CFAP 6: AARS THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS 4 CORPORATE FINANCIAL ADVICE 4.1 Advising clients involved in take-over bids or share issues Auditors are often asked to give corporate finance advice. However, as you saw earlier, certain types of corporate finance services may create such significant advocacy and self-review threats that the work should not be taken on, such as: promoting, dealing in or underwriting an assurance client’s shares committing an assurance client to the terms of a transaction or completing a transaction on an assurance client’s behalf. Where clients are involved in a contested take-over bid, the auditors could find themselves in a position where they are potentially acting for both parties. there is a danger that the firm cannot give objective professional advice in the best interests of both parties (a possible lack of independence) the firm may be in possession of confidential information relating to each party, with a risk that the information may inadvertently become available to the other party (a possible breach of confidentiality). Guidelines in this area are as follows: There is no reason, in principle, why firms should not act for both parties when a contested takeover bid occurs. However, a firm should not be the sole or main advisor to both parties. If the accountants are in possession of material confidential information and feel that their position in this respect is questionable, they should take advice from the appropriate financial regulatory authority (for example, the stock exchange involved in the take-over or the national regulator of the financial markets). Similar conflicts of interest may arise in connection with issues of shares to the public, because the accountants may be advising both the company issuing the shares and potential investors (such as companies interested in buying an investment in the shares or investment institutions). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 107 SPOTLIGHT AT A GLANCE In this situation: CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS 5 RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATIONS Non-compliance with laws and regulations (NOCLAR) comprises acts of omission or commission, intentional or unintentional, which are contrary to the prevailing laws or regulations committed by the entity’s management/directors/those charged with governance. A chartered accountant might encounter or be made aware of non- compliance or suspected non-compliance when providing a professional service to a client. A self-interest or intimidation threat to compliance with the principles of integrity and professional behavior is created when a CA becomes aware of non-compliance or suspected non-compliance with laws and regulations. Laws and regulations that a CA is required to consider are: Those laws and regulations that have a direct effect on the determination of material amounts and disclosures in the client’s financial statements; and Other laws and regulations whose compliance is fundamental to the operating aspects of the client’s business, or to its ability to continue its business, or to avoid material penalties. 5.1 Actual or suspected non-compliance AT A GLANCE If during an audit a CA becomes aware of NOCLAR issue (actual or suspected), the CA should obtain an understanding of the nature and circumstances in which the non-compliance (actual or suspected) has occurred or might occur. While a CA is expected to apply knowledge and expertise and exercise professional judgement, whether an act constitutes a NOCLAR is ultimately a matter to be determined by a court or other appropriate adjudicative body. A CA can follow steps when actual or suspect non-compliance has or might occur: SPOTLIGHT Consult, on a confidential basis, with others within the firm (quality and risk staff), with ICAP, or with legal counsel. Discuss the matter with the appropriate level of management (usually at least one level above the individual or individuals involved or potentially involved in the matter) and those charged with governance. Discuss the matter with internal auditors or risk managers, where appropriate. 5.2 Management’s action Management and those charged with governance are responsible to take appropriate and timely action in responding to the non-compliance. A CA shall assess the appropriateness of the response of management and those charged with governance in dealing with the non-compliance. In situations where a CA has no confidence in the integrity of management and those charged with governance (such as when management is involved or had knowledge of non-compliance and did not take any action), the member should: Disclose the matter to an appropriate authority even when there is no legal or regulatory requirement to do so. Withdraw from the engagement and the professional relationship, where permitted by law or regulation. The Code permits the predecessor auditor to provide all relevant facts and other information concerning the identified or suspected non-compliance to the incoming auditor even where the client fails or refuses to grant the predecessor accountant permission to discuss the client’s affairs with the proposed auditor, unless prohibited by law or regulation. 108 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 3: PROFESSIONAL ETHICS 5.3 Disclosure of non-compliance A CA should determine whether to disclose the matter to an appropriate authority. This determination depends on the nature and extent of the actual or potential harm that is or might be caused by the matter to investors, creditors, employees, or the general public. Disclosure may be warranted in situations such as: The entity is engaged in bribery The entity is regulated, and the matter is of such significance as to threaten its license to operate The entity is listed, and non-compliance might result in adverse consequences to trading The entity may sell harmful products to public The entity is involved in evading taxes act in good faith exercise caution when making statements and assertions consider whether it is appropriate to inform the client before disclosing the matter. Linking ethical code with the ISAs SPOTLIGHT It is vital to consider the requirements of ISA 250 “Consideration of Laws and Regulations in an Audit of Financial Statements” to understand what the auditor’s duty in regard to laws and regulations relevant to the financial statements audit. Furthermore, it is also important to consider the requirements of ISA 260 “Communication with Those Charged with Governance” to establish when and what matters are required to be communicated to directors and those charged with governance, including actual or suspected instances of non-compliance. AT A GLANCE The fundamental principle of confidentiality prohibits disclosure of confidential information acquired as a result of professional and business relationships outside the firm without proper and specific authority, unless there is a legal or professional duty or right to disclose. However, in situations where a CA determines that disclosure of the non-compliance to an appropriate authority is an appropriate course of action, that disclosure is permitted pursuant to the confidentiality requirements of the Code. When making such disclosure, the CA shall: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 109 CHAPTER 3: PROFESSIONAL ETHICS CFAP 6: AARS 6 PAIB REQUIREMENTS FOR CHARTERED ACCOUNTANTS IN PRACTICE The Code prescribes Professional Accountants in Business (PAIB) ethical requirements to those chartered accountants working in public practice/audit firms in the capacity of employees. Examples of situations in which PAIB provisions in the Code apply to a chartered accountant in practice include: Facing a conflict of interest when being responsible for selecting a vendor for the firm when an immediate family member of the accountant might benefit financially from the contract. The requirements and application material relating to conflict (s210) of interest apply in these circumstances. Preparing or presenting financial information for the accountant’s client or firm. The requirements and application material relating to preparing and presentation of financial statements (s220) apply in these circumstances. Being offered an inducement such as being regularly offered complimentary tickets to attend sporting events by a supplier of the firm. The requirements and application material relating to inducements, including gifts and hospitality (s250) apply in these circumstances. AT A GLANCE Facing pressure from an engagement partner to report chargeable hours inaccurately for a client engagement. The requirements and application material relating to pressure to breach the fundamental principles (s270) apply in these circumstances. SPOTLIGHT 110 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 4 APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE AT A GLANCE SPOTLIGHT 1. Agreeing the Terms of Audit Engagements (ISA 210) 2. Quality Control for an Audit of Financial Statements (ISA 220 (REVISED) 3. Quality Management For Firms That Perform Audits And Review Of Financial Statements, or Other Assurnace or Related Service Engagments (ISQM-1) 4. Engagment Quality Control Review ( ISQM-2) 5. The IAASB’s Framework for Audit Quality 6. Quality Control Review (QCR) Framework by ICAP 7. Planning an Audit of Financial Statements (ISA 300) 8. Changes in a professional appointment 9. Obtaining and charging for professional work ISA-210 deals with the auditor’s responsibilities in agreeing the terms of the audit engagement with management and those charged with governance, including establishing that certain preconditions for an audit, responsibility for which rests with management and those charged with governance, are present. ISA-220 (Revised) deals with the specific responsibilities of the auditor regarding quality control procedures for an audit of financial statements. It also addresses, where applicable, responsibilities of the engagement quality control reviewer ISQM 1 deals with a firm’s responsibilities for its system of quality control for audits and reviews of financial statements, and other assurance and related services engagements. ISQM 2 addresses the specific requirements for the appointment and eligibility of the engagement quality reviewer and the performance and documentation of the review. The Framework for Audit Quality describes in a holistic manner the different elements that create the environment for audit quality at the engagement, firm, and national levels, as well as relevant interactions and contextual factors ISA-300 deals with the auditor’s responsibility to plan an audit of financial statements. This ISA is written in the context of recurring audits. Additional considerations in an initial audit engagement are separately identified. This chapter also deals with the situations where a Chartered Accountant is asked to assume a position that was being held by another existing Chartered Accountant in an entity and encompasses the communication between these accountants as per Code of Ethics 2019. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 111 SPOTLIGHT IN THIS CHAPTER: AT A GLANCE AT A GLANCE CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 1. AGREEING THE TERMS OF AUDIT ENGAGEMENTS (ISA 210) 1.1 Preconditions for an Audit (Ref: 6-8, A2-A21) a) Determine whether financial reporting framework to be applied in the preparation of the financial statements is acceptable; and Factors relevant to auditor's determination of acceptability of financial reporting framework are: Nature of entity (e.g. business enterprise or not-for-profit) Purpose of financial statements (e.g. General purpose financial statements or Special Purpose financial statements) Nature of financial statements (e.g. complete set of financial statements or a single financial statements); and Whether law or regulation prescribes applicable financial reporting framework. Deficiencies in applicable financial reporting framework may be encountered after acceptance of audit engagement. Management may decide to adopt another framework that is acceptable. AT A GLANCE Jurisdictions not having standards setting organizations or prescribed financial reporting framework (Appendix 2) SPOTLIGHT When these accounting conventions are widely used in that particular jurisdiction, accounting profession in that jurisdiction may consider acceptability of financial reporting framework on behalf of the auditors. Auditor may also make determination by considering whether accounting conventions exhibit following attributes: ¯ Relevance ¯ Completeness ¯ Reliability ¯ Neutrality ¯ Understandability Auditor may also compare accounting conventions with an existing acceptable financial reporting framework (e.g. IFRS) Collection of accounting conventions devised to suit individual preferences is not an acceptable financial reporting framework for general purpose financial statements. Compliance framework will not be an acceptable financial reporting framework, unless it is generally accepted in particular jurisdictions by preparers and users. Practice Question 01: You are a partner in a firm of chartered accountants. Your firm has recently been approached by an off-shore entity incorporated in British Virgin Island for appointment as an auditor for the year ending 30 September 2019. The entity is following locally developed accounting standards in the preparation of its financial statements. On your query regarding availability of records and information, the entity has informed you that they will electronically send the scanned copies of the records/information required for the audit purpose. Required: Discuss the matters that your firm should consider before accepting the above audit engagement. 112 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Tutorial Notes: The answer to this question should comprise of three main components which are client acceptance procedure, acceptability of financial reporting framework and appropriateness of audit evidence in electronic form. A typical mistake could be focusing on one aspect of the question and ignoring the rest. Answering that the framework is acceptable without discussing how to assess its acceptability would not be a right course of action. Solution: The firm needs to consider the following before accepting the appointment as the auditor of an off-shore entity: Consider whether local laws allow to audit an off-shore entity. Consider whether laws of BVI permits audit by an auditor registered outside BVI. Inquire from the prospective client the reasons for not appointing an auditor from BVI. Perform the following client screening procedures: ¯ Determine whether acceptance would create any threats to compliance with the fundamental principles. Potential threats to integrity or professional behavior may be created from, for example, questionable issues associated with the client (its owners, management or activities), client involvement in illegal activities (such as money laundering), dishonesty or questionable financial reporting practices. ¯ Consider whether the audit team will have sufficient knowledge of the applicable financial reporting framework and the laws and regulation of BVI. A self-interest threat to professional competence and due care is created if the engagement team does not possess, or cannot acquire, the competencies necessary to properly carry out the engagement. Obtain professional clearance letter from the predecessor auditor. Acceptability of financial reporting framework: Consider the following for determining the acceptability of the financial reporting framework: Nature of the entity Purpose of the financial statements Nature of the financial statements Whether law or regulation prescribes the applicable financial reporting framework. Whether it is a general purpose financial statements or special purpose financial statements. Whether it is a compliance framework or fair presentation framework The framework/accounting conventions being used by the entity needs to be sorted out for relevance, completeness, reliability, neutrality and understandability. The accounting conventions used by the entity may be compared with the requirements of an existing financial reporting framework considered to be acceptable such as IFRS. If there are differences identified in accounting conventions being used and an acceptable reporting framework, the reasons of differences need to be analyzed and assess whether application of accounting conventions as reporting framework would make financial statements misleading. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 113 SPOTLIGHT AT A GLANCE Client acceptance procedures: CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Sufficiency and appropriateness of audit evidence in electronic form: In order to undertake the audit, the firm will ensure that sufficient and appropriate audit evidence can be obtained through application of audit procedures designed. ISA 500 on audit evidence specifies that evidence obtained through original documents is more reliable than provided by photocopies or otherwise transformed into electronic form. Furthermore, all audit evidence cannot be obtained from scanned copies of documents. For some of the audit procedures physical presence is required, such as for procedures related to inspection, observation, etc. b) Agreement of responsibilities of management (premise) If premise is not present, auditor will be unable to obtain sufficient appropriate audit evidence. Auditor may need to explain the importance of these matters, and implications for auditor's report. 1. 2. AT A GLANCE 3. 4. 5. 6. Preparation of financial statements in accordance with the applicable financial reporting framework. Preparation includes presentation. As accounting books and records are an integral part of internal control as defined in ISA 315(REVISED 2019), no specific reference is made to them. To avoid misunderstanding, it may be appropriate for auditor to explain to management scope of this responsibility. To provide the auditor with: Access to all information; Additional information that the auditor may request Unrestricted access to persons within the entity If preconditions are not present, auditor shall discuss the matter with management. Auditor shall not accept audit engagement, unless required by law or regulation to do so. If management/those charged with governance impose a scope limitation of pervasive nature (requiring to disclaim opinion), auditor shall not accept engagement, unless required by law or regulation to do so. 1.2 Agreement on Audit Engagement Terms (Ref: 9-12, A22-A29) SPOTLIGHT Principal contents: 1. 2. 3. 4. 5. Objective and scope of audit; Responsibilities of the auditor; Responsibilities of management; Identification of the applicable financial reporting framework for the preparation of financial statements; and Reference to expected form and content of any reports to be issued by auditor and a statement that deviations may be expected from its expected form and content. Optional Contents – Judgment required 1. 2. 3. 4. 5. 6. 7. 114 Elaboration of scope of audit + reference to applicable legislation, regulations, ISAs etc. Form of any other communication of results. Requirements for the auditor to communicate Key Audit Matters (KAM) as per ISA-701 Fact that because of inherent limitations of audit & internal control, there is risk that some misstatements may not be detected, even though audit is properly planned & performed Arrangements regarding planning and performance of audit, team including composition Expectation that management will provide written representation Agreement of management to make available to auditor draft financial statements and any accompanying other information on timely basis. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 8. Agreement of management to inform auditor of facts that may affect financial statements during date of auditor's report to date of issuance of financial statements 9. Basis on which fees are computed and any billing arrangements. 10. Request for management to acknowledge receipt of audit engagement letter and agree. Additional Contents (If relevant) 1. 2. 3. 4. 5. 6. Arrangements about involvement of other auditors and experts. Arrangements concerning the involvement of internal auditors and other staff of the entity. Arrangements to be made with predecessor auditor (initial audit) Any restriction of auditor's liability when such possibility exists. A reference to any further agreements between auditor and entity Any obligations to provide audit working papers to other parties. AUDITS OF COMPONENTS 1. 2. 3. 4. 5. AT A GLANCE When auditor of a parent entity is also auditor of a component, the factors that may influence the decision whether to send a separate audit engagement letter to component include the following: Who appoints the component auditor; Whether a separate auditor's report is to be issued on component; Legal requirements in relation to audit appointments; Degree of ownership by parent; and Degree of independence of component management from parent. 1.3 Recurring Audits (Ref: 13, A30) Auditor may decide not to send a new audit engagement letter or other written agreement each period. However, following factors may make it appropriate to revise terms or to remind the entity: Any indication that entity misunderstands the scope of audit. Any revised or special terms of the engagement. A recent change of senior management. A significant change in ownership. A significant change in nature or size of entity's business. A change in legal or regulatory requirements. A change in the financial reporting framework adopted in preparation of financial statements. A change in other reporting requirements. SPOTLIGHT 1. 2. 3. 4. 5. 6. 7. 8. 1.4 Acceptance of a Change in the Terms of the Audit Engagement (Ref: 14-17, A31-A35) Request to Change the Terms of the Audit Engagement 1. 2. 3. 4. Such request may result from a: Change in circumstances affecting the need for the service; A misunderstanding as to nature of an audit as originally requested; or A restriction on scope of the audit. Auditor shall not agree to such change where there is no reasonable justification for such. Reason 1 & 2 may be considered a reasonable basis. Not be considered reasonable if change relates to incorrect or unsatisfactory information. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 115 CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Request to Change to a Review or a Related Service 1. Auditor shall determine whether there is reasonable justification. 2. Auditor may need to assess any legal or contractual implications. 3. Audit work performed till date of change may be relevant to new engagement. But changed report would not include reference to: Original audit engagement; or Any procedures till date, except where audit is changed to agreed-upon procedures. 4. Auditor and management shall agree on and record new terms of engagement. 5. If auditor is unable to agree and is not permitted to continue the audit, auditor shall: Withdraw from audit engagement, where possible under applicable law or regulation. Determine whether there is any obligation to report the circumstances to other parties e.g. those charged with governance/owners/regulators. 1.5 Additional Considerations in Engagement Acceptance (Ref: 18-21, A36-A39) AT A GLANCE Financial Reporting Standards Supplemented by Law/Regulation 1. Auditor shall determine whether there are any conflicts between standards and the requirements of Law. 2. If conflict exist, auditor shall agree with management whether: 3. Additional requirements can be met through additional disclosures in financial statements; or Description of applicable financial reporting framework in financial statements can be amended accordingly. If neither of the above actions is possible, auditor shall determine implications of ISA 705. SPOTLIGHT Practice Question 02: A regulatory body has recently revised certain requirements pertaining to the information to be disclosed in the financial statements of one of your existing clients. These requirements may be in conflict with the financial reporting framework being followed by the client. You have informed the client that in view of the possible conflict, the audit report may require a modification. However, the client has expressed its reservations over the issue and requested you to avoid modifying the report. Required: Based on the requirements of the relevant International Standards on Auditing draft an appropriate response to the client, explaining the possible reasons for modification and the circumstances in which such a modification may be avoided. Tutorial Notes: Students should have a sound grip on the concept of framework. Presentation and writing skills are much needed in answering this question. Students should use the suggested answers to really understand as to how such questions are required to be dealt with. The primary requisite is the knowledge of the related standard whereas good presentation and writing skills are also essential in answering such questions. 116 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Solution: Dear Sir, If there is a conflict between the new requirements introduced by the regulatory body and the existing financial reporting framework we will have to assess the situation and proceed in the following manner: We hope that the above points will clarify your concerns relating to the compliance with the additional requirements, introduced by the regulatory body and the possible reasons due to which we may need to modify our opinion. Yours faithfully, XYZ and Company, Chartered Accountants AT A GLANCE If the compliance with additional requirements can be met through additional disclosures, you shall be required to incorporate the additional disclosures in the financial statements. as the external auditor we shall ensure the adequacy of the disclosures. If the additional requirements cannot be met with the additional disclosures, you will need to amend the description of applicable financial reporting framework mentioned in the Statement of Compliance in Policy notes of the financial statements In case you don’t agree with incorporating additional disclosures or the amendment of the description of the applicable financial reporting framework, then in this case we may require modifying our opinion in accordance with the applicable International Standard on Auditing. 1.6 Financial reporting framework Prescribed by Law or Regulation 2. If auditor determine that such framework would be unacceptable, but as it is prescribed by law, auditor shall accept audit engagement only if the following conditions are present: Management agrees to provide additional disclosures to avoid financial statements being misleading; and It is recognized in terms of the audit engagement that: ¯ Report will have an “Emphasis of Matter paragraph” referring additional disclosures. ¯ Opinion will not include phrases like "present fairly, in all material respects," or "give a true and fair view" in accordance with applicable financial reporting framework If above 2 conditions are not present auditor shall: Evaluate the effect of the misleading nature of financial statements on the auditor's report; and Include appropriate reference to this matter in the terms of the audit engagement. 1.7 Auditor's Report Prescribed by Law or Regulation 1. If wording of report is significantly different from requirements of ISAs, auditor shall evaluate: Whether users might misunderstand the assurance obtained from audit and, if so, Whether additional explanation in report can mitigate possible misunderstanding. 2. If auditor concludes that additional explanation cannot mitigate possible misunderstanding, auditor shall not accept the engagement, unless required by law or regulation. 3. Such an audit does not comply with ISAs. Accordingly, auditor shall not include any reference to audit having been conducted in accordance with ISAs. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 117 SPOTLIGHT 1. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Appendix 1 - Example of an Audit Engagement Letter To the appropriate representative of management or those charged with governance of ABC Company: [The objective and scope of the audit] You have requested that we audit the financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. We are pleased to confirm our acceptance and our understanding of this audit engagement by means of this letter. Our audit will be conducted with the objective of our expressing an opinion on the financial statements. [The responsibilities of the auditor] AT A GLANCE We will conduct our audit in accordance with International Standards on Auditing (ISAs). Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. Because of the inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some material misstatements may not be detected, even though the audit is properly planned and performed in accordance with ISAs. SPOTLIGHT In making our risk assessments, we consider internal control relevant to the entity’s preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. However, we will communicate to you in writing concerning any significant deficiencies in internal control relevant to the audit of the financial statements that we have identified during the audit. [The responsibilities of management and identification of the applicable financial reporting framework (for purposes of this example it is assumed that the auditor has not determined that the law or regulation prescribes those responsibilities in appropriate terms; the descriptions in paragraph 6(b) of this ISA are therefore used).] Our audit will be conducted on the basis that [management and, where appropriate, those charged with governance] acknowledge and understand that they have responsibility: a) For the preparation and fair presentation of the financial statements in accordance with International Financial Reporting Standards; b) For such internal control as [management] determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error; and c) To provide us with: i. Access to all information of which [management] is aware that is relevant to the preparation of the financial statements such as records, documentation and other matters; ii. Additional information that we may request from [management] for the purpose of the audit; and iii. Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence. 118 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE As part of our audit process, we will request from [management and, where appropriate, those charged with governance], written confirmation concerning representations made to us in connection with the audit. We look forward to full cooperation from your staff during our audit. [Other relevant information] [Insert other information, such as fee arrangements, billings and other specific terms, as appropriate.] [Reporting] [Insert appropriate reference to the expected form and content of the auditor’s report.] The form and content of our report may need to be amended in the light of our audit findings. Please sign and return the attached copy of this letter to indicate your acknowledgement of, and agreement with, the arrangements for our audit of the financial statements including our respective responsibilities. XYZ & Co. AT A GLANCE Acknowledged and agreed on behalf of ABC Company by (signed) Name and Title Date 1.8 Tutorial note The important paragraphs of the standard, to be focused more by the students are: Core Paragraphs: 6, 10, 17 to 21 SPOTLIGHT Explanatory Paragraphs: A4, A8, A23, A24, A25, A28 and A33 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 119 CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 2. QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS (ISA 220 (REVISED)) 2.1 The Firm’s System of Quality Management and Role of Engagement Teams Under ISQM 1, the objective of the firm is to design, implement and operate a system of quality management for audits or reviews of financial statements, or other assurance or related services engagements performed by the firm, that provides the firm with reasonable assurance that: a) The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and (b) Engagement reports issued by the firm or engagement partners are appropriate in the circumstances. The engagement team, led by the engagement partner, is responsible, within the context of the firm’s system of quality management and through complying with the requirements of this ISA, for: AT A GLANCE a) Implementing the firm’s responses to quality risks (i.e., the firm’s policies or procedures) that are applicable to the audit engagement using information communicated by, or obtained from, the firm; b) Given the nature and circumstances of the audit engagement, determining whether to design and implement responses at the engagement level beyond those in the firm’s policies or procedures; and c) Communicating to the firm information from the audit engagement that is required to be communicated by the firm’s policies or procedures to support the design, implementation and operation of the firm’s system of quality management. A quality audit engagement is achieved through planning and performing the engagement and reporting on it in accordance with professional standards and applicable legal and regulatory requirements. In accordance with ISA 200, the engagement team is required to plan and perform an audit with professional skepticism and to exercise professional judgment. 2.2 Scalability SPOTLIGHT The requirements of this ISA are intended to be applied in the context of the nature and circumstances of each audit. The Engagement Partner’s Responsibilities The engagement partner remains ultimately responsible, and therefore accountable, for compliance with the requirements of this ISA. The objective of the auditor is to manage quality at the engagement level to obtain reasonable assurance that quality has been achieved such that: a) The auditor has fulfilled the auditor’s responsibilities, and has conducted the audit, in accordance with professional standards and applicable legal and regulatory requirements; and b) The auditor’s report issued is appropriate in the circumstances. 2.3 Leadership Responsibilities for Managing and Achieving Quality on Audits It is engagement partner’s responsibility to manage and achieve quality on the audit engagement, in doing so, the engagement partner shall be sufficiently and appropriately involved throughout the audit engagement to ensure whether the significant judgments made, and the conclusions reached, are appropriate given the nature and circumstances of the engagement. The engagement partner is also required to take responsibility for creating an environment for engagement that emphasizes firm’s culture and expected behaviour of engagement team members, for this the engagement partner shall take responsibility for clear, consistent and effective actions including emphasizing: That all engagement team members are responsible for contributing to the management and achievement of quality at the engagement level; The importance of professional ethics, values and attitudes to the members of the engagement team; 120 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE The importance of open and robust communication within the engagement team, and supporting the ability of engagement team members to raise concerns without fear of reprisal; and The importance of each engagement team member exercising professional skepticism throughout the audit engagement. 2.4 Relevant Ethical Requirements, Including Those Related to Independence The engagement partner should: - have an understanding of the relevant ethical requirements, including those related to independence - take responsibility for other members of the engagement team - remain alert throughout the audit engagement. If matters come to the engagement partner’s attention that indicate that a threat to compliance with relevant ethical requirements exists, the engagement partner shall evaluate the threat and take appropriate action. - prior to dating the auditor’s report, take responsibility for determining whether relevant ethical requirements, including those related to independence, have been fulfilled. The engagement partner should: - determine that the firm’s policies or procedures for the acceptance and continuance of client relationships and audit engagements have been followed, and that conclusions reached in this regard are appropriate. - take into account information obtained in the acceptance and continuance process in planning and performing the audit engagement. - communicate the information promptly to the firm for taking necessary action, if the engagement team becomes aware of information that may have caused the firm to decline the audit engagement if the firm had that information prior to accepting or continuing the client relationship or specific engagement. AT A GLANCE 2.5 Acceptance and Continuance of Client Relationships and Audit Engagements Beta Construction Company Limited (BCCL) is involved in the construction of large buildings and shopping plazas. The company commenced its business in 2004 by establishing an office in Karachi and has grown rapidly. It currently has offices in five major cities of the country and as many as 25 projects are in various stages of execution. A substantial portion of the work is done through sub-contractors. Payment to subcontractors is based on certificate of work completion which is issued by the supervisor incharge of each project. The certificate is sent through email to the finance department. The payment is credited directly into the bank accounts of the sub-contractors. Recently, the management has discovered that the project supervisor of a large project had issued a fraudulent work completion certificate. The preliminary investigation indicated that some other sub-contractors have also been paid fraudulently in the past and the practice was ongoing for the past two years. The management of BCCL has asked your audit firm to conduct an investigation into the matter. Your initial discussion with the client has revealed the following: i. ii. For the past four years the external auditors of the company are Alpha & Co. Chartered Accountants. They had issued unqualified audit reports for all those years and had not reported any internal control weakness in their management letters. Prior to approaching your firm, BCCL wanted to give this assignment to Alpha & Co. However, they expressed their inability to undertake the investigation work. Required: State the matters your firm should consider and the procedures that should be followed prior to the acceptance of this assignment. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 121 SPOTLIGHT Practice Question 03: CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Solution: Before accepting the assignment, your firm should consider the following factors: i. ii. iii. iv. Whether the firm possesses technical competence to perform such services. Whether required resources would be available to carry out the engagement. Could there be any threats to compliance with the fundamental principles? Are there any professional reasons for not accepting the engagement? Procedures to be followed by the Audit Firm The non-acceptance by the existing auditor to carry out the assignment may represent a threat to the fundamental principles. The necessary procedures to avoid this treat may be as follows: i. AT A GLANCE After informing the client approach to the existing auditor to ascertain any professional reason for not accepting their assignment. ii. Acquire an appropriate understanding of the nature of the BCCL’s business, the complexity of its operation and the relevant industries. iii. Understand the specific requirements of the engagement and the purpose, nature and scope of the work to be performed. iv. Possess or obtain experience with relevant regulatory or reporting requirements. Practice Question 04: The financial statements of Walter Limited (WL) a public unlisted company, for the year ended 30 June 2007 were significantly delayed and were finalized in April 2008. After finalization of financial statements, a meeting of the board of directors (BOD) of WL was held in May 2008 and Annual General Meeting (AGM) was held on June 18, 2008. Due to delay in holding the AGM, the Securities and Exchange Commission of Pakistan (SECP) has imposed a penalty and has advised WL that no such delay shall be entertained in future. SPOTLIGHT In the AGM, the shareholders of WL appointed your firm as the statutory auditors and the fact has been communicated to you by the Company Secretary through his letter dated June 22, 2008 which was faxed to you on the same date. The company’s financial year is closing on June 30, 2008 and the management wants to commence the audit immediately in order to ensure timely financial reporting and holding of AGM. Required: Explain the client acceptance procedures that you would like to perform in the above situation. Solution: CLIENT ACCEPTANCE PROCEDURES The firm should perform procedures designed to provide it with reasonable assurance that the firm: i. has considered the integrity of the client and does not have information that would lead it to conclude that the client lacks integrity; ii. is competent to perform the engagement and has the capabilities, time and resources to do so; and iii. can comply with ethical requirements. With regard to the integrity of a client, the firm should consider the following matters: i. 122 The identity and business reputation of the client’s principle owners, key management, related parties and those charged with its governance. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE ii. The nature of the client’s operations, including its business practices. iii. Information concerning the attitude of the client’s principal owners, key management and those charged with its governance towards such matters as aggressive interpretation of accounting standards and the internal control environment. iv. Whether the client is aggressively concerned with maintaining the firm’s fees as low as possible. v. Indications that the client might be involved in money laundering or other criminal activities. vi. The reasons for the proposed appointment of the firm and non-reappointment of the previous firm. In this situation, the firm should ascertain the reasons for delay in finalization of the previous financial statements. ii. Communications with existing or previous providers of professional accountancy services to the client in accordance with the IFAC Code, and discussions with other third parties. Inquiry of other firm personnel or third parties such as bankers, legal counsel and industry peers. In considering whether the firm has the capabilities, competence, time and resources to undertake a new engagement, it should assess: the staff profiles at all relevant levels, special capabilities if any, required to audit the client Ability to perform work at all relevant locations The firm also considers whether accepting an engagement from a new client may give rise to an actual or perceived conflict of interest. Where a potential conflict is identified, the firm considers whether it is appropriate to accept the engagement. 2.6 Engagement Resources The engagement partner shall determine that: - sufficient and appropriate resources to perform the engagement are assigned or made available to the engagement team in a timely manner; - members of the engagement team, and any auditor’s external experts and internal auditors who provide direct assistance who are not part of the engagement team, collectively have the appropriate competence and capabilities, including sufficient time, to perform the audit engagement. If the engagement partner determines that resources assigned or made available are insufficient or inappropriate, the engagement partner shall take appropriate action, including communicating with appropriate individuals about the need to assign or make available additional or alternative resources to the engagement. 2.7 Direction, Supervision and Review The engagement partner shall: - take responsibility for the direction and supervision of the members of the engagement team and the review of their work. determine that the nature, timing and extent of direction, supervision and review is planned and performed and is responsive to the nature and circumstances of the audit engagement. - review audit documentation at appropriate points in time during the audit engagement THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 123 SPOTLIGHT i. AT A GLANCE Information on the matters that the firm obtains may come from, for example: CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS - determine, on or before the date of the auditor’s report, that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. - review the financial statements and the auditor’s report, prior to dating the auditor’s report. - review, prior to their issuance, formal written communications to management, those charged with governance or regulatory authorities. CONSULTATIONS The engagement partner shall: AT A GLANCE a) Take responsibility for the engagement team undertaking consultation on: i. Difficult or contentious matters and matters on which the firm’s policies or procedures require consultation; and ii. Other matters that, in the engagement partner’s professional judgment, require consultation; b) Determine that members of the engagement team have undertaken appropriate consultation during the audit engagement, both within the engagement team, and between the engagement team and others at the appropriate level within or outside the firm; c) Determine that the nature and scope of, and conclusions resulting from, such consultations are agreed with the party consulted; and d) Determine that conclusions agreed have been implemented. 2.8 Engagement Quality Review For audit engagements for which an engagement quality review is required, the engagement partner shall: a) Determine that an engagement quality reviewer has been appointed; b) Cooperate with the engagement quality reviewer and inform other members of the engagement team of their responsibility to do so; c) Discuss significant matters and significant judgments arising during the audit engagement, including those identified during the engagement quality review, with the engagement quality reviewer; and d) Not date the auditor’s report until the completion of the engagement quality review SPOTLIGHT 2.9 Differences of Opinion If differences of opinion arise within the engagement team, or between the engagement team and the engagement quality reviewer or individuals performing activities within the firm’s system of quality management, including those who provide consultation, the engagement team shall follow the firm’s policies or procedures for dealing with and resolving such differences of opinion. The engagement partner shall: a) Take responsibility for differences of opinion being addressed and resolved in accordance with the firm’s policies or procedures; b) Determine that conclusions reached are documented and implemented; and c) Not date the auditor’s report until any differences of opinion are resolved. Practice Question 05: The following matter is under the consideration of Mr. Jameel, who is the engagement partner: Abdullah was the audit senior assigned to the audit of Insha (Private) Limited. During the course of the audit, Abdullah had resigned from the firm. While reviewing the audit files Mr. Jameel has noticed that the audit fieldwork was completed in almost half the time than is usually required. Required: Evaluate the above situation and briefly describe what course of action the engagement partner would be expected to adopt. 124 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Tutorial Notes: Focusing only on proper and adequate documentation is not enough. It would not be good to refer to the possibility that the job senior may have joined the same client, leading to conflict of interest issues as there is no such indication in the question. Some other important matters are: need to discuss the matter with the Audit Manager; need to have the files reviewed by another Chartered Accountant; and the questions that may arise as regards the effectiveness of the firms’ quality control policies and procedures, in case significant deficiencies are found, despite the fact that the working papers had been reviewed by the Audit Manager. Solution: Mr. Jameel should have the audit files reviewed by another chartered accountant who had not been involved in the said engagement. If the working papers reflect anything done improperly or not done in accordance with the auditing standards Mr. Jameel should discuss the matter with the concerned manager. If the audit manager fails to provide a satisfactory reply, it would be indicative of a quality control issue. In such a situation Mr. Jameel would need to take the following steps: ¯ Address the issues which have remained unattended during the audit. ¯ Assess the reasons for the manager’s failure to detect the situation and take corrective measures which may include all or any of the following: o Reviewing the firms’ systems, procedures and policies etc., and taking corrective actions o Emphasis on due training of staff at all levels. AT A GLANCE Quality control issues: The engagement partner shall take responsibility for: a) Obtaining an understanding of the information from the firm’s monitoring and remediation process, determine its relevance and effect on the audit engagement and take appropriate action; and b) Remaining alert throughout the audit engagement for information that may be relevant to the firm’s monitoring and remediation process and communicate such information to those responsible for the process. Taking Overall Responsibility for Managing and Achieving Quality Prior to dating the auditor’s report, the engagement partner shall determine that the engagement partner has taken overall responsibility for managing and achieving quality on the audit engagement. Documentation In applying ISA 230, Audit Documentation, the auditor shall include in the audit documentation: Matters identified, relevant discussions with personnel, and conclusions reached with respect to: i. Fulfilment of responsibilities relating to relevant ethical requirements, including those related to independence. ii. The acceptance and continuance of the client relationship and audit engagement. The nature and scope of, and conclusions resulting from, consultations undertaken during the audit engagement and how such conclusions were implemented. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 125 SPOTLIGHT Monitoring and Remediation CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS If the audit engagement is subject to an engagement quality review, that the engagement quality review has been completed on or before the date of the auditor’s report. Practice Question 06: As the Quality Control partner of a newly established medium sized firm of Chartered Accountants, prepare the following: a) Checklist for assessing quality of audit engagements with regard to planning of audit. (any ten points) b) Checklist for pre-engagement activities. (any eight points) Tutor’s Note (for this question): Student should develop the answers considering the requirements of ISA 220(Revised) and the pre engagement activities identified by ISA 300. Solution: The checklist would comprise of following things: Planning of Audit AT A GLANCE SPOTLIGHT In planning the audit engagement, did the auditor properly consider and/or document: ¯ matters affecting the industry in which the entity operates, such as accounting practices, economic conditions, laws and government regulations, and technological changes? ¯ matters affecting the entity's business, such as organization and types of products and services? ¯ preliminary judgment about materiality levels for audit purposes? ¯ client's fraud risk factors? In planning the audit, did the auditor consider: ¯ client’s business and accounting system. ¯ key issues discussed in the preliminary meeting. ¯ assessment of the risk of material misstatements of the financial statements. ¯ the risk of management misrepresentation by reviewing information obtained about risk factors and the internal control structure? ¯ use analytical procedures in planning the nature, timing and extent of other audit procedures? ¯ obtain a sufficient understanding of the entity's internal control structure and anticipated reliance on internal accounting controls. ¯ use of Work Performed by Others such as: o Internal Audit o Other Independent Auditors o External Experts ¯ applicable assertions in developing audit objectives and in designing substantive tests? ¯ sampling method(s) used and their relevance in the given situation. Pre engagement activities Professional clearance In case of new engagement, whether the practice of communication with previous auditor was followed. 126 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE If this is a new engagement, whether the auditor carried out evaluation procedures prior to accepting the engagement. If this is an ongoing engagement, whether the auditor considered need to reassess the engagement acceptance criteria. Whether independence issues relating to performance of non-audit services were given due consideration. Whether professional personnel of the firm have appropriately informed as to need to observe independence requirements. Assurance of independence obtained from staff members engaged in the audit. If any evidence was noted during the review that may indicate a lack of independence (including a lack of objectivity), whether the matter was identified and appropriately resolved by the firm and its impact appropriately considered. Whether an engagement letter was issued/ Whether the auditor considered the issuance of new engagement letter Compliance with the law Whether auditor ensured that his appointment has been made after fulfilling all the requirements of applicable laws and regulations. Acceptability of the financial reporting framework AT A GLANCE Independence SPOTLIGHT Whether auditor evaluated acceptability of the financial reporting framework in accordance with ISA 210. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 127 CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 3. QUALITY MANAGEMENT FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, OR OTHER ASSURANCE OR RELATED SERVICES ENGAGMENTS (ISQM) ISQM 01: QUALITY MANAGEMENT FOR FIRMS THAT PERFORM AUDITS OR REVIEWS OF FINANCIAL STATEMENTS, OR OTHER ASSURANCE OR RELATED SERVICES ENGAGEMENTS BACKGROUND: ISQM 01 requires the firm to establish the objectives of quality components that needs to be achieved and in order to achieve such objectives, firm is required to identify and assess the risk to that objective and consequently design and implement responses to address the quality risk. In order to achieve this, ISQM 01 requires the firm to design, implement and operate a System of Quality Management (SOQM). The Firm’s System of Quality Management AT A GLANCE System of quality management is a system designed, implemented and operated by a firm to provide the firm with reasonable assurance that: i. ii. The firm and its personnel fulfill their responsibilities in accordance with professional standards and applicable legal and regulatory requirements, and conduct engagements in accordance with such standards and requirements; and Engagement reports issued by the firm or engagement partners are appropriate in the circumstances. For the purposes of this ISQM, a system of quality management addresses the following eight components: (a) The firm’s risk assessment process; (b) Governance and leadership; (c) Relevant ethical requirements; SPOTLIGHT (d) Acceptance and continuance of client relationships and specific engagements; (e) Engagement performance; (f) Resources; (g) Information and communication; and (h) The monitoring and remediation process. This ISQM requires the firm to apply a risk-based approach in designing, implementing and operating the components of the system of quality management in an interconnected and coordinated manner such that the firm proactively manages the quality of engagements performed by the firm. The risk-based approach is embedded in the requirements of this ISQM through: Establishing quality objectives. The quality objectives established by the firm consist of objectives in relation to the components of the system of quality management that are to be achieved by the firm. The firm is required to establish the quality objectives specified by this ISQM and any additional quality objectives considered necessary by the firm to achieve the objectives of the system of quality management. Identifying and assessing risks to the achievement of the quality objectives (referred to in this standard as quality risks). The firm is required to identify and assess quality risks to provide a basis for the design and implementation of responses. Designing and implementing responses to address the quality risks. The nature, timing and extent of the firm’s responses to address the quality risks are based on and are responsive to the reasons for the assessments given to the quality risks. 128 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE This ISQM requires that, at least annually, the individual(s) assigned ultimate responsibility and accountability for the system of quality management, on behalf of the firm, evaluates the system of quality management and concludes whether the system of quality management provides the firm with reasonable assurance that the objectives of the system are being achieved. Networks and Service Providers This ISQM addresses the firm’s responsibilities when the firm: a) Belongs to a network, and the firm complies with network requirements or uses network services in the system of quality management or in the performance of engagements; or b) Uses resources from a service provider in the system of quality management or in the performance of engagements. Even when the firm complies with network requirements or uses network services or resources from a service provider, the firm is responsible for its system of quality management. On the basis of appropriate experience, knowledge, influence and authority, sufficient time, understanding and accountability for their assigned roles, the firm shall assign: Ultimate responsibility and accountability for the system of quality management to the firm’s chief executive officer, managing partner or, if appropriate, board of partners; Operational responsibility for the system of quality management and specific aspects of the system of quality management. AT A GLANCE Responsibilities Elements of The Firm’s System of Quality Management The Firm’s Risk Assessment Process - design and implement a risk assessment process to establish quality objectives, identify and assess quality risks and design and implement responses to address the quality risks. - identify and assess quality risks to provide a basis for the design and implementation of responses by obtaining an understanding of and the degree to which the conditions, events, circumstances, actions or inactions may adversely affect the achievement of the quality objective. - design and implement responses to address the quality risks in a manner that is based on, and responsive to, the reasons for the assessments given to the quality risks. establish policies or procedures that are designed to identify information that indicates additional quality objectives, or additional or modified quality risks or responses. If such information is identified, the firm shall consider the information and when appropriate: Establish additional quality objectives or modify additional quality objectives already established by the firm; Identify and assess additional quality risks, modify the quality risks or reassess the quality risks; or Design and implement additional responses, or modify the responses. - Specified Responses In designing and implementing responses, the firm shall include the following responses: a) The firm establishes policies or procedures for: i. Identifying, evaluating and addressing threats to compliance with the relevant ethical requirements; and ii. Identifying, communicating, evaluating and reporting of any breaches of the relevant ethical requirements and appropriately responding to the causes and consequences of the breaches in a timely manner. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 129 SPOTLIGHT The firm should: CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS b) The firm obtains, at least annually, a documented confirmation of compliance with independence requirements from all personnel required by relevant ethical requirements to be independent. c) The firm establishes policies or procedures for receiving, investigating and resolving complaints and allegations about failures to perform work in accordance with professional standards and applicable legal and regulatory requirements, or non-compliance with the firm’s policies or procedures established in accordance with this ISQM. d) The firm establishes policies or procedures that address circumstances when: i. The firm becomes aware of information subsequent to accepting or continuing a client relationship or specific engagement that would have caused it to decline the client relationship or specific engagement had that information been known prior to accepting or continuing the client relationship or specific engagement; or ii. The firm is obligated by law or regulation to accept a client relationship or specific engagement. e) The firm establishes policies or procedures that: AT A GLANCE i. Require communication with those charged with governance when performing an audit of financial statements of listed entities about how the system of quality management supports the consistent performance of quality audit engagements; ii. Address when it is otherwise appropriate to communicate with external parties about the firm’s system of quality management; and iii. Address the information to be provided when communicating externally including the nature, timing and extent and appropriate form of communication. f) The firm establishes policies or procedures that address engagement quality reviews in accordance with ISQM 2, and require an engagement quality review for: i. Audits of financial statements of listed entities; ii. Audits or other engagements for which an engagement quality review is required by law or regulation; and iii. Audits or other engagements for which the firm determines that an engagement quality review is an appropriate response to address one or more quality risk(s). SPOTLIGHT Governance and Leadership The firm should establish the following quality objectives that address the firm’s governance and leadership: The firm demonstrates a commitment to quality through its culture Leadership is responsible and accountable for quality. Leadership demonstrates a commitment to quality through their actions and behaviors. The organizational structure and assignment of roles, responsibilities and authority is appropriate to enable the design, implementation and operation of the firm’s system of quality management. Resource needs, including financial resources, are planned for and resources are obtained, allocated or assigned in a manner that is consistent with the firm’s commitment to quality. Relevant Ethical Requirements The firm shall establish the following quality objectives that address the fulfillment of responsibilities in accordance with relevant ethical requirements, including those related to independence: i. The firm and its personnel understand and fulfil their responsibilities in relation to the relevant ethical requirements to which the firm and the firm’s engagements are subject. ii. Others, who are subject to same relevant ethical requirements understand and fulfil their responsibilities in relation to the relevant ethical requirements that apply to them. 130 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Acceptance and Continuance of Client Relationships and Specific Engagements The firm shall establish the following quality objectives that address the acceptance and continuance of client relationships and specific engagements: Judgments by the firm about whether to accept or continue a client relationship or specific engagement are appropriate based on: i. Information obtained about the nature and circumstances of the engagement and the integrity and ethical values of the client (including management, and, when appropriate, those charged with governance) that is sufficient to support such judgments; and ii. The firm’s ability to perform the engagement in accordance with professional standards and applicable legal and regulatory requirements. The financial and operational priorities of the firm do not lead to inappropriate judgments about whether to accept or continue a client relationship or specific engagement. Engagement Performance a) Engagement teams understand and fulfill their responsibilities in connection with the engagements, including, as applicable, the overall responsibility of engagement partners for managing and achieving quality on the engagement and being sufficiently and appropriately involved throughout the engagement. b) The nature, timing and extent of direction and supervision of engagement teams and review of the work performed is appropriate based on the nature and circumstances of the engagements and the resources assigned or made available to the engagement teams, and the work performed by less experienced engagement team members is directed, supervised and reviewed by more experienced engagement team members. AT A GLANCE The firm shall establish the following quality objectives that address the performance of quality engagements: c) Engagement teams exercise appropriate professional judgment and, when applicable to the type of engagement, professional skepticism. e) Differences of opinion within the engagement team, or between the engagement team and the engagement quality reviewer or individuals performing activities within the firm’s system of quality management are brought to the attention of the firm and resolved. f) Engagement documentation is assembled on a timely basis after the date of the engagement report, and is appropriately maintained and retained to meet the needs of the firm and comply with law, regulation, relevant ethical requirements, or professional standards. Resources The firm shall establish quality objectives that address appropriately obtaining, developing, using, maintaining, allocating and assigning following resources in a timely manner to enable the design, implementation and operation of the system of quality management: - Human Resources - Technological Resources - Intellectual Resources - Service Providers Information and Communication The firm shall establish quality objectives that address obtaining, generating or using information regarding the system of quality management, and communicating information within the firm and to external parties on a timely basis to enable the design, implementation and operation of the system of quality management: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 131 SPOTLIGHT d) Consultation on difficult or contentious matters is undertaken and the conclusions agreed are implemented. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Monitoring and Remediation Process The firm shall establish a monitoring and remediation process to: a) Provide relevant, reliable and timely information about the design, implementation and operation of the system of quality management. b) Take appropriate actions to respond to identified deficiencies such that deficiencies are remediated on a timely basis. Designing and Performing Monitoring Activities The firm shall: - design and perform monitoring activities to provide a basis for the identification of deficiencies. - include the inspection of completed engagements in its monitoring activities and shall determine which engagements and engagement partners to select. - establish policies or procedures that: AT A GLANCE a) Require the individuals performing the monitoring activities to have the competence, capabilities and sufficient time; and b) Address the objectivity of the individuals performing the monitoring activities. Such policies or procedures shall prohibit the engagement team members or the engagement quality reviewer of an engagement from performing any inspection of that engagement. Evaluating Findings and Identifying Deficiencies The firm shall evaluate findings to determine whether deficiencies exist, including in the monitoring and remediation process. Evaluating Identified Deficiencies The firm shall evaluate the severity and pervasiveness of identified deficiencies by: SPOTLIGHT a) Investigating the root cause(s) of the identified deficiencies. b) Evaluating the effect of the identified deficiencies, individually and in aggregate, on the system of quality management. Responding to Identified Deficiencies The firm shall design and implement remedial actions to address identified deficiencies that are responsive to the results of the root cause analysis. The individual(s) assigned operational responsibility for the monitoring and remediation process shall evaluate whether the remedial actions: a) Are appropriately designed; and b) Implemented to address previously identified deficiencies are effective. If the evaluation indicates that the remedial actions are not appropriately designed and implemented or are not effective, the individual(s) assigned operational responsibility for the monitoring and remediation process shall take appropriate action to determine that the remedial actions are appropriately modified such that they are effective. Findings About a Particular Engagement The firm shall respond to circumstances when findings indicate that there is an engagement(s) for which procedures required were omitted during the performance of the engagement(s) or the report issued may be inappropriate. 132 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Ongoing Communication Related to Monitoring and Remediation The individual(s) assigned operational responsibility for the monitoring and remediation process shall communicate on a timely basis to the: - individual(s) assigned ultimate responsibility and accountability for the system of quality management. - individual(s) assigned operational responsibility for the system of quality management: The firm shall communicate such information to engagement teams and other individuals assigned activities within the system of quality management to enable them to take prompt and appropriate action in accordance with their responsibilities. Network Requirements or Network Services When the firm belongs to a network, the firm shall: understand, when applicable: a) b) c) network requirements; network services; and The firm’s responsibilities for any actions that are necessary to implement the network requirements or use network services. - determine how the network requirements or network services are relevant to, and are taken into account in, the firm’s system of quality management, including how they are to be implemented; and - evaluate whether and, if so, how the network requirements or network services need to be adapted or supplemented by the firm to be appropriate for use in its system of quality management. AT A GLANCE - The firm shall not allow compliance with the network requirements or use of network services to contravene the requirements of this ISQM. When the network performs monitoring activities relating to the firm’s system of quality management, the firm shall: a) Determine the effect of the monitoring activities performed by the network on the nature, timing and extent of the firm’s monitoring activities; b) Determine the firm’s responsibilities in relation to the monitoring activities, including any related actions by the firm; and c) Obtain the results of the monitoring activities from the network in a timely manner. Monitoring Activities Undertaken by the Network Across the Network Firms The firm should: a) Understand the overall scope of the monitoring activities undertaken by the network across the network firms, including monitoring activities to determine that network requirements have been appropriately implemented across the network firms, and how the network will communicate the results of its monitoring activities to the firm; b) At least annually, obtain information from the network about the overall results of the network’s monitoring activities across the network firms, if applicable, and: (i) Communicate the information to engagement teams and other individuals assigned activities within the system of quality management, as appropriate, to enable them to take prompt and appropriate action in accordance with their responsibilities; and (ii) Consider the effect of the information on the firm’s system of quality management. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 133 SPOTLIGHT Monitoring Activities Undertaken by the Network on the Firm’s System of Quality Management CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Deficiencies in Network Requirements or Network Services Identified by the Firm If the firm identifies a deficiency in the network requirements or network services, the firm should communicate to the network relevant information about the identified deficiency and design and implement remedial actions. Evaluating the System of Quality Management The individual(s) assigned ultimate responsibility and accountability for the system of quality management should evaluate, on behalf of the firm, the system of quality management performed at least annually. Based on the conclusion of the evaluation, the firm should: a) Take prompt and appropriate action; and b) Communicate to engagement teams, other individuals assigned activities within the system of quality management and external parties. Documentation The firm should prepare documentation of its system of quality management. AT A GLANCE SPOTLIGHT 134 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 4. ENGAGEMENT QUALITY CONTROL REVIEW BACKROUND ISQM 2 replaces the extant provisions relating to engagement quality reviews in ISQC 1 and ISA 220. Having a separate standard for engagement quality reviews provides a number of benefits, including: a) Placing emphasis on the importance of the engagement quality review; b) Enhancing the robustness of the requirements for the eligibility of engagement quality reviewers and the performance and documentation of the review; c) Providing a mechanism to more clearly differentiate the responsibilities of the firm and the engagement quality reviewer; and d) Increasing the scalability of ISQM 1 because there may be cases when a firm may determine that there are no audits or other engagements for which an engagement quality review is an appropriate response to address one or more quality risk(s). ISQM 2 is designed to operate as part of the firm’s system of quality management, and therefore the requirements in ISQM 1 and ISQM 2 are organized in a manner that provide appropriate linkages between the standards: ISQM 1 addresses the scope of engagements subject to an engagement quality review; and ISQM 2 addresses the specific requirements for the appointment and eligibility of the engagement quality reviewer and the performance and documentation of the review. AT A GLANCE How Is ISQM 2 Linked to ISQM 1? How Is ISQM 2 Linked to ISA 220 (Revised)? Although there are no longer requirements for the performance of engagement quality reviews in ISA 220 (Revised 2019), the revised standard still contains requirements regarding the engagement partner’s responsibilities relating to the engagement quality review, which largely focus on how the engagement partner and the engagement team interact with the engagement quality reviewer. This International Standard on Quality Management (ISQM) deals with: a) The appointment and eligibility of the engagement quality reviewer; and b) The engagement quality reviewer’s responsibilities relating to the performance and documentation of an engagement quality review. Appointment and Eligibility of Engagement Quality Reviewers The firm should establish policies or procedures that require the assignment of responsibility for the appointment of engagement quality reviewers to an individual(s) with the competence, capabilities and appropriate authority within the firm to fulfill the responsibility. Those policies or procedures require such individual(s) to appoint the engagement quality reviewer. The firm should establish policies or procedures that set forth the criteria for eligibility to be appointed as an engagement quality reviewer. Those policies or procedures should require that the engagement quality reviewer is not a member of the engagement team, and: a) Has the competence and capabilities, including sufficient time, and the appropriate authority to perform the engagement quality review; b) Complies with relevant ethical requirements, including in relation to threats to objectivity and independence of the engagement quality reviewer; and c) Complies with provisions of law and regulation, if any, that are relevant to the eligibility of the engagement quality reviewer. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 135 SPOTLIGHT Scope of this ISQM CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS The firm’s policies or procedures should also address threats to objectivity created by an individual being appointed as an engagement quality reviewer after previously serving as the engagement partner. Such policies or procedures should specify a cooling-off period of two years, or a longer period if required by relevant ethical requirements, before the engagement partner can assume the role of engagement quality reviewer. The firm should establish policies or procedures for eligibility of individuals who assist the engagement quality reviewer that such individuals not be members of the engagement team, and: a) Have the competence and capabilities, including sufficient time, to perform the duties assigned to them; and b) Comply with relevant ethical requirements, including in relation to threats to their objectivity and independence and, if applicable, the provisions of law and regulation. The firm should establish policies or procedures that: a) Require the engagement quality reviewer to take overall responsibility for the performance of the engagement quality review; and b) Address the engagement quality reviewer’s responsibility for determining the nature, timing and extent of the direction and supervision of the individuals assisting in the review, and the review of their work. Impairment of the Engagement Quality Reviewer’s Eligibility to Perform the Engagement Quality Review AT A GLANCE The firm should establish policies or procedures that address circumstances in which the engagement quality reviewer’s eligibility to perform the engagement quality review is impaired and the appropriate actions to be taken by the firm, including the process for identifying and appointing a replacement in such circumstances. When the engagement quality reviewer becomes aware of circumstances that impair the engagement quality reviewer’s eligibility, the engagement quality reviewer should notify the appropriate individual(s) in the firm, and: a) If the engagement quality review has not commenced, decline the appointment to perform the engagement quality review; or b) If the engagement quality review has commenced, discontinue the performance of the engagement quality review. SPOTLIGHT Performance of the Engagement Quality Review The firm should establish policies or procedures regarding the performance of the engagement quality review that address: a) The engagement quality reviewer’s responsibilities to perform procedures during the engagement to provide an appropriate basis for an objective evaluation of the significant judgments made by the engagement team and the conclusions reached thereon; b) The responsibilities of the engagement partner in relation to the engagement quality review, including that the engagement partner is precluded from dating the engagement report until notification has been received from the engagement quality reviewer that the engagement quality review is complete; and c) Circumstances when the nature and extent of engagement team discussions with the engagement quality reviewer about a significant judgment give rise to a threat to the objectivity of the engagement quality reviewer, and appropriate actions to take in these circumstances. In performing the engagement quality review, the engagement quality reviewer shall: a) obtain an understanding of, information communicated by: i. The engagement team regarding the nature and circumstances of the engagement and the entity; and ii. The firm related to the firm’s monitoring and remediation process. b) Discuss with the engagement partner and, if applicable, other members of the engagement team, significant matters and significant judgments made in planning, performing and reporting on the engagement. 136 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE c) Based on the information obtained in (a) and (b), review selected engagement documentation relating to the significant judgments made by the engagement team and evaluate: i. The basis for making those significant judgments; ii. Whether the engagement documentation supports the conclusions reached; and iii. Whether the conclusions reached are appropriate. d) For audits of financial statements, evaluate the basis for the engagement partner’s determination that relevant ethical requirements relating to independence have been fulfilled. e) Evaluate whether appropriate consultation has taken place on difficult or contentious matters or matters involving differences of opinion and the conclusions arising from those consultations. f) For audits of financial statements, evaluate the basis for the engagement partner’s determination that the engagement partner’s involvement has been sufficient and appropriate throughout the audit engagement such that the engagement partner has the basis for determining that the significant judgments made and the conclusions reached are appropriate given the nature and circumstances of the engagement. i. For audits of financial statements, the financial statements and the auditor’s report thereon, including, if applicable, the description of the key audit matters; ii. For review engagements, the financial statements or financial information and the engagement report thereon; or AT A GLANCE g) Review: The engagement quality reviewer should notify the engagement partner if the engagement quality reviewer has concerns that the significant judgments made by the engagement team, or the conclusions reached thereon, are not appropriate. If such concerns are not resolved to the engagement quality reviewer’s satisfaction, the engagement quality reviewer should notify an appropriate individual(s) in the firm that the engagement quality review cannot be completed. Completion of the Engagement Quality Review The engagement quality reviewer should determine whether the requirements in this ISQM with respect to the performance of the engagement quality review have been fulfilled, and whether the engagement quality review is complete. If so, the engagement quality reviewer should notify the engagement partner that the engagement quality review is complete. Documentation The firm should establish policies or procedures that require the engagement quality reviewer to take responsibility for documentation of the engagement quality review. The engagement quality reviewer should determine that the documentation of the engagement quality review is sufficient to enable an experienced practitioner, having no previous connection with the engagement, to understand the nature, timing and extent of the procedures performed by the engagement quality reviewer and, when applicable, individuals who assisted the reviewer, and the conclusions reached in performing the review. SUMMARY THE ISQM 01 requires the quality review of those engagements that are subject to Engagement Quality Review. For that purpose ISQM 02 requires the following: Eligibility of Engagement Quality Reviewers Compliance with relevant Ethical Requirements THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 137 SPOTLIGHT iii. For other assurance and related services engagements, the engagement report, and when applicable, the subject matter information. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Overall Responsibility for the performance of the Engagement Quality Review o Timing of the Engagement Quality Review o Significant Judgements and Significant matters o Professional Skepticism o Independence and consultation o Sufficient and Appropriate Involvement of the Engagement Partner on the Engagement o Group Audit Consideration o Completion of the Engagement Quality Review Documentation of the Engagement Quality Review AT A GLANCE SPOTLIGHT 138 CFAP 6: AARS THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 5. THE IAASB’S FRAMEWORK FOR AUDIT QUALITY Introduction and objectives Global financial stability is supported through high quality reporting. Audits can help foster trust in the quality of reporting. This highlights the importance of audit quality, a topic of continuous debate and of relevance to all stakeholders in the financial reporting supply chain. With this in mind, the IAASB developed the Framework for Audit Quality which it launched in February 2014. The Framework describes in a holistic manner the different elements that create the environment for audit quality at the engagement, firm, and national levels, as well as relevant interactions and contextual factors. The objectives of the Framework for Audit Quality include: 1. 2. 3. Raising awareness of the key elements of audit quality; Encouraging key stakeholders to explore ways to improve audit quality; and Facilitating greater dialogue between key stakeholders on the topic. AT A GLANCE The IAASB expects that the Framework for Audit Quality will generate discussion in the financial reporting supply chain and positive actions to achieve a continuous improvement in audit quality. Elements The elements of the Framework for Audit Quality include: 1. 2. 3. 4. 5. Inputs Processes Outputs Interactions Contextual factors SPOTLIGHT While the primary responsibility for performing quality audits rests with auditors, audit quality is best achieved in an environment where there is support from other participants in the financial reporting supply chain. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 139 CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Inputs Quality audits involve auditors: 1. 2. exhibiting appropriate values, ethics and attitudes; and being sufficiently knowledgeable, skilled, experienced, and having sufficient time allocated to them to perform the audit work. Within each of these categories quality attributes are further organised between those that apply at the engagement, firm and national levels. Processes Quality audits involve auditors applying a rigorous audit process and quality control procedures that comply with laws, regulations and applicable standards. In this regard various quality attributes are further organised between those that apply at the engagement, firm, and national levels. Outputs Quality audits result in outputs that are useful and timely. Outputs are described in relation to the full reporting supply chain and they include outputs from: AT A GLANCE 1. 2. 3. 4. the auditor the audit firm the entity audit regulators Outputs include reports and information that are formally prepared and presented by one party to another, as well as outputs that arise from the auditing process that are generally not visible to those outside the audited organization. Interactions SPOTLIGHT Quality audits involve auditors interacting properly with the stakeholders in the financial reporting supply chain. The interactions between the following key stakeholders are described within the Framework: 1. 2. 3. 4. 5. Auditors Management Those charged with governance Users Regulators These interactions, including both formal and informal communications, will be influenced by the context in which the audit is performed and allow a dynamic relationship to exist between inputs and outputs. While each separate stakeholder in the financial reporting supply chain plays an important role in supporting high-quality financial reporting, the way in which the stakeholders interact can have a particular impact on audit quality. 140 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE AT A GLANCE CFAP 6: AARS Quality audits involve auditors who respond properly to contextual factors. Contextual factors are described as having the potential to impact the nature and quality of financial reporting and, either directly or indirectly, audit quality. These include: 1. Business practices and commercial law 2. Laws and regulations relating to financial reporting 3. The applicable financial reporting framework 4. Information systems 5. Corporate governance 6. Financial reporting timetable 7. Broader cultural factors 8. Audit regulation 9. Litigation environment 10. Attracting talent 11. Financial reporting timetable. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 141 SPOTLIGHT Contextual factors CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE AT A GLANCE SPOTLIGHT 142 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 6. QUALITY CONTROL REVIEW (QCR) FRAMEWORK BY ICAP 6.1 Introduction The Council of the Institute (ICAP) formed the Quality Control Review (QCR) Committee in 1987 with the primary objective of establishing an independent quality control review framework in respect of audits of financial statements conducted by the Firms. With effect from October 2005, the QCR Committee was converted into a Quality Assurance Board and was entrusted with this responsibility, as more fully described in this framework. The framework of the QCR Program was issued first in 2003 which was revised in 2006, 2009, 2015 and 2019. 6.2 Scope 6.3 Audit Oversight Board (AOB) Pursuant to Part IXC of the Securities and Exchange Commission of Pakistan Act, 1997, Firms that carry out or intend to carry out audit of public interest companies are required to register with Audit Oversight Board, which requires a recommendation of QAB in accordance with the Quality Control Review Framework. Under the Listed Companies (Code of Corporate Governance) Regulations, 2019, no company shall appoint as external auditors, a firm of auditors, which has not been given a satisfactory rating under the Quality Control Review program of the Institute of Chartered Accountants of Pakistan and registered with Audit Oversight Board of Pakistan. AT A GLANCE This framework describes the objectives and scope of the Institute’s Quality Control Review (QCR) and the composition, responsibilities and functions of the Quality Assurance Board and Appellate Board and their policies, procedures and process in relation to QCR program. This framework applies to all Firms carrying out audit of financial statements prepared under any applicable legal and financial reporting framework, which intend to get or renew a QCR rating or obtain registration with AOB. Definition: Audit Oversight Board (AOB) AOB is the independent audit oversight board established by the parliament to function in the public interest and enhance the quality of audit of financial statements of public interest entities. This development is in line with the efforts in other jurisdictions to enhance the audit quality and reliability of financial statements that are a key source of information to investors and other stakeholders. Functions of AOB Register audit firms, that conduct or intend to conduct the audit of public interest companies in the manner laid down in sub-section (1) of section 36T; Deregister audit firms in the manner laid down in sub-section (2) of section 36T; Undertake comprehensive review and examination of the QAB work and independently assess the appropriateness of the quality control review framework and take such actions as deemed necessary; Oversee and review policies, procedures, programs of QAB for ensuring an effective oversight of quality of audit of public interest companies and to specify any improvement required in QAB’s policies, procedures and systems; Direct the Institute of Chartered Accountants of Pakistan (ICAP) for making such changes in the quality control review framework as it considers necessary or expedient for the purposes of this Part; Ensure that the auditing standards adopted by the Institute conform to the international standards as issued by the International Auditing and Assurance Board; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 143 SPOTLIGHT Audit Oversight Board means the independent audit oversight board established under Part IXC of the Securities and Exchange Commission of Pakistan Act, 1997. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Conduct inspections and inquiries in respect of matters related to this Part and regulations made hereunder; and Coordinate with relevant authorities including SECP, State Bank of Pakistan and ICAP in formulating and implementing strategies for enhancing the reliability of quality and effectiveness of audits of public interest companies. 6.4 QCR Program Under S.R.O. 1044 (I)/2015 dated October 22, 2015 issued by the Securities and Exchange Commission of Pakistan, following are required to appoint Satisfactory QCR rated Firms as their statutory external auditors: Public Interest Companies; Large Sized Companies; and Public Interest and Large Sized Companies which are either associations not for profit or limited by guarantee. The objectives of the QCR Program are to enhance the quality of audit report and credibility of accountancy profession in public interest by evaluating that the: AT A GLANCE Audit engagements are conducted in accordance with the applicable ISAs, relevant ethical requirements and legal and regulatory requirements as applicable in Pakistan; System of quality control has been appropriately designed and effectively implemented in accordance with the requirements of ISQM1; and Firm’s quality control policies and procedures have been appropriately applied so that reports issued are appropriate in the circumstances. This framework applies to all office locations of the Firms located and operating in the territories of Islamic Republic of Pakistan and Azad Jammu & Kashmir and registered with the Institute. 6.5 Quality Assurance Board (QAB) and its Functions SPOTLIGHT Composition The Quality Assurance Board shall comprise of nine members nominated as follows: Three members shall be nominated by the Securities and Exchange Commission of Pakistan (SECP); Two members shall be nominated by the State Bank of Pakistan (SBP); One member shall be nominated by the Pakistan Stock Exchange; Three members shall be nominated by the Council; and The Chairman of QAB shall be a member of the Institute having at least ten years post qualification experience and shall be elected by the members of QAB. Provided that a member in practice and/or a member with an economic interest in an audit firm shall not be eligible to become the Chairman of QAB. The above nominations shall be subject to following conditions: 144 No more than two members shall be audit partners or employees in an audit firm and such members, if any, shall only be nominated by the Institute; No member from the Council shall be a member of QAB; and No current employee, member, or official of the Audit Oversight Board or any other statutory regulatory body or a securities exchange shall be a member of QAB. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Term of QAB and its Members QAB shall be a perpetual board without any tenure. No member of QAB shall serve more than two consecutive periods of three years each. A person who was appointed as a member of QAB, under a previous QCR Framework may remain a member of QAB until the expiration of his term except an employee of SECP, SBP and PSX. The relevant nominating body shall nominate a new member in accordance with this QCR Framework within sixty (60) days of effective date of this Framework. In case of any casual vacancy the new member shall be nominated by the original appointing body within sixty (60) days for remaining period of the member vacating his position. Cessation of Membership is replaced by his nominating body; has given his resignation in writing addressed to the Secretary of the Institute and the Council has accepted the same; becomes of unsound mind; has applied to be adjudicated as an insolvent and his application is pending; is an undischarged insolvent; has been convicted by a court of law for an offence involving moral turpitude; has displayed lack of fiduciary behavior and a declaration to this effect has been made by a court; and/or is removed from the membership of the Institute. AT A GLANCE A member of QAB shall cease to be a member if he QAB shall hold at least six (6) meetings in a financial year. Procedure to call meetings of QAB shall be as follows: ¯ Notice of the meeting shall be issued at least fifteen (15) days, or any shorter period if decided by the Chairman, before the date of the meeting. ¯ Agenda and working papers shall be sent by the Secretary to QAB, to all members of QAB at least ten (10) days or any shorter period as may be decided by the Chairman, before the date of the meeting. ¯ In the absence of the Chairman, the members present shall elect amongst themselves a Chairman, who shall preside over the meeting of QAB. Except as otherwise specified in this framework, all the meetings of QAB, the vote of majority shall prevail and in the event of equality of vote, the Chairman shall have a casting vote in addition to his own vote. The Secretary to QAB shall prepare minutes of the QAB meeting not later than 14 days after the meeting and shall circulate the minutes to all members of QAB. Minutes of meetings shall be signed by the Chairman of the meeting. Secretary to QAB shall maintain the record of the signed minutes of the meetings of QAB. Subject to the approval by the competent authority under the provisions of Chartered Accountants Ordinance, 1961, members of QAB shall be paid a meeting fee, as may be specified by the Council. Minimum five members of QAB shall form the ‘Quorum’ for a meeting of QAB. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 145 SPOTLIGHT Meetings of QAB CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Duties and Powers of the Chairman of QAB The Chairman shall be responsible for the following: Chair the meetings of QAB; Ensure timely preparation and approval of agenda, working papers, minutes etc. of the meeting; Ensure that a meeting of QAB is planned effectively, conducted according to the framework and that matters are dealt with in an orderly and efficient manner; Recommend removal of member(s) to the nominating body in case a member of QAB is absent for three consecutive meetings of QAB; Refer the matter to the nominating body for filling up of any casual vacancy; and Any other function as required/prescribed in the framework. Responsibilities and Functions of QAB AT A GLANCE SPOTLIGHT To decide a QCR Rating on a timely basis in case of a new Firm or before the expiry of a Firm’s last QCR rating; To set policies for the implementation of this framework and to decide on all matters relating thereto and monitor its adequate and effective implementation; To prepare annual report within four (4) months after June 30 of the year summarizing the performance of QAB and the results of the QCR Program; To evaluate the performance of Head of QAD and Secretary to QAB for the HR Committee of the Institute; To determine required capacity of QAD in view of the work hours required to perform reviews and recommend the same to ICAP; To ensure that remedial actions or recommendations made by AOB are properly implemented within specified time period; To recommend a Firm to AOB for registration under section 36T of Part IXC of Securities and Exchange Commission of Pakistan Act 1997, within such time and manner as may be specified by AOB; To recommend a Firm to AOB for de-registration under section 36T of Part IXC of Securities and Exchange Commission of Pakistan Act 1997, within such time and manner as may be specified by AOB. A recommendation for de-registration shall be made upon the removal of a Firm from the List of Firms having Satisfactory QCR Rating, request by Firm for voluntary de- registration or any other grounds as may be deemed appropriate by QAB or AOB; To appoint Secretary to QAB from amongst the candidates recommended by the Institute and approve the terms and conditions of his appointment; and To appoint Head of QAD from amongst the candidates recommended by the Institute and approve the terms and conditions of his appointment. Definition: Quality Assurance Department (QAD) A department established, resourced and funded by the Institute in consultation with the Quality Assurance Board to carry out such functions and responsibilities as assigned to it by the Quality Assurance Board in line with this framework. Secretary to the QAB and the Head of QAD shall be two different offices held by two different persons and a Head of QAD already appointed by the Institute shall be deemed to have been appointed by QAB. In carrying out the above functions, QAB shall be assisted by its Secretary and the QAD. 146 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 7. PLANNING AN AUDIT OF FINANCIAL STATEMENTS (ISA 300) 7.1 The Role and Timing of Planning (Ref: 2, A1-A3) Benefits of Adequate planning 1. Helps to devote appropriate attention to important areas of audit. 2. Helps identify and resolve potential problems on a timely basis. 3. Helps auditor properly organize and manage the audit. 4. Helps in assignment of engagement team members and audit work. 5. Facilitating direction, supervision and review of audit work. 6. Assisting in coordination of work done by component auditors (ISA-600) and experts (ISA-620). Size of the entity. 2. Complexity of the entity. 3. Team member's previous experience with entity. 4. Changes in circumstances occurring during audit. Planning includes need to consider, prior to risk assessment, such matters as: 1. Analytical procedure to be applied as risk assessment procedure 2. Obtaining general understanding of the legal and regulatory framework of the entity. 3. Determination of materiality. 4. Involvement of experts. 5. Performance of other risk assessment procedures. Auditor may discuss planning with management to facilitate management of the audit, but should not compromise the effectiveness of the audit by making audit procedures too predictable. 7.2 Involvement of Key Engagement Team Members (Ref: 5, A4) Engagement partner and other key members shall be involved in the planning 7.3 Preliminary Engagement Activities (Ref: 6, A5-A7) Auditor shall undertake the following activities at the beginning of current audit engagement: 1. Procedures regarding continuance of client (ISA-220(REVISED) 2. Evaluating compliance with ethical requirements (ISA 220(REVISED) 3. Establishing an understanding of terms of engagement (ISA 210) It enables auditor to plan an audit engagement for which: 1. Auditor maintains necessary independence and ability to perform the engagement. 2. No issues with management integrity affecting auditor's willingness to continue engagement 3. There is no misunderstanding with the client as to the terms of the engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 147 SPOTLIGHT 1. AT A GLANCE Planning activities vary according to: CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 7.4 Additional Considerations in Initial Audit Engagements (Ref: 13, A22) 1. Performing procedures regarding acceptance of client relationship and specific audit engagement (ISA 220(REVISED) 2. Prior to starting an initial audit, auditor shall communicate with predecessor auditor, in compliance with ethical requirements. 3. Additional matters he may consider in establishing overall audit strategy & audit plan includes: 4. Arrangements to be made with predecessor auditor e.g. reviewing auditor’s working papers. 5. Any major issues discussed with management in connection with initial selection as auditor, communicating matters to those charged with governance and how these matters affect the overall planning. 6. Procedures necessary to obtain sufficient appropriate audit evidence for opening balances. 7. Other procedures required by firm's system of quality control for initial audits 8. (e.g. involvement of another partner or senior individual to review planning activities) AT A GLANCE 7.5 Planning Activities (Ref: 7-11, A8-A17) Auditor shall establish an “overall audit strategy” that sets the scope, timing and direction of the audit and that guides the development of the “audit plan”. OVERALL AUDIT STRATEGY Establishing overall audit strategy assists auditor to determine: 1. Resources to deploy for specific audit areas (e.g. experienced team members for risky areas) 2. Amount of resources to allocate to specific audit areas (e.g. number of team members) 3. Timing of deployment of these resources (e.g. whether interim audit stage or at cutoff dates) 4. How these resources are managed, directed and supervised? SPOTLIGHT The Overall audit strategy: Matters to Consider Characteristics of the engagement Reporting objectives, timing of the audit and nature of communications 148 Financial reporting framework Industry-specific reporting requirements Expected audit coverage Nature of business segments Availability of internal audit work Use of service organisations Effect of information technology on audit procedures Availability of client personnel and data Entity’s timetable for reporting Organisation of meetings with management and those charged with governance Discussions with management and those charged with governance Expected communications with third parities THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS Nature, timing and extent of resources Determination of materiality Areas identified with higher risk of material misstatement Results of previous audits Need to maintain professional scepticism Evidence of management’s commitment to design, implementation and maintenance of sound internal control Volume of transactions Significant business developments Significant industry developments Significant changes in financial reporting framework Other significant recent developments Selections of engagement team Assignment of work to team members Engagement budgeting AT A GLANCE Significant factors, preliminary engagement activities, and knowledge gained on other engagements CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE AUDIT PLAN Once overall audit strategy has been established, an audit plan can be developed to address various matters identified in overall audit strategy. The auditor shall develop an audit plan that shall include a description of the nature, timing and extent of planned risk assessment procedures and further audit procedures. Auditor shall update & change overall audit strategy and audit plan, as and when necessary, during course of audit as a result of unexpected events, changes in conditions, or audit evidence obtained Direction, Supervision and Review (factors) 1. 2. 3. 4. Size and complexity of the entity. Area of the audit. Assessed risks of material misstatement. Capabilities and competence of the individual team members performing the audit work. 7.6 Documentation (Ref: 12, A18-21) 1. 2. 3. The overall audit strategy; The audit plan Any significant changes made during audit to above two and reasons for such change 7.7 Tutorial note The important paragraphs of the standard to be focused more by the students are: Core Paragraphs: 6, 8, 9 and 12 Explanatory Paragraphs: A9, A8, A12, A14 and A20 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 149 SPOTLIGHT Changes to Planning Decisions during the Course of the Audit CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 8. CHANGES IN A PROFESSIONAL APPOINTMENT 8.1 Why a change might arise An ICAP member may be asked to accept a new audit appointment in a situation where the existing auditor will not be reappointed. This may be for any of the following reasons: 1. 2. 3. 4. The current firm is too small to cope with the demands of an expanding client (who now operates from multiple locations, in different towns or countries). There may be a change in the composition of the company’s board of directors, and the new directors wish to appoint an auditor of their own choice. There may be a perceived lack of independence, possibly one that has just arisen. There may have been a disagreement between the directors and the ‘old’ audit firm (for example, over the accounting treatment of an item in the financial statements). In theory, the auditor is appointed by the shareholders. However, in practice recommendations are made by the directors to the shareholders when they consider that there should be a change of auditors. AT A GLANCE If the outgoing auditor feels that the change is for a reason that should be brought to the attention of the shareholders (for example, in the case of a dispute) then national legislation (s253 of the Companies Act, 2017 in Pakistan) allows them to make representations to the shareholders. 8.2 Procedures before accepting a new audit appointment Before accepting an appointment, the audit firm should take the following steps: 1. 2. 3. SPOTLIGHT 4. It should assess whether there are any professional problems attached to accepting the engagement. These might include, for example, problems of lack of independence, or a lack of technical expertise, or a conflict of interest. It should ensure that resources are available to complete the audit assignment; in particular, it must ensure that there will be sufficient staff (of the right level of expertise) available at the right time. It should take up references on the proposed client company and its directors, if they are not already known to the auditors. This is usually referred to as client screening. It should communicate with the incumbent (existing) auditors, if there are any, to discuss the appointment, the client and the audit work and to find out whether there is any reason why the proposed audit appointment should not be accepted. The method of communication is referred to as professional enquiry (see below). Client identification In order to comply with anti-money laundering regulations, the audit firm should carry out client identification procedures. The purpose of these procedures is to confirm that the client is ‘as they say they are’, and that there are no grounds for suspicion that the client may be involved in money laundering activities. 1. 2. 3. 4. If the client is a company or other business entity, documentary evidence of the identity of the entity should be obtained – for example a certificate of incorporation in the case of a company. Evidence should also be obtained to confirm the address of the entity, such as letter head. If the client is an individual, evidence of identity can be obtained from a passport or driving license, and evidence of address (possibly) from a recent utility bill. The audit firm should consider whether the business of the potential new client ‘makes commercial sense’. For example, it would not make sense for a very large company to be engaged in operating a number of dry cleaning shops, because the size of the company would be too large for the nature of its business operations. When this happens, the client’s declared business may simply be a front or cover for hidden illegal activities. The audit firm should explain the regulatory purpose of client identification, to remove any doubts or concerns that the new client may have. 150 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Professional enquiry The firm should communicate with the current auditors (if there are any) to establish if there are any matters that it should be aware of when deciding whether or not to accept the appointment. Although this is partly a matter of courtesy between professionals, this will involve discussion of the appointment, the client and the audit work. Such discussion will allow the firm to decide if the client is someone for whom it would wish to act. The following points should be noted in connection with communicating with the current auditors: Unpaid Fees A member in public practice should not accept an audit assignment previously carried out by another member, without first ensuring that the other member has been properly removed from office as auditor and that all outstanding fees due to the other member have been fully paid. ICAP’s technical release no.16 (ATR-16) states that ICAP members shall be deemed guilty of professional misconduct if they accept the appointment as auditor (for statutory audits to be performed under the Companies Act, 2017 or other statute) where the undisputed audit fee of the prospective client due to a fellow Chartered Accountant has not been paid. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 151 SPOTLIGHT When a member is first approached by a prospective client to act or be nominated, they should explain that they have a professional duty to communicate with the existing auditor or advisor. 2. Client permission is required for any such communication. If the client refuses to give its permission, the appointment as auditor should not be accepted. 3. If the client does not give the current auditor permission to reply to any relevant questions, the current auditor should communicate this fact to the prospective auditor who should subsequently not accept appointment. 4. If the current auditor does not provide any information relevant to the appointment, the new auditor should accept or reject the engagement based on other available knowledge. 5. The existing auditor or adviser should answer without delay the communication from the prospective auditor. If there are no matters of which the latter should be aware, the existing auditor or adviser should write to say that this is the case. 6. If, however, there are such matters they should inform the prospective auditor of those facts within their knowledge of which, in their opinion, the prospective auditor should be aware. It is not sufficient to state that unspecified facts exist. 7. The existing auditor or adviser might prefer to explain these facts orally and the prospective auditor or adviser should be prepared to confer with the existing auditor or adviser if the latter so desires, and each should make their own record of such a discussion. 8. If an issue of conflicting viewpoints between the client and themselves has been raised by the existing auditor in their reply, the prospective successor should discuss the conflict with the client and satisfy themselves either that the client’s view is one which they can accept as reasonable or that the client will accept that the incoming auditor or adviser might have to express a contrary opinion. 9. Where the existing auditor or adviser does not respond within a reasonable time, the prospective successor should endeavor to contact the existing auditor by some other means, for instance, by telephone or e-mail. 10. Should this fail, and where the prospective successor has no reason to believe that there are untoward circumstances surrounding the change, they should send a final letter by recorded delivery service stating that unless they receive a reply within a specified time they will assume that there are no matters of which the existing auditor is aware that should be brought to their attention. A member who accepts nomination in such circumstances is not precluded from complaining to the Institute that the existing auditor did not respond to their enquiry letter. 11. If the prospective auditor is satisfied that they can properly act, and are prepared to accept nomination/appointment, they should so inform the client in writing. AT A GLANCE 1. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Confidentiality The prospective auditor should ordinarily treat in confidence any information provided by the existing auditor. However, it may be essential to the fulfilment of a prospective auditor’s obligations that they should disclose such information. It may, for example, be unavoidable for the prospective auditor to disclose to officers or employees of the client matters brought to their attention by the predecessor firm, which needs to be properly investigated. Such disclosure should be no wider than is necessary. Defamation An existing auditor might need to communicate matters to a prospective auditor that are potentially damaging to a client (or to an individual concerned with the client’s business) during ‘professional enquiry’ e.g. statements regarding management’s integrity. Auditors will normally be protected against any defamation claim against them relating to professional enquiry so long as they have followed professional and ethical guidelines when making such communications. This type of protection is called ‘qualified privilege’ and means that the auditor would not be liable to pay damages for defamatory statements even if they turn out to be untrue, provided that they are made without malice. AT A GLANCE Joint auditor A member whose firm is nominated as a joint auditor should communicate with all existing auditors and be guided by similar principles to those set out in relation to nomination as an auditor. Where it is proposed that a joint audit appointment becomes a sole appointment, the surviving auditor should communicate formally with the outgoing joint auditor. Vacancy A member whose firm is invited to accept nomination on the death of a sole practitioner auditor should endeavor to obtain such information as they may need from the late practitioner’s alternative (where appropriate), the administrators of the estate or other relevant sources. SPOTLIGHT Additional work A member invited to undertake recurring or non-recurring work, which is additional to and related to continuing work carried out by another Chartered Accountant or adviser should normally notify that other Chartered Accountant of the work they have been asked to undertake. 1. 2. 3. It is generally in the interest of the client that the existing auditor be aware of the nature of the additional work being undertaken. The existing Chartered Accountant will be provided with the opportunity to communicate with the member to provide information, lack of which might otherwise prevent the additional work from being carried out effectively. Additionally, such notification could affect the way an existing Chartered Accountant discharges their continuing responsibilities to their client. Notification should always be given to the existing Chartered Accountant. Provision of all opinions on the application of accounting standards or principles clearly requires particular sensitivity to avoid adversarial positions between an auditor and other Chartered Accountants wherever possible. 8.3 Deciding whether to accept a new audit appointment An accountancy firm may occasionally decide that to accept a new audit appointment would threaten the firm’s reputation and might also raise serious ethical issues. Example: accepting a new audit appointment Gudrat Company is an owner-managed company. It has asked your firm to become its auditors. The following information has been obtained about the company, mainly from the company’s current auditors. 152 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 2. 3. 4. 5. The current auditors have just resigned from the audit because they no longer have sufficient resources to carry out the audit work for Gudrat. They had taken on the audit two years earlier, after the previous auditors had resigned due to a dispute about fees. The current auditors commented that the company’s management liked to keep a close control over costs, and they had agreed to do the audit for a lower fee. The current auditors had discovered a number of internal control weaknesses in Gudrat and had reported them to management, but nothing appeared to have been done by management to improve the control system. There were ongoing disputes with the tax authorities about the amount of tax payable by Gudrat on profits for the previous three years. Gudrat Company has a poor public relations image. It is currently under investigation by both the police authorities and the regulatory authorities for alleged breaches of regulations, and some of these had been widely reported. The company is ambitious and plans to expand its business in the next year or so. It expected to obtain bank loans to finance most of the expansion. What issues should the audit firm consider when deciding whether or not to accept the new audit appointment? Answer The following matters may be considered. 1. 2. 3. 4. 5. 6. Reputation. The audit firm may decide that it does not wish to be associated with a client company whose public relations image is poor. The bad reputation of the company may transfer to its auditors. Advocacy threat. The criminal or regulatory investigation may lead to legal action, and the audit firm may be faced with an advocacy threat, and be expected to defend the company against the allegations that have been made against it. Aggressive management. Gudrat Company has aggressive managers who are willing to argue with auditors and who want to keep costs as low as possible. There is a high risk of continuing disputes over audit fees. Audit risk. If the company applies for new bank loans, it will probably be required to submit audited financial statements to the bank as part of the loan application. The management of Gudrat have a strong interest in presenting financial statements that show strong profits and a healthy statement of financial position. The risk that the financial statements may be misstated could therefore be high. (The audit firm would probably wish to consider including a disclaimer in their audit report, to reduce the risk of liability to a bank for ‘negligent’ auditing in the event that the financial statements turn out to be misstated and the errors are not identified by the auditors.) High audit risk is also suggested by the weak internal controls and failure by management to improve controls. The high audit risk means that a new auditor would want to conduct a very careful audit of the opening balances: this would add to the cost and time required for the audit, which Gudrat management may refuse to accept. However, there is no evidence of fraud (or suggestion of fraud) by anyone in the company, and the audit firm may decide to accept the audit appointment, subject to agreement about fees. Acceptance of a new audit client is a matter of judgement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 153 AT A GLANCE 1. SPOTLIGHT CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 8.4 Books, documents and records Client books and records: right of lien Once a new auditor has been appointed, the outgoing auditor should arrange for the transfer of any books and records belonging to the client that are in their possession. However, where fees remain unpaid, the outgoing auditor may wish to exercise a legal right of lien over those client books and records. 1. 2. 3. 4. 5. A lien is a right to retain possession of property belonging to another until amounts due are paid. Auditors have a ‘particular’ (as opposed to a ‘general’) lien. This means that the right of lien is only in respect of those books and records on which the auditor has performed audit work. In order for the lien to be applied: the documents must have come into the auditor’s possession lawfully, and an invoice must have been sent to the client company for the fees owing, and there must be no dispute over fees. AT A GLANCE Unfortunately, in some countries, legal decisions have been taken that mean a lien cannot be exercised over books and records which the client is required to keep by law. In many cases, this legal requirement applies to most of the client’s books and records. Consequently, these legal decisions may significantly reduce the effectiveness of the right of lien. Auditor working papers Audit working papers are documents prepared by the auditors for the purpose of carrying out their audit work. In general, these belong to the auditors, unless there is a provision to the contrary in the engagement letter or in national law. However, the outgoing auditor will be expected to provide the proposed new auditor with information that is sufficient for a reasonable handover of audit responsibilities. The precise nature of this information will depend on the stage that the audit has reached when the responsibility for the audit passes from the outgoing audit firm to the new one. SPOTLIGHT 8.5 Accepting engagements other than audit The procedures for accepting non-audit engagements are very similar to those for accepting audit engagements and include: 1. 2. 3. 4. 154 Ethical considerations – e.g. does the firm have staff who are technically competent to perform the engagement? Might there be a conflict of interest with an existing client? There can be instances where a proposed appointment for a non-audit engagement, for example advice on business restructuring or accounting assistance, could potentially conflict the auditor’s need to apply professional scepticism as part of the audit due to the increased self-interest. Such non-audit engagements need to be thoroughly reviewed prior to acceptance. Commercial considerations – e.g. does the engagement fit with the strategy of the firm at an appropriate and fair fee level? Client identification – e.g. the firm should apply client due diligence (know your client) procedures to all new clients, not just audit clients. Communication – it may or may not be appropriate and/or feasible to communicate with another practitioner in the same way an incoming auditor is required to communicate with the existing auditor. Protocol will depend on the particular circumstances of the non-audit engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Practice Question 08: The financial statements of Walter Limited (WL) a public unlisted company, for the year ended 30 June 2007 were significantly delayed and were finalized in April 2008. After finalization of financial statements, a meeting of the board of directors (BOD) of WL was held in May 2008 and Annual General Meeting (AGM) was held on June 18, 2008. Due to delay in holding the AGM, the Securities and Exchange Commission of Pakistan (SECP) has imposed a penalty and has advised WL that no such delay shall be entertained in future. In the AGM, the shareholders of WL appointed your firm as the statutory auditors and the fact has been communicated to you by the Company Secretary through his letter dated June 22, 2008 which was faxed to you on the same date. The company’s financial year is closing on June 30, 2008 and the management wants to commence the audit immediately in order to ensure timely financial reporting and holding of AGM. Required: OTHER STEPS Professional Clearance Letter we need to refer to the Code of Ethics for Chartered Accountants which requires that the proposed chartered accountant in practice should: i. Ascertain if the prospective client has advised the existing auditors of the proposed change and has given them the permission, preferably in writing, to discuss the client’s affairs fully and freely with the new auditors i.e. our firm. ii. After getting satisfactory reply from prospective client, request permission to communicate with the existing chartered accountant. If such permission is refused or the permission referred to in (a) above is not given, the proposed chartered accountant in practice should, barring some judgmental exception, decline the appointment. iii. On receipt of permission, we shall ask the existing auditors, preferably in writing: a) To provide information on any professional reasons if any, on account of which our firm may decide not to accept the appointment and, b) If there are any such matters, to provide all the necessary details to enable us to come to a decision. Particularly in view of the fact that it is the first audit, we should send an engagement letter, preferably before the commencement of the engagement, to help in avoiding misunderstanding with respect to the engagement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 155 SPOTLIGHT Solution: AT A GLANCE What other steps would you like to take before commencement of the audit? CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS 9. OBTAINING AND CHARGING FOR PROFESSIONAL WORK 9.1 Obtaining professional work Audit practices will want to increase the size of their client base as a means of increasing the profits of the practice. This can be achieved by: 1. 2. 3. 4. promoting their (good) reputation in the business community recommendations from existing clients advertising publicity and promotion (such as sponsorship activities) 9.2 Advertising and publicity When a professional accountant in public practice solicits new work through advertising or other forms of marketing, there may be a threat to compliance with the fundamental ethical principles. For example, a selfinterest threat to compliance with the principle of professional behaviour is created if services, achievements, or products are marketed in a way that is inconsistent with that principle. AT A GLANCE Advertising and publicity activities by accountancy firms are therefore regulated by IFAC and ICAP through their codes of ethics and conduct respectively. Advertising and publicity - ICAP Code of Ethics Undue publicity to be avoided In any communications, announcements and public notices, chartered accountants should not: 1. 2. 3. use means which bring the profession into disrepute; make exaggerated claims for the services they are able to offer, the qualifications they possess, or experience they have gained; and denigrate the work of other accountants. SPOTLIGHT A Chartered Accountant preparing or authorizing the issue of matter falling within this Section should do so with a due sense of responsibility to the profession and to the public as a whole. In particular, such material should be in good taste both as to content and presentation and should not belittle services offered by others, whether members or not, either by claiming superiority for the services of a particular Chartered Accountant or otherwise. The same attitude should be adopted towards activities mentioned in subsequent paragraphs. Advertising for solicitation must be avoided All communications, announcements and public notices should be issued in such a manner and within the limits prescribed in the following paragraphs: 1. 2. 156 All announcements, communications and public notices should: be aimed at informing the recipients or the public in an objective manner; conform to the basic principles of legality, decency, clarity, honesty and truthfulness; and not project an image, which is inconsistent with that of a professional person bound to high ethical and technical standards. Activities which may expressly be considered not to meet the above criteria and are therefore prohibited include those that: create false, deceptive or unjustified expectations of favourable results; imply the ability to influence any court, tribunal, regulatory agency or similar body or official; consist of self-laudatory statements that are not based on verifiable facts; make comparisons with other professional accountants in practice; contain testimonials or endorsements; contain any other representations that would be likely to cause a reasonable person to misunderstand or be deceived; and make unjustified claims to be an expert or specialist in a particular field of accountancy. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE 9.3 Fees General principles The question of setting a ‘price’ for the provision of a service is always a sensitive matter, because of disputes that may arise if the fees are unreasonable. In establishing the fee for professional work, the accountant should follow professional guidance. In any case they must ensure they do not breach any of the fundamental ethical principles. For example, a self-interest threat to professional competence and due care may be created if the fee quoted is so low that it may be difficult to perform the engagement in accordance with applicable technical and professional standards for that price. Safeguards against threats may include: 1. 2. making the client aware of the terms of the engagement and, in particular, the basis on which fees are charged and which services are covered by the quoted fee (through the engagement letter); and assigning appropriate time and qualified staff to the task. Where reference is made in promotional material to fees: 1. 2. 3. this must not be misleading with regard to the precise range of services and the time commitment covered. comparison may be made to the fees of others, provided that this is not misleading and that it follows local regulations or legislation. discounts on existing fees may be offered, or a free consultation at which the level of fees will be discussed. However, the discount should not be so low that it constitutes lowballing, as described above. AT A GLANCE Promotional material Introductions 9.4 Tendering Introduction Tendering is a commercial process widely-used by companies (especially larger companies) when they wish to change auditors. Tendering involves two or more audit firms being invited by a company to submit a proposal for its audit work. The invitation may or may not include the existing auditor. A company may also invite firms to tender for the audit work when the term of the appointment for the current audit firm has come to an end. In this case, if the current auditor wishes to be re-appointed, it will have to go through a tendering process. Initial considerations Tendering should commence only when a firm has been approached by a prospective client. In any case, a firm should not submit a tender for the work unless it can give satisfactory answers to the following questions: 1. 2. 3. 4. Does the firm have the expertise to carry out this audit? Does the firm have (or could it have) sufficient staff available at the appropriate time? Are there any ethical reasons why the firm could not act (for example, a problem with independence, or a conflict of interest)? Are there any problems, of which the firm is aware, with the current audit or auditors? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 157 SPOTLIGHT Fees and commissions may be paid to third parties for the introduction of potential new clients, but safeguards must be in place to reduce the threats to the fundamental principles. Such safeguards would include disclosure to the client. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE CFAP 6: AARS Specifically, in relation to a tender, the firm should also ask itself: 1. 2. 3. 4. Why has it been asked to tender? Could it (and should it?) offer to do the audit for a lower fee than other firms are likely to quote? Are there any reasons why this audit is particularly attractive to the firm? For example, will the work be carried out at a quiet time of year, or is the company in an industry area where the firm wishes to develop its audit experience and expertise? What audit risks might arise with this particular client? The tendering process The principal benefit to the client of a tendering process should be lower audit fees, because several firms are competing for the work. In response to the pressure to reduce their fees, audit firms have become more efficient and lowered their costs. Even so, the tendering process can still be ‘high risk’ for a firm. For example: 1. AT A GLANCE 2. The firm needs to be confident that the client is one that it can deal with professionally and economically if the tender is accepted. If the tender is not accepted, the time and cost involved in the tendering process (which may be considerable) has been wasted. The firm needs to be sure that a sufficiently high proportion of its tenders will be successful, to justify the costs. The tendering process should be broken down into the following stages (assuming that a firm is submitting a tender for the audit of a new client): 1. 2. 3. SPOTLIGHT 4. 5. 6. Collect background information about the possible new client. (This is necessary when evaluating any new client, whether the fee is to be set by tender or by any other method.) Establish the precise scope of the work to be performed and the specific requirements of the prospective client. Carry out a preliminary audit risk assessment and prepare a preliminary plan for the audit. The plan must cover the staffing requirements and the time requirements for the work. Estimate a fee. Prepare a submission document for the potential client. The contents of this document will typically include: an outline of the key characteristics of the firm clarification of the nature of the audit work or other non-audit work to be performed a statement of the requirements of the client and how the firm will comply with them an outline of how the work will be performed the proposed fee and the basis of its calculation the range of other services which the firm could offer to the client. If required, prepare and give a presentation to the potential client. Evaluating the tender In evaluating the tender, the client (company) is likely to consider the following issues: 1. 2. 3. 4. 5. 158 Fees The services that the firm is able to provide Geographical locations and coverage of the firm’s offices Expertise of the firm and its staff Reputation of the firm THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS 6. 7. 8. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE Whether the senior management of the company think that they will be able to work well (on a personal level) with the potential engagement partner and key audit staff The formal presentation itself by the audit firm The extent to which the company wants to change its audit firm and its dissatisfaction with the current audit firm. Lowballing Lowballing is the practice of tendering for the audit work at a very low fee, with the objective of winning the audit. If it is successful in obtaining the audit, the firm will hope that: it will be able to raise the audit fee in future years, or it will be able to recover losses on the audit fee by providing other, more lucrative non-audit services. Although there is no evidence that lowballing leads to a poor-quality audit, the fact that it exists does nothing to improve the reputation of the auditing profession. The existence of low fees may suggest to the business community and to the general public that audit work is of a low quality. All fees should be sufficiently adequate to compensate a firm for the work that it carries out. With this in mind, the ICAP Code of Ethics requires Chartered accountants in practice to comply with provision ATR-14 denoting minimum hourly charge-out rates and fees for audit engagements. 9.5 Credit control within an audit firm An audit firm does not just charge fees. It has to collect the fees that it charges. A failure to invoice clients promptly or a failure to collect payment within a reasonable time after the invoice date would be an indication of poor credit management. Any such management weaknesses should be corrected if they occur. AT A GLANCE 1. 2. 1. 2. 3. 4. Overdue fees are a threat to the independence and objectivity of the auditor, because it might be argued that audit work has been provided free of charge. If the unpaid amount has been overdue for a long time, it could be regarded as a form of loan by the audit firm to the client. The risk to auditor independence could be significant if the unpaid amount is material. When a client is in temporary financial difficulties it is permissible for an auditor to make commercial arrangements for staged payments of the fees due. The client should be made aware, however, of the ethical problems that non-payment or late payment create for the audit firm. For future audits, if the audit engagement is retained, the auditor should pay particular attention to the going concern assumption. If the client still has continuing cash flow problems, the going concern assumption may be challenged. When unpaid fees are owed by a client and the period of late payment is in excess of what might be regarded as commercially acceptable, the audit firm should consider whether it would be ethically appropriate to resign as auditors. 1. 2. 3. The ethics partner of the firm should be asked to assess the ethical threat to the firm’s independence and integrity. If the decision is to continue as auditor of the client, the reason should be documented. The most recent audit papers should be checked to ensure that sufficient appropriate evidence was obtained to support the going concern assumption in the financial statements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 159 SPOTLIGHT Occasionally, non-payment of fees may be due to the fact that the audit client is in financial difficulties and cannot pay. CHAPTER 4: APPOINTMENT OF AN AUDITOR AND THE PLANNING PHASE AT A GLANCE SPOTLIGHT 160 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5 PROFESSIONAL RESPONSIBILITY AND LIABILITY AT A GLANCE penalties imposed on them for a criminal offence, or SPOTLIGHT legal claims made against them for negligence. 1. Auditors’ liability and the expectations gap 2. The auditor’s responsibilities relating to fraud in an audit of financial statements (ISA 240) ISA-240 deals with the auditor’s responsibilities relating to fraud in an audit of financial statements. Misstatements in the financial statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. 3. The auditor’s liability 4. Managing the auditor’s liability 5. Communication with those charged with governance (ISA 260 - Revised) AT A GLANCE AT A GLANCE This chapter deals with a number of aspects of law and regulation under which auditors may have: Legal claims made against auditors fall within one of two legal strands: Auditor may be prosecuted by the authorities for a criminal act, and be criminally liable if found guilty. (The penalty may be a fine, or possibly imprisonment) The auditor may be liable under civil law. A ‘civil’ legal action may be brought against an auditor by another person who has suffered loss or damage because of the auditor’s actions. Different ways of meeting auditor’s liability are also dealt in with in this chapter. ISA-260 deals with the auditor’s responsibility to communicate with those charged with governance in an audit of financial statements. Although this ISA applies irrespective of an entity’s governance structure or size, particular considerations apply where all of those charged with governance are involved in managing an entity, and for listed entities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 161 SPOTLIGHT IN THIS CHAPTER: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS 1. AUDITORS’ LIABILITY AND THE EXPECTATIONS GAP 1.1 Introduction This chapter deals with a number of aspects of law and regulation under which auditors: may have penalties imposed on them for a criminal offence, or may have legal claims made against them (for ‘damages’) for negligence. The potential liability of auditors has become an important topic in recent years, due to the growing complexity of the business and legal environment and an increase in legal actions against auditors. One explanation put forward to explain the high number of legal actions against auditors is the ‘expectations gap’. 1.2 The expectations gap The expectations gap is the difference (or ‘gap’) between: AT A GLANCE what the users of financial statements and other members of the public think that the auditors should do, and what the auditors are actually required by the law and the profession to do. There are three main elements in the expectations gap: A standards gap. This occurs because of a perception that auditing standards are more prescriptive than they actually are, and that auditors have wide-ranging rules that they must follow: A performance gap. This occurs because of a perception that audit work has fallen below the required standards. A liability gap. This arises from a lack of understanding about the auditor’s liability and who the auditor may be liable to. In addition, there is a perception that auditors have a responsibility for detecting all frauds, whenever they occur. SPOTLIGHT High levels of expectation about what auditors should do may lead to legal action against auditors if this level of expectation is not met. To reduce the frequency and cost of legal action, and to maintain the image of the audit profession in the mind of the public, it is in the interests of the profession to take steps to close the expectations gap. 1.3 Closing the expectations gap A number of strategies exist that could assist in closing the expectation gap and are discussed below. 162 The profession should attempt to improve the general level of knowledge and understanding about the audit process. One such attempt has been made with the issuance of revised ISA 700, the auditing standard on auditor’s reports. This requires the audit report to include an explanation of the nature of an audit. The revised ISA 700 (see later chapter on current affairs) extends the description of the nature of an audit and provides more useful and relevant information about the audit to users. Controls over the auditing profession are important in enhancing public confidence. For example: ¯ The European Union requires the audit of companies whose shares are quoted on a stock market in the EU to be conducted in accordance with international auditing standards (ISAs); ¯ National oversight bodies such as PCAOB (Public Company Accounting Oversight Board) in USA and FRC (Financial Reporting Councils) in the UK monitor the compliance of audit firms in their conduct of audits by performing audit inspections; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Significant guidance for auditors and management aimed at increasing quality and addressing issues such as going concern has been issued by standard setters, professional bodies and regulators. There has been an increased focus on corporate governance and the role that audit committees play in companies, reducing inconsistencies and enhancing the quality of audits. Open and candid communication between internal and external auditors, financial management and the audit committee is increasingly being seen as critical in helping reduce the expectation gap. Such communication helps the audit committee to perform their governance role with the necessary transparency and realistic expectations that will help achieve effective risk management. Enhanced communication between the parties and confirmation of their respective roles and responsibilities should be presented in the audit committee and directors’ reports to the shareholders. This will ensure that users become much more aware of the various parties’ roles and responsibilities beyond the understanding they gain just from the audit report. The expectation gap will hopefully narrow further as financial reporting participants work together even more effectively to improve the deterrence and detection of financial reporting fraud. One thing that is certain is that audit committees are well positioned to play a vital role in reducing the expectation gap given their open and direct relationship with all the key parties including shareholders, board of directors, internal audit and external audit. This is also because audit committees include an appropriate mix of independent and/or non-executive directors to add the necessary transparency and impartiality which is required for stakeholders’ confidence in the overall financial reporting process and the audit itself. AT A GLANCE The level of success in narrowing the expectation gap is likely to vary considerably between territories depending on factors such as culture, ethics, the level of incidence of governance mechanisms beyond the minimum required by law and regulation and the quality, availability and transparency of corporate reporting. 1.4 IAASB Q&A: Professional scepticism in an audit of financial statements The Q&A focuses on considerations in the ISAs and the IAASB’s quality control standard that are of particular relevance to the proper understanding and application of professional scepticism during an audit of financial statements. Q&A Question Answer 1. What is professional scepticism? The ISAs define professional scepticism as “an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.” They explicitly require the auditor to plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. i.e. An inquisitive mind. 2. Why is professional scepticism important in audits of financial statements? Professional scepticism plays a fundamentally important role in the audit and forms an integral part of the auditor’s skill set. Professional scepticism is closely interrelated with professional judgment. Both are essential to the proper conduct of the audit and are key inputs to audit quality. Professional scepticism facilitates the appropriate exercise of professional judgment by the auditor, particularly regarding decisions about, for example: The nature, timing and extent of audit procedures to be performed. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 163 SPOTLIGHT The IAASB issued a Q&A-style briefing paper on professional scepticism in 2012 which articulates the meaning and application of professional scepticism in the audit of financial statements. CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Question 3. What can be done by audit firms and auditors to enhance the awareness of the importance of professional scepticism and its application? AT A GLANCE SPOTLIGHT 4. At what stage in the audit process is professional scepticism necessary? 5. How does professional scepticism relate to the auditor’s responsibilities with respect to fraud? 164 CFAP 6: AARS Answer Whether or not sufficient appropriate audit evidence has been obtained and whether or not more needs to be done to achieve the objectives of the ISAs. The evaluation of management’s judgments in applying the entity’s applicable financial reporting framework. The drawing of conclusions based on the audit evidence obtained, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements. Professional scepticism within the engagement team is also influenced both by the actions of the firm’s leadership and the engagement partner, and by the culture and business environment of the firm. The ISAs and ISQMs include requirements and guidance designed to help create an environment at both the firm and engagement levels in which the auditor can cultivate appropriate professional scepticism. For example: Auditors must consider the integrity of the principal owners and management during engagement acceptance (ISQMs). The auditor must consider the reasonableness of significant assumptions used by management for accounting estimates giving rise to significant risks (ISA 540). ISA 240 (relating to fraud) notes that the auditor must maintain an ongoing questioning mind and be alert to the possibility of fraud. When considering going concern (ISA 570) the auditor must consider the reasonableness of assumptions and whether management’s plans are feasible in the circumstances. Another area where professional scepticism is particularly important is in relation to auditing significant unusual or highly complex transactions (ISA 330). The auditor is required to document how they have applied professional scepticism (ISA 230). Professional scepticism is relevant and necessary throughout the audit, even though reference to it is not repeated within each ISA, including: Engagement acceptance – integrity of owners and management. Identifying and assessing risks of material misstatements. Designing nature, timing and extent of further audit procedures that are responsive to assessed risks of material misstatement, and evaluating audit evidence. Forming the audit opinion. Due to the characteristics of fraud, including the fact that fraud may include sophisticated and carefully organised schemes designed to conceal it or may involve collusion, the auditor’s professional scepticism is particularly important when considering the risks of material misstatement due to fraud. ISA 240 places special emphasis on professional scepticism. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Question Answer 6. In addition to fraud, are there other aspects of an audit where professional scepticism may be particularly important? Professional scepticism is important and necessary throughout the entire audit process. The auditor’s professional scepticism becomes particularly important when addressing areas of the audit that are more complex, significant or highly judgmental such as: 8. Do regulators and oversight bodies of audit firms and those charged with governance have a role to play in supporting sceptical behaviour among auditors? Accounting estimates e.g. fair value; Going concern – e.g. management’s plans for future actions; Related party relationships and transactions – e.g. business rationale; Consideration of laws and regulations; When auditing transactions. significant unusual or highly complex Professional scepticism is often demonstrated in the various discussions held by the auditor during the course of an audit. For example, the auditor’s communication with those charged with governance includes, where applicable, why the auditor considers a significant accounting practice that is acceptable under the applicable financial reporting framework not to be most appropriate to the particular circumstances of the entity. Documentation remains critical. The ISAs require auditors to document discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place. Such documentation helps the auditor demonstrate how significant judgments and key audit issues were addressed and how the auditor has evaluated whether sufficient and appropriate audit evidence has been obtained. Examples of circumstances where it is particularly important to prepare documentation: Significant decisions from engagement team discussions regarding fraud; Identified or suspected non-compliance with laws and regulations; Basis of auditor’s conclusions about estimates; Identifying information that is inconsistent with the auditor’s final conclusions on a significant matter; Reasonableness of areas of subjective judgments. The ISAs do not set forth requirements for regulators and oversight bodies of the audit firms, or for those charged with governance. However because of the critical role that those stakeholders serve in achieving audit quality, they are in a position to further challenge auditors. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 165 AT A GLANCE 7. How can the application of professional scepticism be evidenced? SPOTLIGHT CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS 2. THE AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS (ISA 240) Definition: Fraud: An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. 2.1 Characteristics of Fraud (Ref: 2-3, A1-A5) Misstatements in financial statements can arise from either fraud or error. Distinguishing factor between fraud and error is whether the action that results in the misstatement is intentional or unintentional. Fraud Risk Factors Incentive or pressure May exist when management is under pressure, from sources outside or inside entity, to achieve an expected (and perhaps unrealistic) earnings target or financial outcome. AT A GLANCE Perceived opportunity May exist when an individual believes internal control can be overridden due to his position or he has knowledge of deficiencies in internal control. Attitudes / Rationalization Some individuals possess an attitude, character or set of ethical values that allow them knowingly and intentionally to commit a dishonest act. Auditor may suspect or identify occurrence of fraud, but he does not make legal determinations of whether fraud has actually occurred. Fraud is a broad legal concept but auditor is concerned with fraud that causes a material misstatement in financial statements. There are two types of Frauds relevant to financial statements: SPOTLIGHT 1) Fraudulent financial reporting Manipulation, falsification (including forgery), or alteration of accounting records or supporting documentation. Misrepresentation or intentional omission from financial statements of events, transactions or other significant information. Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation or disclosure. Also involves management override of controls using techniques as: 166 Recording fictitious entries, particularly close to period end, to manipulate operating results or achieve other objectives. Inappropriately adjusting assumptions and changing judgments. Omitting, advancing or delaying recognition of events and transactions in financial statements. Concealing or not disclosing facts that could affect financial statements. Engaging in complex transactions structured to misrepresent the financial position or financial performance of entity. Altering records & terms of significant and unusual transactions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS 2) CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Misappropriation of assets Involves theft of entity's assets and is often perpetrated by employees & management. It can be accomplished in a variety of ways including: Embezzling receipts. Stealing physical assets or intellectual property. Causing an entity to pay for goods and services not received. Using an entity's assets for personal use. Misappropriation is often accompanied by false or misleading records or documents in order to conceal fraud. 2.2 Responsibility for the Prevention and Detection of Fraud (Ref: 4-9, A6-A7) Primary responsibility for prevention and detection of fraud rests with both those charged with governance and management. An auditor is responsible for obtaining reasonable assurance that financial statements as a whole are free from material misstatement, whether caused by fraud or error. Due to inherent limitations, there is an unavoidable risk that some material misstatements may not be detected; even the audit is properly planned & performed in accordance with ISAs. Risk of not detecting a material misstatement resulting from fraud is higher than risk of not detecting one resulting from error. Risk of not detecting a material misstatement resulting from management fraud is greater than for employee fraud. AT A GLANCE Responsibilities of the Auditor Exchange of ideas among team members about how and where the entity's financial statements may be susceptible to material misstatement due to fraud, how management could commit and conceal fraud Circumstances that might be indicative of earnings management and practices to manage earnings leading to fraud. Consideration of known external and internal fraud risk factors. Management's involvement in overseeing employees with access to cash or other assets susceptible to misappropriation. Consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees. An emphasis on maintaining a proper state of mind throughout audit regarding potential for material misstatement due to fraud. How an element of unpredictability will be incorporated into nature, timing and extent of audit procedures? Consideration of audit procedures that might be selected to respond to the susceptibility of fraud. Consideration of any allegations of fraud that have come to the auditor's attention. A consideration of the risk of management override of controls. 2.4 Identification and Assessment of Risks of Material Misstatement Due to Fraud (Ref: 26-28, A29-A33) Risks of Fraud in Revenue Recognition Auditor shall evaluate which types of revenue, transactions or assertions give rise to such risks. (Assuming such risk exists). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 167 SPOTLIGHT 2.3 Discussion among the Engagement Team (Ref: 16, A11-A12) CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Material misstatement for revenue recognition often results from: Overstatement of revenues Understatement of revenues Understanding Entity's Related Controls Auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and accordingly shall obtain an understanding of entity's related controls, including control activities relevant to such risks. 2.5 Risk Assessment Procedures and Related Activities (Ref: 17-25, A13-A28) Inquiries: To determine whether they have knowledge of any actual, suspected or alleged fraud affecting the entity, Auditor shall make inquiries of: AT A GLANCE Management Those charged with governance Internal Audit Function Others ¯ Operating personnel not directly involved in financial statements process. ¯ Employees with different levels of authority. ¯ Employees involved in initiating, processing or recording complex or unusual transactions and their supervisors. ¯ In-house legal counsel. ¯ Chief ethics officer or equivalent person. ¯ Person or persons charged with dealing allegations of fraud. Specific Inquiries of management: SPOTLIGHT Management's assessment of risk that financial statements may be materially misstated due to fraud; Management's process for identifying and responding to risks of fraud including fraud identified by management or brought to its attention or areas for which such risk is likely to exist; Management's communication to those charged with governance regarding its processes; Management's communication to employees regarding its views on business practices and ethical behavior. Specific Inquiries of those charged with governance Unless all of those charged with governance are involved in managing entity, auditor shall obtain an understanding of: How those charged with governance exercise oversight of management's processes for identifying and responding to the risks of fraud. Internal control management has established to mitigate risks. Unusual or Unexpected Relationships Identified Auditor shall evaluate whether such relationships identified in performing analytical procedures, including those related to revenue accounts, may indicate risks of material misstatement due to fraud. Other Information Auditor shall consider whether other information obtained by auditor indicates risks of material misstatement due to fraud. 168 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Evaluation of Fraud Risk Factors Auditor shall evaluate whether information obtained from other risk assessment procedures and related activities indicates that one or more fraud risk factors are present. The fact that fraud is usually concealed can make it very difficult to detect. However, auditor may identify events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity to commit fraud. 2.6 Responses to Assessed Risks of Material Misstatement (Ref: 29-31, A34-A41) Assign and supervise personnel taking account of knowledge, skill and ability of individuals and auditor's assessment of the risks. Evaluate whether selection and application of accounting policies by entity may be indicative of fraudulent financial reporting. Incorporate an element of unpredictability in selection of the nature, timing and extent of audit procedures. ¯ Performing substantive procedures on selected account balances and assertions (neither material nor risky). ¯ Adjusting timing of audit procedures from that otherwise expected. ¯ Using different sampling methods. ¯ Performing audit procedures at unexpected or different locations. At the Assertion Level AT A GLANCE At Financial Statement Level Nature: To obtain more relevant and reliable audit evidence or to obtain additional corroborative information. Timing: Auditor may conclude that performing testing at or near period end better addresses risk of material misstatement. Extent of procedures applied reflects the assessment of risks of material misstatement due to fraud. 2.7 Audit Procedures for Risks Related to Override of Controls (Ref: 32-34, A42-A49) Auditor shall design and perform audit procedures to: a) Test appropriateness of journal entries recorded in general ledger and other adjustments made in preparation of financial statements: Make inquiries of individuals involved in financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments; Select journal entries and other adjustments made at period end; Consider need to test journal entries and other adjustments. In designing and performing audit procedures for such tests, we would: make inquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the processing of journal entries and other adjustments; select journal entries and other adjustments made at the end of reporting period; and Consider the need to test journal entries and other adjustments throughout the period. For above factors, the following matters are of relevance: Assessment of the risks of material misstatement due to fraud THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 169 SPOTLIGHT Procedures may include changing the nature, timing and extent of audit procedures in the following ways: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS AT A GLANCE Controls implemented over journal entries and other adjustments Financial reporting process and nature of evidence that can be obtained Characteristics of fraudulent journal entries or other adjustments ¯ Made to unrelated, unusual, or seldom-used accounts ¯ Made by individuals who typically do not make journal entries, ¯ Recorded at period end or as post-closing entries that have little or no explanation or description, ¯ That do not have account numbers, or ¯ Containing round numbers or consistent ending numbers. Nature and complexity of the accounts ¯ Contain transactions that are complex or unusual in nature, ¯ Contain significant estimates and period end adjustments, ¯ Have been prone to misstatements in the past, ¯ Not been reconciled timely or contain unreconciled differences, ¯ Contain inter-company transactions, ¯ Are associated with an identified risk of material misstatement. Journal entries or other adjustments processed outside the normal course of business Practice Question 01: Our firm is the auditor of Daud Limited (DL), a listed company, since last four years. DL is a low risk client with a very cooperative management. At year-end you have noticed significant increase in the number of journal entries. The management has given various reasons for the same which appear to be reasonable. Required: i. ii. Identify the characteristics of entries which involve fraudulent adjustments. Discuss how would you deal with the above situation. SPOTLIGHT Tutorial Notes: i. While answering this part, students are suggested to pay attention to the requirement of specifying the characteristics of journal entries that may be indicative of fraudulent adjustments. This part is not asking for verification of journal entries. ii. Student should explain the fact that irrespective of the auditor's assessment regarding management’s over-ride of controls, the auditor should test the appropriateness of journal entries recorded in the general ledger. i. Characteristics of fraudulent journal entries: i. entries involving unrelated, unusual or seldom used accounts; ii. entries made by individual who typically does not prepare journal entries; iii. entries recorded at the end of the period; iv. closing entries that have little or no explanation or description; v. entries made either before or during the financial statements that do not have account numbers; vi. entries containing round numbers or consistent by ending numbers; vii. entries involving complex transactions; viii. entries containing significant estimates and period-end adjustments; Solution: 170 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY ix. entries affecting accounts which: a. b. have been prone to misstatement in the past; have not been reconciled on a timely basis or contain reconciled differences; x. entries involving inter-company transactions; xi. entries made during unusual timing or on weekends; xii. entries involving large number of small account balances. Although DL is a low risk client, however as per the requirement of ISA, irrespective of the auditor’s assessment of the risks of management override of controls, the auditor shall design and perform audit procedures to test appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements. Evaluate whether judgments and decisions made by management in making accounting estimates indicate a possible bias. Perform retrospective review of management judgments and assumptions related to significant accounting estimates reflected in financial statements of prior year. iii. For significant transactions outside normal course of business or that are unusual Auditor shall evaluate whether the business rationale of transactions suggests possibility of fraud. Following are indicators of such fraud: ¯ Form of such transactions appears overly complete. ¯ Management has not discussed nature of and accounting for such transactions with those charged with governance. ¯ There is inadequate documentation. ¯ Management is placing more emphasis on a particular accounting treatment. ¯ Transactions involving related parties, including special purpose entities, not been properly approved by those charged with governance. ¯ Transactions involve previously unidentified related parties. Practice Question 02: Beta Construction Company Limited (BCCL) is involved in the construction of large buildings and shopping plazas. The company commenced its business in 2004 by establishing an office in Karachi and has grown rapidly. It currently has offices in five major cities of the country and as many as 25 projects are in various stages of execution. A substantial portion of the work is done through sub-contractors. Payment to subcontractors is based on certificate of work completion which is issued by the supervisor in charge of each project. The certificate is sent through email to the finance department. The payment is credited directly into the bank accounts of the sub-contractors. Recently, the management has discovered that the project supervisor of a large project had issued a fraudulent work completion certificate. The preliminary investigation indicated that some other sub-contractors have also been paid fraudulently in the past and the practice was ongoing for the past two years. The management of BCCL has asked your audit firm to conduct an investigation into the matter. Your initial discussion with the client has revealed the following: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 171 SPOTLIGHT AT A GLANCE ii. Review accounting estimates for biases: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY i. ii. CFAP 6: AARS For the past four years the external auditors of the company are Alpha & Co., Chartered Accountants. They had issued unqualified audit reports for all those years and had not reported any internal control weakness in their management letters. Prior to approaching your firm, BCCL wanted to give this assignment to Alpha & Co. However, they expressed their inability to undertake the investigation work. Required: a) State the basic objectives of the above investigation. b) Recommend the controls which the management should put in place, to avoid such frauds in future. Solution: AT A GLANCE a) Basic Objectives of the above investigation i. To ascertain a deliberate fraud has actually taken place. ii. To discover the perpetrator(s) of the fraud, and ultimately to assist in their prosecution. iii. To quantify the financial loss suffered by the company as a result of fraud. b) Control measure for dealing with sub-contractors i. An authentic list of approved sub-contractors should be maintained. ii. All sub-contracting work should be awarded only to the approved sub-contractor. iii. There should be a proper procedure for inclusion / deletion from the list of approved sub- contractors. iv. A company senior official visit to the sites and monitoring the performance of the sub-contractors on a regular interval. v. Compliance of above procedures should be monitored regularly. Control procedure for payments to sub-contractors i. SPOTLIGHT Work completion certificates should be issued on specific pre-printed forms (SPP) which should be controlled sequentially. ii. Books of SPPs should be supplied only to authorized supervisors with instructions for their safekeeping. iii. The stock of unused SPPs should be kept in the custody of an authorized senior management official. iv. Original SPPs should be sent directly to Finance Department. Copies may however be sent earlier (by fax or e-mail) to save processing time. The actual SPPs must be sent by courier immediately after sending fax/scanned copy. v. All alterations on SPPs should be authenticated by the concerned supervisor. vi. Strict budgetary control should be exercised in respect of each project. Variances between the actual and budgeted expenditure should be analyzed and explained. Monthly cash outflow forecast of each project should be prepared and monitored. 2.8 Auditor Unable to Continue the Engagement due to fraud (Ref: 39, A55-A58) In such exceptional circumstances, auditor shall: 172 Determine professional and legal responsibilities applicable. Consider whether it is appropriate to withdraw from engagement. If the auditor withdraws, discuss with appropriate level of management and those charged with governance. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Examples of such exceptional circumstances: Entity does not take appropriate action regarding fraud that auditor considers necessary, even where the fraud is not material; Auditor's consideration of risks of material misstatement and results of audit tests indicate a significant risk of pervasive fraud; Significant concern about competence or integrity of management or those charged with governance. 2.9 Written Representations (Ref: 40, A59-A60) It is important for auditor to obtain a written representation from management and those charged with governance confirming that they have disclosed: Results of management's assessment of the risk that financial statements may be materially misstated as a result of fraud. Knowledge of actual, suspected or alleged fraud affecting entity. Identification of information indicating fraud shall be communicated to appropriate level of management. If auditor has identified or suspects fraud involving management, employees having significant roles in internal control or others: ¯ Auditor shall communicate to those charged with governance on a timely basis. ¯ Discuss with those charged with governance the nature, timing and extent of audit procedures necessary to complete audit. AT A GLANCE 2.10 Communications to Management and with those charged with governance (Ref: 41-43, A61-A66) Concerns about nature, extent and frequency of management's assessments of controls in place to prevent and detect fraud. Management failure to address identified significant deficiencies in internal control or to appropriately respond to identified fraud. Auditor's evaluation of control environment, including questions regarding the competence and integrity of management. Management Actions indicative of fraudulent financial reporting. Concerns about adequacy and completeness of authorization of transactions appear to be outside normal course of business. 2.11 Communications to Regulatory and Enforcement Authorities (Ref: 44, A67-A69) If auditor has identified or suspects a fraud, auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity. Law may require reporting the occurrence of fraud to supervisory authorities Auditor may consider it appropriate to obtain legal advice 2.12 Documentation (Ref: 45) Significant decisions reached during discussion among engagement team Identified and assessed risks of material misstatement due to fraud at the financial statements level and at the assertion level. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 173 SPOTLIGHT Other Matters Related to Fraud to be discussed with those charged with governance CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Appendix 1 - Examples of Fraud Risk Factors (Selected) Fraudulent Financial Reporting Incentives/Pressures: Financial stability or profitability is threatened Pressure for management to meet the exception of third parties Personal financial situation of management threatened by entities’ financial performance Excessive pressure on management or operating personnel to meet financial targets Opportunities: Significant related party transaction Assets/liabilities, Revenue, Expenditures based on significant estimates Domination of management by single person or group Complex or unstable organizational structure AT A GLANCE Internal control components are deficient Attitudes: Ineffective communication or enforcement of entities values or ethical standards by management Known history of violation of security laws or other laws A practice by management of committing to aggressive or unrealistic forces Low morale among senior management Misappropriation of Assets: Incentives/Pressures: Personal financial obligations SPOTLIGHT Adverse relationship between the entity and employees with access to cash or other assets susceptible to theft Opportunities: Large amount of cash on hand Inventory items that are small in size, of high in value or in high demand Easily convertible assets e.g. diamonds, bearer bonds and gold Inadequate internal controls over assets Attitudes/Rationalizations: Overriding existing controls Failing to correct known internal control deficiencies Behavior indicating displeasure or dissatisfaction with the entity Changes in behavior or lifestyle Appendix 3 - Examples of Circumstances that Indicate the Possibility of Fraud The following are examples of circumstances that may indicate the possibility that the financial statements may contain a material misstatement resulting from fraud. Discrepancies in the accounting records, including: 174 Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification, or entity policy. Unsupported or unauthorized balances or transactions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Last- minute adjustments that significantly affect financial results. Evidence of employees’ access to systems and records inconsistent with that necessary to perform their authorized duties. Tips or complaints to the auditor about alleged fraud. Missing documents. Documents that appear to have been altered. Unavailability of other than photocopied or electronically transmitted documents when documents in original form are expected to exist. Significant unexplained items on reconciliations. Unusual balance sheet changes, or changes in trends or important financial statement ratios or relationships - for example, receivables growing faster than revenues. Inconsistent, vague, or implausible responses from management or employees arising from inquiries or analytical procedures. Unusual discrepancies between the entity's records and confirmation replies. Large numbers of credit entries and adjustments made to accounts receivable records. Unexplained or inadequately explained differences between the accounts receivable sub ledger and the control account, or between the customer statements and the accounts receivable sub ledger. Missing or non- existent cancelled checks in circumstances where cancelled checks are ordinarily returned to the entity with the bank statement. Missing inventory or physical assets of significant magnitude. Unavailable or missing electronic evidence, inconsistent with the entity’s record retention practices or policies. Fewer responses to confirmations than anticipated or a greater number of responses than anticipated. Inability to produce evidence of key systems development and program change testing and implementation activities for current year system changes and deployments. Problematic or unusual relationships between the auditor and management, including: o Denial of access to records, facilities, certain employees, customers, vendors, or others from whom audit evidence might be sought. o Undue time pressures imposed by management to resolve complex or contentious issues. o Complaints by management about the conduct of the audit or management intimidation of engagement team members, particularly in connection with the auditor’s critical assessment of audit evidence or in the resolution of potential disagreements with management. o Unusual delays by the entity in providing requested information. o Unwillingness to facilitate auditor access to key electronic files for testing through the use of computer assisted audit techniques o Denial of access to key IT operations staff and facilities, including security, operations, and systems development personnel. o An unwillingness to add or revise disclosures in the financial statements to make them more complete and understandable. o An unwillingness to address identified deficiencies in internal control on a timely basis. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 175 SPOTLIGHT AT A GLANCE Conflicting or missing evidence, including: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Other Unwillingness by management to permit the auditor to meet privately with those charged with governance. Accounting policies that appear to be at variance with industry norms. Frequent changes in accounting estimates that do not appear to result from changed circumstances. Tolerance of violations of the entity’s code of conduct. AT A GLANCE SPOTLIGHT 176 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY 3. THE AUDITOR’S LIABILITY 3.1 Introduction Legal claims made against auditors fall within one of two legal strands: The auditor may be prosecuted by the authorities for a criminal act, and be criminally liable if found guilty. (The penalty may be a fine, or possibly imprisonment for a guilty individual.) The auditor may be liable under civil law. A ‘civil’ legal action may be brought against an auditor by another person who has suffered loss or damage because of the auditor’s actions. The person bringing the legal action usually seeks a money payment (‘damages’) from the auditor, to recover their losses they have suffered. The precise details about an auditor’s criminal and civil liabilities vary from one country to another, depending on national legislation. This section addresses the areas of Pakistani law most directly relevant to Pakistani auditors, in particular liability arising through auditor negligence. Criminal law (e.g. fraudulent trading or insider dealing); and Civil law (e.g. contract law and the law of tort) AT A GLANCE Note that the legal system relating to Pakistani auditors is based on the English legal system with its two main strands: and laws being established by: Statute (e.g. Companies Act, 2017) Common law (i.e. precedents set by rulings in previous legal cases). Whilst the common law cases described below are not necessarily Pakistani cases, they still remain the reference point in today’s Pakistani legal system relevant to auditors. 3.2 Criminal liability Where they accept appointment as auditor under a statutory provision without being qualified to act. Where they are involved in fraud, such as falsifying accounting documents or records. Where they are guilty of ‘insider dealing’. The criminal law of many countries makes it an offence for a person with inside knowledge of price-sensitive information to use or pass on that information. Insider dealing is also prohibited under the IFAC and ICAP rules of professional conduct. Auditing practices should take suitable steps to reduce the risk of insider dealing. For example, it is normal practice for audit firms to impose restrictions on the amount of shares that their staff may hold in client companies and to require staff to declare all their shareholdings. Criminal liability may also arise for certain offences relating to: the winding up of a company tax law financial services legislation, in areas such as dealing in investments or giving investment advice money laundering (as discussed in Chapter 2). 3.3 Civil liability A major threat faced by the auditing profession is the possibility of legal claims against auditors as a result of negligent (or ‘careless’) auditing. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 177 SPOTLIGHT Examples of when the auditor may be criminally liable include: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Contract law and the law of tort An auditor may face legal claims for losses suffered as a result of negligent auditing under two separate branches of law: contract law and the law of tort. A summary of the position is as follows: AT A GLANCE SPOTLIGHT Contract law A company has a contract with its external auditor for the provision of audit services. It can therefore sue the auditor for breach of contract if the auditor is negligent in carrying out the terms of the contract. Note that only the company can sue the auditor for a breach of contract. Other persons (third parties) who might want to sue an auditor, such as banks, creditors and shareholders, do not have a contract with the auditor; therefore, they cannot bring a legal action under the law of contract. When a legal action is brought against an auditor by a company for breach of contract (negligence), the action is usually initiated by the board of directors of the company. Standards of skill and care When carrying out their duties for a client, the auditors must exercise reasonable care and skill. IFAC and ICAP’s codes of ethics require that members should carry out their professional work with professional competence and due care and with proper regard for the technical and professional standards expected of them as members. The degree of skill and care expected of an auditor in a particular situation depends on the circumstances. There is no general standard of skill and care; the auditor is expected to react to the situation and the particular circumstances that they are facing. In general, if the auditor has followed auditing standards and can demonstrate this in their working papers, they will not usually be found guilty of negligence. This is why it is so important for the auditor to ensure that they maintain adequate working papers and obtain sufficient, relevant and reliable evidence to support their audit opinion. 178 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Liability in tort Only the client company can sue the auditor in the law of contract, because only the company has a contract with the auditor. Third parties who feel they may have suffered as a result of negligent auditing have to rely on a different branch of law – the law of tort. An important question is: ‘To what extent can others rely on the civil law, and bring an action for negligence against the auditors of a company?’ A tort can be defined as a ‘civil wrong’ other than that arising under contract law, giving rise to a claim for damages. (A civil wrong is wrongdoing that is not a criminal offence, but which allows the injured person to bring an action in civil law against the wrongdoer.) Negligence is just one of many branches of tort. A bank that lends money to a company, and the company subsequently defaults and fails to make payments of interest or repayments of the loan principal A supplier who has given credit to the company, whose debts have to be written off as ‘bad’ Another company who relies on the financial statements when deciding to make a takeover bid for the audited company An investor who relies on the financial statements to buy shares in the company, and the share price falls when the true state of the company later becomes apparent Making a successful claim for auditor negligence (law of tort) If a person is to make a successful claim against the auditor in the tort of negligence, three conditions must be satisfied. AT A GLANCE Examples of other persons who may suffer loss because of an auditor’s negligence and relying on financial statements that do not give a true and fair view are: (1) A duty of care exists (2) That duty is breached (3) Loss or damage results Condition (1) – The auditor must owe a duty of care to the person who has suffered a loss due to the auditor’s negligence. The existence of a duty of care has proved the most troublesome of the three conditions to establish, in cases brought before the courts. This is considered in more detail below. Condition (2) – The duty of care must have been breached. The party bringing the claim against the auditor has to show that the auditor did not exercise a reasonable degree of care in the circumstances, so that the duty of care was breached. A typical method used in court cases to prove that a duty has been breached is to call another firm of auditors as expert witnesses. The expert witnesses are asked to give their view on whether the audit was performed correctly. Condition (3) – A loss or damage must result from breach of the duty of care. Proving that this condition has been met is usually a question of demonstrating that the person making the claim suffered a financial loss as a result of the negligent auditing. For example, if a bank lent money to a company on the basis of audited accounts that were subsequently found to contain material errors or omissions, and the company subsequently defaulted on its loan, the bank can demonstrate a measurable financial loss. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 179 SPOTLIGHT Negligence requires CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Establishing the existence of a duty of care (law of tort) Most of the major court cases on auditor negligence have been concerned with the question of whether the auditor owes a duty of care to the ‘plaintiff’. (The plaintiff is the person making the claim for damages.) The cases summarised below, taken from UK law, show how the view of the courts on this question has developed over time, since the 1950s. As mentioned earlier, these cases also form the common law precedent in Pakistan today. You should concentrate on the principles involved, rather than the details of the cases. Whilst some of the cases do not deal specifically with auditors, the principle established by the court is however applied by the courts to auditors in similar situations. Illustration: Candler v Crane Christmas (1951) In this case, Candler sued the accountants Crane Christmas when they lost money they had invested in a company. Crane Christmas had prepared the accounts, and it was alleged that they had been negligent in doing so. But were the accountants liable to Candler? The court ruling was that although the accounts were negligently prepared, Candler could not recover their losses from the accountants because they did not have a contract with them. AT A GLANCE Therefore, in the 1950s, the legal view was that an auditor did not owe a duty of care to third parties who were not in a contractual relationship with the auditor. Illustration: Hedley Byrne v Heller & Partners (1964) This is a case dealing with banks, but it was seen as relevant to all professionals, including auditors and accountants. The plaintiff, Hedley Byrne, lost money when a bank reference from the defendant (Heller & Partners, a bank) turned out to have been negligently produced. The bank indicated in its reference that a mutual client was a good credit risk when this was not the case. The court ruled that although Hedley Byrne did not have a contract with the bank, Heller & Partners, they could recover their losses due to the negligence and loss involved, because the bank knew the plaintiff by name. However, the bank did not have to pay any damages due to a general disclaimer in its letter (that gave the reference) absolving it from any liability. SPOTLIGHT This legal decision affected auditors, because the court has decided that if a third party (with whom the auditor did not have a contract) could show that it relied on the work of an auditor which later turned out to be wrong, the auditor might be liable for damages for negligence. However, this principle was only extended to plaintiffs that the auditor actually knew by name. Unidentified third parties were not able to claim against the auditor for negligence. Illustration: JEB Fasteners v Marks Bloom (1980) In this case, the plaintiff acquired the share capital of a company. The audited accounts, due to the negligence of the auditors, did not show a true and fair view of the state of affairs of the company. It was accepted that, at the time of the audit, the defendant auditors did know of the plaintiffs, but did not know that they were contemplating a take-over bid. Whilst recognising that the auditors owed a duty of care in this situation, the court decided that the auditors were not liable because the plaintiff had not actually suffered any loss. It was proved that the plaintiffs would have bought the share capital of the company at the agreed price, no matter what the accounts of the company had shown. Illustration: Caparo Industries v Dickman and Touche Ross & Co (1989) This is seen as a leading case in English law in the area of ‘to whom does the auditor owe a duty of care’. Fidelity plc was taken over by Caparo Industries. Fidelity’s accounts had been audited by Touche Ross. Caparo alleged that the accounts overstated the profits of Fidelity plc and that they had relied on the audited accounts of Fidelity when deciding to purchase shares in the company and make a takeover bid. 180 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY The court held that a duty of care was not owed to potential investors in a company, or persons making a takeover bid, because of: a lack of proximity (a lack of ‘closeness of relationship’) between the auditor and a potential investor, and the fact that it would not be just and reasonable to impose a duty on the auditor to such investors. In the above case, the court identified the auditor’s functions as being: to protect the company itself from errors and wrongdoing - not to protect the shareholders of the company from error; and to provide shareholders with information such that they can scrutinise the conduct of a company’s affairs and remove or reward those responsible (the directors). The auditor does not exist to aid investment decisions. Large claims against auditors in high-profile cases (such as Enron) receive a high level of publicity. Many other cases are not widely publicised, often because they are settled ‘out of court’. This involves the parties who are in dispute reaching a negotiated settlement, rather than taking their case to court. The advantages of out-of-court settlements are that: it avoids the cost and time involved in a court case it may avoid adverse publicity for the auditor the final settlement may be lower (because both sides save legal costs, and the plaintiff might agree to a lower settlement to avoid the cost and the risk of losing the case) AT A GLANCE Out-of-court settlements the final responsibility may be left undecided, so the legal position remains unclear it may encourage others to take action against auditors insurance premiums may rise. SPOTLIGHT The disadvantages of out-of-court settlements are that: Example: An audit firm has been the auditor of Entity AZ for a number of years. Its audit team has recently discovered that during that time, the managing director of AZ has been consistently overvaluing inventories. Entity B has recently purchased a major stake in Entity AZ, relying on the audited financial statements to do so. Required What possible defence might the audit firm use if it is sued by Entity B after a successful takeover? Answer The audit firm can claim that it did not owe a duty of care to Entity B. If the audit work has been performed to expected standards, the firm should be able to claim that the audit work was performed with diligence and care, and in accordance with ISAs. The audit work could not reasonably have detected the fraud given its nature and the seniority of the individual committing the fraud. The firm might also be able to claim that Entity B has not suffered any financial loss as a result of its reliance on the audited financial statements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 181 CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Use of disclaimers in audit reports A disclaimer is not a requirement of an audit report, but some audit reports include one. A disclaimer states that: the auditor’s report is intended for use of the company and the company’s shareholders as a body, and no responsibility is accepted by the auditor to anyone except the company or the shareholders as a body for the content of the report. The purpose of a disclaimer is to reduce the risk of legal claims by ‘third parties’ against the auditor for negligence. The main problem with a disclaimer however is that a disclaimer cannot guarantee protection for an auditor against third party claims, because the circumstances of each individual claim may be different. AT A GLANCE SPOTLIGHT 182 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY 4. MANAGING THE AUDITOR’S LIABILITY 4.1 Avoiding liability Clearly, it is preferable to avoid claims arising for negligent auditing. Firms can minimise the risks of being sued by ensuring that their staff perform high-quality audit work. Auditors should therefore: follow appropriate auditing standards use effective quality control procedures train staff to an appropriate level of knowledge and skill adopt robust client acceptance procedures issue appropriate disclaimers ensure that the firm is up-to-date with modern auditing methods. If successful legal claims are made (or if out-of-court settlements are reached, where the audit firm agrees to make a payment to settle the dispute) the auditor will have to pay damages. If the damages are so large that they are more than the firm can afford, the law in some countries may also allow claims to be made against the personal assets of partners of the audit firm. The threat of very high claims for damages, beyond the financial means of the audit firm, applies to the major audit firms as well as smaller firms. The professional accountancy bodies take the view that the image of the profession would be seriously damaged if claims awarded against auditors and accountants are not met because of a lack of financial resources. As a result, professional bodies often require members in practice to carry professional indemnity insurance (PII). AT A GLANCE 4.2 Meeting claims: professional indemnity insurance PII is an insurance policy that provides cover against all civil liabilities that are incurred as a result of the conduct of the firm’s business. Money is paid out by the insurance firm on these policies if the firm itself is unable to pay. It may increase the frequency and size of claims made against firms, which are seen to have large amounts of funds at their disposal to meet claims. It may encourage more careless auditing. It imposes a high cost on audit firms. These costs of insurance are likely to increase as the general level of legal claims rises. 4.3 Fidelity Guarantee Insurance Fidelity Guarantee Insurance is another tool that can be used to limit an auditor’s professional liability. Fidelity Guarantee Insurance provides protection for an employer (in this case the audit firm) against direct financial losses suffered due to an employee’s dishonesty, theft and/or fraud in the course of their employment. 4.4 Limiting liability Because of the high costs of legal claims and professional indemnity insurance, a number of suggestions have been made for finding other ways of limiting claims against auditors. One suggestion is that there should be a statutory limit on claims, either a maximum percentage of the audit fee or a maximum fixed amount. Another suggestion is that auditors should be permitted to agree a ‘cap’ (limit) on their liability with their clients, so that a company cannot make a claim against its auditors for more than the agreed amount (cap). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 183 SPOTLIGHT However, the requirement for compulsory PII has the following disadvantages: CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS For example, a company and its auditors in the UK can now agree to a specified monetary sum as a cap on the auditors’ liability. The use of ‘limited liability partnerships’ whereby an audit firm that is structured as a limited liability partnership cannot lose more than its total fixed capital. This is similar to limited liability for companies. The use of the equivalent of PII for directors of client companies. This may expose the directors of companies to legal actions by other parties, rather than the audit firm, because the plaintiffs will know that the directors can afford to pay any successful claims for negligence. Including disclaimers of liability to parties other than the company and its shareholders in the auditors’ report. AT A GLANCE SPOTLIGHT 184 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY 5. COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (ISA 260 REVISED) Definition: Those Charged with Governance The person(s) or organization(s) (e.g., a corporate trustee) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of entity. This includes overseeing the financial reporting process. For some entities in some jurisdictions, those charged with governance may include management personnel, for example, executive members of a governance board of a private or public sector entity, or an owner-manager. Definition: Management The person(s) with executive responsibility for the conduct of the entity’s operations. For some entities in some jurisdictions, management includes some or all of those charged with governance, for example, executive members of a governance board, or an owner-manager. Governance structures may vary by jurisdiction and by entity, and the size and ownership characteristics. Some examples of such governance structures are: A supervisory board exists that is separate from an executive board. (two-tier) Both supervisory and executive functions are the legal responsibility of a single board. Those charged with governance hold positions that are integral part of entity’s legal structure (e.g. directors). In some government entities, a body that is not part of entity is charged with governance. Some or all of those charged with governance are involved in managing the entity. Those charged with governance and management comprise different persons. Those charged with governance are responsible for approving the entity’s financial statements (in other cases management do so). Governance is collective responsibility of governing body; Subgroup e.g. audit committee or even an individual may be charged with specific task to assist governing body. Such diversity means that it is not possible for this ISA to specify the person(s) with whom the auditor should communicate particular matters. In such cases, auditor may need to discuss and agree with engaging party the relevant person(s) with whom to communicate. In deciding so, understanding of entity’s governance structure is relevant. The appropriate person(s) with whom to communicate may vary depending on matter to be communicated. Communication with a Subgroup of those charged with governance If auditor communicates with a subgroup of those charged with governance (e.g. audit committee), the auditor shall determine whether the auditor also needs to communicate with the governing body. When considering communicating with subgroup of those charged with governance, auditor may take into account such matters as: The respective responsibilities of the subgroup and the governing body. The nature of the matter to be communicated. Relevant legal or regulatory requirements. Whether the subgroup has authority to take action in relation to the information communicated, and can provide further required information and explanations. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 185 SPOTLIGHT The auditor shall determine the appropriate person(s) within entity’s governance structure with whom to communicate. AT A GLANCE 5.1 Those Charged with Governance – those charged with governance (Ref: 11-13, A1-A8) CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Good governance principles suggest that: The auditor will be invited to regularly attend meetings of the audit committee. The chair of audit committee and, when relevant, other members of the audit committee, will liaise with the auditor periodically. The audit committee will meet the auditor without management present at least annually. When All of those charged with governance Are Involved in Managing the Entity If matters are communicated with persons with management responsibilities, and those persons also have governance responsibilities, matters need not be communicated again. Auditor shall however be satisfied that communication with persons with management responsibilities adequately informs all of those with whom auditor would otherwise communicate in their governance capacity. (E.g. in a company where all directors are involved in managing entity, one responsible for marketing may be unaware of discussion with one responsible for preparation of financial statements). 5.2 Matters to Be Communicated (Ref: 14-17, A9-A32) AT A GLANCE Auditor’s Responsibilities in Relation to Financial Statement Audit (Ref: 14, A9-A10) Auditor shall communicate responsibilities of auditor for financial statements audit, including that: Auditor is responsible for forming and expressing an opinion on the financial statements that have been prepared by management with the oversight of those charged with governance; and Audit of the financial statements does not relieve management or those charged with governance of their responsibilities. Auditor’s responsibilities are often included in the engagement letter etc. Law, regulation or governance structure of entity may require those charged with governance to agree those terms with auditor. When this is not the case, providing those charged with governance with a copy of that engagement letter etc. may be an appropriate way to communicate with them regarding such matters as: SPOTLIGHT Auditor’s responsibility for performing audit in accordance with ISAs The fact that ISAs do not require auditor to design procedures for purpose of identifying supplementary matters to communicate with those charged with governance. Auditor’s responsibilities to determine and communicate key audit matters in report. Auditor’s responsibility for communicating particular matters required by law or regulation, by agreement with entity or by additional requirements applicable. Planned Scope and Timing of the Audit (Ref: 15, A11-A16) Auditor shall communicate overview of planned scope and timing of audit, which includes communicating about significant risks identified by the auditor. Such communication may: Assist those charged with governance to understand better the consequences of auditor’s work, to discuss issues of risk and the concept of materiality with auditor, and to identify any areas in which they may request the auditor to undertake additional procedures; and Assist the auditor to understand better the entity and its environment. Matters communicated may include: 186 How auditor plans to address the significant risks of material misstatement. How auditor plans to address areas of higher assessed risks of material misstatement. The auditor’s approach to internal control relevant to the audit. The application of concept of materiality in the context of an audit. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN The nature and extent of specialized skill or knowledge needed to perform planned audit procedures or evaluate audit results, including use of an auditor’s expert. For ISA 701, auditor’s preliminary views about matters that may be key audit matters. Planned approach to addressing implications on individual statements and the disclosures of any significant changes within applicable financial reporting framework or in entity’s environment or financial condition. Other planning matters that it may be appropriate to discuss with those charged with governance include: How external auditor and internal auditors can work together in a constructive and complementary manner (where applicable) The views of those charged with governance about: o Appropriate person(s) in entity’s governance structure with whom to communicate. o The allocation of responsibilities between those charged with governance and management. o Entity’s objectives and strategies, and related business risks that may result in material misstatements. o Matters those charged with governance consider warrant particular attention during audit o Significant communications between the entity and regulators. o Other matters those charged with governance consider may influence the audit of the financial statements. The attitudes, awareness, and actions of those charged with governance concerning o Entity’s internal control and its importance in the entity, including how those charged with governance oversee the effectiveness of internal control, and o Detection or possibility of fraud. The actions of those charged with governance in response to developments in accounting standards, corporate governance practices, exchange listing rules, and related matters, and effect of such developments on the overall presentation, structure and content of the financial statements, including: o Relevance, reliability, comparability and understandability of information in financial statements; and o Considering whether financial statements are undermined by inclusion of information that is not relevant or that obscures a proper understanding of the matters disclosed. The responses of those charged with governance to previous communications with the auditor. The documents comprising other information (ISA 720) and the planned manner and timing of the issuance of such documents. Significant Findings from the Audit (Ref: 16, A17-A28) Auditor shall communicate with those charged with governance including requesting further information from them: a) Auditor’s views about significant qualitative aspects of entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures. Auditor’s views on subjective aspects of financial statements may be particularly relevant to those charged with governance in discharging their responsibilities for oversight of the financial reporting process. Open and constructive communication about significant qualitative aspects of entity’s accounting practices also may include comment on acceptability of significant accounting practices and quality of disclosures. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 187 AT A GLANCE CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY SPOTLIGHT CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS b) Significant difficulties, if any, encountered during the audit; Significant delays by management, unavailability of personnel, or unwillingness by management to provide necessary information. An unreasonably brief time to complete the audit. Extensive unexpected effort required to obtain audit evidence. Unavailability of expected information. Restrictions imposed on the auditor by management. Management’s unwillingness to make or extend its assessment of going concern. c) Unless all of those charged with governance are involved in managing the entity: AT A GLANCE Significant matters arising during audit that were discussed, or subject to the correspondence, with management; Significant events or transactions that occurred during the year. Business conditions affecting entity, business plans and strategies affecting risk. Correspondence in connection with initial or recurring appointment of auditor regarding accounting practices, application of auditing standards, or fees etc. Significant matters on which there are disagreement with management. Written representations the auditor is requesting; d) Circumstances that affect the form and content of the auditor’s report, if any; To inform those charged with governance about circumstances in which auditor’s report may differ from its expected form and content or may include additional information about audit. Circumstances where auditor is required to or may include additional information: SPOTLIGHT o Auditor expects to modify opinion (ISA 705) o Material uncertainty related to going concern is reported (ISA 570) o Key audit matters are communicated (ISA 701) o Auditor considers it necessary to include an Emphasis of Matter paragraph or Other Matters paragraph (ISA 706) o There is an uncorrected material misstatement of other information; Auditor may consider it useful to provide those charged with governance with a draft of auditor’s report to facilitate a discussion of how such matters will be addressed in auditor’s report. (ISA 720) o Auditor intends, in rare circumstances, not to include the name of engagement partner in report due to severity of personal security threat (ISA 700) o Auditor elects not to include description of auditor’s responsibilities in body of the auditor’s report (ISA 700) e) Any other significant matters arising during audit that, in auditor’s professional judgment, are relevant to the oversight of the financial reporting process. 188 Unexpected events, changes in conditions, or audit evidence obtained, requiring the auditor to modify the overall audit strategy and audit plan. Material misstatements of the other information that have been corrected. Other matters discussed and considered by, engagement quality control reviewer, if any. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Auditor Independence (Ref: 17, A29-A32) In the case of listed entities, auditor shall communicate with those charged with governance: A statement that engagement team and others in firm, the firm and, when applicable, network firms have complied with relevant ethical requirements regarding independence; All relationships and other matters between firm, network firms, and entity that, in the auditor’s professional judgment, may reasonably be thought to bear on independence; Related safeguards that have been applied to eliminate identified threats to independence or reduce them to an acceptable level. Relevant ethical requirements or law/regulation may also specify communications to those charged with governance in circumstances where breaches of independence requirements have been identified. 5.3 The Communication Process (Ref: 18-22, A37-A53) Matters that may also contribute to effective communication include discussion of the: Purpose of communications. Form in which communications will be made. Persons in engagement team and in those charged with governance who will communicate regarding matters. Auditor’s expectation that those charged with governance will also communicate with auditor for matters relevant to audit (e.g. suspicion of fraud or concerns with integrity or competence of management). The process for taking action and reporting back on matters communicated by the auditor. The process for taking action and reporting back on matters communicated by those charged with governance. Before communicating matters with those charged with governance, auditor may discuss them with management, unless that is inappropriate (e.g. questions of management’s competence or integrity). When entity has an internal audit function, the auditor may discuss matters with the internal auditor before communicating with those charged with governance. Communication with Third Parties Those charged with governance may be required by law or regulation, or may wish, to provide third parties (e.g. banks, regulators etc.), with copies of a written communication from auditor. In some cases, disclosure to third parties may be illegal or otherwise inappropriate. When such written communication prepared for those charged with governance is provided to third parties, it may be important to inform them that the communication was not exactly prepared for them. Auditor may need prior consent of those charged with governance before providing a third party with a copy of the written communications with those charged with governance, unless that was required by law or regulation. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 189 SPOTLIGHT Auditor shall communicate form, timing and expected general content of communications. Clear communication helps establish the basis for effective two-way communication. AT A GLANCE Establishing the Communication Process CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY CFAP 6: AARS Forms of Communication Auditor shall communicate in writing with those charged with governance. Oral communication would not be adequate. Written communications need not include all matters that arose during course of audit. Effective communication may involve structured presentations and written reports as well as less structured communications, including discussions. Auditor may communicate matters other than identified above either orally or in writing. In addition to significance of particular matter, form of communication (orally/writing, extent of detail, structured/unstructured manner etc.) may be affected by such factors as: AT A GLANCE Whether a discussion of the matter will be included in auditor’s report. Whether the matter has been satisfactorily resolved. Whether management has previously communicated the matter. The size, operating structure, control environment, and legal structure of the entity. In audit of special purpose financial statements, whether auditor also audits entity’s general purpose financial statements. Legal requirements. Expectations of those charged with governance. The amount of ongoing contact and dialogue the auditor has with those charged with governance. Whether there have been significant changes in the membership of a governing body. Timing of Communications Auditor shall communicate with those charged with governance on a timely basis: SPOTLIGHT 190 Communications regarding planning matters may often be made at early time in audit and, for an initial engagement, may be made as part of agreeing the terms of the engagement. Significant difficulty arising during audit shall be communicated as soon as practicable. Auditor may communicate orally to those charged with governance as soon as practicable significant deficiencies in internal control that the auditor has identified, prior to communicating these in writing. Auditor may communicate preliminary views about key audit matters when discussing the planned scope and timing of the audit. Communications regarding independence may be appropriate whenever significant judgments are made about threats to independence and related safeguards. Communications regarding findings from audit, including views about qualitative aspects of the entity’s accounting practices, may also be made as part of the concluding discussion. Other factors that may be relevant to the timing of communications include: Size, operating structure, control environment, and legal structure of the entity Any legal obligation to communicate certain matters within a specified timeframe. Expectations of those charged with governance, including arrangements made for periodic meetings etc. The time at which auditor identifies certain matters THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY Adequacy of the Communication Process Auditor shall evaluate whether two-way communication between auditor and those charged with governance has been adequate for audit purposes. Such evaluation may be based on observations such as: o In case of no action, auditor may inquire the reasons o Consider raising the point again to highlight its importance. Apparent openness of those charged with governance in their communications with the auditor. Willingness and capacity of those charged with governance to meet with auditor without management present. Apparent ability of those charged with governance to fully comprehend matters raised by auditor Difficulty in establishing with those charged with governance a mutual understanding of form, timing and expected general content of communications. Whether two-way communication between the auditor and those charged with governance meets applicable legal and regulatory requirements. If two-way communication between auditor and those charged with governance is not adequate and situation cannot be resolved, the auditor may take such actions as: Modifying the auditor’s opinion on the basis of a scope limitation. Obtaining legal advice about the consequences of different courses of action. Communicating with third parties (e.g., a regulator), or a higher authority in governance structure that is outside the entity, such as the owners of a business (e.g., shareholders) Withdrawing from engagement, where it is possible under applicable law or regulation. 5.4 Documentation (Ref: 23, A54) Where matters have been communicated in writing, auditor shall retain a copy of the communication as part of the audit documentation. Where matters required are communicated orally, auditor shall include them in audit documentation, and when and to whom they were communicated. (May also include a copy of minutes prepared by entity retained as part of audit documentation where those minutes are an appropriate record of the communication). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 191 AT A GLANCE Appropriateness and timeliness of actions taken by those charged with governance in response to matters raised: SPOTLIGHT CHAPTER 5: PROFESSIONAL RESPONSIBILITY AND LIABILITY AT A GLANCE SPOTLIGHT 192 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6 THE AUDIT APPROACH AT A GLANCE SPOTLIGHT 1. Audit methodology 2. Risk-based strategies 3. Systems-based strategies 4. Communicating deficiencies in internal control to those charged with governance and management (ISA 265) 5. Balance sheet (substantive) strategies 6. The auditor’s responses to assessed risks (ISA 330) 7. IAS / IFRS Checklist for Auditors an audit-risk approach a business risk (top-down) approach a systems-based approach a transaction-cycle approach a balance sheet approach (substantive testing). The business risk approach involves the auditor looking at the business as a whole and carrying out an evaluation of the risks to which it may be exposed. AT A GLANCE AT A GLANCE Several possible methodologies are available for developing the audit strategy, including: A systems-based approach to an audit focuses on the internal control system of the client company and the adequacy of its internal controls over the major transaction cycles (sales, purchases, payroll and other expenses). A transaction-cycle approach focuses on substantively testing the transactions that occur throughout those same transaction cycles. ISA-265 deals with the auditor’s responsibility to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified in an audit of financial statements. This ISA does not impose additional responsibilities on the auditor regarding obtaining an understanding of internal control and designing and performing tests of controls over and above the requirements of ISA 315 (Revised 2019) and ISA 330. Substantive tests are audit procedures performed to detect material misstatements in the figures reported in the financial statements. They are designed to obtain evidence about the financial statement assertions. ISA-330 deals with the auditor’s responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 193 SPOTLIGHT IN THIS CHAPTER: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 1 AUDIT METHODOLOGY 1.1 A choice of audit methodologies The audit strategy describes the overall approach that the auditor will take to gather sufficient, appropriate evidence in an audit. A detailed audit plan can then be developed in the context of the audit strategy. The strategy may adopt a range of methodologies depending on the particular circumstances of the audit. Several possible methodologies are available for developing the audit strategy, including: an audit-risk approach a business risk (top-down) approach a systems-based approach a transaction-cycle approach a balance sheet approach (substantive testing). AT A GLANCE These methodologies are not necessarily mutually exclusive and they are likely to be used in combination to form the overall audit strategy. For example, although most of the work on a particular audit might be ‘systems-based’ and focused in the highest business risk areas, the auditor will also carry out some substantive testing on all material balances and transactions. The different approaches describe the emphasis of the audit strategy and where the auditor expects to find most of the evidence that they need to reach an audit opinion about the ‘fair presentation’ or ‘true and fair view’ in the financial statements. 1.2 Summary of available audit methodologies The main audit methodologies/strategies are summarised in the following table. They will be described in more detail in the rest of the chapter. SPOTLIGHT Methodology / strategy Outline of approach Risk-based strategies (audit-risk and business risk) An assessment is made of the likelihood of material misstatements in each area of the financial statements. This is based on the auditors’ understanding of the business risks faced by the client. Areas that are assessed as high-risk are audited extensively (using the various methodologies described below). Areas assessed as low-risk are given a low level of attention in the audit, thus saving time. ‘Business risk’ and ‘audit risk’ are linked in that the areas’ most susceptible to material misstatement (and hence audit risk) are likely to arise from areas of greatest business risk. The audit focus is on the application of tests of control to the systems that produce the figures in the financial statements, rather than on the figures themselves. The systems-based approach is driven by the transaction cycles including sales, purchases, payroll and other expenses. A systems-based approach is supported by some degree of substantive testing due to the unavoidable limitations or weaknesses in internal control systems. (The amount of substantive testing required will depend on the auditor’s judgement about the effectiveness of the internal controls). Systems-based approach 194 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS Balance sheet (substantive) approach The systems-based approach is also supported by the use of analytical procedures. It is more cost-effective than a fully substantive testing (balance sheet) approach, but there is still a danger of doing too much unnecessary auditing of areas where controls operate well. The transaction cycle approach is similar in many ways to the systemsbased approach because it is based on the same transaction cycles (sales, purchases, payroll and other expenses). However, the ‘transaction cycle’ approach adopts substantive procedures to test the transactions that occur throughout the cycle, rather than testing the controls over the cycles. Systems-based and transaction cycle approaches are often combined within the overall audit strategy. The balance sheet approach is fundamentally based on the accounting equation. The basic premise is that if current year-end and prior year-end net assets are fairly presented then it is easier to gain audit comfort on the intervening profit and loss and other changes in equity, thus resulting in reduced procedures on the income statement. This approach focuses on applying substantive tests to a large number of transactions and account balances recorded in the accounting system of the client in order to prove year-end balances. If the auditor focuses purely on recorded transactions and balances, then under-statement may not be detected (i.e. the auditor may ignore transactions that have not been recorded). Therefore, directional testing must be employed as part of the substantive procedures based on whether the test addresses over- or under-statement. This approach can be time-consuming and costly for the audit of large companies. This approach is appropriate where systems and controls are weak or not operating effectively, thus rendering substantive tests on transactions and balances necessary to reach an opinion about the financial statements. It is widely used for the audit of smaller entities where controls are less likely to be developed or effective. There is a danger of spending too much time auditing transactions or balances that are not material and/or have a low risk of material misstatement. There is also a risk that misstatements in the financial transactions will not be detected unless all transactions and balances are tested, not just a sample. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 195 AT A GLANCE Transaction cycle approach Outline of approach SPOTLIGHT Methodology / strategy CHAPTER 6: THE AUDIT APPROACH CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 1.3 Factors in the choice of audit strategy The development of an audit strategy will depend on a number of factors, including: the nature and size of the client’s business: a business risk approach is best-suited for large companies, and a balance sheet approach is usually the most suitable for small companies. the control procedures and control environment in place: a systems-based approach is most suitable when there is a strong control environment and internal control system. the audit methods and techniques favoured by the audit firm: for example, larger audit firms may favour a business risk approach. You may be asked to select and justify an audit strategy for a particular client in the examination, in which case, students would be considering factors such as these. AT A GLANCE SPOTLIGHT 196 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 2 RISK-BASED STRATEGIES 2.1 The development of audit strategy and practices Auditing practice has developed significantly over recent years. The main reasons have been: the increasing size and complexity of business units, and the challenges created for the audit process by size and complexity an attempt to improve the efficiency of the audit process. The first major development in the ‘normal’ audit approach was a switch from an emphasis on substantive testing to a systems-based approach, that concentrates much more on internal control systems and the testing of systems and controls, and normally relies much less on substantive testing. Then the concept of the ‘risk-based’ audit developed. In a risk-based audit, the auditor concentrates most of the audit work on areas of high overall audit risk. (As you know, audit risk is a combination of inherent risk, control risk and detection risk.) Business risk is the threat that an event or development may adversely affect the ability of the entity to achieve its objectives. It is the risk of an adverse development that could have a major impact on the company’s business, such as the loss of a major customer, or an increase in the cost of a key commodity. An adverse business event is likely to affect the company’s business significantly, and so should be expected to affect its financial statements. Business risks are risks faced by management of the client entity, which could have an impact on the financial statements (including the going concern assumption). AT A GLANCE More recently, larger audit practices in particular have developed a ‘business risk’ approach to audit work. 2.2 The meaning of the business risk approach The business risk approach involves the auditor looking at the business as a whole and carrying out an evaluation of the risks to which it may be exposed. identify the key business risks evaluate their possible impact on the financial statements plan the approach to the audit around the key business risks that have been identified as having a material impact on the financial statements. This approach cannot work effectively unless the auditor has a good understanding of the client’s business and the environment in which it operates. (Understanding the client’s business and business environment is a requirement for all auditors, in ISA 315(Revised 2019) Identifying and assessing the risks of material misstatement through understanding the entity and its environment.) 2.3 The nature of the business risk approach The business risk approach starts at an earlier stage than the ‘conventional’ audit risk model, which is based on inherent risks and control risks (and detection risks). [The audit risk model is addressed in more detail in the next chapter]. By looking at the nature of the client’s business, the auditor should develop an understanding of the events and circumstances that may affect the entity’s ability to meet its objectives. By understanding business risks, the auditor should also develop a better understanding of the inherent risks and the control risks facing the client. The business risk approach is sometimes referred to as a ‘top down’ approach to an audit. The approach starts ‘at the top’ with the business, which generates the financial transactions. The approach ends ‘at the bottom’ with the financial statements which record the outcome of the business transactions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 197 SPOTLIGHT The auditor identifies the business risks which may have an impact on the financial statements of the client company. The general approach is to: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS The business ‘drives’ the financial statements. This is a ‘high level’ approach to the audit, and has similarities with business management and strategy. Using this approach to an audit successfully depends on having adequate and up-to-date information about the client’s business and business environment. For this reason, the larger auditing practices that use the business risk approach will often organise their audit teams into specialised industry groups, or may have industry experts available or may construct specialised databases for particular industries. When the auditor takes a business risk approach they need to be aware not only of the current position of the client’s business, but also of possible future developments that may affect its goals and objectives. The auditor is interested in business risk not for its own sake, but in the light of its possible impact on the financial statements. 2.4 Internal business risks and external business risks With the business risk approach, the auditor must identify key business risks for the client company. Business risks may arise from the external environment in which a company operates, or from within the company itself. AT A GLANCE External business risks Examples of external business risks might include the following: SPOTLIGHT The possible loss of a major contract as a result of a dispute with the customer. Long-term decline in demand for the company’s products, and failure to invest in research and development of new products. The impact of a new competitor moving into the market. The impact of proposed changes in laws and regulations: for example, where a company needs a license to operate (as in financial services) there may be a risk that the license will be withdrawn or will not be renewed. The effect of recently discovered new technology. The effect of changes in the macro-economy, such as changes in interest rates or exchange rates, or a downturn in the economy (lower economic growth, or possibly an economic recession). The impact of natural hazards (such as storms and flooding that may affect the company’s ability to maintain operational capacity). Threats from competitors to a company’s patents or copyrights. Internal business risks Examples of internal business risks might include the following: Risks arising from ineffective employees or weak management. The risks from a lack of customer care and attention to customer needs: poor customer awareness will eventually have an effect on sales demand. Poor financial management (such as excessive levels of gearing, poor cash management and poor working capital control). Lack of finance for capital expenditure on equipment replacement or modernisation. Risks due to systems weaknesses or system failures: internal control weaknesses. Risks from over-reliance on one or a few key individuals. The risk of fraud or the misappropriation of assets. The internal and external risks listed above are examples of risk, not a comprehensive list of business risks. In an examination question, you may be expected to identify key business risks (both external and internal) from the nature of the business and the facts given to you in the question. See the comprehensive example at the end of this section. 198 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 2.5 Risk evaluation Not all risks are of equal significance. The significance of a risk to the auditors depends on two factors: The ‘impact’ that it will have on the financial statements if an adverse event occurs. It is the ‘size’ of the risk. In an auditing context, this could be broadly interpreted as the ‘materiality’ of the risk. The likelihood or probability that an adverse event will occur so that the risk becomes ‘reality’. Auditors may use a standard model to assist them to rank risks in order of importance. The model below is widely used in management and strategy areas – it is not specifically an auditing model. I M P A C T Category 4 Risk Category 1 Risk (Most Significant) Category 3 Risk LIKELIHOOD Most of the emphasis in an audit will be placed on risks in Category 1, where the impact of an adverse event and the probability that it will happen are both high. The least emphasis will be placed on risks in Category 4, because the impact of an adverse event will be small and the probability of it happening is low. Ranking risks in categories 2 and 3 in order of seriousness/priority will depend on the judgement of the auditor. AT A GLANCE Category 2 Risk 2.6 Advantages and disadvantages of the business risk approach Advantages The approach requires the auditors to acquire an in-depth knowledge of the client’s business. This should make the auditors more knowledgeable, and able to make a better judgement about the client’s financial statements. When the business environment is changing rapidly, a business risk approach keeps the auditor up-todate. Evidence suggests that major audit problems are more likely to result from business-related problems than from internal control weaknesses. A business risk approach may allow the auditor to ‘add value’ by making effective recommendations to improve the performance of the client’s business. Audit costs may be reduced, because there is less audit testing, which saves time, especially the time of junior audit staff. The approach may benefit the auditor’s own business, because its use of a ‘modern’ business risk approach may differentiate the firm’s audit services from those of its competitors. Disadvantages The business risk approach requires audit staff with suitable experience, including partners and managers. The time of these individuals is expensive. This may offset some of the cost savings (mentioned above) from a reduced need for junior audit staff. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 199 SPOTLIGHT The business risk approach has some advantages and also some disadvantages. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS The business risk approach requires a closer involvement by the auditor in the client’s business. This may raise questions about auditor independence. Some auditors feel uneasy about the ‘broad’ view taken by the business risk approach, and consider a systems-based view to be more appropriate for reaching an opinion on the financial statements. The approach may be effective only for the audits of larger companies. 2.7 Comparison of business risk and financial statement risk Business risk is a risk that the business entity will fail to meet its objectives. Financial statement risk is the risk that the financial statements will not give a true and fair view, due to misstatements and omissions. There is normally a close connection between these two categories of risk. AT A GLANCE When there is a significant business risk, failure by management to deal with the risk could affect items in the financial statements. For example, a risk from declining sales demand for a product should raise questions about the obsolescence of product inventories and the realistic useful economic life and net realisable value of the non-current assets that make the product. The going concern assumption may be challenged, if the product has been a major source of income and profit in the past. Weaknesses in internal control are a business risk which could result in misstatements in the financial statements. Example: Business risk and financial statement risk An audit team has just completed the audit of an important client. One of the risks they identified was as follows: The client’s new research laboratory was threatened with closure due to failure by the company to obtain official planning permission for its construction. The laboratory was therefore constructed illegally, and there was the risk that it would have to be demolished. SPOTLIGHT The business risk was the risk that the laboratory would be forced to close, for regulatory reasons. The financial statement risk was that if this were to happen, the value of the laboratory (and possibly all the equipment within it) would be over-stated in the accounts and should be written down substantially in value, possibly to Rs. nil. Both business risk and financial statement risk should be assessed by the auditor, in order to assess the elements of the financial statements where misstatement is most likely to happen. 2.8 Business risk approach - comprehensive example For your examination you need the ability to read a case study or scenario and: identify and explain business risks that are apparent in the information you are given; plus explain how these business risks impact financial statement risk and hence impact the audit. Attempt your own answer for the following example, before reading the answer provided. Example: Business risks Sting, a limited liability company, was incorporated in Ruritania on 1 June Year 1. In July, the company exercised an exclusive right that it had been granted by the government of Sordobia to provide daily flights direct between Zob (the capital city of Sordobia) and Polletta (the main commercial city of Ruritania). The service has been widely advertised in the national newspapers of both countries as ‘prompt, efficient and reliable’. As a result of these flights, it is expected that the travelling time between Zob and Polletta will be reduced by about eight to ten hours. This shortened travelling time should increase the volume of commerce and trade between the two countries. 200 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Sting operates a refurbished 30-year-old aircraft. This is leased from an international airline and registered with the Sordobian Airways Authority (SAA). The SAA has a strict requirement that the engines of all aircraft on its register should be overhauled every two years. The overhaul of an aircraft engine usually puts the aircraft out of operational activity for up to five weeks. The aircraft can carry 20 First Class, 50 Business Class and 80 Economy Class passengers. It also has a large hold for transporting cargo, in addition to passenger luggage. On-board meals for the three-hour journey are prepared in Zob under a contract with an airport catering company. Market research by Sting has shown that passengers are in general dissatisfied with the quality of in-flight food, especially on the Polletta to Zob flight. Flight tickets are sold by Sting (by telephone and at its offices and airport reception desks) and by travel agents in Ruritania and Sordobia. On several occasions there has been over-booking of Economy Class seats. When this happens, customers are upgraded to Business Class. At the moment there is spare capacity in First Class and Business Class on all flights. Ticket prices for each class depend on several factors, such as whether the tickets are refundable (so that customers get their money back if they cancel their trip), exchangeable (so that customers can exchange tickets on one flight for tickets on an earlier or later flight). Ticket prices also vary with the day of the week and time of year. Sting has extensive insurance cover, including employer’s liability insurance (against the risk of accidents to employees) and passenger liability insurance (against the risk of liability to passengers for death, injury, extensive flight delays and other risks) AT A GLANCE Sting employs 12 full-time cabin crew attendants whose training in air-stewardship includes first aid training and medical procedures in the event that passengers are taken ill or injured during a flight. The captain and co-pilots for the aircraft are provided under contract by the international airline that leases the aircraft to Sting. Required Identify and explain the business risks and associated financial statement risks facing Sting. The business objective of Sting is to make profits from the provision of a daily air service between the two cities. An analysis of business risks should identify what risks exist within the business of Sting that might threaten the successful achievement of this objective, and in doing so have an impact on the financial statements of Sting. Key word or phrase in the text of the scenario Exclusive right Associated financial statement risk Business risk indicated Sting has a right to operate the flights, but there are presumably terms and conditions attached to this right that Sting must comply with. The risk is a risk of noncompliance with the terms and conditions, which might put into doubt the company’s continued right to operate the flights. If Sting has breached the terms of the exclusive rights deal: liabilities may be understated relating to undisclosed penalties there may be significant uncertainty as to whether Sting remains a going concern should it lose its license THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 201 SPOTLIGHT Answer CHAPTER 6: THE AUDIT APPROACH Key word or phrase in the text of the scenario CFAP 6: AARS Associated financial statement risk Business risk indicated Exclusive right Sting is currently operating a monopoly, but this may not always be the case and potential future competition could significantly affect the company’s business. Widely advertised as ‘prompt, efficient and reliable’ Sting might not live up to its own advertising and might disappoint customers, affecting its business. If Sting has failed to meet contractual operational targets: The value of landing slots may be overstated and financial projections misstated if future exclusivity is no longer guaranteed. AT A GLANCE Liabilities may be understated relating to unrecorded provisions for fines and customer refunds. Sting might lose its operating license which would raise uncertainty about whether the going concern basis remains appropriate. Profit might be overstated if repairs and maintenance expenses have been capitalised rather than expensed. The age of the aircraft could cause operating problems if it needs frequent repair. The relatively old age might also mean that fuel consumption (and therefore costs) is higher. Leased Sting will have no means of operating its service if it does not keep up the lease payments. If Sting has breached the terms of its operating leases: SPOTLIGHT 30 year-old aircraft Liabilities may be understated relating to unrecorded provisions for penalties and unpaid interest. There may be uncertainty about Sting’s ability to continue as a going concern if the lessor breaks the leases early. Lease expenses may be incorrectly classified in the financial statements. 202 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 6: THE AUDIT APPROACH Key word or phrase in the text of the scenario Overhaul of an engine usually puts the aircraft out of operational activity for up to five weeks. Associated financial statement risk Business risk indicated Sting must have the engine overhauled regularly under the regulations of the SAA, but this will mean a break in its services as there is only one plane. If Sting has failed to regularly overhaul its aircraft: Liabilities may be understated relating to unrecorded regulatory penalties and/or compensation payable in the event of litigation faced due to negligence. Sting may be unable to continue as a going concern if it does not have the financial and operational resources to rectify the situation. Note that a case study might include information about problems that are not sufficient to justify the attention of the auditors. There are arguably three examples here: the quality of in-flight food, over-selling Economy Class tickets and having to upgrade some passengers to Business Class, and the need to obtain insurance. AT A GLANCE CFAP 6: AARS Practice Question 01: You are the engagement partner on the audit of Faraz Industries Limited. The company has recently started using internet to carry out its business activities and the share of business conducted through e-commerce is growing rapidly. a) Identify the matters that you believe would be relevant while updating your knowledge of the company’s business. b) Identify the business risks related to the company’s e-commerce activities. c) Identify the matters that need to be addressed in order to ensure the integrity of the transactions carried out through the company’s website. Tutorial Notes: In part c the focus should be on identifying the matters that need to be addressed for ensuring the integrity of the transaction, rather than on the controls relating to transaction integrity. Solution: a) Matters that are relevant while updating knowledge of business: The following matters should be considered by the auditors while updating the knowledge of company’s business: i. The company’s business activities and industry ii. The company’s e-commerce strategy iii. The extent of the company’s e-commerce activities iv. The company’s outsourcing arrangements THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 203 SPOTLIGHT Required: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS AT A GLANCE b) Business risks that the company may face on account of its e-commerce activities i. Loss of transaction integrity ii. E-commerce security risks, like virus attacks and un-authorized access etc. iii. Improper accounting policies related to capitalization of website expenditures. iv. Misunderstanding of complex contractual arrangements v. Translation of foreign currencies etc. vi. Title transfer risks vii. Allowances for warranties/ returns viii. Revenue recognition issues and cut off issues ix. The treatment of volume discounts and introductory offers x. Non-compliance with taxation and other legal and regulatory requirements, particularly in case of transactions with parties in other countries; xi. Failure to ensure that contracts evidenced only by electronic means are binding; xii. Over reliance on e-commerce when placing significant business systems or other business transactions on the Internet; and xiii. Systems and infrastructure failures or “crashes.” c) Risks to be addressed to ensure integrity of the transactions carried out through the Company’s website. In an e-commerce environment, the main risk that could affect the integrity of the transactions carried out are as follows: i. Incorrect input of data ii. Duplication or omission of transactions iii. Party to a transaction may later deny having agreed to specified terms (nonrepudiation) iv. Transactions made without approval of the parties v. Incomplete processing and recording of data vi. Improper maintenance of files, systems and networks vii. Improper distribution of transaction details across multiple systems in a network (Loss of data and systems) SPOTLIGHT Practice Question 02: Jhelum Machinery (Private) Limited (JMPL) is engaged in the manufacture of customized machinery. Recently a fraud has been discovered which was perpetrated by Salahuddin, the purchase manager. Salahuddin was responsible for approving the suppliers after obtaining and evaluating the competitive quotes and placement of orders. Final approval was made by the managing director. Salahuddin had set up a private limited company Neelum (Private) Limited (NPL) in which his brother and wife are directors. NPL supplies spare parts to JMPL. The fraud was committed with the help of Karamat, a production supervisor and Farhan, the store keeper. The supplies delivered by NPL contained a large proportion of damaged spare parts. However, full payments were made to NPL as Farhan never raised any objections on the quality of goods received. On the other hand, Karamat issued inflated consumption reports to cover significant part of the damaged spare parts. The fraud was discovered when Farhan went on leave due to illness. A review of inventory sheets indicates that large quantities of spare parts are still lying in inventory. Required: Identify the control weaknesses in the above situation which may have enabled the perpetration of fraud. Tutorial Notes: While answering the other things, keep in mind the two very important points regarding controls over stock consumption and stock balances. 204 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Solution: Control weaknesses in the System: There is a lack of segregation of duties as the functions of obtaining and evaluation of bids, approval of supplier and placement of orders are performed by Salahuddin. Controls over authorization and approval of supplier, as purchase manager was able to get the approval of NPL, without any detailed background checking. There appears no system of stock inspection by an independent person when it is received in the store. There appears to be no system of physical verification of stock to identify any damage stock, so that it can be identified on timely basis. It appears that there are no benchmarks/standards or other controls over stock consumption i.e. identification of over consumption/under consumption as no concern is raised when production supervisor charges extra costs as to the consumption reports. It appears that there are no benchmarks/standards regarding the quantities of inventory that are to be maintained. Solution: Controls which may have been lacking in the given situation: Control over authorization and approval of customer, as the sales manager was able to make the sale to fictitious customers which means that no proper investigation or processes were followed during approval of said customers. Lack of segregation of duties as the write off of receivable balance should have been approved by credit control department/section, instead of or in addition to sales director. Controls over write off of debts seem to be lacking. Debts should only be written off when the legal department confirms that they are not recoverable. Moreover, the legal department should also notify as to what action was taken before deciding that the debts are not recoverable and why a suit was not being filed against the customer. This process does not seem to have been followed. Control over accounting of customer’s cheques is lacking as the sales manager manages to credit the fictitious customers’ accounts with other customers’ cheques. Controls over preparation, checking and dispatching of debtor’s statements to customers is lacking as sales manager manages to manipulate the debtor’s accounts for seven months, without any check and balances. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 205 SPOTLIGHT Zubair & Shahid Limited is a distributor of personal care products. Its sales manager had committed a fraud by making sales to fictitious customers. Cheques received from various genuine customers were credited to these fictitious accounts to keep their balances within reasonable limits. The sales manager had the outstanding amounts, appearing against fictitious and genuine customers, written off by convincing the sales director that those customers were unable to pay their remaining balances. A total of 38 invoices amounting to Rs. 7.2 million were issued over a period of seven months. The fraud was detected when the sales manager had left the company’s employment. Required: Identify the usual controls which may have been lacking in the aforementioned situation. Tutorial Notes: This question may not be addressed properly unless student concentrate on the requirement of the question. A common mistake could be that Instead of identifying the missing controls, student may divert their efforts towards giving recommendations and suggestions to improve the situation in future which is quite irrelevant. AT A GLANCE Practice Question 03: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 2.9 Components of Audit Risk (ISA 200) Audit Risk = Risk of Material Misstatement (Inherent Risk x Control Risk) x Detection Risk Definition: Audit Risk: Risk that auditor expresses an inappropriate audit opinion when financial statements are materially misstated Definition: Inherent Risk: Susceptibility of an assertion to a misstatement that could be material before consideration of any related controls Definition: Control Risk: Risk that misstatement that could occur in an assertion and that could be material will not be prevented, or detected and corrected, on a timely basis by entity's internal control Definition: Detection Risk: AT A GLANCE Risk that procedures performed by auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material SPOTLIGHT 206 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 3 SYSTEMS-BASED STRATEGIES 3.1 The nature of a systems-based approach to an audit A systems-based approach to an audit focuses on the internal control system of the client company and the adequacy of its internal controls over the major transaction cycles (sales, purchases, payroll and other expenses). A transaction-cycle approach focuses on substantively testing the transactions that occur throughout those same transaction cycles. As part of their risk assessment exercise, the auditor is required by ISA 315(Revised 2019) to ‘obtain an understanding of the entity and its environment, including its internal controls.’ reliable financial reporting the effectiveness and efficiency of operations compliance with appropriate laws and regulations. The effectiveness of internal controls: testing the controls for effectiveness With a systems-based approach, the auditor aims to rely on the accounting systems and the related internal controls to ensure that transactions are properly recorded. His assumption is that if the systems and the internal controls are adequate, the transactions should be processed correctly, and the financial statements should therefore give a true and fair view. The audit emphasis is therefore, as much as possible, on the systems that process the transactions rather than on the transactions themselves. AT A GLANCE It is the responsibility of management to put in place a suitable system of internal control, to address identified financial statement risks, operational risks and compliance risks. Effective internal controls, provided that they are implemented properly, should ensure: 3.2 What makes an effective system of internal controls? ISA 315(Revised 2019) identifies five elements which together make up an internal control system. These are: the control environment the entity’s risk assessment process the entity’s process to monitor the system of internal control the information system and communication control activities. 3.3 The control environment The ‘control environment’ is often referred to as the general ‘attitude’ of management and employees in the organisation towards internal controls. The control environment has been defined by the Institute of Internal Auditors as follows: ‘the attitude and actions of the board [of directors] and management regarding the significance of control within the organisation. The control environment provides the discipline and structure for the achievement of the primary objectives of the system of internal control. The control environment includes the following elements: integrity and ethical values management’s philosophy and operating style organisational structure THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 207 SPOTLIGHT Before the auditor can rely on the systems and controls that are in place, they must establish what those systems and controls are, and carry out an evaluation of the effectiveness of the controls. CHAPTER 6: THE AUDIT APPROACH assignment of authority and responsibility human resource policies and practice competence of personnel. CFAP 6: AARS A strong control environment is typically one where management shows a high level of commitment to establishing and operating sound controls. The existence of a strong control environment cannot guarantee that controls are operating effectively, but it is seen as a positive factor in the auditor’s risk assessment process. Without a strong control environment, the control system as a whole is likely to be weak. Evaluating the control environment ISA 315(Revised 2019) requires auditors to gain an understanding of the control environment. Part of this understanding involves the auditor evaluating the control environment, and assessing its effectiveness. In evaluating the control environment, the auditor should consider such factors as: AT A GLANCE management participation in the control process, including participation by the board of directors management’s commitment to a control culture the existence of an appropriate organisation structure with clear divisions of authority and responsibility an organisation culture that expects ethically-acceptable behaviour from its managers and employees appropriate human resource policies, covering recruitment, training, development and motivation, which reflect a commitment to quality and competence in the organisation. Practice Question 04: You are carrying out the audit of Akhtar Autos Limited (AAL) for the year ended 31 March 2015, a listed company, engaged in the business of manufacture of spare parts for trucks, buses and tractors. Extracts from the draft financial statements are as follows: 2015 2014 SPOTLIGHT -----(Rs. In '000')-----Sales 1,250,000 1,440,000 Loss before taxation -70,000 -15,000 Current assets 325,000 350,000 Other assets 145,000 135,000 Total assets 470,000 485,000 Current liabilities 345,000 305,000 Other liabilities 175,000 160,000 Total liabilities 520,000 465,000 Equity -50,000 20,000 Previous year’s audit report was qualified on account of inability to obtain sufficient and appropriate audit evidence with respect to stores and spares, as ledger of stores and spares contained many negative balances. The following further information has been obtained during the audit: i. 208 Agreements with two local distributors contain clauses that offer a significantly higher percentage of discounts which are above normal market rates. Due to the tough competition in the local market, the management of the company is currently negotiating with certain foreign customers for export of company’s products. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH In May 2015, court notices from two major customers were published in the newspapers, alleging the company of supplying inferior quality spare parts in the month of April 2015 and claiming damages of Rs. 150 million. The management is of the view that the allegations are baseless. iii. A supplier of the company has become bankrupt. The company owes an amount of Rs. 138 million to the supplier. However, the liquidator has lodged a claim of Rs. 140 million. iv. AAL is a family owned company. Out of its seven directors, four are executive directors. The non-executive directors have been elected on the board for the 4th time. v. The Board has formed a three-member Audit Committee, which is chaired by a nonexecutive director, who is also the maternal uncle of the chief executive. vi. The half yearly accounts were not finalised because of a legal dispute. The company had informed SECP in respect of such non-compliance. vii. Internal audit department includes only one person who is a chartered accountant and is engaged on a part time basis. viii. The warehouse from where goods are dispatched is under the management of sales department. Required: Give suggestions for improvement in the control environment. Tutorial Notes: Please remember that the general components of internal control and control environment are not required in the question. AT A GLANCE ii. Solution: The warehouse should not be under supervision of sales department; The management of the company should be independent of those charged with governance and there should be minimum interference of those charged with governance in the management of the company. The internal audit department or some other department independent of sales should be assign the responsibility for ascertaining discount of distributors before any payment / credit is processed; Historical trend analysis of sales made to distributor should be done in order to assess if any unethical practice is being going on in the company. Appointment of qualified personnel in internal audit department. Practice Question 05: Education for All Foundation (EFAF) is a large charity based organization, engaged in providing education to needy children, at a token fee of Rs. 100 per child. It receives donations for its activities both in cash and through its bank accounts. The major expenditure relates to payment to teachers and petty cash. Required: Briefly describe the key controls which you as an auditor expect to find in respect of receipts and payments. Tutorial Notes: This is pertinent to mention that more emphasis of the students should be on the specific areas like donations, fee income and petty cash etc. rather than stating general control measures. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 209 SPOTLIGHT Apart from suggestions given in part (d), the other suggestions for improvement in control environment are as follows: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Solution: Overall controls – statement showing donations, fee and income and payments are reviewed by senior management personnel on a monthly basis (i.e. business performance review covering all assertions) Control over donations Cash AT A GLANCE For cash received at counters, the cashier counts the cash and prepares a receipt voucher (Completeness, Accuracy, Rights/Obligation, Cut off) For donation boxes – donation boxes are unlocked / opened in the presence of two / three persons and then a cash count is performed following which a receipt voucher is prepared showing details about the date, time, place of box and the total cash collected. (Completeness, Accuracy) Cash count is performed on regular basis by a person independent of the custodian of cash and results are matched with the daily receipt record maintained in the system (Existence) Cash is kept in safe custody and at day end the cash is deposited with bank. (Existence) Surprise cash counts are also conducted by the persons independent of the custodian of cash (Existence) Appropriate segregation of duties exists, i.e. person receiving the cash, maintaining its custody and recording the transactions is not the same Bank accounts Bank reconciliation statements are prepared and reviewed on a regular basis and unadjusted / reconciling items are investigated and recorded on timely basis. (Completeness, Accuracy, Rights / Obligations, Cut off) Controls over fee income SPOTLIGHT The cashier counts the cash and prepares a receipt voucher showing details about the date, time, name of student and the cash collected. (Completeness, Accuracy, Rights / Obligations, Cut off) A student wise fee outstanding report is prepared and reviewed on a monthly basis and the schedule of overdue fee is presented to the management for appropriate action as per policy. Controls over Payments i. ii. 210 Teachers Payroll process is initiated by the payroll department based on the master data maintained by HR department. The attendance record reviewed by the Head of the Department before the processing of payroll. A month-to-month payroll reconciliation is prepared before the distribution of payroll. Changes to master data is made by the HR department only after due authorization. Petty cash Pre-numbered / sequentially controlled petty cash vouchers are maintained. Cash on the basis of IOUs is not disbursed. Surprise cash counts are conducted by the persons independent of the custodian of cash (Existence) Payments are recorded in general ledgers after the details are reviewed by the Finance Manager. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 3.4 The entity’s risk assessment process Within a strong system of internal control, management should identify, assess and manage business risks, on a continual basis. Significant business risks are any events or omissions that may prevent the entity from achieving its objectives. Identifying risks means recognising the existence of risks or potential risks. Assessing the risks means deciding whether the risks are significant, and possibly ranking risks in order of significance. Managing risks means developing and implementing controls and other measures to deal with those risks. ISA 315(Revised 2019) requires the auditor to gain an understanding of these risk assessment processes used by the client company’s management, to the extent that those risk assessment processes may affect the financial reporting process. The quality of the risk assessment and management process within the client company can be used by the auditor to assess the overall level of audit risk. If management has no such process in place, the auditor will need to do more work on this aspect of the audit planning. This aspect of the auditor’s work will involve identifying and understanding the following: the entity's information processing activities, including how transactions and events are recorded, processed, and disclosed, and reviewing accounting records and supporting records. how the entity communicates significant matters related to financial reporting within the organization, between management and governance, and with external parties. the entity’s communication may come from policy manuals and financial reporting manuals information system may be obtained through inquiries, inspections of documents, observation, selecting and tracing transactions 3.6 Control activities Control activities are the practices and procedures, other than the control environment, used to ensure that the entity’s objectives are achieved. They are the application of internal controls. Control activities are the specific procedures designed: to prevent errors that may arise in processing information, or to detect and correct errors that may arise in processing information. Categories of control activities (internal controls) Internal controls include the following types: (In the examination, if you are asked to suggest suitable internal controls within a given system the items in this list should provide a useful checklist.) Authorisation controls. These require that all significant transactions must be authorised by a manager at an appropriate level in the organisation. Physical controls over assets. These are controls for safeguarding assets from unauthorised use, or from theft or damage. An example is limiting access to inventory areas to a restricted number of authorised personnel. Arithmetic controls. These are checks on the arithmetical accuracy of processing. An example is checking invoices from suppliers, to make sure that the amount payable has been calculated correctly. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 211 SPOTLIGHT ISA 315(Revised 2019) requires the auditor to gain an understanding of the business information systems (including the accounting systems) used by management to the extent that they may affect the financial reporting process. AT A GLANCE 3.5 The information system and communication CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Accounting controls. These are controls that are provided within accounting procedures to ensure the accuracy or completeness of records. An example is the use of control account reconciliations to check the accuracy of total trade receivables or total trade payables. Management controls. These are controls applied by management. They include supervision by management of the work of subordinates, management review of performance and control reporting (including management accounting techniques such as standards setting, variance analysis, budgeting and budgetary control). Segregation of duties. This type of control is explained below. Segregation of duties Segregation of duties means dividing the work to be done between two or more individuals, so that the work done by one individual acts as a check on the work of the others. This reduces the risk of error or fraud. AT A GLANCE If several individuals are involved in the completion of an overall task, this increases the likelihood that errors will be detected when they are made. Individuals can often spot mistakes of other people more easily than they can identify their own mistakes. It is more difficult for a person to commit fraud, because a colleague may identify suspicious transactions by a colleague who is trying to commit a fraud. 3.7 Monitoring of controls It is important within an internal control system that management should review and monitor the operation of the controls, on a systematic basis, to satisfy themselves that the controls remain adequate and that they are being applied properly. ISA 315(Revised 2019) requires the auditor to obtain an understanding of this monitoring process. 3.8 Internal controls - illustration Illustration: internal controls The scenario SPOTLIGHT Waqar Wheels is a listed car dealership with over thirty showrooms across Pakistan and headquarters in Karachi. The directors introduced a code of ethics and conduct four years ago which it updates regularly and implements enthusiastically with routine training session and a robust disciplinary procedure. Monthly ‘all-staff’ newsletters remind employees about core ethical values and the need to maintain strong internal controls across all business processes. The directors take both employee and customer safety very seriously. A number of staff were dismissed following serious breaches of the code of conduct. Waqar Wheels employs an experienced internal audit department. It also has a number of nonexecutive directors on its board of directors. Waqar Wheels complies fully with the code of corporate governance applicable to listed companies in Pakistan. A risk committee comprising three experienced members of the board of directors was established four years ago. The committee is responsible for assessing the business risks faced by Waqar Wheels and working with senior management to ensure appropriate internal controls are employed across the business. For example, sales representatives are allowed to offer discounts of up to 6% without manager approval. However, discounts above 6% must be authorised by a showroom manager. The sales system automatically checks whether an approval is required and prevents any sale being recorded without an approval code. Regional sales managers receive a weekly report detailing all discounted sales above 6% to check that they were authorised. 212 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Control environment - Waqar Wheels has a strong control environment with directors who take internal controls seriously. They employ an internal audit department and vigorously implement codes of ethics and conduct, reinforcing their control-focused attitude with regular all-staff communications. The directors also ensure full compliance with the code of corporate governance. The entity’s risk assessment process – Waqar Wheels has a risk committee comprising three experienced directors who are responsible for assessing business risks faced by the company. The committee works with senior management to ensure a robust system of internal controls is implemented. The information system – The scenario made reference to a ‘sales system’ for recording sales and discounts. The ‘sales system’ is part of the overall information system used to record transactions at Waqar Wheels. Control activities – Sales discounts above 6% must be authorised by a showroom manager prior to recording the sale. This is an example of an authorisation control. Monitoring of controls – Regional sales managers monitor the operation of the authorisation control by reviewing a weekly report to ensure discounts above 6% have been authorised. 3.9 How the auditor uses internal controls When a client operates an effective system of internal control the most efficient method of generating audit evidence normally involves the testing of controls where possible (rather than substantive procedures). ‘Systems-based’ techniques therefore complement the business risk approach described above in an effort to s audit efficiency and focus testing on the higher risk areas. AT A GLANCE Analysis of the system of internal controls Understanding the controls ISA 315(Revised 2019) requires the auditor to obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit. ISA 315(Revised 2019) requires the auditor to: gain an understanding of each of the five elements of the client’s internal control system, and document the relevant features of the control systems. Once this understanding has been gained, the auditor should confirm that their understanding is correct by performing ‘walk-through’ procedures on each major type of transaction (for example, sales transactions, purchase transactions, payroll). Walk-through testing involves the auditor selecting a small sample of transactions and following them through the various stages in their processing from initiation to reporting in order to establish whether their understanding of the process is correct. Example: Walk-through procedures In a walkthrough test over the sales transaction, the auditor would select a sales transaction and start from the receipt of a Sales Order from a customer. The auditor would then review each document (e.g. order, invoice, goods dispatch note, customer acknowledgement of receipt) and process (e.g. review of order, preparation and approval of sales invoice etc.) until the final customer’s acknowledgment of receipt of goods, thereby ensuring that the system of sales as understood is in fact also implemented in the same way. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 213 SPOTLIGHT The auditor relies on the accounting systems and the related controls to ensure that transactions are properly recorded. The audit emphasis is therefore, as much as possible, on the systems processing the transactions rather than on the transactions themselves. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS If they understand the controls that are in place, the auditor can go on to assess their effectiveness, and the extent to which they can rely on those controls for the purpose of the audit. Assessing the effectiveness of controls The degree of effectiveness of an internal control system will depend on the following two factors: The design of the internal control system and the individual internal controls. Is the control system able to prevent material misstatements, or is it able to detect and correct material misstatements if they occur? Do the internal controls appear to be adequate and effective ‘on paper’? The proper implementation of the controls. Controls are not effective unless they are implemented properly. So are the controls operated properly by the client’s management and other employees? The outcome of this evaluation helps the auditor to assess the control risk. This is the risk that the internal controls will fail to prevent or detect and correct errors in the financial statements. This evaluation will allow the auditor to decide on the extent to which they can take a systems-based approach to the audit. 3.10 The auditor’s evaluation of internal controls The auditor may judge that the control risk is high, or that the control risk is low because the internal controls are effective. AT A GLANCE If the auditor assesses the control risk as very high, they will probably take the view that a systemsbased audit approach will not be appropriate. They will therefore move on to detailed testing of transactions and balances (and take a substantive testing approach to the audit). Before they can assess the control risk as low, the auditor must be satisfied that the controls are welldesigned and should be effective (in other words, they seem effective ‘on paper’). Even if the controls appear to be acceptable on paper, the auditor cannot rely on them and perform a systems-based audit unless they are confident that the controls are actually working in practice. In this situation, the next stage in the audit process is to carry out tests of controls. SPOTLIGHT If the outcome of the tests of control indicates that controls are actually operating effectively, the audit can use a systems-based approach, with a reduced amount of substantive testing. Even if the internal control system seems to be effective, the auditor will never rely 100% on their assessment of the controls. They will always do some substantive testing before reaching their conclusion about the financial statements. This is because of the limitations that are inherent in all control systems. It is impossible to avoid the risk of control failure that is caused by: human error (and a failure to apply a control properly) obsolescence of controls over-riding of controls by management (which is a deliberate decision to ignore a control), and the possibility of collusion and fraud. Auditors will always supplement their work on systems with some substantive testing. The amount of this testing will depend on the auditor’s evaluation of the effectiveness of the controls. The performance of tests of controls does not guarantee that few substantive procedures would be carried out; in fact, if the performance of tests of controls reveals that the internal controls within a particular type or class of transaction are not operating effectively, the auditor will increase the nature, timing and extent of their substantive audit procedures. 214 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 3.11 Summary of the approach to reliance on internal controls The auditor’s use of a systems-based approach to an audit is summarised in the following flowchart: Planning and risk assessment Assessment of internal controls as weak Assessment of internal controls as strong Tests of controls Extensive substantive testing AT A GLANCE Good controls Reduced substantive testing SPOTLIGHT Overall review of financial statements Issue audit report THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 215 CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 4. COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (ISA 265) Definition: Deficiency in internal control * A control is designed, implemented or operated in such a way that it is unable to prevent, or detect and correct, misstatements in the financial statements on a timely basis; or * A control necessary to prevent, or detect and correct, misstatements in financial statements on a timely basis is missing. Definition: Significant deficiency in internal control A deficiency or combination of deficiencies in internal control that, in auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with governance. Auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. AT A GLANCE Auditor may discuss the relevant facts and circumstances of auditor’s findings with the appropriate level of management. Auditor may obtain other relevant information for further consideration, such as: ¯ Management understanding of the actual or suspected causes of the deficiencies. ¯ Exceptions arising from deficiencies that management may have noted (e.g. misstatements that were not prevented by relevant IT controls). ¯ A preliminary indication from management of its response to the findings. 4.1 Significant Deficiencies in Internal Control (Ref: 8, A5-A11) If auditor has identified one or more deficiencies in internal control, auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. Examples of matters that the auditor may consider in determining the significance: SPOTLIGHT 216 Likelihood of the deficiencies leading to material misstatements in the financial statements in the future. The susceptibility to loss or fraud of the related asset or liability. Subjectivity and complexity of determining estimated amounts, e.g. fair value estimates. The financial statement amounts exposed to the deficiencies. The volume of activity that has occurred or could occur in the account balance or class of transactions exposed to the deficiency or deficiencies. The importance of the controls to the financial reporting process; for example: ¯ General monitoring controls (such as oversight of management). ¯ Controls over the prevention and detection of fraud. ¯ Controls over selection and application of significant accounting policies. ¯ Controls over significant transactions with related parties. ¯ Controls over significant transactions outside the entity’s normal course of business. ¯ Controls over the period-end financial reporting process Cause and frequency of the exceptions detected as a result of deficiencies in the controls. The interaction of the deficiency with other deficiencies in internal control. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Indicators of significant deficiencies in internal control: Evidence of ineffective aspects of control environment, such as: ¯ Indications that significant transactions in which management is financially interested are not being appropriately scrutinized by those charged with governance. ¯ Identification of management fraud, that was not prevented by internal control. ¯ Management’s failure to implement appropriate remedial action on significant deficiencies previously communicated. Absence of a risk assessment process within entity (where it is expected to be present) Evidence of an ineffective risk assessment process (fails to identify risks) Evidence of an ineffective response to identified significant risks Misstatements detected by auditor that were not prevented, or detected and corrected, by entity’s internal control. Restatement of previously issued financial statements to reflect correction of a material misstatement. Evidence of management’s inability to oversee the preparation of the financial statements. Kiran is the audit senior responsible for the audit of Xengen Limited. She has noticed that a large number of journal entries were processed near the year end. Required: What course of action should the audit team take if serious deficiencies are identified during the control testing process? AT A GLANCE Practice Question 06: Solution: Ident.ify the ledger accounts in which most of the journal entries were processed, for e.g. (revenue or fixed assets). Inquire accounting and data entry personnel whether they were requested to make any unusual entries during the period. Introduce an element of unpredictability regarding the amount and types of journal entries and other adjustments tested. Computer assisted audit techniques may be used to identify the journal entries and other adjustments to be tested or to detect unusual entries or entries made at unusual time or by unusual users. Increase the extent of substantive procedures. Focus on journal entries posted at quarter-end and year-end. Assess whether the control weakness identified represents management override of control and represents a fraud risk. If the management integrity or competence is not in doubt the auditor shall communicate to management at an appropriate level of responsibility significant deficiencies in internal control it intends to communicate to those charged with governance along with the description of the deficiencies and an explanation of their potential effects. If the findings appear to call management’s integrity or competence in doubt the auditor shall communicate the significant deficiencies to those charged with governance and consider resigning from the assignment and obtain legal opinion in this regard and shall determine whether there is a responsibility to report to the regulatory authorities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 217 SPOTLIGHT Reassess the risk of material misstatement and modify the nature timing and extent of further audit procedures, such as: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 4.2 Communication of Deficiencies in Internal Control (Ref: 9, A12-A18) Auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. In determining when to issue written communication, auditor may consider whether receipt of such communication would be an important factor in enabling those charged with governance to discharge their oversight responsibilities. Auditor may also communicate these orally in the first instance to management and those charged with governance. The level of detail at which to communicate significant deficiencies is a matter of auditor’s professional judgment. Factors that auditor may consider in determining so include: AT A GLANCE ¯ The nature of the entity. ¯ (e.g. communication required for public interest entity may be different from others) ¯ The size and complexity of the entity. ¯ The nature of significant deficiencies that the auditor has identified. ¯ The entity’s governance composition. ¯ (e.g. more detail may be needed if those charged with governance include inexperienced members) ¯ Legal or regulatory requirements regarding such communication The fact that auditor communicated a significant deficiency to those charged with governance and management in a previous audit does not eliminate the need for the auditor to repeat the communication if remedial action has not yet been taken. SPOTLIGHT ¯ If a previously communicated significant deficiency remains, this year communication may repeat the description from previous communication, or simply refer it ¯ Auditor may ask management or those charged with governance, why the deficiency has not yet been remedied. ¯ A failure to take remedial action may in itself represent a significant deficiency. 4.3 Communication of Deficiencies to Management (Ref: Para. 10, A19-A27) Auditor shall also communicate to appropriate level of management on a timely basis: In writing, significant deficiencies in internal control that auditor has communicated or intends to communicate to those charged with governance, unless it is inappropriate to communicate to them. (E.g. where deficiency call into question the integrity or competence of management) Other deficiencies in internal control identified during audit that have not been communicated to management by other parties and that, in auditor’s professional judgment, are of sufficient importance to merit management’s attention. Other considerations relating to Communication of Other Deficiencies 218 Communication of other deficiencies need not be in writing but may be oral. If auditor has communicated other deficiencies in internal control to management in prior period and management has chosen not to remedy them for cost or other reasons, auditor need not repeat the communication in the current period. Auditor may re- communicate these other deficiencies if there has been a change of management, or if new information has come to auditor’s attention If deemed appropriate, auditor may also inform those charged with governance of such communication THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 4.4 Content of Written Communication of Significant Deficiencies (Ref: 11, A28-A30) Auditor shall include in written communication of significant deficiencies in internal control: A description of the deficiencies and an explanation of their potential effects; and Sufficient information to enable those charged with governance and management to understand the context of the communication. In particular, the auditor shall explain that: ¯ The purpose of the audit was for the auditor to express an opinion on the financial statements; ¯ The audit included consideration of internal control relevant to preparation of financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on effectiveness of internal control; and ¯ The matters being reported are limited to those deficiencies that auditor has identified during audit and that auditor has concluded are of sufficient importance to be reported In explaining potential effects, auditor need not quantify those effects. Significant deficiencies may be grouped together for reporting purposes, if appropriate. Auditor may also include suggestions for remedial action on deficiencies, management’s actual or proposed responses, and a statement as to whether auditor has undertaken any steps to verify whether management’s responses have been implemented. Auditor may consider it appropriate to include the indications that: By performed more extensive procedures, more deficiencies could also be identified. ¯ Such communication has been provided for those charged with governance, and that is not suitable for others. Law or regulation may require auditor or management to furnish copy of communication to appropriate regulatory authorities. (In this case, auditor’s written communication may identify such regulatory authorities) Practice Question 07: The Board of Directors of an insurance company is very concerned about the increasing incidents of fraud in verification of claims by the surveyors. Required: Suggest controls that should be implemented by the company for claim verification. Tutorial Notes: Common errors while answering could be: 1. Specifying irrelevant controls which could not play any role in the identification of frauds such as, controls over recording of claims and verification of payments, etc. 2. Not apprehending that the answer should be given in context of an Insurance company. Solution: Suggested controls for claim verification: i. Employ a panel of qualified surveyors with good reputation. ii. Segregation of duties relating to the claim process. iii. Monitoring the time lag between policy issuance and claim reported and between the claim lodge and settlement date, and investigate unusual cases. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 219 SPOTLIGHT ¯ AT A GLANCE Other Considerations CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS iv. A second survey may be conducted on a test basis especially in unusual cases. v. Surveyors should be required to submit pictures of the damaged assets whenever possible. vi. Monitor which agent and insuree has the highest claim ratio. vii. Review the total claims verified by each surveyor and compare it with value of assets insured to identify unusual ratio. 4.5 Tutorial note The important paragraphs of the standard to be focused more by the students are: Core Paragraphs: 10, 11 Explanatory Paragraphs: A2, A6, A7, A15 and A29 AT A GLANCE SPOTLIGHT 220 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 5. BALANCE SHEET (SUBSTANTIVE) STRATEGIES 5.1 Substantive tests When an auditor assesses the control risk as high, they will not be able to adopt a systems-based approach to the audit. Instead they will carry out extensive substantive testing. Substantive tests are audit procedures performed to detect material misstatements in the figures reported in the financial statements. They are designed to obtain evidence about the financial statement assertions. They include: tests of detail on transactions, account balances and disclosures, and analytical procedures. Examples of tests of details include inspection of third party evidences such as suppliers’ statements or invoices, obtaining confirmations and/or recalculating items such as depreciation or rent expense for the year. 5.2 The balance sheet approach The balance sheet approach is also an approach to the audit based wholly on substantive testing. However, unlike the transaction cycle approach, with the balance sheet approach the auditor concentrates primarily on: testing balances, as opposed to; testing balances and transactions. AT A GLANCE Similarly, examples of analytical procedures include ratio analysis, comparison with past trends, industry information or company budgets and corroboration with the information obtained from other substantive procedures. It is an approach that is often well-suited to small companies and to companies where assets and liabilities are substantial in relation to transactions (e.g. investment companies). This approach is based on the following accounting equation: The theory is that if the opening and closing statements of financial position are ‘correct’ then the profit for the year must also be correct. 5.3 Directional testing Directional testing is the concept applied to substantive testing to differentiate between testing for misstatements (over- or under-statement) or omissions (under-statement). When testing for misstatements the audit sample will be selected from the accounting records (i.e. recorded transactions). When testing for omissions the audit sample will be selected from outside the accounting records e.g. bank statements or supplier statements. The testing is therefore said to be performed in opposite directions when testing for omissions rather than misstatements. 5.4 Smaller entities ISAs apply to the audits of all entities – whatever their size. However, additional considerations specific to audits of smaller entities are included within the application and other explanatory material of a ISAs, where appropriate. These additional considerations assist in the application of the requirements of the ISA in the audit of such entities. They do not, however, limit or reduce the responsibility of the auditor to apply and comply with the requirements of the ISAs. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 221 SPOTLIGHT Opening net assets + Profit for the year = Closing net assets CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Definition: Small entity The IAASB’s Glossary of terms defines a smaller entity as one which typically possesses the following characteristics: Concentration of ownership and management in a small number of individuals (often a single owner-manager) One or more of the following: ¯ Uncomplicated transactions ¯ Simple record-keeping ¯ Few lines of business/products ¯ Few internal controls ¯ Few levels of management with responsibility for a broad range of controls ¯ Few personnel, many having a wide range of duties Many of the control activities that would typically be found in a large company may be inappropriate, too costly or impractical for a small entity. Segregation of duties is an obvious example of this. Smaller entities do not have enough employees for an ‘ideal’ segregation of duties. AT A GLANCE Often, control systems in smaller entities are based on a high level of involvement in day-to-day operations by the directors or owners of the company. Authorisation controls and review controls, with the owner-manager personally authorising many transactions, might therefore be a key feature of the control systems in smaller entities. Although the active involvement of an owner-manager might mitigate risks arising from a lack of segregation of duties, the auditor will often see the involvement of an owner-manager in day-to-day operations as only a partial substitute for ‘normal’ control systems. The following problems may arise in such types of businesses: SPOTLIGHT There may be a lack of evidence as to how systems are supposed to operate. The auditor will need to rely more on inquiry than on review of documentation. There may be a lack of evidence of the application of controls in practice (for example, authorisations may not be documented). Management may override whatever internal controls are in place. Management may lack the expertise necessary to control the entity effectively and efficiently. There is unlikely to be any independent person within the management team as there would be within “those charged with governance” in a larger entity. The attitudes and actions of the owner-manager will be key to the auditor’s risk assessment. There is unlikely to be a written code of conduct so a culture of integrity and ethical behaviour, as demonstrated by management example, will be important. The auditor needs to understand and evaluate whatever controls are in place and plan their audit work accordingly. However, it is likely that a lower level of reliance will be placed on controls in a smaller entity, which means that a considerable amount of substantive testing will be needed. 222 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH 6. THE AUDITOR’S RESPONSES TO ASSESSED RISKS (ISA 330) Definition: Substantive procedure An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise: i. ii. Tests of details; and Substantive analytical procedures. Definition: Test of controls An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. 6.1 Overall Responses (Ref: 5, A1-A3) Auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statements level. Emphasizing to the engagement team the need to maintain professional skepticism. Assigning more experienced staff or those with special skills or using experts. Providing more supervision. Incorporating unpredictability in selection of further audit procedures to be performed. Making general changes to nature, timing or extent of audit procedures (e.g. performing substantive procedures at period end instead of at an interim date etc.) AT A GLANCE Such overall responses may include: 6.2 Responses to the Assessed Risks at the Assertion Level (Ref: 6, 7, A4-A19) Assessment of identified risks at assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit procedures. For example: Only by performing tests of controls Performing only substantive procedures is appropriate; or (auditor excludes the effect of controls from the relevant risk assessment) A combined approach using both tests of controls and substantive procedures In designing further audit procedures to be performed, auditor shall: Consider the reasons for risk assessment at the assertion level, including: ¯ Likelihood of material misstatement due to particular characteristics of relevant class of transactions, account balance, or disclosure (i.e. inherent risk); and ¯ Whether the risk assessment takes account of relevant controls (i.e. control risk) Obtain more persuasive audit evidence in case of higher assessment of risk. (May increase quantity of evidence, or obtain more relevant and reliable evidence) Nature of an Audit Procedure Nature of an audit procedure refers to: Its purpose (e.g. test of controls or substantive procedure); and Its type (e.g. inspection, observation, inquiry, recalculation, or analytical procedure etc.). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 223 SPOTLIGHT Auditor shall design and perform further audit procedures whose nature, timing and extent are based on the assessed risks of material misstatement at assertion level. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Auditor’s assessed risks may affect both the types of audit procedures to be performed and their combination. For example, when an assessed risk is high, auditor may confirm completeness of the terms of a contract with counterparty, in addition to inspecting the document. Timing of an Audit Procedure Timing of an audit procedure refers to when it is performed, or the period or date to which the audit evidence applies. The higher the risk of material misstatement, the more likely it is that auditor may decide it is more effective to perform substantive procedures nearer to, or at the period end On other hand, performing audit procedures before period end may assist the auditor in identifying significant matters at an early stage of audit, and resolving them with management Certain audit procedures can be performed only at or after the period end, for example: Agreeing the financial statements to the accounting records; Examining adjustments made during the course of preparing the financial statements; and Procedures to respond to a risk that entity may have entered into improper sales contracts at period end AT A GLANCE Other Relevant factors influencing auditor’s consideration of timing of auditors’ procedures: The control environment. Timing of availability of relevant information Nature of the risk The period or date to which the audit evidence relates Extent of an Audit Procedure Extent of an audit procedure refers to quantity to be performed SPOTLIGHT Extent of an audit procedure is determined after considering materiality, assessed risk, and the degree of assurance required. Use of the computer-assisted audit techniques (CAATs) may enable more extensive testing of electronic transactions and account files, which may be useful when auditor decides to modify extent of testing. Such techniques can be used to select sample transactions from key electronic files, to sort transactions with specific characteristics, or to test an entire population instead of a sample. 6.3 Tests of Controls (Ref: 8-17, A20-A41) Auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if: Auditor’s assessment of risks at assertion level includes an expectation that controls are operating effectively i.e. auditor intends to rely on operating effectiveness of controls; or Auditor shall obtain more persuasive audit evidence in test of controls. Substantive procedures alone cannot provide sufficient appropriate audit evidence e.g. when business is conducted using IT and paper documentation is not maintained. Testing the operating effectiveness of controls is different from obtaining an understanding of and evaluating design and implementation of controls (as per ISA 315(Revised 2019)). Auditor may decide that it is efficient to test operating effectiveness of controls at same time when evaluating those. 224 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Nature and Extent of Tests of Controls In designing and performing tests of controls, auditor shall: Perform procedures to obtain evidence about operating effectiveness of controls: How the controls were applied at relevant times during the accounting period; The consistency with which they were applied; and By whom or by what means they were applied. Determine whether controls are interdependent and whether to check other controls. Nature Nature of particular control influences the type of procedure required to obtain audit evidence about whether the control was operating effectively. Timing Evidence pertaining only to a point in time may be sufficient for auditor’s purpose; or e.g. when testing controls over entity’s physical inventory counting at the period end. Auditor may intend to rely on a control over a period. Extent Auditor may consider following matters in determining the extent of tests of controls: Frequency of the performance of the control by the entity. Length of time during period that auditor is relying on operating effectiveness of control Expected rate of deviation from a control. Relevance and reliability of audit evidence to be obtained Extent to which audit evidence is obtained from tests of other controls. Because of inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an automated control. It can be expected to function consistently unless the program (including the tables, files, or other permanent data used by the program) is changed. Using audit evidence obtained about controls during an interim period Auditor shall: Obtain evidence about significant changes to those controls subsequent to that period; and Determine the additional audit evidence to be obtained for the remaining period Relevant factors in determining additional audit evidence include: Significance of assessed risks of material misstatement at the assertion level. Degree to which audit evidence about those controls was obtained. The length of the remaining period. Extent to which the auditor intends to rely on controls. The control environment. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 225 SPOTLIGHT AT A GLANCE CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Using audit evidence obtained in previous audits Auditor shall consider the following: Effectiveness of other elements of internal control Risks arising from characteristics of control, including whether it is manual or automated; The effectiveness of general IT controls; The effectiveness of the control and its application by the entity; Whether lack of a change poses a risk due to changing circumstances; and The risks of material misstatement and the extent of reliance on the control. Auditor shall establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to previous audit. If there have been changes, auditor shall test the controls in the current audit. If there have been no changes, auditor shall test controls at least once in every 3rd audit AT A GLANCE If auditor plans to rely on controls over a significant risk, auditor shall test those controls in the current period. Evaluating the operating effectiveness of relevant controls Auditor shall evaluate whether the misstatements detected by the substantive procedures indicate that controls are not operating effectively. If deviations from controls are detected, auditor shall make specific inquiries to understand these matters and their potential consequences, and shall determine whether: Performed tests of controls provide an appropriate basis for reliance on the controls; Additional tests of controls are necessary; or The potential risks of misstatement need to be addressed using substantive procedures. SPOTLIGHT 6.4 Substantive Procedures (Ref: 18-23, A42-A58) Irrespective of risks of material misstatement, auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure Depending on the circumstances, auditor may determine that: Performing only substantive analytical procedures will be sufficient to reduce audit risk; Only tests of details are appropriate; or A combination of substantive analytical procedures and tests of details are required. Extent of substantive procedures may need to be increased when the results from tests of controls are unsatisfactory. This is normally done through increasing the sample size. Substantive Procedures Related to the Financial Statement Closing Process Substantive procedures shall include following audit procedures related to financial statements closing process: 226 Agreeing or reconciling the financial statements with the underlying accounting records; and Examining material journal entries and other adjustments made during the course of preparing the financial statements. (Ref: Para. A52) THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Practice Question 08: Kiran is the audit senior responsible for the audit of Xengen Limited. She has noticed that a large number of journal entries were processed near the year end. Required: What controls should she expect to be in place for recording and processing of journal entries? Tutorial Notes: Along with other controls students are expected to discuss documented policies and procedures, standardized forms for standard journal entries, automated exception reports for un-usual entries in order to gain maximum marks. Similarly, auditors’ actions like use of computer assisted audit techniques, increasing the extent of substantive testing and assessing risk of management override of controls would also add a flavor to the answer. Solution: Substantive Procedures Responsive to Significant Risks Auditor shall perform substantive procedures that are specifically responsive to that risk. When the approach to a significant risk consists only of substantive procedures, those procedures shall include tests of details. External confirmations received directly by auditor from appropriate confirming parties may assist auditor in obtaining audit evidence with high reliability. Timing of Substantive Procedures If substantive procedures are performed at an interim date, auditor shall cover the remaining period by performing: Substantive procedures, combined with tests of controls for the intervening period; or Further substantive procedures only. Factors that may influence whether to perform substantive procedures at an interim date: The control environment and other relevant controls. The availability at a later date of information necessary for the auditor’s procedures. The purpose of the substantive procedure. The assessed risk of material misstatement. The nature of the class of transactions or account balance and related assertions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 227 SPOTLIGHT Policies and procedures involving journal entries and other adjustments should be documented and available to personnel involved in initiating the entries to the general ledger/transaction processing systems. ii. Entries should be identified with adequate descriptions and/or supporting documentation including calculations. iii. Each entry should be signed by the preparer and approved by the authorized personnel. iv. Authority limits for approval of journal entries should be well defined. v. Each entry should be sequentially numbered and dated. vi. Standardized forms should be used for standard journal entries e.g. forms containing the account numbers of ledgers in which the entry is to be posted. vii. Automated exception reports of entries such as amounts in excess of certain limits, credit entries in accounts where only debit entries are posted, entries in rarely used accounts, etc. should be regularly generated and reviewed. AT A GLANCE i. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS The ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatements that may exist at the period end will not be detected. Following factors may influence whether to perform substantive analytical procedures with respect to the period between the interim date and the period end: Whether period-end balances are reasonably predictable. Whether the entity’s procedures for analyzing and adjusting such items and for establishing proper accounting cutoffs are appropriate. Whether information system relevant to financial reporting will provide information that is sufficient to permit investigation of: ¯ Significant unusual transactions or entries (including those at or near the period end); ¯ Other causes of significant fluctuations, or expected fluctuations that did not occur; and ¯ Changes in the composition of the classes of transactions or account balances. Practice Question 09: AT A GLANCE Develop audit work programs in respect of dividend to shareholders stating therein the related assertions, audit objectives and substantive audit procedures. Solution: A. AUDIT OBJECTIVES To determine whether: SPOTLIGHT (a) All liabilities on account of unclaimed/unpaid dividends are properly recorded and represent valid liabilities of the entity at the balance sheet date. (b) These are properly described and classified and adequate disclosures with respect to these amounts have been made. (c) Zakat has been adequately deducted and deposited in the Central Zakat Fund according to the requirements of Zakat and Ushr Ordinance, 1980 and Rules made there under. (d) Dividends have been paid within stipulated time. B. ASSERTIONS AND SUBSTANTIVE PROCEDURES 1. Recording of liability / dividend declared Assertions addressed (i) Rights and obligations (ii) Completeness (iii) Existence (iv) Valuation and allocation Procedures (i) See authority of Board and / or general meeting for all dividends declared. (ii) Agree capital on which dividend is paid with issued capital. (iii) Ensure that any unpaid / unclaimed amount of dividends is adequately disclosed. (iv) Ensure that dividends are paid out of profits only. (v) Ensure that no dividend is paid out of profits from sale or disposal of any immovable property / asset of capital nature. 228 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH (vi) In case of stock dividend the following steps would be performed: Ensure that Companies Issue of Capital Rules, 1996 have been complied properly. Ensure that free reserve and surplus retained after the issue of bonus shares will not be less than 25% of the increased capital. Obtain confirmation from CDC to check issue of bonus shares. Payments Assertions addressed (i) Occurrence (ii) Completeness (iii) Accuracy (iv) Cut-off (i) Ensure that dividend warrants are issued in the name of registered shareholders or to their order. (ii) Ensure that dividend is paid within 45 days of declaration thereof (or 30 days in case of a private company by such)/by such time as specified by commissioner. AT A GLANCE Procedures (iii) Ensure that withholding tax has been properly deducted from cash dividend. (iv) Ensure compliance with Foreign Exchange Act, 1947 including nomination of authorized dealer and permission from SBP in respect of for remittance of dividend to foreign shareholders. (v) Obtain reconciliations in respect of dividends related to prior years and check the movement on test basis Zakat (i) Check the cases where Zakat has not been deducted to ensure that those are not in violation of Zakat and Ushr Ordinance, 1980 and relevant Rules. (ii) Check Zakat exemption declarations on test basis, where applicable. (iii) Check deposit challan for payment of Zakat in the Central Zakat Fund. 3. Disclosure Assertions addressed (i) Occurrence & rights and obligation (ii) Classification and understandability (iii) Completeness Procedures (i) Ensure appropriate disclosure have been made in accordance with the reporting framework. (ii) Fill relevant portion of Financial Statement Disclosure Checklist (FSDCL). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 229 SPOTLIGHT 2. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Practice Question 10: Develop audit programmes in respect of contingent liabilities and taxation (including deferred taxation) stating therein the audit objectives and substantive audit procedures. Solution: AUDIT PROGRAM FOR CONTINGENT LIABILITIES Audit objectives To determine whether: (a) The contingent liabilities disclosed by the management include all contingencies. (b) Contingent liabilities do not include: (i) any obligation which should be provided for in the books of account of the Company as the probabilities of its outcome against the Company are on the higher side and the quantum and timing of payment may be estimated; (ii) any obligation for which the possibility of outflow of resources embodying economic benefits is remote. AT A GLANCE Substantive procedures (a) SPOTLIGHT 230 (i) Discuss with management the client’s policies and procedures for determining the estimated financial effect of contingencies, including those resulting from litigation, claims, and unasserted claims. (ii) Examine the policies and procedures that the client has in place to monitor compliance with laws and regulations, including those procedures designed to prevent the occurrence of illegal acts. (iii) Obtain confirmation from the legal advisors including tax consultants and banks/financial institutions. (iv) Review the schedule of contingencies provided by the client and carry out the following steps: Compare current year’s position with the previous years and check the items which have not been reported this year. Examine documents, files and correspondence related to each material contingency reported in the schedule. Discuss the latest status in each case with the appropriate management personnel. Check the basis of measurement of the contingencies. Check that the contingencies do not include items the probability of which is remote. Ensure that provision has been made against all items that meet the relevant criteria as mentioned in IAS 37. Refer the confirmation received from the legal advisors, tax consultants, banks and financial institutions, with the schedule of contingencies. Where some or all of the expenditure required settling a contingent liability is expected to be reimbursed by another party, ensure that the reimbursement should be disclosed when, and only when, it is virtually certain that the reimbursement will be received if the enterprise settles the potential obligation. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH (v) (vi) Perform the following steps to ensure that all contingencies have been disclosed. Review the minutes of board of directors and of other important meetings. Review important agreements and contracts and ensure that the company is in compliance thereof. Review schedule of legal charges to ascertain the names of all legal advisors to ensure that all the cases being defended have been identified. Review the results of audit procedures performed in other heads of accounts to identify any contingency which may not be recorded. Obtain representation from client that all known contingencies have been disclosed. (vii) Ensure that all contingencies have been appropriately disclosed in the financial statements. AUDIT PROGRAM FOR TAXATION Audit objectives (a) Tax exposure, tax liability/receivable and deferred tax have been correctly calculated. (b) All disclosures in respect of the above have been properly made in accordance with the relevant standards. Substantive procedures AT A GLANCE To determine whether: (a) Current Taxation (ii) Overall Analytical Procedures Compare amounts and ratios (e.g., effective tax rates) for the current period with the prior year. Investigate significant fluctuations. Perform detailed comparative analysis of trading and operating results with causes and reason for variation duly supported with justification. Tax Expense For the current year Review the computation of taxable income and ensure that all additions / deductions are computed in accordance with the provisions of the Income Tax Ordinance, 2001 Compare balances as per computation schedule given by client with the general ledger. Investigate any differences. Obtain and test the client's support for significant add backs/ deductions appearing in the schedule. Compare the amounts of significant permanent and temporary differences for the current period with comparable amounts for the preceding period. Ensure that tax in respect of income covered under FTR (if any) has been correctly computed and accounted for. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 231 SPOTLIGHT (i) CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Prior period tax provision (iii) Check tax charge / reversal in current year with respect to previous year with appropriate documents, i.e. assessment order issued during the year, amended returns filed by the company (if any), notices received from tax department and related correspondence, etc. Where the client has decided to file an appeal against an order of the taxation authorities and have not made full provision there against, discuss the issue with the client and review the tax consultants advise thereon. Tax Payable / Refundable Obtain a schedule showing movement in tax payable / refundable and check as follows: AT A GLANCE (iv) Check opening balances with the last year’s working papers Test check advance payment of tax and tax deducted at source from payment challan, bill of entries, certificate of deduction of tax issued by the customers, etc. Check any adjustments (reduction in tax liability) with the refund orders / revised assessment orders issued by the tax authorities. Correspondence and confirmation from Tax Advisor(s) Obtain and study correspondence with tax advisor (s). Circularize confirmation to tax advisors and examine the response. (v) Tax Contingencies Evaluate tax contingencies and ensure that these have been appropriately accounted for and disclosed in the financial statements. (vi) Obtain representation from the management that all information has been disclosed. (b) Deferred Taxation SPOTLIGHT Obtain a deferred tax working schedule from the client along with related disclosures for current and prior periods. Check the calculation of major timing differences specially in respect of: ¯ Depreciation and amortization ¯ Provisions ¯ Revaluation of fixed assets, etc. Ensure that correct rate of tax has been applied to arrive at the deferred tax liability / asset. Ensure that the difference between the tax effect of opening and closing balance of timing difference has been debited / credited, as appropriate, in deferred tax expense / reversal account. In case of carry forward of tax losses/ minimum tax, ensure that deferred tax has only been provided where the losses/ minimum tax are expected to be reversed in the foreseeable future. Ensure that loss carry forwards utilized to offset current year taxable income have not expired. (c) Disclosure Ensure appropriate disclosure have been made in accordance with the relevant standards which include the reconciliation of tax charge for the year. 232 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Practice Question 11: During the audit of Shahid Limited, your IS audit team has reported the following issues: i. The client did not have an approved business continuity plan. ii. There were several program changes made during the year which were not approved by the higher management. However, a complete log of program changes was maintained. iii. IDs of the employees who have left the company are not deleted on a timely basis. Required: Discuss the possible course of action that you may take in respect of the above identified issues. (Reporting implications are not required) While suggesting getting the program changes approved student should also discuss the change process, the possible financial impact and the related audit procedures to obtain sufficient appropriate evidence on the affected account balance/transactions. A good discussion should also be done on the employees’ ID issues. Solution: i. The client does not have Disaster recovery (DR) and Business Continuity Plan (BCP): The above deficiency might impact business operations but do not have any direct impact on the financial statements. The auditor is not expected to alter audit strategy or audit plan due to this deficiency. AT A GLANCE Tutorial Notes: Even though this control deficiency has no direct impact on the financial statements, still the auditor shall consider whether the IT deficiency needs to be reported to those charged with governance as required under ISA 260. Program changes without approval but change log is maintained: There is a risk that unauthorized changes may have been made. This deficiency shall impact audit strategy and plan. The auditor may perform the following procedures to mitigate the risk of unauthorized program changes that may result in material misstatements in the financial statements: Understand the process of program changes such as initiation of change management request, authorization of request, validation of changes made etc. to see if there are any mitigating controls which can be relied upon; Understand the application which is impacted by above deficiency and the financial statements areas that are impacted by that application; For identified financial statements areas, following audit procedures may be performed: ¯ Review key reconciliations, such as reconciliation of subsidiary and control accounts; ¯ Perform analytical procedures over information extracted from the application to identify unusual pattern/trend. ¯ Perform substantive procedures such as test of details to ensure the accuracy of information. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 233 SPOTLIGHT ii. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Based on the aforementioned procedures, the auditor shall evaluate whether the risk of material misstatements due to unauthorized changes has been reduced to an acceptable level. The auditor shall consider whether the IT deficiency as noted above constitute a significant control deficiency which needs to be reported to those charged with governance as required under ISA 260. iii. IDs of employees who have left the organization are not deleted/deactivated on a timely basis: This deficiency possesses a risk that unauthorized changes may be made through IDs of ex-employees which may result in material misstatements in the financial statements. To address the risk, the auditor needs to alter the audit strategy/plan and may perform the following procedures: AT A GLANCE Check the current status of active IDs of ex-employees and request management to deactivate these; Review system logs to identify any changes that have been made through these IDs during the time of severance of employees and deactivation of their IDs; If any changes are identified, follow the complete trail and understand the rationale and impact of the change. Based on the aforementioned procedures auditor shall evaluate whether the risk of material misstatements due to unauthorized changes has been reduced to an acceptable level. The auditor shall consider whether the IT deficiency as noted above constitute a significant control deficiency which needs to be reported to those charged with governance as required under ISA 260. Practice Question 12: You are the audit manager in a firm of chartered accountants responsible for the statutory audit of Fazal Limited (FL) for the year ended 31 March 2021. SPOTLIGHT During the audit, your audit team was informed that on 1 January 2021, FL entered into a sale and leaseback agreement with Arabian Leasing Company (ALC) for its head office property situated at premier commercial hub. FL sold the property to ALC at fair value with useful life of thirty years as assessed on the date of sale. Subsequently, ALC leased back the property to FL for a period of ten years. Required: State the audit procedures which may be performed in respect of the above transaction. Solution: Audit Procedures 234 Review the key details of agreement, in particular the rights of the lessee and the lessor to control the asset, sale proceeds, lease rental, the lease term and the interest rate implicit in the lease. Read minutes of BOD meetings for management discussion and approval of the sale and leaseback transaction. Review third party surveyor reports to verify the fair value and expected remaining life of the property. Review client workings for the computation of the present value of the lease payments and whether the client has recognized the right-of-use asset at the correct amount. Verify the sale proceeds received from ALC from bank statement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Determine whether the correct carrying amount of the property has been derecognized in the financial statements. Review the working to verify whether the gain or loss on disposal has been recorded correctly as per IFRS. Determine the disclosure made in the financial statements is in compliance with IFRS. Misstatements detected at an interim date Auditor shall evaluate whether the related assessment of risk and planned nature, timing or extent of substantive procedures covering the remaining period need to be modified. Such modification may include extending or repeating the procedures at the period end. 6.5 Adequacy of Presentation and Disclosure (Ref: 24, A59) Auditor shall perform audit procedures to evaluate whether the overall presentation of financial statements, including the related disclosures, is in accordance with applicable financial reporting framework Auditor shall evaluate before conclusion of audit whether the assessments of risks of material misstatement at the assertion level remain appropriate. Auditor may need to reevaluate planned audit procedures, based on revised consideration of assessed risks Auditor shall conclude whether sufficient appropriate audit evidence has been obtained to enable auditor in forming an opinion (whether it corroborates or contradicts the assertions) AT A GLANCE 6.6 Evaluating Sufficiency and Appropriateness of Audit Evidence (Ref: 25-27, A60-A62) If auditor has not obtained sufficient appropriate audit evidence, auditor shall attempt to obtain further audit evidence. If auditor is unable to obtain sufficient appropriate audit evidence, auditor shall express a qualified opinion or disclaim an opinion on the financial statements. 6.7 Documentation (Ref: 28-30, A63) Auditor shall include in the audit documentation: Overall responses to address the assessed risks of material misstatement at financial statements level, and the nature, timing and extent of the further audit procedures performed; The linkage of those procedures with the assessed risks at the assertion level; Results of audit procedures, including conclusions where these are not otherwise clear; and Conclusions reached about relying on controls tested in a previous audit (if relevant). 6.8 Tutorial note The important paragraphs of the standard to be focused more by the students are: Core Paragraphs: 7, 8, 10, 13, 14, 17, 20, 22 and 28 Explanatory Paragraphs: A1, A22, A28, A33, A38, A48, A51, A56, A57, A60 and A62 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 235 SPOTLIGHT Documentation shall demonstrate that financial statements reconcile with underlying accounting records. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS 7. IAS / IFRS CHECKLIST FOR AUDITORS IAS 1: Presentation of financial statements AT A GLANCE Has the going concern basis been adopted? Is the going concern basis appropriate? If the directors of the client company have decided that the going concern basis is not appropriate, have the relevant disclosures been made? If there is uncertainty about the going concern status of the company, have the relevant disclosures been made? Has the accruals concept been complied with? Is there consistency in the presentation and classification of items in the financial statements, between the current and previous financial periods? Has each material class of items been separately presented in the financial statements? Has offsetting (of assets and liabilities, or income and expense) been applied only as permitted by an accounting standard? Has an appropriate format been adopted for the statement of financial position, income statement/statement of comprehensive income and statement of changes in equity? Are appropriate disclosure notes included? IAS 2: Inventories Has inventory been consistently valued at the lower of cost and net realisable value, on an item-by-item basis? Has an acceptable costing method been used for inventory? (Remember that LIFO is not permitted by IAS 2.) Has inventory been counted accurately? (What is the evidence for this?) Has an appropriate method been used for the treatment of overheads? SPOTLIGHT IAS 7: Statement of cash flows Is the presentation of the statement of cash flows in accordance with the requirements of IAS7? IAS 8: Accounting policies, changes in accounting estimates and errors Have appropriate accounting policies been selected and consistently applied? Have any changes in accounting policy permitted under IAS 8 been correctly accounted for as prior period adjustments? Have fundamental errors in prior period financial statements been accounted for as prior period adjustments? Have changes in accounting estimates been reflected on a prospective basis? IAS 10: Events after the reporting period 236 Has the definition of events after the reporting period (as defined by IAS 10) been properly applied? Have all subsequent events having an impact on amounts and/or disclosures in the financial statements been identified? Is there a correct distinction between adjusting and non-adjusting events after the reporting period? Have adjustments been made correctly for adjusting events, in accordance with the appropriate IAS /IFRS? Have non-adjusting events been adequately disclosed? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH IAS 12: Income taxes Has the income tax liability been correctly calculated and disclosed? Has deferred tax been recognised in respect of all material temporary differences in accordance with IAS 12 guidance?? Has an appropriate rate of tax been used in measuring the amount of the deferred tax liability (asset)? Are deferred tax assets recoverable? Has cost of property, plant and equipment been determined in accordance with IAS 16? Has cost been correctly allocated to components of an asset in accordance with IAS 16? Has post-acquisition expenditure on property, plant and equipment been properly analysed between capital expenditure and revenue expenditure? Has depreciation been properly calculated and accounted for? Have asset revaluations been performed in accordance with IAS 16 and accounted for correctly? Have disposals and the resulting gain or loss on disposal been properly calculated and recorded? IFRS 16: Leases Have leases been properly classified between finance leases and operating leases, and has the appropriate accounting treatment been applied to each type of lease? Have leasing obligations (finance leases) been properly analysed into current and noncurrent liabilities? For finance leases, have the depreciation and finance charges been allocated to accounting periods in accordance with standard. Have the appropriate disclosures been made? AT A GLANCE IAS 16: Property, plant and equipment Have the appropriate principles of revenue recognition been applied to the recognition of revenue from the sale of goods, the provision of services and other items? IAS 19: Employee benefits Have appropriate liabilities been recognised correctly when employees have provided service in exchange for employee benefits to be paid in the future? Has the expense of the entity consuming the economic benefit arising from service provided by employees in exchange for employee benefits been recognised correctly? IAS 20: Accounting for government grants and disclosure of government assistance Have revenue-based grants been credited to the income statement/statement of comprehensive income at the same time as the related expense? Have capital-based grants been accounted for in accordance with IAS 20? The grant should either (1) be credited to the asset account, with depreciation then on the net cost of the asset, or (2) carried as a deferred credit which is then amortised to the income statement/statement of comprehensive income over the life of the asset. IAS 21: The effects of changes in foreign exchange rates Have appropriate exchange rates been used in generating exchange differences and translating from functional to presentation currencies? Have exchange differences on settlement of monetary items been correctly calculated and classified within the income statement? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 237 SPOTLIGHT IFRS 15: Revenue from contracts with customers CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Have exchange differences on foreign currency monetary items in the statement of financial position at year-end been correctly calculated and allocated within the income statement (or other comprehensive income if the asset/liability is a designated hedge)? Have exchange differences on non-monetary foreign currency assets/liabilities carried at fair value at year-end been correctly calculated and allocated within other comprehensive income? Have appropriate exchange rates been used? IAS 23: Borrowing costs Have borrowing costs been recognised as an expense in the period in which they are incurred? If borrowing costs have been capitalised, are they directly attributable to the acquisition, construction or production of a qualifying asset? Have appropriate disclosures been made of the accounting policy, the amount of capitalised borrowing costs in the period and the capitalisation rate used to determine the amount of borrowing costs eligible for capitalisation? IAS 24: Related party disclosures AT A GLANCE Have necessary disclosures been made to draw attention to possibility that the company’s financial position or profit/loss has been affected by related parties and transactions? IAS 29: Financial reporting in hyperinflationary economies SPOTLIGHT Does the entities’ functional currency satisfy IAS 29’s definition of hyperinflationary? Have the financial statements been correctly restated into ‘measuring units’ at the reporting date including non-monetary assets/liabilities and income/expense items? Has the gain or loss on monetary items been calculated accurately and classified appropriately within the income statement? For group audits does parent company retain a sufficient level of control (for a subsidiary) or significant influence (for an associate) to satisfy the accounting treatment applied? Does the hyperinflationary entity remain a going concern? IAS 32: Financial instruments: Presentation and IFRS 7: Disclosures Have financial instruments (liabilities) been properly classified as debt or equity based on their substance? Have compound instruments been properly analysed into their debt and equity elements? Have payments to the providers of capital been correctly classified as borrowing cost or dividend in accordance with the classification of the instrument to which they relate? Have appropriate disclosures been made of risk exposures, risk management and hedging policies? IAS 33: Earnings per share Have the basic earnings per share been correctly calculated and disclosed for the current and prior reporting period? Has diluted earnings per share been properly calculated and disclosed where relevant? IAS 34: Interim financial reporting 238 Have the interim financial reports been prepared in accordance with local requirements as well as IAS 34? Do the contents comply with the minimum requirements of IAS 34? Are appropriate disclosures included in notes to the interim statements? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH IAS 36: Impairment of assets Have directors identified events that may indicate that impairment review is necessary? Have recoverable amounts been calculated in accordance with IAS 36? Where appropriate, have cash-generating units been identified? If an impairment loss has been recognised, has the loss been allocated to assets and recorded correctly? IAS 37: Provisions, contingent liabilities and contingent assets Have all necessary provisions been recorded? Have contingent liabilities/ contingent assets been disclosed as required by IAS 37? Have purchased intangible assets been recognised and measured in accordance with IAS 38? Have the useful lives of intangible assets been estimated in a reasonable way? Is there evidence to support the non-depreciation of intangibles with an indefinite useful life? Have intangible assets been subject to annual impairment reviews? IAS 39: Financial instruments: recognition and measurement Have financial instruments been recognised and measured in accordance with IAS 39? IAS 40: Investment property Has the company adopted the cost model or the fair value model? If the cost model has been adopted, have the principles of IAS 16 been complied with? If the fair value model has been adopted, have annual valuations been performed and the gain or loss correctly accounted for? IAS 41: Agriculture Have changes in fair value less point-of-sale costs in respect of biological assets been - included in the income statement in the period in which they arose? Have government grants relating to biological assets been recognised only when they become receivable and measured as fair value less estimated point-of-sale costs? IFRS 1: First-time adoption of International Financial Reporting Standards Has the company followed the specific guidance in Pakistan issued in respect of the IFRS 1 guidance on exemptions and exceptions from full retrospective restatement on first time adoption? Has the company adopted a set of accounting policies that are appropriate and in compliance with IFRSs? Have all assets and liabilities recognised under IFRS been properly recognised and classified? Have all assets and liabilities not recognised under IFRS been removed from the financial statements? IFRS 2: Share-based payments Is the calculation of share-based payments correct? (Check the number of employees granted share options and the number of options per employee; the official date for the grant of the options; the length of the vesting period; the required performance conditions attached to the options.) Has the cost of the share-based payments been spread fairly over the vesting period? Are the assumptions used to predict the level of staff turnover reasonable, based on available evidence? (If not, what assumptions would be reasonable?) The assumption about staff turnover affects the estimated cost of the share-based payments. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 239 SPOTLIGHT AT A GLANCE IAS 38: Intangible assets CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Is the estimate of the fair value of the equity instrument reasonable, and is it consistent with any valuation provided by an external expert (such as a chartered financial analyst)? IFRS 3: Business combinations Does the “event” meet the definition of a “business combination” such that IFRS 3 applies, or is the “event” an acquisition of an asset/group of assets that does not constitute a business? The date from which the acquisition took place – when did the acquirer effectively obtain control? Fair value of any pre-held equity interest in the event of a “step acquisition”, when the acquiree is not an entity that is traded in a public market. Whether all contingent consideration has been identified and fair-valued at acquisition date? Whether contingent arrangements that “crystallize” during a reporting period are “measurement period adjustments” and therefore back-dated against goodwill? IFRS 4: Insurance contracts AT A GLANCE Do the financial statements present fairly the substance of the insurance contract? Is the insurer exposed to both financial and insurance risk and hence satisfy the definition of an insurance contract? Has the liability adequacy test been appropriately performed? Has the required impairment test been applied for any reinsurance? Do the financial statements show insurance liabilities and reinsurance assets separately (gross) or have they been netted-off (and hence require restatement)? Have bundled contracts been unbundled correctly into the insurance and deposit components? IFRS 5: Non-current assets held for sale and discontinued operations SPOTLIGHT Has the definition of discontinued operations in IFRS 5 been properly applied? Have the results of discontinued operations been properly quantified and disclosed? Has the definition of assets held for sale contained in IFRS 5 been properly applied? Have assets held for sale been properly valued and disclosed? IFRS 6: Exploration for evaluation of mineral resources Where a company has recognised assets as a result of exploration and evaluation expenditures, and facts and circumstances suggest that the carrying value may exceed the recoverable amount, has an impairment test of those assets been carried out? Has any impairment loss been measured, presented and disclosed in accordance with IAS 36? Has the entity disclosed information that identifies and explains the amounts recognised in its financial statements arising from the exploration for and evaluation of mineral resources? IFRS 7: Financial instruments: disclosures 240 Has the entity appropriately identified “classes” of financial instrument by reference to the type of instruments and type of information that is relevant, and then reconciled the totals to the category line items required by IAS 39? Whether any “risk disclosures” if made in a separate document, have been included in the scope of the audit, and suitably cross-referred to the financial statements? Whether the sensitivity disclosures of changes in the variables that are part of market-price risk have been correctly calculated and disclosed? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH IFRS 8: Operating segments Have the criteria for reportable segments been properly applied? Has all the required information been disclosed? IFRS 9: Financial instruments Have financial instruments been recognised and measured in accordance with IFRS 9? Whether or not control exists? Whether there is adequate disclosure of the judgements entered into in determining the type of relationship with another entity. Whether the criteria for treating the parent as an investment entity have been met? Whether transactions involving an increase or decrease in a controlling shareholding that do not change the relationship have been correctly recorded in equity, and not through goodwill or as a profit on disposal? IFRS 11: Joint arrangements Whether or not joint control as defined in IFRS 11 exists? The type of the joint arrangement (joint operations or joint venture) has been correctly identified, especially when structured through a separate vehicle? AT A GLANCE IFRS 10: Consolidated financial statements IFRS 12: Disclosure of interests in other entities Whether the additional requirements concerning “structured entities” have been correctly interpreted, especially in the context of financial institutions? The correct identification of a principal market, or in its absence, the most advantageous market. Identifying whether or not an observed transaction is “orderly”, and therefore provides relevant evidence. Identifying the “highest and best use” for non-financial assets. IFRS 14: Regulatory deferral accounts Whether or not an entity has activities that put it in scope of IFRS 14, and therefore which enable it to carry “regulatory deferral balances” that otherwise do not meet the definitions of assets and liabilities under the IASB Conceptual Framework? IFRS 15: Revenue from contracts with customers Whether or not a contract with a customer exists? Whether modifications to an existing contract require to be treated as an entirely new contract, or as an amendment to an existing contract and possible “catch-up” adjustments? What are the performance obligations in the contract, and are there “distinct” goods or services? Whether a contract includes a significant financing effect, requiring the use of discounting? Whether or not a contract is performed “at an instant” or “over a period of time”? THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 241 SPOTLIGHT IFRS 13: Fair value measurement CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Practice Question 13: You are the audit manager responsible for the audit of Kamran Limited (KL) for the year ended 31 May 2021. On 1 October 2020, KL raised Rs. 400 million by issuing convertible bonds (having par value of Rs. 100 each). The bonds are convertible to KL’s ordinary shares in 5 years' time at the option of bond holders. The convertible bonds carry coupon rate of 5% payable on 30 September each year. KL’s total shareholders’ equity as at 31 May 2021 was Rs. 3,250 million. Required: Specify the matters to be considered by the auditor while planning the audit of convertible bonds. Also suggest the related audit procedures. Solution: Planning: The auditor will consider the following matter while planning the convertible bonds: AT A GLANCE Understand the accounting, disclosure and regulatory requirements for convertible debt instruments. Determine whether the audit team has relevant knowledge and resources for the audit of convertible debt instrument and should appoint audit team members having the required skills and knowledge. SPOTLIGHT Understand and evaluate the management system of internal control and its process for recording and disclosing the convertible bonds. Audit procedures: i. Obtain the convertible bond instrument from management to confirm the terms of the bond issue. ii. Obtain the working of the future cash flows of the bonds (interest and principle) prepared by management and review working to authenticate it with terms of bonds. iii. Compare the discount rate used by the management with the similar debt instrument in the market without the conversion option. iv. Verify the total proceeds of the bond from the bank statement. v. Verify that interest is charged to the income statement based on the effective interest rate. vi. Check management has correctly recognised the equity and liability component of the convertible bond in the financial statements using residual approach method. vii. Check that the company has complied with all the regulatory compliances for the issuance of the bond. viii. Ensure that all disclosures as required by IFRS-9 has been made in the financial statements. Practice Question 14: You are the audit manager responsible for the audit of Kekra Pakistan Limited (KPL). KPL has various production facilities across the country. Your audit team has brought the following matters to your notice which require your guidance: (i) KPL is required to decommission its production facilities and restore the site at the end of their economic life. Notes to the financial statements for the year ended 30 September 2020 contain the following disclosures related to decommissioning provision: Rs. in million Balance at the beginning of the year 7,126 Provision made during the year 371 Reversal due to changes in estimates (1,471) Unwinding of discount 720 Balance at the end of the year 6,746 242 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH (ii) As a result of decrease in demand, the management adjusted its medium-term and long-term price assumptions and discount rates, which had a significant impact on asset valuation. At 30 September 2020, KPL recognized an impairment of Rs. 2,184 million against the carrying value of cash generating unit. Required: Brief the audit team regarding the significance of the above matters and the audit procedures to be performed in this respect. Tutorial Notes: Commenting on the significance of the matters is a must requirement of this question. Cash generating unit aspect of the question and the related audit procedures should also be given due consideration. Solution: Measurement of the decommissioning provision of the production facilities is inherently subjective and complex, as it involves estimations of the expected decommissioning cost, the estimated life of the production facilities, and the application of an appropriate discount factor to calculate the present value of the expected costs. From the movement of the provision it is apparent that KPL has started some new production facilities in the current year. It also needs to be investigated that what led the management to reverse the provision in the current year because normally the value of the provision increases over time, as the provision is unwound each year to increase its present value. AT A GLANCE Decommissioning provision: Review agreements issued by authorities pertaining to KPL operation of its production facilities requiring it to decommission and restoration of the affected site. Obtain and review the management’s assumptions and calculations used to measure the provision. Confirm that the calculation is based on assumptions in line with our understanding of the entity, and which are consistent with other audit evidence obtained. Review documentation used to support management’s assumptions such as the estimated cost of decommissioned and live of the assets to be decommissioned. Conduct meeting with the management, including technical and operational personnel to obtain detailed understanding of the key assumptions used. Discuss with the management as to why there has been, a change from the prior year in the methods for making the estimates or assumptions used in the measurement of the provision. Ensure that the reduction in the decommissioning provision is deducted from the cost of the related asset in the current period. Obtain the source data used by the management for its working and consider its adequacy. Assess the controls in place over the estimate of the provision to ensure that the circumstances giving rise to the provision, and the assumptions used in calculations are periodically reviewed. Evaluate the competency and objectivity of experts who estimated the decommissioning liability and the restoration cost by considering their professional qualifications and experience; THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 243 SPOTLIGHT Audit Procedures: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Involve auditor’s expert to assess the reasonableness of estimates by KL in its closure and rehabilitation provisions. Obtain a written representation from management indicating that management consider that significant assumptions used in making the accounting estimate are reasonable. Review the notes to the draft financial statements to confirm sufficiency of narrative and numerical disclosures provided in compliance with IAS 37 and IAS 1. Impairment of CGU: Identification of cash generating unit and their carrying amount requires significant judgement. It needs to be considered that how management monitors the entity’s operations, product lines, and how management makes decisions about continuing or disposing of the entity’s assets or operations. Apart from the identification of CGU’s it also needs to be considered that how future cash flows, or the fair value less cost to sell for the Cash Generating Unit (‘CGU’), which is used to assess the recoverable value of property, plant and equipment and intangible assets is determined. AT A GLANCE SPOTLIGHT Assess the appropriateness of the KPL’s identification of CGUs for alignment with our knowledge of the business and its internal reporting structure; Evaluate the forecast prices incorporated into the Group’s impairment testing by comparing inputs to available market data and externally available benchmarks; Obtain the source data used by the management for its working and consider its adequacy. Agree the management working to the latest approved plans and budgets and assessed the historical accuracy of the plans and budgets; Evaluate the competency and objectivity of experts who produced the reserve statements utilized within the models by considering their professional qualifications and experience; Work with our valuation specialists to compare key assumptions such as commodity prices, discount rates, inflation rates, country risk rates and foreign exchange rates to external market data, and performed sensitivity analysis using a range of these assumptions. Practice Question 15: Rehmat Pakistan Limited (RPL) has share based payment plan for its employees. RPL’s employees receive share options subject to certain vesting conditions. Discuss the key controls that RPL is expected to employ while carrying out the valuation of share options. Tutorial Notes: It is important to note that the question requires the key controls for valuation of the share options rather than controls for share-based payment or substantive procedures for share based payments. Solution: (i) Source data is reviewed to ensure its completeness, relevance and accuracy for the fair value of share option. (ii) Before appointment of an expert his competence, capabilities and objectivity is evaluated. (iii) Performance of expert that are relied on for the determination of fair value is regularly monitored. (iv) There is due diligence in the selection or development of a particular model for the fair valuation. 244 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH (v) The model used for the valuation of the share option is periodically tested for its integrity. (vi) The valuation including the assumptions or inputs used in their development are reviewed and approved at an appropriate level or when required by those charged with governance. (vii) Comparisons are made between the estimate and the actual results and necessary changes are made. (viii) Accurate and timely information is available to those who need it in making determinations regarding fair value issues (e.g., information regarding changes in market conditions, new laws, regulations, and accounting standards with fair value accounting implications etc.). (ix) Proper supporting documentation is available for all accounting entries, especially all journal entries involving adjustments to fair value accounts. Accounting system provides for the proper collection and reporting of information needed to comply with fair value accounting standards, including all information necessary for disclosure in the notes to the financial statements. HT Ragib and Company, Chartered Accountants (HTRC) is a member firm of an international firm of chartered accountants, HT Network. HTRC has offices in Karachi, Lahore and Islamabad. You are the audit manager at Karachi office of HTRC. You are responsible for the audit of Health Pharma Limited and its group financial statements for the year ended 30 November 2019. The extracts of the draft planning memorandum for the group audit prepared by the audit senior are as follows: Name of company Revenue Profit/(loss) before tax Total Assets AT A GLANCE Practice Question 16: Materiality Remarks Health Group (Consolidated) 70,127 4,764 58,304 286 Health Pharma Limited (HPL) 38,487 5,850 36,563 322 Refer note 1 Fair Cosmetics Limited (FCL) 24,773 (2,371) 24,484 129 Refer note 2 Services (Private) Limited (SPL) 273 (47) 155 2 Refer note 3 Quality Chemicals Limited (QCL) - - - - Refer note 4 Note 1: HPL is the holding company and owns 100% shareholdings in FCL and SPL. Note 2: FCL is audited by HTRC’s Lahore office. Since FCL is being audited by HTRC’s Lahore office, no further procedures have been planned for obtaining the understanding of the component auditor. Note 3: SPL was incorporated in 2014 in United Arab Emirates (UAE) and is being audited by a member firm of HT Network in UAE. Since SPL operates in foreign jurisdiction, detailed audit procedures have been planned and confirmation will be sent to assess the component auditor’s ethics, competence and the regulatory environment. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 245 SPOTLIGHT ------------------ Rs. in million ------------------ CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Note 4: HPL has disposed-off its entire shareholdings in QCL, a wholly owned subsidiary on 30 June 2019 at a gain of Rs. 450 million. QCL is being audited by HTRC’s Islamabad office. Since QCL is no more part of the group as at 30 November 2019, no procedures have been planned at the group level. Required: Suggest five key audit procedures to verify the disposal of the subsidiary. Tutorial Notes: Following point may be missed inadvertently while answering: Obtaining the financial position of the subsidiary to confirm value of assets and liabilities, which had been derecognized from the group. Reasonableness of the amount of profit consolidated from the beginning of the year to the date of disposal. Ensuring whether all legal compliance have been made for the disposal. Solution: i. AT A GLANCE Obtain the statement of financial position of the subsidiary to confirm the value of assets and liabilities which have been derecognized from the group. ii. Obtain legal documentation/sale agreement in relation to the disposal to confirm the date of the disposal and confirm that the subsidiary’s profit has been consolidated up to this date only. iii. Perform substantive analytical procedures to gain assurance that the amount of profit consolidated from the beginning of the year to the date of disposal appears reasonable and in line with expectations based on prior year profit. iv. Review the group financial statements to ensure that disposal of the subsidiary has been correctly recorded and the required disclosures as per the IFRS are made. v. Review relevant board minutes for approval of disposal. vi. Ensure that all legal compliances have been made for the disposal of the subsidiary. Practice Question 17: SPOTLIGHT Chester Limited (CL) has introduced an equity settled share based payment plan for its executives on 1 April 2017. Under the plan, 50 of its executives have received 100 share options each, which will vest on 31 May 2022 if the executives remain in employment at that date and CL’s share price increases to Rs. 180 at 31 May 2022. Required: Mention the key audit procedures for share based payment options described above, assuming that evaluation of the competency and integrity of the management expert has already been tested. Tutorial Notes: Knowledge of IFRS-2 is a must before attempting to solve this question. Solution: i. 246 Verify the following information to be used in the calculation of the amount of expense from Board Minutes and other records of the company: The grant date and vesting date The number of executives to whom options are awarded The number of share options awarded to each individual The required conditions attached to the options The number of executives who have accepted share based payment options THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH ii. Agree the fair value of share options with valuer’s report and evaluate whether it is a reliable source of evidence. iii. Test the operating effectiveness of the controls over how management made the accounting estimate. iv. The relevance and reasonableness of management expert findings or conclusion and their consistency with other audit evidence and whether they have been appropriately reflected in the financial statement. v. If management expert work involves significant use of source data, the relevance, completeness and accuracy of source data. vi. Obtain and review the forecast of staffing levels or employee turnover rates relevant to executives over the vesting period and consider whether assumptions used for the forecast appear reasonable. vii. Ensure that share based payment options have been accounted for and disclosed as per IFRS - 2. You are the audit manager in GMP Chartered Accountants. The following matters are under your consideration for the year ended 30 September 2017: i. Kamran Limited (KL) is in the business of manufacturing generators. On 1 October 2016, KL acquired 750,000 ordinary shares of HL (which supplies generator components to KL), constituting 75% of the issued, subscribed and paid-up capital against a gross consideration of Rs. 700 million. KL paid Rs. 500 million on the date of acquisition whereas Rs. 200 million was paid on 1 October 2017. At the acquisition date, the identifiable net assets were recognized at their carrying amount which was approximately equal to the fair value of Rs. 670 million, except the building and leasehold land whose fair value was assessed at Rs. 130 million above their carrying amount. The fair value of NCI at the date of acquisition was assessed at Rs. 155 million. KL recognised goodwill amounting to Rs. 45 million on acquisition of HL, under the full goodwill method. ii. Waris Limited has changed its accounting policy for property, plant and equipment from historical cost to revaluation model. Required: Guide your audit team on key audit procedures with regard to the above information. (Audit procedures related to verification of property, plant and equipment are not required) Tutorial Notes: This question can be proved to be hardest in this area if the relevant understanding is not up to the mark. i. Three issues should be properly addressed i.e. measurement of goodwill, impairment of goodwill and inter-company transactions. Some probable common mistakes can be as follows: Verification of discount rate used to discount the purchase consideration received after one year of the acquisition and ignoring the methods / assumptions used to determine the fair value of the assets and liabilities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 247 SPOTLIGHT Practice Question 18: AT A GLANCE viii. Consider the use of auditor’s expert. CHAPTER 6: THE AUDIT APPROACH ii. CFAP 6: AARS Only mentioned that impairment of goodwill should be tested without telling further steps. For inter-company transactions, reversal of profit on intercompany stocks may be missed. Correct treatment as per IAS-8 is a pre-requisite of this part. Solution: (i) Kamran Limited: Measurement of goodwill on acquisition AT A GLANCE Agree the purchase consideration to the legal documentation pertaining to the acquisition and review the documents to ensure that the figures included in the goodwill calculation are complete. Review due diligence report relevant to the acquisition, for confirmation of acquired assets and liabilities and their fair values. Verify and assess the reasonableness of the discount rate used for discounting the purchase consideration received on 1 October 2017. Evaluate the methods / assumptions used to determine the fair value of acquired assets, including the property and liabilities, to confirm compliance with IFRS 3 and IFRS 13. Review of board minutes for discussions relating to the acquisition and for the relevant minutes of board approval. Verify and assess the reasonableness of the fair value of NCI. Impairment of goodwill: SPOTLIGHT Discussion with management regarding potential impairment of Group assets and confirmation as to whether an impairment review has been performed. A copy of any impairment review performed by management, with scrutiny of the assumptions used, and re performance of calculations. Assess the reliability of cash flow forecasts through a review of actual past performance and comparison to previous forecast Involve our valuation specialist for evaluating the appropriateness of the fair value of the building, leasehold land and also for the impairment testing of goodwill. Intercompany transactions: (ii) 248 Ensure the elimination of intercompany balances. Ensure that profit included in inventory purchased from HL has been reversed. Ensure that appropriate adjustments have been made for consistent application of accounting policies across the group as required by IFRS 3. Waris Limited: We need to assess, why the accounting policy was changed and the impact of the change on the financial statements. We should also consider whether the change in accounting policy is free from bias. Evaluate whether the change in accounting policy has been properly accounted for and adequately presented and disclosed. The change of policy will be required to be reported to those charged with governance and change in policy would also require board approval. The opinion paragraph of our report will be altered to mention the fact about change in accounting policy and whether we concur with it or not. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Practice Question 19: You are the audit manager responsible for the audit of Mechanic Engineering Limited, (MEL) which provides mechanical parts to different industries. The draft financial statements for the year ended 30 September 2016 show profit before taxation of Rs. 150 million (2015: Rs. 200 million) and total assets of Rs. 1.2 billion (2015: Rs. 1.1 billion). Presently following matters are under your consideration: MEL has recognized a late payment surcharge of Rs. 2.5 billion on amount due from Government agencies. Last year, the audit report was qualified with respect to the recognition of late payment surcharge. The management has informed you that the Government authorities have conveyed their willingness to pay Rs. 2 billion instead of Rs. 2.5 billion and has provided you a written representation with respect to the said amount. MEL however wants to preclude you from sending a confirmation to the relevant agency. Required: Tutorial Notes: A discussion for written representation as a reliable audit evidence should be done. Significance of the amount and communication with those charged with governance are some other important considerations while answering this question. Solution: AT A GLANCE Evaluate the above situations and determine the course of action in respect of each of the above independent situations. (Reporting implications are not required) Amount of Rs. 2.5 billion is approximately 16.67 times of profit before tax and is therefore material. Status of Rs. 500 million outstanding since last year, whether the company is still negotiating with the government or has decided to write off the same. Evidence available in respect of Rs. 2 billion (agreement or any correspondence) The written representation provided by management is not an alternative to other audit evidence in the absence of any written agreement or correspondence and cannot in itself taken as a reliable audit evidence, when in this case the audit report was also qualified with respect to this matter. Evaluate the implications of management’s refusal on the auditor’s assessment of the relevant risks of material misstatement, including the risk of fraud, and on the nature, timing and extent of other audit procedures; and Course of action: Inquire management of reasons of refusal and seek audit evidence as to their validity and reasonableness. Perform alternative audit procedures to obtain relevant and reliable audit evidence. Check subsequent clearance from post year end bank statements to verify if Rs. 2 billion has been received. Communicate with those charged with governance. If: ¯ the auditor concludes that management’s refusal to allow the auditor to send a confirmation request is unreasonable; or ¯ the auditor is unable to obtain relevant and reliable audit evidence from alternative audit procedures, THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 249 SPOTLIGHT Evaluation of the situation: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Practice Question 20: AT A GLANCE You are the audit manager of Bolan Pharmaceuticals Limited (BPL) a listed company. For the year ended 30 September 2016, BPL has prepared its financial statements which indicate a net operating loss, current ratio of 0.79 and significant amount appearing as capital work in progress comprising of expenses incurred on acquisition and installation of plant and machinery. The following information is also available: i. The operations of BPL are currently suspended due to Balancing, Modernization and Replacement (BMR) work. ii. The decision to carry out BMR was approved by the Board of Directors in 2015 with a completion deadline of 31 March 2016. iii. Due to certain technical issues, BPL has not been able to complete the project to date. iv. Because of the above situation, loan from a bank became overdue on 1 September 2016. Further, BPL had also not complied with certain key covenants. v. In this difficult situation BPL has requested its major shareholders to inject additional equity. Required: Besides the issue of going concern, state the other key matters that the auditor should consider with respect to the above situation. Tutorial Notes: Key aspects should not be confused with Key Audit Matters. Solution: Besides the going concern issue, the auditor should also consider the following matters with respect to the given situation: SPOTLIGHT As the loan covenants have been breached by the Company, the fact should be disclosed in the financial statements. Proper understanding of the loan agreements need to be obtained. The correspondence with the banks should also be obtained / examined and the potential contingency arising as a result of any case filed by the bank, if any be disclosed in the financial statements. The classification of liabilities either “current” or “long term” should also be assessed in the light of the loan agreements. The proper accrual of markup, penalties and any related charges due to nonpayment on a timely basis should be properly accounted for in the financial statements. Appropriate accrual of redundancy payments and salaries with respect to leavers should be reflected in financial statements. Proper adjustments in the financial statements to be ensured in respect of Impairment of existing plant and machinery as well as Capital work in progress. Treatment and bifurcation of revenue and capital nature expenditures incurred on BMR. Impact of subsequent events on the financial statements of BPL. Practice Question 21: You are the engagement manager of National Pharmaceuticals Limited (NPL). The company’s intangible assets include patents amounting to Rs. 100 million belonging to the company’s Health Care Division. It is the company’s policy to value the intangible assets at cost less accumulated impairment. NPL has recorded an impairment loss on the basis of impairment review which contains certain projections regarding future profits. 250 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Required: List the procedures which you would perform to verify the working prepared by the management. Tutorial Notes: Focus should be on substantive procedures rather than control review and testing. While talking about assessing the reasonableness of the assumptions it is good to mention how and from what perspective this aspect has to be reviewed. Solution: Procedure for verification of working of impairment review: ¯ the general economic environment, the economic environment of the specific industry, existing market information and the entity’s economic circumstances; ¯ assumptions made in prior periods; and ¯ the risk associated with cash flows, including the potential variability in the amount and timing of the cash flows and the related effect on the discount rate. Check whether the forecast have been approved at the appropriate level of management. Compare prior year forecasts with current year actual result and identify and assess the variances. Check the cash flow projections with the most recent financial budgets/forecasts approved by management. Check the projections covered the maximum period of five years as prescribed by IAS 36. If the period is greater than five years, understand how the entity has justified it. Ensure that projections do not include any cash flows arising from future restructuring. Evaluating the competence, capabilities and objectivity of personnel preparing the projections. Check the appropriateness of discount rate used by the management Test the underlying data to confirm that it is accurate, complete, relevant and provides objective support for the assumptions used in the valuation analysis. Consider involving internal expert to review the working. Check subsequent period performance as far as possible. Practice Question 22: The following situations have arisen at different audit clients of your firm. The year-end in each case is 30 September 2015. 40% of client’s operations are in a foreign country which has been impacted severely by political and law and order situation since March 2015. Required: Evaluate the above situations and briefly explain the steps that the auditor would be required to carry out in each of the above situations. (Impact on audit report is not required) Tutorial Notes: Considering the limited information that is available, there are two key issues that should be addressed i.e. possibility of impairment of foreign operations or possibility of going concern issue. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 251 AT A GLANCE Interview management to evaluate whether or not the assumptions on which the value measurements are based, are reasonable and consistent with: SPOTLIGHT CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Solution: The steps that the auditor would need to carryout in the given situation are as follows: Check the impairment assessment of the foreign operations (cash generating unit) carried out by the management and assesses the reasonableness thereof. Ensure that impairment (if any) has been appropriately recorded or disclosed in the financial statements. Involve the subject matter expert in assessing the workings and assumptions of the impairment, in case the auditor does not have the relevant expertise. In case the use of going concern assumption is no more appropriate, discuss the matter with management for relevant disclosure and change in accounting treatment. Practice Question 23: You are the audit incharge of Domestic Appliances Limited, a listed company, for the year ended 31 March 2015. The draft financial statements disclose profit before tax of Rs. 1.2 billion (2014: Rs. 0.98 billion) and total assets of Rs. 15.5 billion (2014: Rs. 13.8 billion) AT A GLANCE Company’s products are covered under warranty arrangements for twelve months. The company has changed its policy for recording warranty expense from cash basis to accrual basis. The company has made provision for warranty claims equal to twelve times the actual warranty claims of March 2015. Required: Analyse the above situation and discuss how you would deal with it in your audit. Tutorial Notes: Following points should not be missed: SPOTLIGHT The policy during the previous year to recognize the warranty expense on cash basis was not appropriate and hence a re-statement of last year’s figures was required. If the management’s basis of making the estimate was considered inappropriate, the auditor should make a revised estimate, either on his own or by using an expert. Solution: Warranty claims: i. As the company has been historically recording its warranty claims on cash basis, a restatement under IAS 8 is required, if material. ii. The auditor should obtain an understanding of the entity’s assumptions on which the estimate is based. iii. If the basis is considered inappropriate, the auditor should make a revised estimate either on his own or by using expert opinion. The revised estimate should be based on: Industry practice and trend of warranty claims company’s terms of warranties iv. Own estimate prepared on the above assumptions will be compared with management’s estimate. If the difference is material, the management will be asked to explain. v. Subsequent sales return upto the date of authorization will also provide an evidence about the reasonableness or otherwise of the management’s estimate. 252 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Practice Question 24: Your audit firm has been appointed as auditor of Lucrative Industries Limited (LIL) a listed company for the year ended 31 March 2015. LIL’s financial statements for five years depict the following: 2015 (draft) 2014 2013 2012 2011 --------------------------- Rupees in millions --------------------------Sales 1,570 1,276 1,064 980 859 Profit before tax 1,159 212 190 165 155 Profit after tax 815 130 135 106 110 Total assets 1,521 1,344 1,270 1,188 1,100 Following further information is available: Rupees in millions Sales revenue-exports 1,057 944 513 332 -1,299 -1,049 Gain on sale of office building 901 - Other provisions / write offs -11 -13 Other charges -2 -2 Profit before taxation 1,159 212 Profit after taxation 815 130 Intangible assets 350 362 Sales revenue- local supplies Cost of sales and administrative expenses The results for the current year include the impact of following items: i. During the year, an increase in export and local sales was noticed due to new agreement with foreign customers and supplies made to Government for flood affected people. Sales to new customers and Government amount to Rs. 105 million and Rs. 225 million respectively. Mark-up on such sales was 15%. ii. Administrative expenses include loss of raw material amounting to Rs. 210 million, which was destroyed due to fire. Raw material was not insured. iii. During the year, the head office of the company was shifted to new premises and the old building was sold for Rs. 1.2 billion. Required: Enumerate audit procedures to be performed on opening balance of intangible assets. Tutorial Notes: Time should not be spent on writing general procedures relating to verification of opening balances instead of identifying the specific procedures for verification of opening balance of intangible assets. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 253 AT A GLANCE 2014 SPOTLIGHT 2015 CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Solution: Intangible Assets Procedures to consider when auditing intangible assets at the beginning of the period include: AT A GLANCE obtain schedule of intangible assets summarizing the amounts of (and the nature of changes in) the assets and related amortization for a reasonable period. determine the basis on which the additions to and reductions in intangible assets have been recorded by tracing them to the underlying documents. identify major items and check them with related supports and verify the dates on which these were recorded. Review the predecessor auditor’s working papers. check accumulated amortization to ensure that amortization has been provided over the years as per company’s policy. check whether any impairment testing was performed last year, and if the answer is in the affirmative, then check the basis/ assumptions and the calculations and evaluate the competency and capacity of the valuer. review the write offs and impairment recorded in the current year to ensure that these do not reflect situation created in previous year. Practice Question 25: The following situations have arisen at different audit clients of your firm. The year end in each case is 30 September 2014. a) Galaxy Limited has a policy to carry its building at revalued amounts. In the financial statements for the year ended 30 September 2014, the revalued amounts were stated on the basis of valuation report issued by Buildings Valuation Experts (BVE). However, during the audit it was accidentally discovered that prior to valuation by BVE, another valuation exercise was carried out, which was done by Accurate Valuers Enterprise. SPOTLIGHT b) The financial statements of Modern Technologies Limited, a company involved in manufacturing of customized machinery and parts, reveal that the company has paid an advisory fee of Rs. 100 million to a non-executive director according to an agreement approved by the board of directors. The advisory services were rendered in connection with an agreement with Burewala Tractors Limited, for supply of customized parts. Total operating expenses amount to Rs. 282 million (2013: Rs. 161 million). The profit before taxation is Rs. 350 million (2013: Loss before taxation of Rs. 120 million). Required: Discuss the matters which the auditor should consider and the steps that he may need to take, in each of the above situations. Tutorial Notes: a) The requirement of this part should appropriately be construed by students. Further, in such situations the auditor may be inclined to appoint his own expert. b) A key point that might be skipped while answering is that if the advisory services lacked substance then the auditor should issue a qualified opinion and if integrity of management was doubtful then the auditor should withdraw or disclaim the report. 254 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 255 SPOTLIGHT a) Galaxy Limited: The carrying out of two valuation exercise for buildings raises doubts as to the valuation assertion of the buildings in the financial statements. The auditor should make an inquiry and evaluate the reasons provided by management for engaging BVE as valuers, when the valuation was already carried out by AVE. If the reasons provided by management are not satisfactory, then the auditor is required to revise his risk assessment and accordingly amend the nature, timing and extent of audit procedures. The auditor should consider the extent of difference between the two valuation reports and assess the reason thereof. If the valuations of both the valuers are different then it also raises doubts as to the competence, capability and objectivity of the valuers. The auditor may also consider the need of appointing an auditor expert. If auditor is not satisfied with differences in both reports, he shall ask the management to justify the situation in consultation with BVE. If after considering the clients and BVE’s clarification’s and auditor expert, the auditor is of the view that financial statements are materially misstated then he will ask the management to make appropriate adjustment in the financial statements. In case of management refusal, the auditor will issue a qualified or adverse opinion depending upon the materiality and pervasiveness of matter. In case the auditor concludes that management integrity is doubtful, then the auditor will consider withdrawing from engagement or issuing a disclaimer of opinion. b) Modern Technologies Limited: Advisory fees are material to financial statements as it comprises of 35% of operating expenses and 28% of profit before taxation. The auditor will consider the nature of advisory provided and necessity of such advisory in execution of agreement with Burewala Tractors Limited (BTL). The auditor will assess the role that the agreement with BTL has played in the highly improved performance of the company. The auditor will also review the agreement with the non-executive director and assess its reasonableness. The auditor will need to assess whether the amount paid is appropriate considering the nature and extent of business provided by the director and compare with market value of such services provided by other professional experts. The auditor will also consider any relationship between the non-executive director, MTL and BTL. The auditor will also consider the verification of approval and authorization and mode of payment of such advisory fees. If the auditor is satisfied with the payment, he should ensure that it is appropriately disclosed in accordance with IAS 24 and Companies Ordinance, 1984 If after considering the above, the auditor is of the view that transaction of advisory fee lacks substance and proper business consideration, and the auditor concludes that the matter is material to financial statements, the auditor will issue a qualified opinion. In case the auditor concludes that management integrity is doubtful, then the auditor will consider withdrawing from engagement or issuing a disclaimer of opinion. AT A GLANCE Solution: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Practice Question 26: You are the audit manager responsible for audit of consolidated as well as separate accounts of Five Star Limited (FSL) and its subsidiaries. In the initial meeting, the financial controller has informed you that during the year: a) the group has changed its policy for valuation of plant and machinery from cost to revalued amount. The revaluation has been carried out by a global firm of professional valuers, who have been advising FSL for the last several years. b) One of FSL’s subsidiary has incurred substantial losses. Deferred tax has been recognized on these losses. The financial projections prepared by the CFO show that as a result of planned re-structuring, the subsidiary would be able to recoup the losses during the next three years. Required: Describe the steps that you would take in each of the above situations. Tutorial Notes: AT A GLANCE a) Don’t restrict yourself to audit steps relating to the use of an expert only while ignoring other important issues like accounting and disclosures. b) Don’t restrict yourself to accounting aspects of deferred tax while ignoring steps needed to gather evidence that the recognition criteria for booking of deferred tax had been met. Solution: i. Change in Accounting Policy Steps needs to be taken by the auditor: SPOTLIGHT Review change in accounting policy for biases and evaluate whether the circumstances producing the bias, if any, represent a risk of material misstatement due to fraud. Whether the change in accounting policy will result in reliable and more relevant information about entity’s financial position, its performance and cash flows. Whether requirements of IAS 16 in relation to change in accounting policy, has been complied with. Evaluate the competence, capabilities and objectivity of the professional valuers; Obtain an understanding of the work of that valuer; and Evaluate the appropriateness of that valuer’s work as audit evidence for the relevant assertion Consider the need for appointment of an auditor’s expert. Ensure that all the assets in the entire class of plant and machinery has been revalued. Checking appropriateness of disclosures related to the requirements of Companies Ordinance, 1984 and IAS 16. ii. Deferred tax asset: Steps needs to be taken by the auditor: 256 Whether the recognition criteria for deferred tax asset as specified in IFRS has been met. Whether the methods estimating the amount of deferred tax are appropriate and have been applied consistently, and whether changes, if any, in accounting estimates are appropriate in the circumstances. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Determining whether events occurring up to the date of the auditor’s report provide evidence regarding the deferred tax asset. Review the company’s restructuring plan (assumptions) to assess its reasonableness and viability. Review the future projections provided by the client and their viability vis a vis restructuring plan. Checking appropriateness of disclosures related to the requirements of IAS 12. Written representations from the management. Practice Question 27: a) RPL has been awarded a 20 year patent right for a new drug with a brand name of Dengcol. The drug has been developed at a cost of Rs. 400 million. b) As part of the Dengue Control Program, the Government had provided a conditional grant of Rs. 150 million to RPL for development of Dengcol. Under the terms of the grant, RPL was required to sell 40% of the total production to the Government Hospitals subject to a minimum of 1,000,000 vaccines per annum, for the next five years. Required: Identify the matters that you should consider in the above situations, and state the audit evidence you would expect to find in your review of the audit working papers for the year ended 30 September 2013. AT A GLANCE You are the audit manager of Ravi Pharmaceuticals Limited (RPL) for the year ended 30 September 2013. The draft financial statements disclose a profit before tax of Rs. 200 million (2012: Rs. 150 million) and total assets of Rs. 5 billion (2012: Rs. 4.8 billion). The following matters arose during the course of audit and are under your consideration: Tutorial Notes: Following points can be overlooked inadvertently while answering: Possibility of impairment and how would the auditor satisfy himself in this regard. Company’s ability to meet the conditions associated with the grant. Verification of development costs. Management representations. SPOTLIGHT Solution: a) Matters to consider: Development cost is approximately 8% of total assets and 200% of profit before tax and is therefore material. Whether the development costs incurred on Dengcol meet the capitalization criteria as specified in IAS 38. Carrying value of the patent and possibility of impairment thereof. Audit Evidence: Details of development costs to ensure that all the costs meet the criteria specified in IAS 38 for capitalization as intangible asset. Assessment and conclusion whether all the costs are related to the development of Dengcol. Supports/ vouching related to major payments Details of market research performed to ensure that the project is commercially viable. Projections prepared by management, assessment of reasonableness of assumptions, recalculation of projections, conclusion whether or not economic benefits to be generated from the use of asset exceed the cost. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 257 CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Documents related to registration of patent. Written representations from management as to the commercial viability, technical feasibility and adequacy of findings. b) Matters to consider: The Government grant represents 75% of profit before tax and is therefore material to the financial statements. Accounting treatment of the Government Grant. Company’s ability to meet the conditions associated with the grant. Audit Evidence AT A GLANCE Receipt of the government grant of Rs. 150 million, to confirm that the amount has been granted. Agreement with the government, to confirm that it is a grant. Assessment of whether the company is complying with or in a position to comply with the terms and conditions contained in the agreement. Management representation confirming that it is in compliance and would be able to comply with all the conditions attached to the Government Grant. Practice Question 28: You are the manager responsible for the audit of Dilawar Paints Limited (DPL). draft financial statements for the year ended 31 March 2013 show revenue of Rs. 1,250 million (2012: Rs. 1,175 million), profit before taxation of Rs. 100 million and total assets of Rs. 1.2 billion. The audit incharge has noted the following points for your consideration: In May 2012 a chemical leakage from one of the tanks in the factory caused a fire which damaged the plant and machinery and the premises. DPL has incurred Rs. 3 million in cleanup costs, Rs. 10 million for modernisation of tanks to prevent future leakages and a fine of Rs. 500,000 to a regulatory agency. The fine has been expensed whereas the remaining costs have been capitalized. SPOTLIGHT Required: Discuss the matters that you would consider and how would you obtain the necessary audit evidence. Tutorial Notes: Very few students might realize that the situation is warranting impairment testing. No need to go too far and highlighting Going Concern issue whereas there are no such indications in the question, particularly when the company had earned an after tax profit of Rs. 100 million. Solution: Chemical leakage- Evaluation of the situation: Matters to be considered 258 Fine of Rs. 500,000 has been correctly expensed out but is immaterial. The cost of clean-up represents 0.25% of the total assets and 3% of the profit before tax and is therefore not material. However, this expense does not improve the future operating capacity of the property and hence it should not be capitalized. If management does not agree to reverse the capitalized amount it will not affect the audit opinion, however, this amount could be included in the aggregate of uncorrected misstatements. Rs. 10 million spent on modernizing the storage tanks represents a major overhaul of the asset. It constitutes 10% of profit before tax and is therefore material to the financial statements. The Company has rightly capitalized the said cost. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH The substantial cost of modernization of tanks when included in the present carrying value, may result in carrying value being in excess of the recoverable amount. In this case auditor would need to carryout impairment testing of the storage tanks and if said testing concludes any impairment loss, the auditor would need to check whether such losses have been recognized appropriately. How audit evidence would be obtained The management would be asked as to whether any other fine has been levied by any regulatory agency, due to this leakage; and the matter would be documented. Review legal confirmations obtained by you and see whether they contain any information in this regard. Physical verification of storage tanks should be carried out. Major payments should be vouched. Obtain management representation that the matter is now closed and no further proceeding are in progress against the company You are audit manager at JL following issues arose during audit and now require attention: i. ii. JL incurred an expenditure of Rs. 25 million on the development of five new products. It is expected that these new products would generate future economic benefits. On July 1, 2008 JL had acquired four high-tech machines for Rs. 200 million which are being depreciated over a period of 10 years on the straight line method. JL did not have the expertise to operate the machines and had entered into an agreement with Umer Limited to operate the machines. The contract is expiring on June 30, 2011 and Umer Limited has shown its inability to continue after the expiry of the contract. Required: For each of the above issues, comment on the matters that you should consider and state the audit evidence that you expect to be available. Tutorial Notes: Don’t miss the following points while answering: Materiality of the amount of development expenditure Obtaining representation from the management on the intended use of the machines Solution: i. Matters to be considered: Although IAS-38 allows the recognition of internally generated intangible assets, the auditor should ensure that all the requirements of IAS-38 would be complied with, while capitalizing the development expenditures. Assess the basis of management’s expectation to ensure that future economic benefits will flow to the enterprise. Rs. 25 million, the proposed intangible asset is not material to the financial statement, but if it were written off as an expense for the year it would have been material to the income statement as it would have reduced profit by 33.33%. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 259 SPOTLIGHT Your firm has been appointed as the auditor of Jugnu Limited (JL), which is a manufacturer of consumer products. The auditor’s report on the preceding year’s financial statements was unmodified. The draft financial statements for the year ended April 30, 2011 disclose a profit before taxation of Rs.75 million (2010: Rs. 155 million) and total assets of Rs. 2,100 million (2010: Rs. 1,910 million). AT A GLANCE Practice Question 29: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Audit Evidence: A breakdown of amount of Rs. 25 million. An assessment of various elements of the cost to assess whether any part thereof can be classified as expense (e.g. research). Supporting invoices and other documents related to the cost of asset. Workings showing determination of the value in use, based on projections of revenue from new products, to evaluate impairment, if any. ii. Matters to be considered: The auditors need to discover what management’s future intentions for the assets are. Whether they want to dispose of or want to continue to use. If management intends to dispose of the machine, then an impairment review under IAS 36 must be carried out. AT A GLANCE If management intends to continue to use these machines, find out whether JL: ¯ would be able to find another service provider to operate these machines; or ¯ has developed internal expertise to operate the machines If the answer to each of the above questions is in the negative, an impairment review may need to be carried out. The carrying amount of the machines as of April 30, 2011 is approximately Rs. 143 million. This represents 6.8% of total assets and is therefore material to the balance sheet. Audit Evidence: SPOTLIGHT Documentation of the discussion with the management and written representation as regards future use of the machines. Evidence supporting the test of impairment e.g. draft sales agreements, cash flow projections relating to value in use, any contract relating to new uses of machines in the company. Working showing computations related to impairment review (if required) as discussed in preceding paragraphs. Practice Question 30: You are planning the statutory audit of the financial statements of Mahiwal Limited (ML) for the year ending June 30, 2011. ML sells and distributes networking equipment and accessories to corporate and retail customers. Since January 1, 2009 ML has exclusive country-wide distribution rights of ‘Bisco’ and ‘Portel’, which are the leading international brands of networking equipment. Your review of the prior year’s working papers has disclosed that ML has expanded its operations significantly after securing the distribution rights of ‘Bisco’ and ‘Portel’. By June 30, 2010 there had been a 60% increase in its customer base whereas the number of its branches had increased from 3 to 10and the number of employees had risen from 30 to 115. The latest available draft financial statements show that the sales of ‘Bisco’ and ‘Portel’ represent 90% of its total sales. During a recent meeting with the finance director, you have been informed as follows: i. ii. ML has shifted its warehouse and customer service center to larger premises in order to handle increased inventory level and the rising level of after sales warranty claims. ML has witnessed a slight fall in sales of ‘Bisco’ and ‘Portel’ because of tough competition from other low priced brands. A review of the draft financial statements has also disclosed that ML had revalued a property in accordance with the requirements of the International Financial Reporting Standards. The property was acquired many years ago to earn rental income. 260 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH Required: Enumerate the key audit procedures to be conducted to assess the appropriateness of the revaluation of property and the accounting treatment thereof. Solution: Principal audit procedures – valuation of Investment property Assess the nature and complexity of the matter of valuation of the investment property. Ensure the reliability of the information provided by the Expert from alternative sources of information. Assess the nature, scope and objectives of the valuer’s work. Enquire whether the Management can exercise control or influence over the work of the valuer. Enquire whether the valuer valuation work is subject to technical performance standards or other professional or industry requirement. AT A GLANCE ii. To ensure the reliability of Valuation report by the Valuer: To ensure the Competence, Capability and Objectivity of the valuer: Enquire the professional certification of the valuer Enquire whether he is a member of any professional body. Enquire whether any professional or legal standard are applicable to them What assumptions and methods are used by the expert and are they generally accepted with that expert’s field and appropriate for financial reporting purposes. The nature of internal and external information that the expert uses. Enquire whether he has any experience in the valuation of investment property and their recognition at fair value. iii. To determine the objectivity of the valuer so that the independence of the valuation can be judged: Enquire whether valuer is related to the entity. (e.g., close family member of the director) Enquire whether the valuer has any financial interest in the ML (e.g., shareholder) Enquire whether the fee received by the valuer is reasonable and at market price? iv. To ensure that revaluation has been properly accounted for in the books and the financial statements Ensure that revaluation has been done in accordance with the ML’s accounting policy for recording the investment property. Ensure that the entire class of investment property should be revalued. Ensure that gain or loss arises due to revaluation should be recognized in profit or loss for the year. Ensure appropriate disclosures have been in accordance with IAS-40 Practice Question 31: You are the manager in charge on the audit of Hexa Garments Limited (HGL). The company is listed on the Karachi Stock Exchange and has nine directors. It is engaged in the manufacture and sale of fancy garments through its own retail outlets. You are considering the following matters in respect of the audit for the year ended December 31, 2009: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 261 SPOTLIGHT i. CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS a) The diluted earnings per share of Rs. 36.60 has been calculated without taking into account the share options held by three directors. To justify the above calculations, these directors have confirmed in writing that they do not intend to exercise the share option. Had the share options been considered, the diluted earnings per share would have been Rs. 35.60. The review of subsequent events revealed that four of the remaining directors had exercised their share options following the balance sheet date. The share options are available upto December 31, 2010. b) According to the draft financial statements the total assets of the company are valued at Rs. 375 million. These include value of ten retail outlets amounting to Rs. 175 million. The valuation is based on historical cost less accumulated depreciation. During the year ended December 31, 2009, the management had decided to revalue all the retail outlets. The valuer appointed by the management has not been able to complete the assignment to date. However, he has submitted two interim reports as described below: Interim Report First Second 31/12/2009 20/02/2010 Number of shops revalued 3 4 Book value as on 31/12/2009 (Rs. in million) 40 60 Revalued amount (Rs. in million) 70 100 Date of report AT A GLANCE c) During the year HGL has developed two new brands “Deebal” and “Kalachi” and has launched an aggressive marketing campaign for their promotion. The company has recognised the cost incurred on the campaign amounting to Rs. 10 million as an intangible asset. It is being written off over the estimated useful life of the brands i.e. four years. Required: Discuss the matters that may be of significance to you as an auditor, in respect of the above issues. Also explain their implications on the audit report. SPOTLIGHT Solution: a) Matters significant to the Auditor i. According to IAS-33, for the purpose of calculating diluted earnings per share, an entity shall assume the exercise of dilutive options of the entity. The IAS does not allow any exception to this rule. ii. Whether the share options given to the directors have been properly disclosed in the financial statements. iii. The exercise of share options after the close of year needs disclosure as a nonadjusting event. Implications on the audit report i. If the directors do not agree to amend the diluted earnings per share, the audit report should be modified in this respect on the ground of disagreement. ii. If proper disclosure relating to exercise of share option has not been made, the audit report should be modified due to non-disclosure of material information. b) Matters significant to the Auditor i. 262 According to IAS-16 Property, Plant and equipment, if an item of property, plant and equipment is revalued, the entire class of property, plant and equipment to which that asset belongs shall be revalued. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 6: THE AUDIT APPROACH ii. The increase due to revaluation of 7 of the 10 retail shops amounts to Rs. 70 million, which represents 18.67% of total assets and is therefore material to the statement of financial position. A disclosure will be required. iii. The auditor should ask the management either to defer the revaluation to a period when all information related to all the shops is available from the valuer or revalue all the shops by requesting the valuer to submit his final report prior to audit completion. Implication on the Audit Report: If the management refuses to disclose the information about the outcome of valuation exercise, the audit report should be modified on the ground of disagreement with qualified” opinion. i. According to IAS-38, internally generated brands shall not be recognized as intangible assets. Hence, capitalization of internally generated brands is a contravention to the requirement of ii. IAS-38. The intangible asset is material as it represents 2.7% of total assets. Practice Question 32: Red Sea Company Limited (RSCL) builds ships and constructs oil rigs for the offshore oil industry. Under one of the contracts with Black Oil Company Limited, RSCL was required to construct a rig for drilling oil, off the coast of Makran. The oil rig should have been completed by April 30, 2009 but on account of delays and technical problems, it is not expected to be completed until February 28, 2010. Consequently, Black Oil Company Limited has cancelled the contract and lodged a claim for damages amounting to Rs. 150 million. This claim for damages was lodged by Black Oil Company Limited on August 29, 2009 and it has been disclosed as a contingency, in RSCL’s financial statements for year ended September 30, 2009. AT A GLANCE c) Matters significance to the Auditor Describe the work that the auditor should carry out in the above situation, to determine whether the accounting treatment and related disclosures, if any, in the financial statements of Red Sea Company Limited for the year ended September 30, 2009 are appropriate. Solution: Suggested audit work: Examine the contract paying specific attention to the following: ¯ Clauses relating to delays or breaches of contract and consequential provision for damages relating to the above. ¯ Under what circumstances a contract can be cancelled. Can it be cancelled only on account of delay? Examine all correspondence relating to the alleged breach of contract. This would include correspondence between Red Sea Company Limited and Black Oil Company Limited and between their legal advisors. Obtain confirmation from Black Oil Company. Review subsequent events. With the permission of the client, approach the company’ solicitors and ask their opinion on the likelihood of the success of the action and an estimate of the likely damages. Assuming that the amount involved is material enough, the auditor would also have to consider obtaining legal advice from an independent source. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 263 SPOTLIGHT Required: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Consider the impact of the situation on revenue recognition, based on the terms of the contract. Evaluate the appropriateness of the assumptions used by the management in determining the financial consequences of the claim and whether it includes all the information that was relevant and existed at the time the estimate was made. Consider whether the management has appropriately disclosed the contingency with respect to the nature and potential financial consequences in the respective notes to the financial statements. If the contract with Black Oil Company Limited was material for the profitability and sustainability of the Red Sea Company Limited consider whether there is a doubt as to the Company’s ability to continue as a going concern, in such a case the auditor would consider performing related audit procedures. Obtain specific representation from management regarding the existence, completeness and disclosure of contingencies in the financial statements. If the matter is properly accounted for and disclosed, consider giving an emphasis of the matter paragraph otherwise consider a qualified or an adverse opinion. The materiality of the amount will have to be taken into account. AT A GLANCE Practice Question 33: SPOTLIGHT Narrow Street Limited is an auto parts manufacturing company. The Company offers product warranty to its customers. You are senior incharge on the audit of the Company for the financial year ended December 31, 2008. While reviewing the draft balance sheet, you have noted that the provision for product warranties has increased to Rs. 150 million as compared to Rs. 85 million in the previous year. The Company’s profit after taxation as appearing in the draft profit and loss account is Rs. 50 million. Considering the significance of this change, you have decided to carry out a detailed test to verify the amount. Required: a) Describe the matters that should be discussed with the senior management while carrying out the above verification. b) State the audit procedures to be performed in order to conclude that product warranty liabilities are fairly stated in the financial statements of the Company. Solution: a) The following matters should be discussed with the management: Change in operating policies and procedures that would affect warranties; The types of warranty coverage offered by the Company; (General, special, extended etc.); The factors that affect warranty coverage, such as volume purchased, type of installation, change in warranty period, alterations to basic product, etc.; Any production problems or possible changes in operations that are resulting in increased warranty costs. Also, consider if the problems are isolated or generic; and Any implicit/ implied warranty obligations that exist based on common industry practice. Involvement of any expert. Procedures used to calculate estimated costs of warranty repairs; Whether there is change in sales volume from last year that affected the warranty Other reasons for major variations. b) Audit Procedures Review contracts, sale agreements and/or sales catalogs to verify the terms and provisions of warranty coverage; 264 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 6: THE AUDIT APPROACH Review contract files, correspondence files, and/or production reports that may indicate potential warranty problems; Test estimated costs to complete warranty repairs by: ¯ Reviewing current estimates of warranty repair cost and compare it with the actual costs incurred after the balance sheet date; ¯ Comparison of estimate made for prior periods with actual results for those periods. ¯ Compare current estimates of warranty repair cost for selected items with their prior warranty actual cost ¯ Reviewing supports of estimated warranty repair cost by component (material, labor and overhead). ¯ Consider the appropriateness of the Company’s model (cost estimation method) and test the accuracy of its application to the relevant date; ¯ Develop an alternative model to test the reasonableness of the provision; ¯ Obtain direct confirmations from the customers; ¯ Review confirmations from legal advisors to identify major disputes with any of the customers; ¯ Review a summary of items included in the provision for completeness and unusual items; ¯ Consider penalties and/or other costs associated with warranty or other performance guarantees in determining the provision. ¯ For new products, determine whether the Company has developed a reasonable basis for providing warranty costs; ¯ Review activity in the provision and the related expense accounts; AT A GLANCE CFAP 6: AARS Trade Limited has been engaged in sales of product X for a long time. In January 2007, it started trading of product Y which was sold with money-back guarantee being exercisable within 120 days of sale. Consequently, the sale of Y far exceeded the company’s expectation and eventually constituted 40% of the total sales of the company in the year 2007. An extract from the Trading Account of product Y for the year ended December 31, 2007 is as under: Particulars Rs. (in Million) Gross sales 650 Sales return and allowances 13 provision for sales return- Gross 18 cost of sales 400 On account of money-back guarantee a provision has been made, for sales return subsequent to year end. The provision is three times the actual sales returns during the first 15 days of January 2008. As the time available for presenting financial statements is limited, the management has decided to adopt it as a consistent accounting policy to be followed each year. The audit is to be finalized by February 15, 2008. The team member who was assigned to verify the provisions believes that in such situation the auditor is compelled to rely on management’s estimate. Therefore, a simple procedure of recalculation will be appropriate. Required: Explain the appropriate audit procedures to verify the provision for sales returns in the light of relevant International Standard on Auditing. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 265 SPOTLIGHT Practice Question 34: CHAPTER 6: THE AUDIT APPROACH CFAP 6: AARS Solution: Audit procedure to verify Provision for sales return: AT A GLANCE Apparently, the provision made by the company has no plausible basis. The actual returns during the year are Rs. 130 million as against the total sales of Rs. 650 million. If the sales and sales returns are made evenly throughout the year, a plain application of return percentage suggests that the provision should be nearly Rs. 32.5 million. In the above circumstances the auditor should obtain an understanding of the entity’s assumptions on which estimate is based. If the basis is considered inappropriate, the auditor should make a revised estimate either on his own or by using expert opinion. The estimate should be based on: ¯ industry practice and trend of sales return; ¯ comparison of industry and company’s terms of sale; ¯ Trend of sales return in the company i.e. sales return with-in first 15 days; between 16 to 30 days; between 31 – 45 and so on. Own estimate prepared on the above assumptions will be compared with management’s estimates. If the difference is material, the management will be asked to explain. Subsequent sales return up to the date of authorization will also provide an evidence about the reasonableness or otherwise of the management’s estimate. SPOTLIGHT 266 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 7 UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT AT A GLANCE SPOTLIGHT 1. 2. 3. 4. 5. 6. 7. 8. 9. Identifying and assessing the risks of material misstatement through understanding the entity and its environment (ISA 315(Revised 2019) Understanding the entity and its environment Components of internal control Manual and automated elements of internal control IT Risks & Controls Materiality in planning and performing an audit (ISA 320) Evaluation of misstatements identified during the audit (ISA 450) Related parties (ISA 550) Risk Assessment Questions ISA-315(Revised 2019) deals with the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements, through understanding the entity and its environment, including the entity’s internal control. The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. ISA-320 deals with the auditor’s responsibility to apply the concept of materiality in planning and performing an audit of financial statements. The auditor’s determination of materiality is a matter of professional judgment and is affected by the auditor’s perception of the financial information needs of users of the financial statements. ISA-450 deals with the auditor’s responsibility to evaluate the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements. It also explains how materiality is applied in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements. ISA-550 deals with the auditor’s responsibilities relating to related party relationships and transactions in an audit of financial statements. Specifically, it expands on how ISA 315 (Revised), ISA 330, and ISA 240 are to be applied in relation to risks of material misstatement associated with related party relationships and transactions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 267 SPOTLIGHT IN THIS CHAPTER: AT A GLANCE AT A GLANCE CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 1. IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (ISA 315(REVISED 2019) INTRODUCTION The standard is focused on: Risk Assessment Procedures and Related Activities Obtaining an Understanding of the Entity and Its Environment, the Applicable Financial Reporting Framework and the Entity’s System of Internal Control Identifying and Assessing the Risks of Material Misstatement Documentation The standard is accompanied with six appendices which provide detailed guidance on areas such as inherent risks, IT controls and internal audit. The standard places a greater focus on the IT environment, risks arising from the use of IT, and general IT controls.: AT A GLANCE Appendix 1: Considerations for Understanding the Entity and its Business Model Appendix 2: Understanding Inherent Risk Factors Appendix 3: Understanding the Entity’s System of Internal Control Appendix 4: Considerations for Understanding an Entity’s Internal Audit Function Appendix 5: Considerations for Understanding Information Technology (IT) Appendix 6: Considerations for Understanding General IT Controls 1.1 Risk Assessment Procedures and Related Activities (Ref: 13-16, A13-A18) The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion. SPOTLIGHT Risk assessment procedures Inquiries from management, and others within entity. Analytical procedures. (May help identify the existence of unusual transactions or events, and amounts, ratios, and trends) Observation and Inspection. Scalability: nature and extent of risk assessment procedures will vary dependent upon complexity, nature and size of entities. Using automated tools and techniques, the auditor may perform risk assessment procedures on large volumes of data (from the general ledger, sub-ledgers or other operational data) including for analysis, recalculations, reperformance or reconciliations. Related activities 268 Client Acceptance or Continuance Process Other engagements of same entity Information from previous audits ¯ Past misstatements and whether they were corrected timely ¯ Nature of entity and its environment and internal control ¯ Significant changes in entity’s operations THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Discussion among Engagement Team ¯ Provides opportunity for senior engagement team members to share their insights based on their knowledge ¯ Allows team members to exchange information about business risks ¯ Assists team members to gain a better understanding of potential for material misstatement of F/s in specific areas ¯ Helps to understand how the results of audit procedures that they perform may affect other aspects of the audit ¯ Provides a basis upon which engagement team members communicate and share new information obtained 1.2 Professional skepticism The standard places great emphasis on professional skepticism for the critical assessment of audit evidence gathered when performing the risk assessment procedures, it assists the auditor in remaining alert to audit evidence that is not biased towards corroborating the existence of risks or that may be contradictory to the existence of risks. The application of professional skepticism by the auditor may include: Questioning contradictory information and the reliability of documents; Considering responses to inquiries and other information obtained from management and those charged with governance; Being alert to conditions that may indicate possible misstatement due to fraud or error; and Considering whether audit evidence obtained supports the auditor’s identification and assessment of the risks of material misstatement in light of the entity’s nature and circumstances. SPOTLIGHT AT A GLANCE Professional skepticism is an attitude that is applied by the auditor when making professional judgments that then provides the basis for the auditor’s actions. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 269 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT, THE APPLICABLE FINANCIAL REPORTING FRAMEWORK (REF: 19-27, A48-A157) In ISA 315 (Revised 2019), there are broadly 3 distinct areas for the auditor’s understanding: The entity and its environment. The applicable financial reporting framework. The entity’s system of internal control. 2.1 The entity and its environment. Nature of the entity The entity’s organizational structure. Its ownership, governance structures and business model. Relevant industry, regulatory & other external factors AT A GLANCE SPOTLIGHT Industry Factors ¯ The market and competition, including demand, capacity and price competition ¯ Cyclical or seasonal activity ¯ Product technology relating to the entity's products ¯ Energy supply and cost Regulatory Factors ¯ Accounting principles and industry-specific practices ¯ Regulatory framework for a regulated industry ¯ Legislation and regulation affecting entity's operations ¯ Taxation ¯ Government policies affecting conduct of entity's business ¯ Environmental requirements Other external Factors ¯ General economic conditions ¯ Interest rates ¯ Availability of financing, and inflation/currency revaluation The measures used, internally and externally to assess the entity’s financial performance 270 ¯ Key performance indicators (financial and non-financial) and key ratios, trends and operating statistics. ¯ Period-on-period financial performance analyses. ¯ Budgets, forecasts, variance analyses, segment information and divisional, departmental or other level performance reports. ¯ Employee performance measures and incentive compensation policies. ¯ Comparisons of an entity’s performance with that of competitors. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 2.2 Applicable Financial Reporting Framework Accounting principles and industry-specific practices, including for industry-specific significant classes of transactions, account balances and related disclosures in the financial statements Revenue recognition. Accounting for financial instruments, including related credit losses. Foreign currency assets, liabilities and transactions. Accounting for unusual or complex transactions including those in controversial or emerging areas Understanding how inherent risk factors affect susceptibility of assertions to misstatement Understanding how inherent risk factors affect the susceptibility of assertions to misstatement may assist the auditor: with a preliminary understanding of the likelihood or magnitude of misstatements, which assists the auditor in identifying risks of material misstatement at the assertion level in designing and performing further audit procedures Understanding the degree to which inherent risk factors affect susceptibility of assertions to misstatement also assists the auditor in assessing the likelihood and magnitude of a possible misstatement when assessing inherent risk. Appendix 2 provides examples of events and conditions that may give rise to the existence of risks of material misstatement, categorized by inherent risk factor. 2.3 Components of Internal Control (Ref 21, A96-A108) Auditor will obtain understanding of Control Environment, the Entity’s Risk Assessment Process and the Entity’s Process to Monitor the System of Internal Control. AT A GLANCE Control environment: Understand controls, processes, and structures in place that address management's oversight responsibilities, including the entity's culture and commitment to integrity. assess the independence and oversight of those charged with governance over the internal control system when separate from management. examine the entity's assignment of authority and responsibility, examine its practices for attracting and developing competent individuals, and how it holds individuals accountable for their responsibilities. The auditor will evaluate whether: management, with oversight from those charged with governance, has established a culture of honesty and ethical behavior Control environment provides an appropriate foundation for the entity's internal control system. Control deficiencies in the control environment can undermine the effectiveness of the entity's overall internal control system. The auditor will evaluate the control environment related to the entity's use of IT, considering factors such as: governance over IT, the entity's technology platform and reliance on IT applications, management's organizational structure, and resource allocation, including investment in an appropriate IT environment and skilled personnel. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 271 SPOTLIGHT To understand the control environment, the auditor must: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS The Entity's Risk Assessment Process The auditors understand the entity's process for identifying and assessing business risks relevant to financial reporting objectives and how they address those risks. They also evaluate the appropriateness of the entity's risk assessment process considering the nature and complexity of the entity. The auditors evaluate how management and those charged with governance identify, assess, and address business risks relevant to financial statement preparation, including specifying objectives, analyzing risks, and considering the potential for fraud. If the auditors identify risks of material misstatement that management did not identify, the auditors must determine: if these risks should have been identified through the entity's risk assessment process and understand why they were not. consider the implications of these findings for their evaluation, which pertains to the auditors response to assessed risks and the design and implementation of audit procedures. The auditors evaluate: AT A GLANCE whether the entity's risk assessment process is appropriate to understand the identified risks, the entity's response to those risks, and to assess the risks faced by the entity in relation to the nature and complexity of its operations. Entity’s process to monitor the system of control The auditors seek to understand how the entity monitors its system of internal control, which may involve: ongoing or periodic monitoring activities, evaluating the results of monitoring, addressing deficiencies, considering IT-related controls. SPOTLIGHT The auditors obtain an understanding of the internal audit function's responsibilities through inquiries and review of the audit plan, which may impact the nature and extent of audit procedures. Understanding helps the auditors assess the appropriateness of the entity's monitoring process, which is crucial for evaluating the effectiveness of the entity's system of internal control and identifying risks of material misstatement. Management's monitoring activities may utilize other sources such as external communications, for e.g. customer complaints or regulator comments, to identify potential issues and areas for improvement. Information System and communication To understand the entity's information system and communication relevant to financial statement preparation, the auditors perform risk assessment procedures by: Understanding the entity's information processing activities, including how transactions and events are recorded, processed, and disclosed, and reviewing accounting records and supporting records. Understanding how the entity communicates significant matters related to financial reporting within the organization, between management and governance, and with external parties. understanding the entity’s communication may come from policy manuals and financial reporting manuals Understanding of information system may be obtained through inquiries, inspections of documents, observation, selecting and tracing transactions Auditors will evaluate whether the entity's information system, IT environment and communication effectively support the preparation of financial statements in accordance with the applicable reporting framework. 272 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Control Activities The auditors are required to obtain an understanding of the control activities component by performing following risk assessment procedures. a) Identifying controls that address risks of material misstatement at the assertion level in the control activities component. This includes: Identifying controls that address significant risks. Identifying controls over journal entries, including nonstandard journal entries used for nonrecurring or unusual transactions or adjustments. Identifying controls that the auditor plans to test for operating effectiveness in order to determine the nature, timing, and extent of substantive testing. This includes controls that address risks for which substantive procedures alone are not sufficient. b) identify the IT applications and other aspects of the entity's IT environment that are subject to risks arising from the use of IT. AT A GLANCE The auditors are required to evaluate whether the control is effectively designed to address the risk of material misstatement at the assertion level or effectively designed to support other controls. Examples of Control Activities Approval and control of documents Checking the arithmetical accuracy of records Maintaining and reviewing control accounts and trial balances Reconciliations Comparing the results of cash, security and inventory counts with accounting records Comparing internal data with external sources Limiting physical access to assets and records You are the audit manager at Moosa and Company, Chartered Accountants responsible for the audit of Beta Bank Limited (BBL). While planning the audit for the year ending 31 December 2020, you come across a news published in a national newspaper that BBL has suffered a cyberattack which has resulted in theft of depositors’ confidential data. Required: Discuss the course of action you should plan in response to cyber-attack. Tutorial Notes: Following important points should not be missed: Obtaining the details of claims filed by customers and the management’s intention to honor them or pursue legal proceedings. Inspecting subsequent payments to ascertain the amount of penalties and fines. Inquiring about management’s risk assessment for the possible loss of business and its impact on the financial statements. Determining whether continued reliance can be placed on the IT automated controls. Considering the course of action if the non-disclosure of the incident by the management appears intentional. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 273 SPOTLIGHT Practice Question 01: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Solution: Due to the theft of confidential data, BBL is exposed to severe legal action and claims from the depositors. Course of action: AT A GLANCE SPOTLIGHT Discuss with the management and those charged with governance regarding the following issues: - How the incident occurred along with the extent and nature of data lost. - BBL’s expected plans to mitigate and rectify the situation. - Whether any going concern assessment has been performed by the entity to assess the impact of this incident. Consult the legal advisor about the laws and regulations and the possible impact of the non-compliance on the client. Consider about consulting with auditor’s expert, relating to possible legal consequences. Obtain the details about the claims filled by the customers against BBL. Inquire from management whether: BBL intends to honor those claims. In such a scenario ensure that appropriate provision has been made in the financial statements. In case BBL intends to challenge these claims in the court of law, then depending on the advice of legal advisor, disclose it as a contingent liability. Inspect the correspondence with the Central Bank to assess BBL’s exposure towards the penalties and fines. Inspect subsequent payments and post year end accounts to ascertain the amount of penalties and fines. Involve the firm’s IT expert to ascertain the reason of the data breach and its impact on the other control of the entity. Determine whether continued reliance can be placed on the IT automated controls. Inquire whether the management has carried out any risk assessment for the possible loss of business and its impact on the financial statements. Include a key audit matter in the auditor report regarding how the matter was addressed by the auditor. Consider whether management disclosed incidence of cyber-attack to audit team. If the non-disclosure by management appears intentional (and therefore creates doubt on integrity of management), evaluate the implications for the audit. Revise the initial risk assessment, and the impact to nature, timing and extent of other planned audit procedures. 2.4 Tutorial note: How to deal with Risk Assessment (mix) Question in Exam Assertion by assertion responses (Account Balances) Existence Physical verification Third party confirmations Accuracy, valuation and allocation Matching amounts to invoices Recalculations Review of post year-end payments and invoices Expert valuation 274 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Completeness Cut-off testing Analytical review Confirmations Reconciliations to control accounts Rights and obligation Reviewing invoices for proof that items belongs to company Confirmation with 3rd parties Classification and presentation Confirming compliance with laws and AFRF Check the recording in proper account Reviewing notes for understand ability Confirming accounting policy is consistent and reasonable Occurrence Inspection of supporting documentation Accuracy AT A GLANCE External confirmations Recalculations of amounts Third party confirmation Analytical review Completeness Cut-off testing Analytical review Confirmations Reconciliation to control accounts Cut-off Cut off testing Classification and Presentation SPOTLIGHT Analytical review Confirming compliance with laws and AFRF Check the recording in proper account Reviewing notes for understand ability Confirming accounting policy is consistent and reasonable THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 275 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 3. IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT (REF: 28-33, A184-A225) The auditor shall identify the risks of material misstatement and determine where they exist at: The financial statement level The assertion level for classes of transactions, account balance and disclosure 3.1 Financial statement level It refers to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. The auditor’s identification and assessment of risk of material misstatements at the financial statement level is influenced by the: AT A GLANCE auditor’s understanding of the entity’s system of internal control auditor’s understanding of the entity’s control environment entity’s risk assessment process entity’s process to monitor the system of internal control control deficiencies 3.2 Assertion Level Assertions are representations made by the management about the recognition, measurement, presentation and disclosure of information in the financial statements that the financial statements are prepared in accordance with the applicable financial reporting framework. Assertions are used by the auditor to consider the different types of potential misstatements that may occur when identifying, assessing and responding to the risks of material misstatement. Following are assertions which impact a class of transaction or/and an account balance: SPOTLIGHT Assertions (Description) Class of Transaction Occurrence: Transactions and events that have been recorded or disclosed, have occurred and such transactions and events pertains to entity Existence: Assets, liabilities, and equity interests exist Accuracy: Amounts and other data relating to recorded transactions and events have been recorded appropriately and related disclosures have been appropriately measured & described. Accuracy, Valuation & Allocation: Assets, liabilities, and equity interests are included in the financial statements at appropriate amounts Completeness: Assets, liabilities, equity interests, transactions and events that should have been recorded have been recorded, and al.l related disclosures have been included in the financial statements Classification: Assets, liabilities and equity interests have been recorded in the proper accounts 276 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN Rights and Obligation: The entity holds or controls the rights to assets, and liabilities are the obligations of the entity Cut-Off: Transactions and events have been recorded in the correct accounting period Account Balance CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Assertions (Description) Class of Transaction Account Balance Presentation – Transactions, events, assets, liabilities and equity interest are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant & understandable in context of requirements of applicable financial reporting framework Relevant assertion: An assertion about class of transaction, account balance or disclosure is relevant when it has an identified risk of material misstatement, the determination whether the assertion is relevant is made before consideration of any inherent risk. One or more relevant assertions in a class of transaction, account balance or disclosure results in a significant class of transaction, account balance or disclosure. Auditor shall: to assess the likelihood and magnitude of material misstatement. The auditor will take into account how and the degree to which: ¯ Inherent risk factors affect the susceptibility of relevant assertions to the misstatement ¯ Risk of material misstatement at the financial statement level affect the assessment of inherent risk for the risks of material misstatement at the assertion level whether identified risks of material misstatement are significant risks. whether substantive procedures alone cannot provide sufficient appropriate audit evidence for any of the risks of material misstatements at the assertion level. AT A GLANCE For each identified risk of material misstatement at the assertion level, the auditor is required: Significant risk: is an identified risk of material misstatements for which the assessment of inherent risk is close to the upper end of the spectrum of inherent risks. Judgment about significance of a risk Transactions for which there are multiple acceptable accounting treatments such that subjectivity is involved. Accounting estimates that have high estimation uncertainty or complex models. Complexity in data collection and processing to support account balances. Account balances or quantitative disclosures that involve complex calculations. Accounting principles that may be subject to differing interpretation. Changes in entity’s businesses that involve changes in accounting for example, mergers and acquisitions. 3.3 Inherent Risks Inherent risk is influenced by inherent risk factors and is measured at a scale called spectrum of inherent risk (ISA 315 (revised 2019) Appendix 2) Inherent risk factors may be qualitative or quantitative and affect the susceptibility of assertions to misstatements. Qualitative factors may include: 1) Complexity: arise from nature of information or the way it is prepared. When there are potential data sources, with different characteristics, data is difficult to identify, capture, access, record, understand or process. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 277 SPOTLIGHT It is the combination of likelihood and magnitude that will determine where inherent risk is assessed on the spectrum of inherent risk. For the inherent risk to be determined as a significant risk, it does not require to be high up on the scale for both likelihood and magnitude, even one will do. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 2) Subjectivity: arise from inherent limitation in ability to prepare required information in an objective manner, due to limited availability of knowledge or information involving subjective judgement. 3) Change: results from events or conditions that affect business, economic, accounting, regulatory, industry or other aspects of environment in which entity operates 4) Uncertainty: arises when required information cannot be prepared based only on sufficiently precise and comprehensive data that is verifiable through direct observation. 5) Susceptibility to misstatement: due to management bias or other fraud risk factors in preparing the information. 3.4 Assessing control risks (34-35, A226-A232) A separate assessment of inherent risk and control risk is required to be made by the auditors. If auditor plans to test the operating effectiveness of controls, the auditor shall assess the control risk. If the auditor doesn’t plan to test the operating effectiveness of controls, the auditor’s assessment of control risk shall be such that the assessment of risk of material misstatement is the same as the assessment of inherent risk. AT A GLANCE If auditor plan to test the operating effectiveness of controls it may be necessary to test the combination of controls. Direct and indirect both controls can be tested, including general IT controls based on initial understanding of design implementation and identified controls in control activities. (ISA 330, Para A30) When auditors expect general IT controls are not operating effectively, they may apply substantive procedures along with test of controls. Classes of transaction, account balances and Disclosures that are not significant, but Material Materiality and audit risk are considered when identifying and assessing the risks of material misstatement in classes of transactions, account balances and disclosures. The auditors will evaluate whether their determination about material classes of transactions, account balances or disclosures that have not been determined to be significant, remains appropriate, since the determination of materiality is a matter of professional judgement. SPOTLIGHT 3.5 Revision of Risk Assessment (Ref: 37, A236) If the auditor obtains new information which is inconsistent with the audit evidence on which the auditor originally based the identification or assessment of the risks of material misstatement, the auditor will revise the identification or assessment. 3.6 Documentation (Ref: 38, A237-241) 278 Discussion among engagement team and significant decisions; Key elements of understanding obtained, sources of information and the risk assessment procedures performed; Evaluation of the design of identified controls and their implementation Identified and assessed risks of material misstatement at financial statements level and assertion level and the rationale for the significant judgements made. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 4. INFORMATION SYSTEM AND COMMUNICATION (APPENDIX 5 AND 6 (REF: PARA. 25(A), 26(B)‒(C), A94, A166‒A172) Controls in a manual system: May include approvals and reviews of transactions, and reconciliations and follow-up of reconciling items. Controls in IT systems: Consist of combination of automated controls and manual controls. Benefits of IT in entity's internal control: Consistently apply predefined business rules and Perform complex calculations in processing large volumes Enhance timeliness, availability, and accuracy of information Facilitate additional analysis of information; Enhance ability to monitor performance of entity Reduce the risk that controls will be circumvented Enhance ability to achieve effective segregation of duties. Risks of using IT in internal control: Reliance on systems or programs that is faulty. Unauthorized access to data IT personnel gaining access privileges beyond authority. Unauthorized changes to data in master files. Unauthorized changes to systems or programs. Failure to make necessary changes to systems or programs. Inappropriate manual intervention. Potential loss of data or inability to access data as required. Manual elements in internal control may be more suitable where judgment and discretion are required: Large, unusual or non-recurring transactions. Circumstances where errors are difficult to define or predict. In changing circumstances requiring a control response outside the scope of an existing control. In monitoring effectiveness of automated controls. Manual elements in internal control may be less reliable than automated elements High volume or recurring transactions, or situations where anticipated errors can be prevented, or detected and corrected. Control activities where the specific ways to perform the control can be adequately designed and automated. Scalability It is easier to obtain understanding of entity’s IT environment for a less complex entity as compared to complex entity as complex IT environments also may require dedicated IT departments that have structured IT processes supported by personnel. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 279 SPOTLIGHT AT A GLANCE CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS General IT controls General IT controls are policies and procedures that relate to many applications and support the effective functioning of application controls. General IT controls that maintain the integrity of information and security of data commonly include controls over following: Applications Database Operating system Network Examples of general IT controls Process to managed access: Authentication Authorization Provisioning AT A GLANCE Deprovisioning Privileged access User access reviews Security configuration controls Physical access Process to manage program or other changes to the IT environment: Change management process Segregation of duties over change migration SPOTLIGHT Systems development or acquisition or implementation Data conversion Process to manage IT operations Job scheduling Job monitoring Backup and recovery 280 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT SPOTLIGHT AT A GLANCE The following sets out an overview of ISA 315 (Revised 2019): Source: IAASB implementation guideline THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 281 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 5. IT RISKS AND CONTROLS 5.1 What is ICT and the related security issue Information and communications technology (ICT) is an extension of information technology (IT) that emphasize the role of unified communications and the integration of telecommunications and computers, as well as necessary enterprise software, storage and audio-visual, that enable users to access, store, transmit, understand and information. ICT is the use of technology for gathering, storing, retrieving, processing, analysing and transmitting information. It includes software and hardware such as smartphones, handheld devices, laptop computers, desktop computers, drones, video cameras, wearable technology, artificial intelligence and others. IT Security Business and organisations are increasingly dependent on ICT for communication outside a “protected” internal, organisation-only environment. Trends such as mobile technology, cloud and social networking increase an organisation's interaction with customers, staff, suppliers, partners and other parties. At the same time, this makes them more vulnerable to deliberate or accidental security breaches and cyber-attacks. AT A GLANCE The demand for security technologies and skills in IT security is evolving into a need for complex, context-aware protection. As a result, IT security technology and skills are in big demand. There are three main areas of ICT security: Identity and access management (IAM) - solutions used to identify users in a system and control their access to resources within that system by associating user rights and restrictions with established identity. Secure content and threat management (SCTM) - products to defend against viruses, spyware, spam, hackers, intrusions, and the unauthorised use or disclosure of confidential information. Security and vulnerability management - solutions that focus on allowing business and organisations to determine, interpret, and improve their risk position. SPOTLIGHT 5.2 Improvements in ICT Processes Risk control Internal Audit function Companies should assign the responsibility for managing and overseeing ICT and security risks to a Risk control function. Companies should ensure the independence and objectivity of this control function by appropriately segregating it from ICT operations processes. This control function should be directly accountable to the management body and responsible for monitoring and controlling adherence to the ICT and security risk management framework. It should ensure that ICT and security risks are identified, measured, assessed, managed, monitored and reported. Companies should ensure that this control function is not responsible for any internal audit. The internal audit function should, following a risk-based approach, have the capacity to independently review and provide objective assurance of the compliance of all ICT and security related activities and units of a financial institution with the financial institution’s policies and procedures and with external requirements, adhering to the requirements of Companies, should define and assign key roles and responsibilities, and relevant reporting lines, for the ICT and security risk management framework to be effective. Classification and Risk Assessment Companies should classify the identified business functions, supporting processes and information assets. To define the criticality of these identified business functions, supporting processes and information assets, companies should, at a minimum, consider the confidentiality, integrity and availability requirements. There should be clearly assigned accountability and responsibility for the information assets. 282 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Companies should review the adequacy of the classification of the information assets and relevant documentation, when risk assessment is performed. Companies should identify the ICT and security risks that impact the identified and classified business functions, supporting processes and information assets, according to their criticality. This risk assessment should be carried out and documented annually or at shorter intervals, if required. Such risk assessments should also be performed on any major changes in infrastructure, processes or procedures affecting the business functions, supporting processes or information assets, and consequently the current risk assessment of companies should be updated. Companies should ensure that they continuously monitor threats and vulnerabilities relevant to their business processes, supporting functions and information assets and should regularly review the risk scenarios impacting them. 5.3 Data Analytics Historically, the type of data generated has been 'structured data' from financial institutions, bank accounts and big institutions. Today we have unstructured data, the type of data being generated by social media, mobile phones for example. The management of data is essential to business, and its importance will continue to grow as long as more and more devices, technologies and services harvest more and more information from society. Data analytics involves the collection, organisation, and interpretation of statistical information to make it useful to a range of businesses and organisations. A Data Analyst is someone who scrutinises information using data analysis tools. The meaningful results they pull from the raw data helps their employers or clients make important decisions by identifying various facts and trends. AT A GLANCE Big Data is one of the fastest growing areas of computing and Ireland has become the European data centre location of choice for world leaders including Microsoft, Google, Yahoo, MSN, Adobe and IBM, and is now poised to become a global cloud centre of excellence. Use of advanced computerised models to extract the data needed Removal of corrupted data Performing initial analysis to assess the quality of the data Performing further analysis to determine the meaning of the data Performing final analysis to provide additional data screening Preparing reports based on analysis and present to management Data analytics has been around in various forms for a long time, but businesses are finding increasingly sophisticated and timely methods to utilise data analytics to enhance their operations. Data analytics enable businesses to identify new opportunities, costs savings and to enable faster and effective decision making. Big data and ICT go together where data is generated by ICT tools and handled by big data optimization tools to discover hidden knowledge and information. The most remarkable use of predictive analytics is in business processes to determine the outcomes for current models. The technology advances such as predictive analytics with ICT are proving to benefit with less cost and higher efficiency. For example, online web portals Amazon, Google, Twitter, and others are availing consumer information. This information proves to be vital to discover the usage patterns with socio- behavioral analysis to predict models for relevant customer to upgrade them to substantial offers. In addition, online web portal data, if analyzed properly, can facilitate to discover risk factors and fraud customers which prove to be set back for companies’ growth. This information can widely be anticipated at a global platform to enhance overall net profit for development purposes. 5.4 Identification of Cyber Security Risks Cybersecurity is one of the essential tasks for any business. It’s not just a matter of protecting your company’s data and information from external threats, but also ensuring that it remains robust to internal ones. All three, i.e. people, processes and technology, are your greatest asset. If they are not embedded and managed throughout the organisation, you can expect that they will inadvertently put your sensitive data at risk. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 283 SPOTLIGHT The work of Data Analysis involves: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Identifying and assessing cyber risk Cyberattacks are on the rise, and organisations of all sizes are struggling to cope with them. Problem is that most companies don’t know how to tell if they’re being targeted by a cyberattack in advance. And even when an attack does happen, it’s too late to do anything about it except try to clean up after the fact. Cyber risk is a type of business and operational risk that’s unique in its pervasiveness. It can happen anywhere, anytime, to anyone with an internet connection. In some cases, cyber risks are new or not as well understood as other types of risks such as physical damages from natural disasters – but the impacts can be long lasting. This can only be reduced by proper risk mitigation in advance. Identification of entity’s vulnerabilities First step of cyber risk assessment is identifying things (in business) that attracts cybercriminals the most. Ask yourself these questions while assessing risks faced by your organisation, AT A GLANCE How is information collected and stored? What information is collected? Who has access to the stored data? How our entity secures its systems, networks, email, etc.? How much of my information is stored in the cloud? What are our backup strategies, and how effective they are? Is there a disaster recovery plan for data centre failures? External and internal risks SPOTLIGHT Cybercrime is something that needs to be taken seriously and should not only be thought about in terms of external threats. Internal events are just as important; for example, human error or misconduct can lead to severe consequences like fraud schemes. Before risk mitigation, Identification of external and internal risks is mandatory. To start with, look into the different types of cybercrime: Phishing scams are carried out when hackers send emails or texts that ask for personal information. Ransomware typically arrives as an email attachment that opens malware onto your computer or software. Supply chain attacks cause disruptions to the targeted company. Keystroke logging programs record passwords by monitoring inputted data from keyboards without authorization and these represent only the tip of the iceberg! Not sure what you’re up against? Risk Assessment Cyber security risk assessments help you identify the threats to your business from cybercrime, data breaches or malware. The process identifies risks that an attacker could exploit with malicious intent. It also highlights vulnerabilities in your systems that may have been overlooked because of time pressure or lack of awareness. Risk acceptance strategy at the beginning is crucial for effective risk mitigation. Risk Evaluation Risk evaluation determines the significance of risks through a comparative process to have an accurate assessment. Cyber threats are growing in number and sophistication, with no end in sight. Your risk evaluation should account for the following; 284 The importance to your business; How much control do you have over it; Potential losses if something goes wrong with this activity or project, as well as any benefits that might arise; from taking a particular course of action when faced with possible problems such as these. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Risk Analysis Your business’s risk analysis process will help you judge how much money; effort or resources are required for risk mitigation of the losses incurred from risk or how much the company can afford to lose. The following are some of the criteria that can be considered by an organisation when performing a cyber-security analysis: The probability for a specific incident to happen about other incidents The consequences if it does happen, including potential damage and how much time would need to be spent repairing cracks or restoring lost services Description Prevention Malware Malware is when an unwanted piece of programming or software installs itself on a target system, causing unusual behavior. This ranges from denying access to programs, deleting files, stealing information, and spreading itself to other systems. Organizations should have the latest antimalware programs installed, for starters. It’s also important to recognize suspicious links, files, or websites, which are effective ways of implementing malware. Password Theft An unwanted third party manage to steal or guess your password and has access to all your information. It’s far worse for an enterprise, which may lose sensitive data. Two-factor authentication is a robust protection method, as it requires an additional device to complete the login. Additionally, using complicated logins with alpha numeric can help. Traffic Interception When a third-party “listens” to info sent between a user and host. The kind of information stolen varies based on traffic. Avoiding compromised websites (such as those not using HTML5). Encrypting network traffic – such as through a VPN. Phishing Attacks Typically, an end user receives a message or email which requests sensitive data, such as a password. Sometimes, the phishing message appears official, using legitimate appearing addresses and media. Generally, a common-sense approach to security is the best prevention. Official emails from organizations do not request personal data, so this is a giveaway there is malicious intent. Distributed Denial of Service (DDoS) DDoS is an attack method in which malicious parties target servers an overload them with user traffic. When a server cannot handle incoming requests, the website it hosts shuts down or slows to unusable performance. Stopping a DDoS requires identifying malicious traffic. This can take time depending on how many malicious IPs are used to distribute attack. In cases, servers need to be taken offline for maintenance. Cross Site Attack A third-party will target a vulnerable website, typically one lacking encryption. Once targeted the dangerous code loads onto the site. When a regular user accesses that website, that payload is delivered either to their system or browser, causing unwanted behavior. Encryption is usually required on the host’s side. Additionally, providing the option to turn off page scripts is vital to thwart a malicious payload from activating. Users can also install scriptblocker add-ons to their browser. SQL Injection Malicious 3rd parties manipulate SQL “queries” (the typical string of code request sent to a service or server) to retrieve sensitive info. Implementation of smart firewalls. Generally, most effective way is to develop code which identifies illegal user inputs. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 285 SPOTLIGHT Cyber-security Risk AT A GLANCE 5.5 Common cyber-security risks and use of general or application controls to mitigate those CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Cyber-security Risk CFAP 6: AARS AT A GLANCE Description Prevention Ransomware A nasty variant of malware, ransomware installs itself on a user system or network. Once installed, it prevents access to functionalities (in part or whole) until a “ransom” is paid to third parties. Keeping anti-virus updated and avoiding malicious links are the best current prevention methods. Also, current backups and replications are effective Crypto jacking An attempt to install malware which forces the infected system to perform “crypto-mining,” a popular form of gaining crypto-currency. Like all viruses, it can infect unprotected systems Keep all security apps/software updated and make sure firmware on smart devices is also using the latest version. Trojan Virus Attempts to deliver its payload by disguising itself as legitimate software. One technique used is an “alert about a system compromised by malware”, recommending a scan, whereby the scan actually delivered the malware. Avoid downloading programs or executable from unrecognized vendors or those that attempt to alarm the user to a serious problem. 5.6 Improving cyber security The foremost task should be to develop an overall risk mitigation strategy for managing cyber risks. Businesses should have an enterprise-wide view of the cybersecurity risks as well as its sub-units. This is the only way to ensure that all areas are covered and that a proper risk assessment occurs. Common Cyber Risk Mitigation Control Strategies 1. Keep your software updated SPOTLIGHT The software your company run on the machine is vulnerable to a cyber-attack and zero-day exploits. Updates must be applied as soon as possible, or hackers will create new N-days that can do severe damage. 2. Restricted Access Security measures should be taken to protect privileged access. To manage privilege, these risk mitigation strategies may help your company: Tiered administrative access or one-time passwords/tokens with procedural guidelines designed around secure resetting credentials such as by Password authentication services. Procedures should also be in place for securely resetting passwords or other types of credentials if they are compromised, so high-value assets aren’t inadvertently exposed. 3. Disaster Recovery Plan Cybersecurity professionals must have an important risk mitigation strategy to create, review, and exercise a system recovery plan that will ensure restoration of data as part of a comprehensive disaster recovery strategy. 4. Get rid of unwanted hardware You should remove unwanted or unneeded hardware from the equation as much as possible by starting with a known baseline. This will allow you to establish control over operations going forward while reducing the attack surface even more so than before. Systems must be actively managed –they can adapt dynamically in response to changing threat environments while scaling up and streamlining administrative tasks. 5. Ensure Signed Software Policies In order to make sure that your computer is secure, you should use a modern operating system that enforces signed software execution policies for scripts, executables and device drivers. 286 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 6. Hunt for Intrusions Dedicated teams should be formed, continuously seeking out any evil presences or threat actors that may have access within the organisation. Passive detection mechanisms (like Logs) is an efficient risk mitigation strategy. 7. Stay away from single-factor authentication Include multi-factor authentication in your risk mitigation plans. It is essential for organisations to transition away from single-factor authentication, such as passwords and PINs. 5.7 Cybersecurity Framework The Framework comprises of three main components: 1) The Framework Core Develop and implement procedures to protect the most critical intellectual property and assets. Have resources in place to identify any cybersecurity breach. Recover from a breach, if and when one occurs. 2) The Implementation Tiers Defines the level of sophistication and consistency an organization employs in applying its cybersecurity practices. It has the following 4 levels. Tier 1 (Partial) − In this level, the organization’s cyber-risk management profiles are not defined. There is a partial consciousness of the organization’s cybersecurity risk at the organization level. Tier 2 (Risk Informed) − In this level, organizations establish a cyber-risk management policy that is directly approved by the senior management. Tier 3 (Repeatable) − In this level, the organization runs with formal cybersecurity measures, which are regularly updated based on requirement. Tier 4 (Adaptive) − In this level, the organization adapts its cybersecurity practices "in real-time" derived from previous and current cybersecurity activities. 3) The Framework Profile It is a tool that provides organizations a platform for storing information concerning their cybersecurity program. A profile allows organizations to clearly express the goals of their cybersecurity program. Where do You Start with Implementing the Framework? Senior management including the directors should first get acquainted with the Framework. After which, the directors should have a detailed discussion with the management about organization’s Implementation Tiers. Educating the managers and staff on the Framework will ensure that everyone understands its importance. 5.8 Using ICT Processes by auditor to identify risks and mitigating controls As information and communication technology (ICT) becomes more sophisticated, it is important to be able to use ICT to optimize audit effectiveness and efficiency, and to support and maintain integrity of audit process. Examples of the use of ICT during audits may include but are not limited to: Meetings; by means of teleconference facilities, including audio, video and data sharing Audit of documents and records by means of remote access Recording of information and evidence by means of still video, video or audio recordings Providing visual/audio access to remote or potentially hazardous locations THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 287 SPOTLIGHT AT A GLANCE A set of cybersecurity activities and applicable references that having five simultaneous and constant functions − Identify, Protect, Detect, Respond, and Recover. The framework core has methods to ensure the following: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS The objectives for the effective application of ICT for audit purposes are: To provide a methodology for the use of ICT that is sufficiently flexible and non-prescriptive in nature to optimize the conventional audit process To ensure that adequate controls are in place to avoid abuses that could compromise the integrity of the audit process To support the principles of safety and sustainability Benefits of Using ICT in auditing AT A GLANCE Continued management system viability for emergency situations, like COVID-19. Audit effectiveness has resulted due to the evolution and sophistication of technology with tools Requires to assess and understand the potential risks of remote audits including client’s ICT capability, tool familiarity, audit cycle considerations and certification scope. Requires additional auditor planning, preparation and coordination with the customer that leads to an improved and effective audit. Reduces 3rd-party certification expenses to client due to reduced auditor travel costs resulting in savings. Increases auditor resiliency as it reduces auditor travel fatigue and associated stress. ICT can be used in auditing of management systems, persons, and product and is applicable to conformity assessment bodies and accreditation bodies. Limitations on the use of ICT SPOTLIGHT Scope of using ICT is much difficult to determine and requires a substantial professional judgement. Effectiveness is dependent upon the organization and the auditor familiarity and expertise with ICT tools. Auditors find it difficult to remotely audit “hands-on” processes such as Receiving, Production, and Verification processes. ICT auditing is more complicated for mostly paper-based organizations. ICT auditing can create auditor and client frustrations due to poor internet connectivity, internet dead zones, or not being able to hear or communicate effectively. ICT auditing may not appeal to all auditors as some are not comfortable with the ICT technology and find auditing remotely frustrating. 5.9 Use of Data Analytics by the auditor IAASB defines data analytics for audit as the science and art of discovering and analysing patterns, deviations and inconsistencies and extracting other useful information in the data underlying or related to the subject matter of audit through analysis, modelling and visualisation for the purpose of planning and performing audit. The larger audit firms and increasingly smaller firms utilise data analytics as part of their audit offering to reduce risk and to add value to the client. Bigger firms often have the resources to create their own data analytics platforms whereas smaller firms may opt to acquire an off the shelf package. For auditors, the main driver of using data analytics is to improve audit quality. It allows auditors to more effectively audit the large amounts of data held and processed in IT systems in larger clients. Auditors can extract and manipulate client data and analyse it. By doing so they can better understand the client’s information and better identify the risks. Data analytics tools have power to turn all data into pre-structured forms/presentations understandable to both auditors and clients and even to generate audit programmes tailored to client-specific risks or to provide data directly into computerised audit procedures thus allowing the auditor to more efficiently arrive at result. 288 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Examples of the use of data analytics to perform audit procedures include: NRV testing – comparing the last time an inventory item was purchased with the last time it was sold Analysis of revenue trends by product and region Matching purchase orders to invoices and payments Segregation of duties testing by identifying combinations of users involved in processing transactions from the metadata attached to transactions Benefits of data analytics Increased business understanding through a more thorough analysis of a client’s data and the use of visual output such as dashboard displays rather than text or numerical information allows. This increase in understanding, aids the identification of risks associated with a client, enabling testing to be better directed at those areas. Freeing up auditor time from analysing routine data so that more time can be spent on areas of risk. Increased consistency across group audits where all auditors are using the same technology and process. increased efficiency through the use of computer programmes to perform very fast processing of large volumes of data and provide analysis to auditors on which to base their conclusion, saving time within the audit and allowing better focus on judgemental and risk areas (often 100% testing is also possible). Data can be more easily manipulated by auditor as part of audit testing, for example performing sensitivity analysis on management assumptions. Increased fraud detection through the ability to interrogate all data and to test segregation of duties. Information obtained through data analytics can be shared with the client, adding value to the audit and providing a real benefit to management in that they are provided with that useful information. AT A GLANCE The increased access and manipulation of data and the consistency of application of data analytics tools should increase audit quality and efficiency through: At present there is a lack of consistency or a widely accepted standard across firms and even within a firm. Other issues which can arise with the introduction of data analytics as an audit tool include: Data privacy and confidentiality. Client may be reluctant to allow the audit firm sufficient access to their systems to perform data analytics. Completeness and integrity of the extracted client data may not be guaranteed. Compatibility issues with client systems may render standard tests ineffective. Audit staff may not be competent to understand the exact nature of the data and output to draw appropriate conclusions. Practice management issues arise relating to data storage and accessibility for the duration of the required retention period for audit evidence. An expectation gap among stakeholders who think that because the auditor is testing 100% of transactions in a specific area, the client’s data must be 100% correct. 5.10 Cyber-Security Audit A cyber security audit is a systematic and independent examination of an organization’s cyber security. which ensures that the proper security controls, policies and procedures are in place and working effectively. The purpose of a cyber-security audit is to provide a ‘checklist’ in order to validate your controls are working properly. In short, it allows you to inspect what you expect from your security policies. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 289 SPOTLIGHT Challenges of data analytics CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Audits play a critical role in helping organizations avoid cyber threats. They identify and test your security in order to highlight any weaknesses or vulnerabilities. Elements of a cyber-security audit: A cyber security audit focuses on cyber security standards, guidelines, and policies. Furthermore, it focuses on ensuring that all security controls are optimized, and all compliance requirements are met. Operational Security (review of policies, procedures, and security controls) Data Security (review of encryption use, network access control, data security in transmission & storage) System Security (review of patching processes, role-based access, management of privileged accounts, etc.) Network Security (review of network and security controls, anti-virus configurations, SOC, security monitoring capabilities) Physical Security (review of role-based access controls, disk encryption, multifactor authentication, biometric data, etc.) AT A GLANCE Benefits of a cyber-security audit A cyber security audit is the highest level of assurance service that an independent cyber security audit offers. It provides an organization, as well as their business partners and customers, with confidence in the effectiveness of their cyber security controls. SPOTLIGHT Identifying gaps in security Highlight weaknesses Compliance Reputational value Testing control Improving security posture Assurance to vendors, employees, and clients Confidence in your security controls Increased performance of your technology and security Cyber security audit checklist Audit checklist will depend on industry, size, and compliance framework. However, there are some basic categories that every audit should include. Specifically, the following are essential categories to review: 290 Inventory and control of hardware assets Inventory and control of software assets Continuous vulnerability management Controlled use of administrative privileges Secure configuration for hardware and software on mobile devices, laptops, workstations, and servers Maintenance, monitoring, and analysis of audit logs Email and web browser protection Malware defenses Limitation and control of network ports, protocols, and servers. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT IT security controls auditors can look to implement: Formal IT security policy Formal incident response plan Security awareness training Password lengths of eight or more characters Two-factor authentication Network firewall Intrusion prevention system Website filtering solution Hard disk encryption for laptops Anti-virus software for all PCs and servers Quarterly OS patching for servers Automatic OS patching for PCs Daily data back-up Cyber insurance SPOTLIGHT AT A GLANCE THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 291 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 6. MATERIALITY IN PLANNING AND PERFORMING AN AUDIT (ISA 320) 6.1 Materiality in the Context of an Audit (Ref: 2-6, A1) Misstatements, including omissions, are considered to be material if they, individually or in aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of financial statements Determining materiality is a matter of professional judgment, auditor assume that users: Have a reasonable knowledge of business & economic activities Understand that financial statements are prepared, presented and audited to levels of materiality; Recognize the uncertainties inherent; and Make reasonable economic decision Materiality is applied both in planning and performing audit. In planning, auditor makes judgments about size of misstatements that will be considered material. These judgments provide a basis for: AT A GLANCE Determining nature, timing & extent of risk assessment procedures Determining nature, timing & extent of further audit procedures. Identifying and assessing risks of material misstatement Auditor considers not only the size but also the nature of uncorrected misstatements. 6.2 Determining Materiality and Performance Materiality When Planning the Audit (Ref: 10-11, A3-A13) For the financial statements as a Whole Determining materiality involves the exercise of professional judgment. A percentage is often applied to a chosen benchmark as a starting point in determining materiality. Factors relevant for identifying benchmark are: SPOTLIGHT Elements of financial statements (e.g. assets, liabilities, equity, revenue, expenses), Items on which attention of users of particular entity's financial statements tends to be focused, Nature of entity, current phase of life cycle, and industry & economic environment, Entity's ownership structure and the way it is financed, The relative volatility of the benchmark. For Particular Classes of Transactions, Account Balances or Disclosures If there are one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for financial statements as a whole could reasonably be expected to influence the economic decisions of users. Factors indicating existence such materiality include: 292 Whether law, regulation or applicable financial reporting framework affect users' expectations regarding measurement or disclosure of certain items (e.g. related party transactions). Key disclosures in relation to industry. Whether attention is focused on a particular aspect of entity's business that is separately disclosed in financial statements (for example, a newly acquired business). THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Performance Materiality Amount or amounts set by auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If applicable, performance materiality also refers to amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures. Auditor shall determine performance materiality for purposes of assessing risks of material misstatement and determining the nature, timing and extent of further audit procedures. 6.3 Revision as the Audit Progresses (Ref: 12-13, A14) Auditor shall revise materiality on becoming aware of information during the audit (E.g. a decision to dispose of a major part of the entity's business, new information, or a change in the auditor's understanding of the entity and its operations as a result of performing further audit procedures.) Materiality for the financial statements as a whole Materiality level(s) for particular classes of transactions, account balances or disclosures Performance materiality Any revision in above as the audit progressed AT A GLANCE 6.4 Documentation (Ref: 14) Practice Question 02: Your audit firm has been appointed as auditor of Lucrative Industries Limited (LIL) a listed company for the year ended 31 March 2015. LIL’s financial statements for five years depict the following: 2014 2013 2012 2011 --------------------------- Rupees in millions --------------------------Sales 1,570 1,276 1,064 980 859 Profit before tax 1,159 212 190 165 155 Profit after tax 815 130 135 106 110 Total assets 1,521 1,344 1,270 1,188 1,100 Following further information is available: 2015 2014 Rupees in millions Sales revenue-exports 1,057 944 513 332 -1,299 -1,049 Gain on sale of office building 901 - Other provisions / write offs -11 -13 Other charges -2 -2 Profit before taxation 1,159 212 Profit after taxation 815 130 Intangible assets 350 362 Sales revenue- local supplies Cost of sales and administrative expenses THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 293 SPOTLIGHT 2015 (draft) CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS The results for the current year include the impact of following items: During the year, an increase in export and local sales was noticed due to new agreement with foreign customers and supplies made to Government for flood affected people. Sales to new customers and Government amount to Rs. 105 million and Rs. 225 million respectively. Mark-up on such sales was 15%. Administrative expenses include loss of raw material amounting to Rs. 210 million, which was destroyed due to fire. Raw material was not insured. During the year, the head office of the company was shifted to new premises and the old building was sold for Rs. 1.2 billion. Required: Determine the materiality for the financial statements as a whole and also discuss the basis/benchmarks adopted by you in this regard. Solution: Discussion on the benchmark adopted in above calculation: AT A GLANCE N-1: Profit before tax often forms the basis for calculating planning materiality unless it is significantly volatile. N-2: Circumstances that give rise to an exceptional decrease or increase in such profits may lead the auditor to conclude that materiality for the financial statement as a whole is more appropriately determined using a normalized profit before tax from continuing operations figure based on past results, therefore following items are excluded to arrive at normalized profit: sales to Govt. department is excluded; Loss due to raw material destroyed; and Gain on sale building Further, increase in sale due to new agreement is part of normal operations therefore it is not excluded. SPOTLIGHT N-3: Determining a percentage to be applied to a chosen benchmark involves the exercise of professional judgment, as ISA 320, suggests the rate of 5% of profit before tax therefore it is used. 294 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 7. EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT (ISA 450) Misstatement A difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. Misstatements can arise from error or fraud. When the auditor expresses an opinion on whether the financial statements are presented fairly, in all material respects, or give a true and fair view, misstatements also include those adjustments of amounts, classifications, presentation, or disclosures that, in the auditor’s judgment, are necessary for the financial statements to be presented fairly, in all material respects, or to give a true and fair view. Uncorrected misstatements Auditor shall accumulate misstatements identified during the audit, other than those that are clearly trivial. Auditor may designate an amount below which misstatements would be clearly trivial and would not need to be accumulated. Type of Misstatements Factual misstatements: Misstatements about which there is no doubt. Judgmental misstatements: Differences arising from the judgments of management concerning. accounting estimates, or selection or application of accounting policies that the auditor considers inappropriate. Projected misstatements: Auditor’s best estimate of misstatements in populations. (See ISA 530). 7.2 Consideration of Identified Misstatements as the Audit Progresses (Ref: 6, 7, A4-A6) Auditor shall determine whether the overall audit strategy and audit plan need to be revised if: The nature of identified misstatements and circumstances of their occurrence indicate the existence of other similar misstatements. (e.g. misstatement arose from a breakdown in internal control or from inappropriate assumptions or valuation methods that have been widely applied by the entity) Aggregate of misstatements accumulated during audit approaches materiality. If management has examined and corrected misstatements that were detected by auditor, the auditor shall perform additional procedures to determine whether misstatements remain. 7.3 Communication and Correction of Misstatements (Ref: 8-9, A7-A10) Auditor shall communicate on a timely basis all misstatements accumulated during the audit with the appropriate level of management, unless prohibited by law or regulation. Auditor shall request management to correct those misstatements. (Such correction enables management to maintain accurate accounting books and records). If management refuses to correct some or all of the misstatements communicated by the auditor, the auditor shall: Obtain an understanding of management’s reasons for not making the corrections; and Take that understanding into account when evaluating whether the financial statements are free from material misstatement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 295 SPOTLIGHT 7.1 Accumulation of Identified Misstatements (Ref: 5, A2-A3) AT A GLANCE Misstatements that the auditor has accumulated during audit and that have not been corrected. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 7.4 Evaluating the Effect of Uncorrected Misstatements (Ref: 10-13, A11-A23) Prior to evaluating effect of uncorrected misstatements, auditor shall reassess materiality to confirm whether it remains appropriate in the context of the entity’s actual financial results. If reassessment gives rise to a lower amount, then performance materiality and appropriateness of the nature, timing and extent of the further audit procedures shall also be reconsidered. Auditor shall determine whether uncorrected misstatements are material, individually or in aggregate. In making this determination, the auditor shall consider: Size and nature of the misstatements, both in relation to particular classes of transactions, account balances or disclosures and the financial statements as a whole, and the particular circumstances of their occurrence; and Effect of uncorrected misstatements related to prior periods on the relevant classes of transactions, account balances or disclosures and the financial statements as a whole. Examples of Particular Circumstances (nature of misstatement) Circumstances that may affect the evaluation of any misstatement as material, include the extent to which the misstatement: AT A GLANCE SPOTLIGHT Affects compliance with regulatory requirements; Affects compliance with debt covenants or other contractual requirements; Relates to the incorrect selection or application of an accounting policy that has an immaterial effect on the current period’s financial statements but is likely to have a material effect on future periods’ financial statements; Masks a change in earnings or other trends, especially in the context of general economic and industry conditions; Affects ratios used to evaluate entity’s financial position, results of operations or cash flows; Affects segment information presented in financial statements; Has the effect of increasing management compensation, for example, by ensuring that the requirements for the award of bonuses or other incentives are satisfied; Is significant having regard to auditor’s understanding of the known previous communications to users, for example, in relation to forecast earnings; Relates to items involving particular parties (for example, whether external parties to the transaction are related to members of the entity’s management); Is an omission of information not specifically required by applicable financial reporting framework but which, in the judgment of auditor, is important to users’ understanding of financial position & performance etc.; or Affects other information that will be communicated in documents containing the audited financial statements (for example, information to be included in a “Management Discussion and Analysis” or an “Operating and Financial Review”) that may reasonably be expected to influence the economic decisions of the users of the financial statements. 7.5 Communication with those charged with governance (Ref: 12, A21-A23) 296 Auditor shall communicate with those charged with governance uncorrected misstatements and the effect that they may have on the auditor’s opinion (unless prohibited by law or regulation). Where there is a large number of individual immaterial uncorrected misstatements, auditor may communicate the number and overall monetary effect of uncorrected misstatements. Auditor shall identify material uncorrected misstatements individually. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Auditor shall request that uncorrected misstatements be corrected. Auditor shall also communicate with those charged with governance the effect of uncorrected misstatements related to prior periods on current financial statements. (See ISA 710). 7.6 Written Representations (Ref: 14, A24) Auditor shall request a written representation from management and, where appropriate, those charged with governance whether they believe the effects of uncorrected misstatements are immaterial, individually and in aggregate, to the financial statements as a whole. A summary of such items shall be included in or attached to the written representation. They may add to their written representation words such as: “We do not agree that items … and … constitute misstatements because [description of reasons].” Obtaining representation does not, however, relieve the auditor from his responsibilities. 7.7 Documentation (Ref: 15, A25) Amount below which misstatements would be regarded as clearly trivial; All misstatements accumulated during audit and whether they have been corrected; and Auditor’s conclusion as to whether uncorrected misstatements are material, individually or in aggregate and the basis for that conclusion. SPOTLIGHT AT A GLANCE Auditor shall include in the audit documentation: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 297 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 8. RELATED PARTIES (ISA 550) Important Definitions: Arm's length transaction: A transaction conducted on such terms and conditions as between a willing buyer and a willing seller who are unrelated and are acting independently of each other and pursuing their own best interests. AT A GLANCE Related party: 1. A related party as defined in the applicable financial reporting framework; or 2. Where the applicable financial reporting framework establishes minimal or no related party requirements: a) A person or other entity that has control or significant influence, directly or indirectly through one or more intermediaries, over the reporting entity; b) Another entity over which the reporting entity has control or significant influence, directly or indirectly through one or more intermediaries; or c) Another entity that is under common control with the reporting entity through having: i. Common controlling ownership; ii. Owners who are close family members; or iii. Common key management. 8.1 Responsibilities of the Auditor (3-7) Because related parties are not independent of each other, many financial reporting frameworks establish specific accounting and disclosure requirements for related party relationships, transactions and balances to enable users of the financial statements to understand their nature and actual or potential effects on financial statements. Where the applicable financial reporting framework establishes such requirements SPOTLIGHT Auditor has a responsibility to perform audit procedures to identify, assess and respond to the risks of material misstatement arising from entity's failure to appropriately account for or disclose these. Even if applicable financial reporting framework establishes minimal or no related party requirements Auditor still needs to obtain an understanding of related party relationships and transactions sufficient to be able to conclude whether financial statements, in so far as they are affected by those relationships and transactions: Achieve fair presentation (for fair presentation frameworks); or Are not misleading (for compliance frameworks). In addition, an understanding of related party is relevant to the auditor's evaluation of whether one or more fraud risk factors are present, because fraud may be more easily committed through related parties. Planning and performing the audit with professional skepticism is therefore particularly important in this context, given the potential for undisclosed related party relationships and transactions. 8.2 Risk Assessment Procedures and Related Activities (11-14, A9, A17-A18) Auditor shall perform audit procedures and related activities to obtain information relevant to identifying risks of material misstatement attached with related parties. Discussion among the Engagement Team It shall include specific consideration of susceptibility of financial statements to material misstatement due to fraud or error that could result from entity's related party relationships and transactions. 298 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Matters that may be addressed in the discussion among the engagement team include: Nature and extent of the entity's relationships and transactions with related parties. An emphasis on the importance of maintaining professional skepticism throughout the audit regarding the potential for material misstatement associated with related party relationships and transactions. Circumstances or conditions of the entity that may indicate the existence of related party relationships or transactions that management has not identified or disclosed to the auditor (e.g. a complex organizational structure, use of special-purpose entities for off-balance sheet transactions, or an inadequate information system). The records or documents that may indicate the existence of related party relationships or transactions. Importance that management and those charged with governance attach to identification, appropriate accounting for and disclosure of related party relationships and transactions and related risk of management override of controls. Understanding the entity The identity of the entity's related parties, including changes from the prior period; The nature of the relationships between the entity and these related parties; and Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions. Understanding of the controls over related party relationships and transactions Auditor shall inquire management and others within entity and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established to: Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework; Authorize & approve significant transactions and arrangements with related parties; and Authorize and approve significant transactions and arrangements outside the normal course of business. Auditor may consider features of the control environment relevant to mitigating risks of material misstatement associated with related party relationships and transactions, such as: Internal ethical codes, appropriately communicated to entity's personnel and enforced, governing the circumstances in which the entity may enter into specific types of related party transactions. Policies and procedures for open and timely disclosure of the interests that management and those charged with governance have. Assignment of responsibilities within entity for identifying, recording, summarizing, and disclosing these. Timely disclosure and discussion between management and those charged with governance of significant related party transactions outside the entity's normal course of business, including whether those charged with governance have appropriately challenged the business rationale of such transactions (e.g. by seeking advice from external professional advisors). Clear guidelines for approval of related party transactions involving actual or perceived conflicts of interest, such as approval by a subcommittee of those charged with governance comprising individuals independent of management. Periodic reviews by internal auditors, where applicable. Proactive action taken by management to resolve related party disclosure issues. The existence of whistle-blowing policies and procedures, where applicable. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 299 SPOTLIGHT AT A GLANCE The auditor shall inquire management regarding: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Practice Question 03: ABC and Company, Chartered Accountants, have been appointed as the auditor of Neptune Limited (NL). During the audit it has been revealed that: NL’s operation involves significant and frequent transactions with related parties. Required: Discuss the overall audit approach and related audit procedures to address the above issues. Also state the possible implications on the audit report. Tutorial Notes: Don’t restrict your answers to procedures aimed at verifying the list of related party transactions provided by the client; do also focus on addressing the main issue i.e. risk of unidentified related parties or related party transactions. Solution: Significant related party transactions: The auditor shall inquire of the management and others within the entity and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established to: AT A GLANCE identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework; authorize and approve significant transactions and arrangements with related parties; and transactions and arrangements outside the normal course of business. During the audit, the auditor shall remain alert, when inspecting records or documents, for arrangements or other information that may indicate the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor. The auditor shall consider the susceptibility of the financial statement to risk material misstatement due to fraud or error that could result from the entity’s related party relationships and transactions. The auditor shall obtain the data from the management in respect of: SPOTLIGHT associated companies Subsidiaries list of related parties’ personnel (as per the definition) in the International Financial Reporting Standards; The auditor shall inspect the following for indications of the existence of related party relationships or transactions that management has not previously identified or disclosed to the auditor: Bank and legal confirmations obtained as part of the auditor’s procedures; Minutes of meetings of shareholders and those charged with governance; and Any other records or documents as the auditor considers necessary (e.g. Form A, Form 29, Register of members, Documents related to compliance with Code of Corporate Governance etc.). The auditor shall inquire of management regarding the following: 300 The identity of the entity’s related parties, including changes from the prior period; The nature of the relationships between the entity and these related parties; Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions; Ensure that all key management personnel and known related parties are included therein. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT The auditor shall review the extent and nature of business transacted with major customers, suppliers, borrowers and lenders for indications of previously undisclosed relationships. The auditor shall review the significant transactions outside the normal course of business, paying particular attention to the transaction recognized at or near end of the reporting period and inquire of management: the nature of these transactions If the above procedures performed by auditor identify a material misstatement in the financial statements, then the auditor will ask the management to make appropriate adjustment and in case of disagreement will issue a qualified or adverse opinion as appropriate. Practice Question 04: You have been assigned the area of related parties in an audit of the financial statements of a listed company where there are significant related party transactions. Required: AT A GLANCE whether related parties are involved in these transactions The auditor shall ensure that all related party transactions are disclosed appropriately in the financial statements as per applicable financial reporting framework. Where the controls over related party transactions are ineffective or non-existent and the auditor is unable to obtain sufficient appropriate audit evidence about related party relationships and transactions, the auditor will issue a qualified or disclaimer of opinion as appropriate. Highlight what controls you would expect to be present in the company for the related party transactions. Ability of entity’s information systems to record, process and summarize related party relationships and transactions to meet the accounting and disclosure requirements of the framework; Appropriateness of internal ethical codes communicated to the entity’s personnel and their enforcement. They should also govern the circumstances in which the entity may enter into specific types of related party transactions. Policies and procedures for open and timely disclosure of the interests that management and those charged with governance have in related party transactions. Timely disclosure and discussion between management and those charged with governance of significant related party transactions outside the entity’s normal course of business, including whether those charged with governance have appropriately challenged the business rationale of such transactions (for example, by seeking advice from external professional advisors). Clear guidelines for the approval of related party transactions involving actual or perceived conflicts of interest, such as approval by a subcommittee of those charged with governance comprising individuals independent of management. Periodic reviews by the internal audit function. Proactive actions taken by management to resolve related party disclosure issues, such as by seeking advice from the auditor or external legal counsel. The process for assessing whether the transaction is at arm’s length price or not. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 301 SPOTLIGHT Solution: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 8.3 Maintaining Alertness for Related Party Information When Reviewing Records or Documents (1516, A22-A25) Examples of Records or Documents Records or Documents That the Auditor May Inspect AT A GLANCE Third-party confirmations obtained by auditor (in addition to bank and legal confirmations). Entity income tax returns. Information supplied by the entity to regulatory authorities. Shareholder registers to identify the entity's principal shareholders. Statements of conflicts of interest from management and those charged with governance. Records of the entity's investments and those of its pension plans. Contracts and agreements with key management or those charged with governance. Significant contracts and agreements not in the entity's ordinary course of business. Specific invoices and correspondence from the entity's professional advisors. Life insurance policies acquired by the entity. Significant contracts re-negotiated by the entity during the period. Internal auditors' reports. Documents associated with the entity's filings with a securities regulator (for example, prospectuses). Examples of Arrangements that may indicate such existence Participation in unincorporated partnerships with other parties. Agreements for the provision of services to certain parties under terms and conditions that are outside the entity's normal course of business. Guarantees and guarantor relationships. SPOTLIGHT In particular, the auditor shall inspect the following for indications of the existence: Bank and legal confirmations obtained as part of the auditor's procedures; Minutes of meetings of shareholders and of those charged with governance; and Such other records or documents as the auditor considers necessary in the circumstances of the entity. Identification of Significant Transactions outside the Normal Course of Business If auditor identifies significant transactions outside entity's normal course of business, the auditor shall inquire management about: c) The nature of these transactions; and d) Whether related parties could be involved. 8.4 Identification and Assessment of the Risks of Material Misstatement Associated with Related Party Relationships and Transactions (18-19, A29-A30) Auditor shall identify and assess the risks of material misstatement associated with related party relationships and transactions and determine whether any of those risks are significant. In making this determination, auditor shall treat identified significant related party transactions outside the entity's normal course of business as giving rise to significant risks. 302 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 8.5 Responses to Risks of Material Misstatement Associated with Related Party Relationships and Transactions (20-22, A31-A33, A36) Auditor designs and performs further audit procedures to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement associated with related party relationships and transactions. Management has not appropriately accounted for or disclosed specific related party relationship / transactions The nature, timing and extent of the further audit procedures that the auditor may select to respond to the assessed risks of material misstatement associated with related party relationships and transactions depend upon the nature of those risks and the circumstances of the entity. Practice Question 05: Diversified Businesses Limited is a listed company engaged in the business of manufacturing paints, pharma and chemicals. During the planning stage of an audit, the auditor has found that: Required: Evaluate and discuss how the auditor should deal with the above situations. Tutorial Notes: Common errors could be mentioning the procedures except the following: Verifying the source of the internal or external data supporting the assertion and testing the data to determine its accuracy, completeness and relevance. Evaluating the reasonableness of any significant assumptions on which the assertion is based. AT A GLANCE The company has advanced a significant amount of Rs. 2.5 billion to a related party, for construction of an office tower. In the notes to the financial statements, it has been stated that transactions with related parties were carried out on arm’s length basis. The auditor need to ascertain whether transactions with the related party have been appropriately accounted for and disclosed in accordance with the IFRS and Companies Act, 2017. Management’s assertion that the transactions were conducted on terms equivalent to those prevailing in an arm’s length transaction may be materially misstated due to practical difficulties that limit the auditor’s ability to obtain audit evidence that all aspects of the audit evidence are equivalent to those of the arm’s length transaction. In order to address the above factors, the auditor shall: Inspect the underlying contracts or agreement. Determine the business rationale behind the transaction. Determine whether the terms of the transactions are consistent with management’s explanations. Obtain audit evidence that the transactions have been appropriately authorized and approved. The auditor will evaluate management’s support for the assertion of arm’s length transaction, which may involve one or more of the following: Considering the appropriateness of management’s process for supporting the assertion. Verifying the source of the internal or external data supporting the assertion and testing the data to determine their accuracy, completeness and relevance. Evaluating the reasonableness of any significant assumptions on which the assertion is based. In addition to the above, we shall seek representation that management has disclosed all the facts and documents related to the above transaction. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 303 SPOTLIGHT Solution: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Identification of Previously Unidentified or Undisclosed Related Parties or Related Party Transactions If auditor identifies arrangements or information that suggests existence of related party relationships or transactions that management has not previously identified or disclosed, auditor shall determine whether the given circumstances confirm the existence of those relationships or transactions. If the auditor identifies related parties or significant related party transactions that management has not previously identified or disclosed, auditor shall: a) Promptly communicate the relevant information to other members of engagement team; b) Where applicable financial reporting framework establishes related party requirements: Request management to identify all transactions with the newly identified related parties; Inquire why entity's controls failed to identify or disclosure such relationship or transaction; c) Reconsider risk of existence of other related parties/transactions and perform additional audit procedures; d) If non-disclosure by management appears intentional, evaluate implications for the audit; e) Perform appropriate substantive audit procedures. AT A GLANCE Practice Question 06: The financial statements of Modern Equipment (Pvt) Limited reveal that the company has paid a donation of Rs. 15 million to a charitable organization where one of the directors of the company is a trustee. The company has earned a gross profit of Rs. 40 million. The selling and administration expenses including the donation amount to Rs. 60 million and as a result the company has incurred a net loss of Rs. 20 million. Required: Discuss the possible impact of the above issue on the auditor’s report. Solution: SPOTLIGHT Since appropriate business consideration does not seem to be involved, mere approval by the Board would not confirm that the expenditure has been incurred for the purpose of the company’s business. If the auditor is unable to satisfy himself on the above issue he will have to qualify the report by: stating the brief facts of the case. using the “except for” type of qualification, while certifying that the business has been conducted in accordance with the objects of the company. Practice Question 07: As the audit partner responsible for the audit of Mubashar Limited (ML), you have recently issued an audit report on ML’s annual financial statements. The audit senior involved in the audit of another client Salman Limited (SL) has informed you that SL’s records indicate that it has made purchases worth Rs. 37 million from ML. Since the same audit senior was also involved in the audit of ML he knows that SL and ML are associated companies and ML had not disclosed any related party transactions in its financial statements. This fact has also been confirmed from the working papers of both the companies. Payments against these purchases were made in the name of ML by way of crossed cheques. Required: Discuss the factors that you will consider with reference to above and specify the action that you would take in this regard. 304 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Tutorial Notes: Points to focus more may be as follow: Discrepancy mentioned in the situation could have been intentional as well as unintentional. Some key issues like re-assessment of the risk of material misstatement in SL, possibility of withdrawal from the engagement and the impact on audit report are also required. Solution: Factors that should be considered and actions to be taken: ML may have recorded the sale in the name of any other party with the intention of non-disclosure of related party transaction. iii. The non-disclosure of related party transactions may be due to unintentional error made by the management. c) We shall discuss the issue with the management and if necessary with those charged with governance and ask them to: revise the financial statements take steps to ensure that those in receipt of the previous financial statements are informed of the situation. d) If we establish that the revised audit report should be issued and the management has not yet issued the financial statements to the shareholders, in this case we shall: i. Carry out the audit procedures necessary for verification of amendment in the financial statements. ii. Extend the audit procedures regarding subsequent events, to the date of the new audit report. iii. Provide a new auditor’s report on the amended financial statements. iv. Include an emphasis of matter paragraph or other matter paragraph reflecting such amendment. e) If financial statements have already been issued to the shareholders then we should, in addition to the above audit procedures: i. Review the steps taken by the management to ensure that those in receipt of the previous financial statements together with the auditor’s report thereon are informed of the situation. ii. Notify the management and where necessary those charged with governance that we would seek to avoid future reliance on the audit report, if the management does not take appropriate steps to ensure that those in receipt of previously issued financial statements are informed of the situation and does not amend the financial statements. iii. Seek legal advice in order to prevent the reliance on the audit report on the financial statements, if in spite of our communication, ML’s management or those charged with governance fail to take necessary steps to prevent reliance on the audit report issued on the financial statements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 305 SPOTLIGHT ii. AT A GLANCE a) The amount of sales made to SL a related party is material (by nature) to the financial statements. b) We need to consider the reason for this event. The possible reasons are as follows: i. It may be a deliberate attempt by ML to fraudulently siphon off funds by suppressing the sales probably by the management itself or by any other employee. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS f) Under the specific law, regulation or the financial reporting framework where we are permitted to restrict the audit procedures on subsequent event specific to the amendment, we will mention an additional date in the audit report restricted to the amendment that indicates that the audit procedures on subsequent events are restricted to that specific amendment as mentioned in the relevant note. We would also mention the fact in the emphasis of matter paragraph or the other matter paragraph that our audit procedures on subsequent events are restricted solely to the amendment of the financial statements as described in the relevant note to the financial statements. g) If as a result of a misstatement resulting from fraud or suspected fraud, we feel that our ability to continue performing the audit has been affected, we should: i. Determine the professional and legal responsibilities applicable in the circumstances, including the requirement to report the matter to the shareholders or the regulatory authorities. ii. Consider whether it is appropriate to withdraw from the engagement, and if we decide to withdraw: AT A GLANCE Discuss with appropriate level of management and those charged with governance, our withdrawal from the engagement and the reasons for the withdrawal. Determine whether there is a professional or legal requirement to report to the shareholders about the withdrawal from the audit or the responsibility to report it to the regulatory authorities. Discuss with the legal advisor about withdrawal from the engagement. Being an associated company the management of ML may be in a position to influence the decision of SL also. Therefore, the auditor should reassess the risk of material misstatement in SL. 8.6 Identified Related Party Transactions Outside Normal Course of Business (23-24, A38) Auditor shall: SPOTLIGHT a) Inspect the underlying contracts or agreements, if any, and evaluate whether: i. The business rationale of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets; In evaluating the business rationale of such related party transaction, auditor may consider following: 306 Whether the transaction: ¯ Is overly complex (e.g. it may involve multiple related parties within a consolidated group). ¯ Has unusual trade terms e.g. unusual prices, interest rates, guarantees and repayment terms. ¯ Lacks an apparent logical business reason for its occurrence. ¯ Involves previously unidentified related parties. ¯ Is processed in an unusual manner. Whether management has discussed nature of, and accounting for, such transaction with those charged with governance. Whether management is placing more emphasis on a particular accounting treatment rather than giving due regard to the underlying economics of the transaction. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT If management's explanations are materially inconsistent with the terms of related party transaction, auditor is required to consider reliability of management's explanations and representations on other significant matters. (ISA 500) ii. The terms of the transactions are consistent with management's explanations; and iii. The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework b) Obtain audit evidence that the transactions have been appropriately authorized and approved. Assertions That Related Party Transactions Were Conducted on Terms Equivalent to Arm's Length Transaction If management has made an assertion in financial statements that a related party transaction was conducted on terms equivalent to arm's length transaction, auditor shall obtain sufficient appropriate audit evidence about the assertion. Mr. Burhan is working as audit manager in a firm of Chartered Accountants. The audit teams have brought the following matters to his attention: During the audit of Moon Limited, it has been noted that 40% sales are made to an associated company on credit. The management claims that the prices charged by the company to the associated company are set in accordance with the prevailing market. (06) Required: AT A GLANCE Practice Question 08: Explain how the audit teams should deal with the above situations. Tutorial Notes: Along with the issue of sales price and its comparison with market prices, credit terms and its related implications should also be given weightage. The terms of the transactions with the associated company need to be obtained and compared with market terms. If the price charged to the related party is not the market price seek justification from the management and document, it appropriately. If credit terms are not comparable with those prevailing in the market, the transaction with the related party may be construed as a financing transaction. In such case, ensure that approval of shareholders through special resolution in accordance with Companies Act has been obtained. If the entity is unable to produce relevant approval of the shareholders in respect of loan, it will constitute a non-compliance with laws and regulations. The auditor shall consider the need to obtain legal advice. The auditor shall also evaluate the implications of non-compliance in relation to other aspects of the audit, including the auditor’s risk assessment and the nature, timing and extent of audit procedures. Ensure that transactions with associated company are approved and authorized by the board of directors. If the transaction with associated company lacks logical business rationale, then reassess the management integrity. Check whether the transaction has been disclosed as required under IAS 24 and other statutory requirements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 307 SPOTLIGHT Solution: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 8.7 Evaluation of Accounting for and Disclosure of Identified Related Party Relationships & Transactions (25, A47) In forming an opinion in accordance with ISA 700, the auditor shall evaluate: a) Whether the identified related party relationships and transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework; and b) Whether the effects of the related party relationships and transactions: i. Prevent the financial statements from achieving fair presentation (for fair presentation frameworks); or ii. Cause the financial statements to be misleading (for compliance frameworks). 8.8 Written Representations (26) Where the applicable financial reporting framework establishes related party requirements, the auditor shall obtain written representations from management and, where appropriate, those charged with governance that they have: AT A GLANCE a) Disclosed to the auditor the identity of the entity's related parties and all the related party relationships and transactions of which they are aware; and b) Appropriately accounted for and disclosed such relationships and transactions in accordance with the requirements of the framework. Related Party Checklist - Extracts from ICAP Audit Practice Manual System Evaluation 1. SPOTLIGHT 2. Inquire of management regarding: The identity of the entity’s related parties, including changes from the prior period The nature of relationships between the entity and these related parties Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions Inquire of management and others within the entity such as those charged with governance, internal auditors, legal counsel and those dealing with significant transactions outside of normal course of business, to obtain an understanding of the controls, if any that management has established to: Identify, account for, and disclose related party relationships and transactions in accordance with the applicable reporting framework Authorise and approve significant transactions and arrangements with related parties Authorise and approve significant transactions and arrangements outside normal course of business Related Parties 308 1. Obtain from management personnel (or prepare) a list of all related parties (detailing the name of related party, relationship with each party) and compare with the previous year’s list and the shareholder’s records. Distribute the list of related parties to all staff assigned to the engagement for their consideration while performing various audit tests, and attach copy to this checklist. 2. If secondary auditors, consider obtaining representation from parent company management as to the existence of related parties, consider enquiring of predecessor auditors, or other firms involved in the audit, as to their knowledge of RPTs. 3. Document any affiliations directors or senior management have with other entities. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT 1. Inquire of appropriate management personnel whether there were any transactions with related parties (including significant transactions that occurred but were not given accounting recognition). 2. Perform procedures to identify additional related parties and significant (over ____), unusual, or nonrecurring transactions or balances involving related parties. Such procedures could include: 4. identifying major customers, suppliers, borrowers, and lenders, and significant changes to these relationships. review of lawyer billings review of bank guarantees review of contract awards review of overdue receivables or payables review of investment transactions transactions at, or near, the year end review of transactions with unusual terms of trade consider where RPTs may have occurred but not changed Where RPTs have been identified prepare (or obtain) a schedule, or a summary where appropriate of these and obtain an understanding of the business purpose of the transaction(s). examine invoices, agreements etc. examine approval for the transaction both by management and local shareholders obtain confirmation of any outstanding balances obtain information as to the financial standing of the related parties regarding out indicate whether disclosure is required or not agree with management SPOTLIGHT 3. Where it is uncertain if the transaction is a RPT or not consider: obtaining confirmation of significant information directly from third parties obtaining further information and references on supplies or customers that appearing Transactions outside the Entity's Normal Course of Business 1. For identified significant related party transactions outside the entity’s normal course of business: Inspect the underlying contracts or agreements, if any, and evaluate whether: i. The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage in fraudulent financial reporting or conceal misappropriation of assets. ii. The terms of the transactions are consistent with management’s explanations. iii. The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework. Obtain evidence that transactions have been appropriately authorised & approved. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN AT A GLANCE Related Party Transactions 309 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Arm's Length Assertion 2. If management has made an assertion in the financial statements to the effect that a related party transaction was conducted on terms equivalent to those prevailing in an arm’s length transaction, obtain sufficient appropriate audit evidence about the assertion by performing procedures such as: Comparing the terms to those with unrelated parties. Engaging an external expert to determine market value and verify market terms and conditions. Comparing the terms to known market terms for similar transactions. Consider impact on the audit report 3. In forming an opinion, evaluate: AT A GLANCE Whether the identified related party relationships or transactions have been appropriately accounted for and disclosed in accordance with the applicable financial reporting framework. Whether the effects of the related party relationships and transactions prevent the financial statements from achieving fair presentation. Communication with those charged with governance Unless all of those charged with governance are involved in managing the entity, communicate with those charged with governance significant matters arising during the audit in connection with the entity’s related parties Practice Question 09: You are the audit manager responsible for the audit of Mechanic Engineering Limited, (MEL) which provides mechanical parts to different industries. The draft financial statements for the year ended 30 September 2016 show profit before taxation of Rs. 150 million (2015: Rs. 200 million) and total assets of Rs. 1.2 billion (2015: Rs. 1.1 billion). SPOTLIGHT Presently following matters are under your consideration: During the year, MEL has sold one of its buildings to Natasha (Private) Limited (NPL) at a loss of Rs. 20 million. The building was purchased at a cost of Rs. 80 million seven years ago and was depreciated @ 5% per annum on straight line basis. The minutes of the meeting of the Board of Directors at which the sale was approved indicate that a director of MEL holds 20% shares in NPL. However, the minutes also indicate that he did not vote on the transaction due to conflict of interest. Required: Evaluate the above situations and determine the course of action in respect of each of the above independent situations. (Reporting implications are not required) Solution: Evaluation of the situation: The loss on disposal has reduced profit before tax by Rs. 20 million and is approximately 13.33% of profit before tax and is therefore material. Moreover, the transaction is a related party transaction due to 20% director’s holding in NPL. Course of action: Consider reasons for disposal of building. Promptly communicate the relevant information of the related party transaction to other members of the audit team. 310 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT A copy of the sale agreement A copy of any valuation report carried out on the asset Evidence of receipt of the proceeds through the bank The calculation of the loss (this should be checked for accuracy) Ensure proper disclosure of related party transaction in the financial statement. SPOTLIGHT AT A GLANCE Request management to identify all transactions with NPL for further evaluation. Reconsider the risk that other related parties or significant related party transactions may exist that management has not previously identified or disclosed to the auditor, and perform additional audit procedures. Review the appropriateness of depreciation policy. If it is not appropriate, then review the remaining non-current assets to ensure that they are not impaired. Investigate the influence of director with respect to the said transactions even though he did not participate in the voting. Inquire as to why the entity’s control over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions. If the non-disclosure by management appears intentional (and therefore indicative of risk of material misstatement due to fraud), evaluate the implications for the audit. Obtain the following evidence: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 311 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 9. RISK ASSESSMENT - MIX QUESTIONS (ISA 315,240,550,520 & 570) Practice Question 10: You are the audit manager in a firm of chartered accountants responsible for the statutory audit of Hackney Pharma Limited (HPL) which is principally engaged in the business of manufacturing and sale of pharmaceutical products. Extracts from HPL’s statement of profit or loss for the year ended 31 May 2021 are as follows: 2021 Description 2020 Rs. in '000 Sales 3,343,214 3,213,435 Sales returns (72,519) (73,202) Sales - net 3,270,695 3,140,233 Cost of sales (1,895,590) (1,860,579) (94,089) (93,629) AT A GLANCE Selling & marketing expenses During the planning meeting for the year ended 31 May 2021, HPL’s management informed you about the recall notice issued in respect of HPL’s flagship product ‘Azteca’. The notice was published in a local newspaper on 1 May 2021. The notice was issued on the advice of the drug regulatory authority following complaints received with regard to development of unexpected side effects in some users of the product. SPOTLIGHT Azteca is a patent product under the licensing agreement with Global Healthcare Laboratories (GHL), a multinational company, signed in year 2017. Under the agreement, HPL manufactures and sells Azteca for 10 years against payment of upfront license fee of Rs. 300 million. HPL is also subject to penalties in case of use of substandard raw material in the manufacture of Azteca. The raw material is imported from foreign countries. Currently, GHL is investigating the reason for the defect/unexpected side effects. The management has also informed you that this product recall has not only affected HPL’s sales but has also created working capital issues. HPL took immediate steps such as commenced negotiation with the bank for financing working capital and launched aggressive marketing campaign in May 2021 to boost the sale of its other products. Required: Discuss the audit risks that exist in the above scenario and suggest the key audit procedures to be performed in respect of identified risks. Solution: S. No. Audit Risks (i) Understatement of provision for claim filed by the customers due to side effects developed from the use of Azteca. Key Audit Procedures 312 Inquire management and where applicable others within the entity including in-house legal counsel about any court notices issued. Read BOD minutes and correspondence between the entity and its external legal counsel. Review the legal confirmations to assess whether all liabilities have been appropriately disclosed. Obtain the list of claims filled by the consumers. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT (ii) (iii) (iv) Audit Risks Key Audit Procedures Review legal expense accounts. Ask the management to make appropriate adjustment/disclosure in the financial statements if the legal advisor confirms the existence of liability or contingent liability which have not been disclosed in the financial statements. No provision or understatement of penalties imposed by the regulator due to product recall notice. Inquire management about any correspondence or notice received from regulator. Check whether management has recorded any provision for penalties and review management working to evaluate the reasonableness of provision. Understatement of provision of penalties from GHL due to use of substandard raw material in manufacturing of product Azteca. Understatement of provision of sales return despite increase in gross sales and product recall. (v) Overstatement of sales to depict better picture to secure working capital financing from bank. Understatement of selling expense despite sales growth and aggressive marketing strategy. In fact, selling expenses are approximately the same as last year. Incorrect foreign exchange translation Review license agreement for clauses related to fines and penalties. Read BOD minutes about discussion in this regard. Review management correspondence with GHL. Inspect sales return ledger subsequent to year end. Inquire management about the number of batches for which product recall notice was issued. Verify through production records and gate inward notes that all the returned quantities have been recorded as sales returns. Obtain monthly sales break up from management to check any significant increase in sales close to year end. Obtain monthly sales report from distributor to get reliance on secondary sales to retailers’ / end users. Check collections from customers subsequent to year end. Perform cut off testing of goods delivery note and sales invoices. Check vendor invoices subsequent to year end to ensure management accrued all the expenses in current period. Obtain the details of aggressive marketing campaign launched and how much has been expensed out this year. Check that appropriate exchange rates used in translation of foreign currency. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 313 AT A GLANCE S. No. SPOTLIGHT CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT S. No. Audit Risks CFAP 6: AARS Key Audit Procedures while recording import of raw material from foreign countries. Check on a sample basis that any gains/losses arising on the translation of foreign currency are correctly recognized as per the requirements of IAS-21. Impairment in intangible license fees due to recall of flagship product Azteca and a significant decrease in its sales. Impairment in the value of plant and machinery due to decline in sales of flagship product. Check subsequent sales of product Azteca post year end to access whether sales affected due to product recall. Assess the reasonableness of assumptions taken by the management and discount rate used. Ask the management to carry out the impairment test and review the work performed by the management. Review the source data used by the management for impairment testing. Consider involving auditor’s expert. AT A GLANCE Overstatement in the value of inventory of product Azteca for not being recorded at lower of cost or NRV. SPOTLIGHT Ask management to perform the NRV testing of finished goods of Azteca. Check whether provision for obscelence is recorded for entire lot of raw material held in stock, if it is concluded that substandard raw material was procured. Inquire from the management that whether the raw material can be retuned back to its supplier. Inquire management whether it would dispose the entire inventory now or it can re-sell the inventory after rework. Verify the management’s working to assess the authentication of estimated re-work cost. Practice Question 11: You are the audit manager at Haroon Rahim and Company, Chartered Accountants responsible for the audit of Fit Bit Limited (FBL) for the year ended 30 November 2020. FBL is a listed company and is engaged in the manufacturing of fitness equipment and related accessories. FBL sells its products all over the country through a chain of distributors. The extracts from the draft financial statements for the year ended 30 November 2020 are as follows: 2020 2019 ------ Rs. in million -----Revenue from sale of fitness equipment 71,000 70,000 Revenue from subscription of plans 30,000 - 500 400 Property, plant and equipment 6,600 6,900 Intangible assets 1,000 250 Advance from customers 10,000 200 Stock in trade 16,000 15,800 Profit before tax 314 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT During the month of October 2020, due to faulty pad used in a newly manufactured fitness equipment, 60 accidents were reported where FBL had paid compensation aggregating Rs. 30 million. Upon identification of fault, the sale of this equipment was immediately suspended until the matter was resolved in a month’s time. The entire compensation amount paid to customers has been reported in the financial statements as receivable from a supplier who had supplied such faulty pads. On 1 January 2020, FBL launched a mobile application that generates personalized exercise and diet plans considering an individual user’s physical and medical conditions. The application has received an overwhelming response as large number of domestic and foreign customers have subscribed for it. Following information is available in this respect: The application was developed in-house with the support of a leading software house. Each customer has an option to subscribe biannual or annual plan. All the subscription plans are paid in advance; however, each subscriber has an option to cancel the plan within 30 days and claim the refund of the entire subscription amount. Discuss the audit risks that exist in the above scenario and suggest the key audit procedures to be performed in respect of the identified risks. Tutorial Notes: Some of the students may fail to identify the risks relating to refund liability, warranty provision, segment reporting, foreign tax regulation and their related audit procedures. Solution: AT A GLANCE Required: Litigations and claims: Risks: Audit team might not be aware of any further claims filed against FBL despite the fact that the company paid Rs. 30 million in damages to the customers. Procedures: Send confirmation requests to FBL’s legal advisors. Consider engaging auditor’s expert for assessing the impact of the cases filed against the company. Inquire the management or FBL’s legal counsel about how the management would deal if any further claims are filed against FBL. Assess the potential impact of recognizing a charge or disclosing a contingent liability in the light of IAS 37. Assess whether a penalty may be imposed on FBL by any government authority. Verify current and subsequent legal expenses incurred by FBL for identification of any damage claim. Write down of inventory to NRV: Risk: FBL might not be able to sell the affected equipment at current price levels or witness decline in its sale price. Consequently, net realizable value of the equipment may be lower than its cost. Procedures: Evaluate the cost of necessary changes required to be made in the current inventory of the equipment, to bring them in a saleable condition. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 315 SPOTLIGHT CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Review and test the procedures in place for comparing NRV with cost for each item of inventory and assess whether appropriate changes have been made in the light of current situation. Refund liability: Risks: The customers might return the faulty equipment or FBL may have to recall the sold equipment. Provision of refund liability for cancellation of subscription plans may not be appropriately made. Procedures: Obtain management’s assessment and projections of the number of equipment which may be returned by the customer or FBL may have to call them back. Obtain the number of subscribers whose trial period is yet to expire at the year end. Assess the adequacy of projections and assumptions used. AT A GLANCE Warranty Provision: Risks: Due to the faulty pads in newly manufactured fitness equipment, customers may file warranty claims therefore the existing provision may not be adequate. Procedures: SPOTLIGHT Review warranty claims / payments after the balance sheet date Review any revised working which the client may have prepared. Consider the appropriateness of the model and assumptions used in the light of current situation. Consider involving an expert to calculate the warranty provision to be included in the financial statements. Receivable from supplier: Risk: The receivable from supplier may need to be written off unless it is virtually certain that the amount will be received. Procedures: Discuss with the client the basis on which it has decided to book the receivable. Obtain the legal advisor’s opinion on the matter and the notice issued to the supplier. Review correspondence with the supplier. Review the contract with the supplier for identification of any clause related to indemnification of damages. Send confirmation request to the supplier with regard to the receivable balance. Segment reporting: Risk: New business segment i.e. offering monthly and annual subscription plan for customized exercise plan may not have been disclosed in the financial statements as per IFRS-8. 316 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Procedures: Obtain an understanding of the methods used by the management in determining segment information. Ensure proper allocation of assets and costs among each segment. Review the reconciliations between segment information and consolidated information to assess whether significant items are properly disclosed. Intangible asset: Risk: Cost incurred for research and development of mobile application may not have been appropriately accounted for. Ensure that all research has been recorded as period cost. Ensure that the criteria mentioned by IAS - 38 for capitalization of development cost has been met. Inquire management about the completion of research phase and commencement of the development phase to evaluate appropriateness. Foreign exchange translation: Risk: Since the company is exposed to foreign exchange translation due to subscription income from foreign customers, gains and losses on translation of foreign currencies related to revenue recognition and refund liability from customer may not be recorded correctly. AT A GLANCE Procedures: Check on a sample basis that any gains/losses arising on the translation of foreign currency are correctly recognized as per the requirements of IAS-21. Check that appropriate exchange rates are used in translation of foreign currency. Revenue: Risks: Revenue from sale of equipment may be misstated. This may be established from the fact that despite there was no sales in an entire month, the annual sales revenue from sale of equipment has increased from previous year. Advance received in respect of exercise plan subscription may inappropriately be recognized as revenue in the current year. Procedures: Perform analytical procedures over revenue from sale of equipment. Perform cut-off procedures to ensure that revenue has been recorded in the correct period. Inspect the sales return after the year end and assess that whether they need to be recorded in the current accounting period. Obtain the schedule of advance received from customers and ensure that timely transfers are being made to revenue account. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 317 SPOTLIGHT Procedures: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Foreign tax regulation: Risk: Receiving of foreign subscription may lead to potential tax issues particularly as regards sales tax. This could lead to unrecorded liabilities for sales taxes payable and potential misstatement of revenue as a result. Procedures: Obtain the details of countries in which the subscribers exist. Obtain an understanding of the tax laws applicable in those countries or the tax treaties with those countries. Involve the firm’s tax specialist to obtain the knowledge of the foreign tax laws applicable to FBL. Obtain a sample of foreign subscription and ensure that proper tax is deducted/collected. Practice Question 12: AT A GLANCE While conducting the audit of financial statements of Ghurair Limited, it has been discovered that the company has received a material amount in bank, recorded as sales. On inquiry, the finance department has informed that this amount represents a price increase claim received from a foreign customer. It has also confirmed that there is no previous history of receiving such claim from any foreign customer. Documentary evidence relating to the transaction has been requested but has not been provided yet. Required: Discuss the implications of the above transaction on the completion of the audit. Also recommend the action(s) in this regard which the firm should take. Tutorial Notes: Students should not miss to identify the scenario as a possibility of money laundering. SPOTLIGHT Solution: Implications on the completion of the audit There is a possibility that the above transaction may be illegal transfer of funds which may attract the provisions of Anti-Money Laundering Act. Care must be taken during the remaining audit that no-one tips off the client that their activity is being treated as suspicious. The firm may take following further action in this regard: Send direct confirmation to the customer to ascertain whether the amount received is actually the price increase. Communicate with those charged with governance if management is unable to provide the records/information providing sufficient appropriate audit evidence. Consider engaging some specialist within the firm who have the adequate knowledge of dealing with and investigating money laundering activates. Consider obtaining a legal advice on how to proceed with this matter and how to report it to the relevant authorities. If it is concluded that it is money laundering or have strong suspicion of money laundering and there is doubt on management integrity, the firm may consider withdrawing from the engagement. 318 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Practice Question 13: You are the audit manager assigned to the audit of Astron Computers Limited (ACL) for the year ended 30 November 2019. Following information is available: The main business of the company is the importation of servers, laptops, desktop computers, LCD screens and related accessories for sales to large customers and retailers. ACL was incorporated in 2002 and operated profitably until 2016 when it turned into a loss-making entity due to increased availability of refurbished computers in the market. Extracts from the draft profit and loss account: 2019 2018 Rs. in million Sales 430 648 Cost of sales (388) (583) Loss before taxation (32) (64) 2019 2018 Equity & liabilities Rs. in million Non-current assets Fixed assets Deferred tax 2019 2018 Rs. in million Equity and reserves 45 27 72 51 24 75 Current assets Share capital Reserves 6 27 33 6 50 56 Non-current liabilities Inventories - in hand Inventories - in transit Trade receivables 97 12 90 90 7 81 Warranty provision Cash and bank 1 200 2 180 Payables Provisions Running finance 272 255 9 16 Current liabilities 50 172 8 230 272 30 138 15 183 255 In June 2019, ACL decided to discontinue import and sale of desktop computers and LCD screens and to concentrate selling servers and laptops. It also decided to introduce an All-In-One PC which is not currently available in the refurbished market. To further boost the sales, ACL has started offering extended warranties in addition to a two-year warranty period for all of its products at a nominal increase in price. ACL is presently negotiating with its bank to enhance the running finance facility in order to meet the additional working capital requirements. In September 2018, ACL had entered into contracts with two leading chains of schools for supplying 20,000 desktop computers and LCD screens at a nominal margin. ACL has already supplied 6,000 units before deciding to discontinue this product segment. ACL is presently negotiating with the management of both schools to change the contract from the supply of desktop computers and LCD screens to All-In-One PC. One of the schools has agreed to this change while negotiations with other school is in progress. In case, the other school does not agree to the change, ACL would either terminate the contract by paying a penalty of Rs. 6 million or procure the remaining units from any other supplier whose cost might be even more than the contract price. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 319 SPOTLIGHT Assets AT A GLANCE Draft statement of financial position: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS In May 2019, ACL ordered desktop computer accessories at a landed cost of Rs. 20 million from a company based in Hong Kong. Due to the political unrest in Hong Kong, the shipment was delayed for more than five months despite the ordered units were manufactured on time. On discontinuance of the business of desktop computers and LCD screens, ACL asked the manufacturer to cancel the order. However, the manufacturer refused to cancel the order. In November 2019, the manufacturer shipped the ordered units which were received by ACL on 2 December 2019. CEO has informed that they are under negotiation with a local distributor to dispose of the entire desktop computer accessories. Required: Discuss the audit risks that exist in the above scenario and suggest the key audit procedures that you would perform to address those risks. Tutorial Notes: Students should not miss to identify the risks related to inventories in transit and their related audit procedures. Solution: AT A GLANCE Going concern: There is a risk that there is a material uncertainty related to going concern of ACL since: it is the third consecutive year in which the company is making loss and the revenue has also fallen by 34% as compared to previous year. current liabilities exceed the current assets and the current ratio has decreased from 0.98 to 0.87. Audit procedures: SPOTLIGHT Obtain management assessment / future projections prepared justifying the use of going concern assumption as appropriate in the financial statements of the company. Analyse the assumptions used therein. The underlying assumptions used by the management needs to be supported by the pertinent facts. Ensure that proper disclosure is given in the financial statements of the material uncertainty and the management’s assessment. Read the minutes of the board meeting in which above issues were discussed. Fraudulent financial reporting: Since the company is planning to enhance the running finance facility and the results of the company have also not been encouraging, there exists a risk of fraudulent financial reporting to present better results for obtaining the loan. Audit procedures: 320 Understand and evaluate ACL’s financial reporting process and the controls over journal entries and other adjustments. Review accounting estimates for consistency/reasonableness/un-biasness. Evaluate business rationale for significant transaction outside the normal course of business. Evaluate the change in policies especially those related to subjective measurements. Perform analytical review of revenue and expenses. Perform cut-off test to check that the transactions have been recorded in the correct period. Perform extensive substantive testing in areas with low control reliance. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Obtain the working prepared by the management and consider the appropriateness of source data and the assumptions used. Review the contracts/orders for the terms of warranty. Perform analytical procedures to compare the level of warranty provision year on year. Consider involving an expert to calculate the warranty provision to be included in the financial statements. Obtain an understanding of the management process for recording of revenue of the extended warranty. Ensure that the revenue for extended warranty is recognized over the warranty period. Inventories - in transit The inventories in transit reported in the financial statements is Rs. 12 million whereas the inventories ordered from Hong Kong only is worth Rs. 20 million. It appears that ACL have not yet accounted for such inventory. It also needs to be ascertained the value of the inventory at which it needs to be reported, i.e. (either at cost or NRV). Audit procedures: Obtain the documents of the import and shipment to assess whether the title has passed to ACL or not. Obtain the correspondence with the local distributor to assess the price at which it would be sold. Obtain the management assessment of the price at which it could be sold in the local market. If the agreed price is lower than the cost, then request management to record the inventory at the net realizable value. Onerous contracts: There is a risk that due to the increased cost, the pending orders may result in an onerous contract and ACL would have to recognize a provision for the present obligation. Audit procedures: Obtain the correspondence with the school which has agreed to buy the new product. Obtain and review the agreements with the other school and verify the termination clause including the amount of penalty. Obtain and verify the price at which the desktop along with the LCD screens could be purchased from some other suppliers. Ensure onerous contracts are appropriately recorded and disclosed in the financial statements. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 321 SPOTLIGHT AT A GLANCE Warranty provision: There is a risk that ACL has not recognized the warranty provision correctly because the warranty provision has decreased by almost the same percentage of the decrease in revenue, despite the fact that ACL is offering extended warranties. Further, even if the revenue decreases it is not necessary that the warranty provision would also decrease because it also covers the sales of prior years. There is also a risk that the price at which extended warranty is offered is recognized as revenue at the time of sale. Audit procedures: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Deferred tax Deferred tax asset can only be recognized to the extent that ACL expects that it would generate sufficient profits to realize the benefit. In the given scenario it seems difficult for the company to generate sufficient taxable profits in the near future to realize the deferred tax assets. Audit procedures: Review the management’s future projection of taxable profits. Assess the reasonableness of the assumptions used. Foreign exchange translation: Since the company is exposed to foreign exchange risk due to significant imports, there is a risk that gains and losses on translation of foreign currencies are wrongly credited/debited to purchases instead of charging to profit and loss account. Audit procedures: AT A GLANCE Check, on a sample basis, that any gains/losses arising on the translation of foreign currency are correctly recognized as per the requirements of IFRS. Check that appropriate exchange rates are used in translation of foreign currency. Trade receivables Despite a significant decrease in sales, the debtor balances have increased. Furthermore, the debtor collection period has increased from 1.5 months to 2.5 months. Audit procedures Obtain aging of the receivable balances. Obtain confirmation from major customers. Review the subsequent recovery of trade receivables. Assess the adequacy of provision against overdue balances. Inventory obsolescence SPOTLIGHT The inventory in hand has almost remained same despite a 34% decrease in sales. Furthermore, the inventory turnover rate has increased to 3 months as compared to 1.8 months in the previous years. Audit procedures Obtain aging of inventory and identify obsolete inventory. Review and test the procedures in place for comparing NRV with cost for each item of inventory and assess whether appropriate changes have been made. From the inventory list, identify inventory from discontinued operations which would have to be written down to the net realizable value. Practice Question 14: Your firm has been appointed as the auditor of Best Industries Limited (BIL) for the year ending 30 June 2019. BIL is a listed company and has three production plants. Plants A and B manufacture industrial chemicals whereas Plant C is used in manufacturing of various cosmetic and skin care products. The following information has been gathered by the audit team: Ghufran is the CEO and holds, directly and indirectly, majority of the shareholdings in BIL. There are seven other directors on the board who meet four times a year to approve the quarterly financial statements and endorse the decisions taken by Ghufran during the quarter. 322 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Considering the decline in demand of the products, BIL has taken the following decisions during the year: Close Plant B with effect from 31 August 2019. The public announcement of this decision was made on 15 April 2019. Introduce a new incentive package for distributors in January 2019 to boost the sales of industrial chemicals. The sales commission rate is dependent on achieving the various annual target levels set by the BIL’s management. Discuss the audit risks that exist in the above scenario and suggest the key audit procedures that you would perform to address those risks. Tutorial Notes: Students should not miss to identify the risks of in-effective governance structure, misstatement in opening balances, restructuring provision, impairment of inventory and accrual of sales commission. Irrelevant risks (e.g. risk of going concern, etc.) should not be included in the answer. Logical rationale behind the risks also need to be discussed. Solution: Opening balances It is the first year audit and there is the possibility that prior year balances are materially misstated, are not correctly brought forward and the accounting policies are not consistently applied. Procedures: Review the previous period’s accounting records and schedules to ensure that opening balances have been correctly brought forward to the current period. If the predecessor auditor permits, review his working papers to ensure the correctness of the opening balances. Obtain evidence from the procedure performed in the current period to provide evidence relating to the correctness of opening balances and the consistent application of accounting policies. Ineffective governance structure Ghufran being the majority shareholder and taking all the decisions, which are later on endorsed by the board indicates that the board may be overly influenced by Ghufran. This ineffectiveness may affect the company’s operational efficiency, control environment, exposure towards legal and regulatory risks, etc. The Board of Directors meets four times only for approving the accounts, there is a risk that BIL may be in non-compliance of Code of Corporate Governance which require the board to have other sub-committees of HR, risk, etc. and their related meetings. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 323 SPOTLIGHT Required: AT A GLANCE Launch a customer loyalty program in February 2019 in which customers are awarded loyalty points on each purchase of cosmetic and skin care products from selected retail outlets and online stores. The management believes that this initiative would increase the demand of cosmetic and skin care products. Staff at production and marketing departments are hired at low salaries but they are given high annual bonuses on achieving their targets. Last year, BIL was selected for tax audit in which the income tax department had disallowed certain business expenditures. BIL filed an application against the order issued by the income tax department. However, it lost the first appeal and has recently filed a second appeal to the relevant income tax authority. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Procedures: Inquire whether there is a formal and effective mechanism for an annual evaluation of the board’s own performance, members of board and of its committees. Obtain the meeting minutes and evaluate involvement of other directors in the decision making process. Obtain minutes of the different committees such as audit committee, HR committee, etc., and evaluate their effectiveness in the strategic and operational decision making. Inquire about the independent directors and their role on the board of directors. AT A GLANCE Inquire about the competencies, skills, knowledge and experience of the board of directors. Fraudulent financial reporting / management override of controls Due to the dominant nature of Ghufran and ineffective governance structure there is a risk of management override of controls. Furthermore, there is an increased risk of fraudulent financial reporting as the staff in production and marketing department receive low salaries but are given high annual bonuses on achieving their annual targets. Procedures: Understand and evaluate BIL’s financial reporting process and the controls over journal entries and other adjustments. Evaluate business rationale for significant transaction outside the normal course of business. Perform analytical review of revenue. Perform cut-off test to check that the vouchers have been completely recorded. Evaluate the selection and application of accounting policies by the entity, particularly those related to subjective measurements. SPOTLIGHT Obtain the details of sales return after the year end. Assets held for sale There is a risk that the criteria for classification of non-current assets as held for sale is not met resulting in in-appropriate accounting and disclosures. In case the criteria for recognition as held for sale is met there is an inherent risk, due to the high level of judgment, involved in estimating the fair value and the significant carrying amounts of the assets and liabilities associated with it. Procedures: Inquire from the management if any decision has been finally made for sale of the plant. Read the minutes of the board meetings for confirmation of the above. Inspect the correspondence file or agreement if any with the prospective buyer. Assess whether plant is available for immediate sale and disposal within 12 months is highly probable. Involve our own valuation expert to assist in evaluating the fair value of the plant. Evaluate the adequacy of the accounting and financial statement disclosures, including disclosures of key assumptions, judgment and sensitivities. Restructuring costs and liabilities Since BIL has decided to close one of the chemical production plant and public announcement has been made in this regard, there exists a risk that restructuring provision might not be appropriately recorded and disclosed. 324 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT There is also a risk that the criteria for recognition of restructuring provision is not met resulting in in-appropriate accounting and disclosures. Procedures: Inquire from the management whether it has a detailed formal plan for restructuring. Inquire whether the main features of the plan have been communicated to the affected employees/parties. Inquire from the management whether they have started to implement the restructuring plan. Review the working prepared by the client for restructuring provision and ensure it has been prepared in accordance with IAS-37 along with the related assumptions. Obtain a list of all employees who have been made redundant and ensure that all of them are included in the calculation. With the permission of the client, inquire from the terminated employees regarding any agreed termination payments. Sales commissions Since the commission paid to distributors depends on achievement of annual targets, judgement would be required in assessing whether they would be able to meet their targets and accruing the sales commission accordingly. Procedures: Obtain an understanding of the contracts with the distributors. Observe the sales made subsequent to the year end. AT A GLANCE Inquire the process being followed by the management for recording sales commission and assessing the reasonableness of management assumptions. Loyalty programs There is significant judgement involved in determining whether customers would make future purchases and redeem their loyalty points. Therefore, there is a risk of material misstatement in recoding revenues and associated liabilities resulting from such transactions. Procedures: Obtain an understanding the of the customer loyalty program and the management process for recording revenues and the related obligations. Evaluate reasonableness of management assumption regarding the expectation of point redemptions. Ensure that accounting has been done in accordance with IFRS-15. Consider using an expert for calculating the liability related to points redemption. Tax liabilities There is a risk of material misstatement due to the high level of judgment required to assess the outcome of tax litigations. Procedures: Obtain the opinion of Company’s tax advisor about the allowability of such disallowances. Consider involvement of own tax specialist to understand the nature of these disallowances and their point of view about the success in such type of cases. Evaluate the nature of disallowances and compare it with the company’s historical track record in such types of cases. Evaluate the adequacy of the accounting / disclosure in the financial statement. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 325 SPOTLIGHT CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Impairment of plant and machinery Decline in demand of BIL’s products is an indicator of impairment of the plant and machinery. Therefore, there is a risk that the plant and machinery may have been impaired. Procedures: Obtain an understanding of management process related to identifying, estimating and recording impairments for PPE Review the source data used by the management for impairment testing. Assess the reasonableness of assumptions taken by the management and discount rate used. Consider involving auditor’s expert. Inventory There is a risk that that due to decline in the demand of BIL’s product, there may be obsolete inventory which require to be written down to net realizable value. Procedures: AT A GLANCE Obtain the aging analysis of inventory to identify any obsolete inventory which needs to be written down to its NRV. Review and test the procedures in place for comparing NRV with cost for each item of inventory and assess whether appropriate changes have been made in the light of current situation. Practice Question 15: You are the engagement manager in Hasan Abdali and Company, Chartered Accountants. One of your clients is Falcon Limited (FL) which owns six shopping malls and four office building complexes in different cities for rental purposes. FL also constructs and sells residential apartments in major cities of Pakistan. SPOTLIGHT The following matters were discussed in the planning meeting of the audit for the year ending 31 December 2018: CFO informed that FL has implemented a new enterprise resource planning system (ERP). He stated that FL has successfully revamped the entire accounting system through this new ERP. A shopping mall located in Multan has been witnessing low turnout of customers. FL has been trying to persuade its tenants for not vacating their shops and have offered that they pay 50% of the rent and pay the remaining amount when conditions improve. Some of the tenants have accepted FL’s offer and have formally negotiated a two-year relaxation period. FL’s head office was shifted to a central location in a newly constructed building. Two floors of the building which were surplus to FL’s need have been rented out to MM Limited (MML) which is owned by a director of FL. MML provides maintenance services to various building projects. FL and MML have agreed that FL will not charge any rent for the two floors in consideration for free maintenance of Multan shopping mall and the head office. Construction of four residential projects started during the year. The projects are in various stages of completion. About 70% of the apartments have already been booked. FL offers different terms to its customers depending upon which option they choose. The balcony of one of the apartments constructed in 2012 fell off, severely injuring three persons. The news surfaced in the media and caused severe criticism on FL and a showcause notice was also received by FL from a regulatory authority. FL’s management is of the view that the construction was up to the required standards and the residents had made some modifications which caused this incident. 326 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Required: Discuss the audit risks that exist in the above scenario and suggest the key audit procedures to be performed in respect of the identified risks. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: A common error was with regard to implementation of ERP. The risk of improper implementation was identified by almost all the students but procedures to address this risk were not up to the mark. Many answers listed procedures to be done during testing phase of the new ERP ignoring the fact that the system was already live and operational. Associated risk of incorrect capitalization and amortization were also missed out generally. Many students appeared confused about correct accounting treatment of the given situations. The candidates cannot suggest appropriate audit procedures unless they clearly understand the correct accounting treatment of a given scenario. This was obvious in case of revenue recognition especially where company had offered tenants to pay 50% of the rent at a later time. Most of the students failed to realise that this would give rise to long- term receivables which would have to be classified as non-current asset and would also need recognition after discounting. Majority of the students were of the view that only 50% of the rent which is actually paid would be recognised as revenue. Majority of the candidates were also not clear about the accounting issues to be faced where two floors of the building were rented out to a related party i.e. that these floors could be classified as property plant and equipment or as investment property, depending upon certain conditions.” Solution: Risk of improper implementation of ERP: Improper implementation of new ERP system creates the risk of generating incorrect financial information and records. There is a risk of improper capitalization of the cost of new ERP or the useful live for calculating the amortization may not be appropriate. Audit procedures: Check whether appropriate user testing was performed. Ensure that necessary action was taken on the basis of users’ testing results. Ensure that system was retested after incorporation of changes, if any, on the basis of users’ testing. Ensure whether appropriate training was provided to users. Ensure that account balances have been properly brought forward in the ERP. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 327 SPOTLIGHT Majority of the students showed lack of clarity in identifying the audit procedures. At this stage the students should realize that when they have identified any particular risk, they need to list down discrete, appropriate and relevant audit steps to address the risk. For example, if a risk of under provisioning for a specific obligation is present, the audit step can’t just say that auditor will ensure that proper provision has been made by the client. AT A GLANCE “Majority of the students were able to identify the risks correctly but a common error was the identification of going concern issue as a risk as there was no indication in the question which could lead to doubt over the going concern status of the company. This error had serious repercussions for the erring students as all their focus got shifted to this risk and they wasted time in mentioning a number of audit procedures related to this risk and ignored some very pertinent issues. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Perform walkthrough and test of controls of the ERP. Involve the firm’s IT team for assessing the implementation and proper functionality of the ERP. Ensure that criteria mentioned by IAS 38 for capitalization of cost has been met. Assess the reasonableness of the useful life of the new ERP. Risk of decrease in fair valuation of investment property: There is an inherent risk in the fair valuation of investment property because of the estimates and judgements involved. Audit procedures: Obtain an understanding of management process related to valuation of investment property. Review the source data used by the management for the valuation. Assess the reasonableness of assumptions taken by the management. Assess the competence and objectivity of external valuers appointed by the management. AT A GLANCE Consider involving auditor’s expert. Risk of classification and impairment of receivables: There is a risk that amounts due from tenants who have not availed the offer may have incorrectly been classified as non-current assets and vice versa. Furthermore, due to low turnout of customers and the fact that the tenants won’t be paying 50% of the rent for two years, a provision of doubtful receivables may need to be made against rent receivable. Audit procedures: SPOTLIGHT Inquire from the management how many tenants have agreed on the revised terms and obtain the new agreements. Ensure that 50% of the amount agreed to be paid after one year is re-classified as non-current assets. Ensure that long term receivables have been recorded at the discounted amount. Consider the reasonableness of the discount rate used. Ensure that appropriate provision has been made for doubtful receivables. Confirm the outstanding balance from the tenants. Ensure the reasonableness of the assumption used by the management for forecasting the improvement. Risk of related party transactions: There is a risk of inappropriate classification of the two floors given to MML. The two floors could be classified as PPE as well as investment property, depending upon the conditions specified in the IFRS. Letting out two floors to MML is a related party transaction. There is a risk that the transaction with MML may have not been made on arm’s length. Moreover, the way the agreement has been made poses a risk of incorrect determination of the amount of revenue and expenses to be recognized. Audit procedures: 328 Obtain the agreement made with MML and evaluate whether the terms of the contract are consistent with the management’s explanation. Consider whether the two floors are capable of being leased or sold separately to assess that these have been classified correctly. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT If these floors are classified as investment property, assess whether the fair value of the property has been determined appropriately. In this regard, assess the competence and objectivity of the valuer, appropriateness of the assumptions used and also consider hiring the services of auditor’s expert. Assess whether the transaction has been recorded at an appropriate amount. Consider whether the transaction has been made at arms-length and where these are not at arms-length, appropriate disclosure is given. Ensure that the consideration in kind has been accounted for as per the requirements of IFRS-15 Review the sale agreement and check that the basis of recording of revenue is correct. Where the revenue is being recognized over the period of completion: ¯ Obtain an understanding of management process related to assessing the stage of completion. ¯ Assess the reasonableness of assumptions taken and estimates made by the management expert. ¯ Assess the competence and objectivity of the management expert. ¯ Consider engaging the auditor’s expert to assess the stage of completion. Ensure correct accounting and disclosure of the revenue, costs, assets and liabilities. Litigation and claim: There is a risk that a provision for damages may be required to be made in the financial statements for injuries caused by fall of the balcony. Further, if fault in construction is proved, a provision for repair cost/fine related to other apartments may also be required. Audit procedures: Send confirmation requests to FL’s legal advisors. Review the correspondence with the regulators and the minutes of the meeting to gain an insight in the matter. Consider engaging own legal counsel. Ensure appropriate disclosure or provision in the financial statements, as the case may be. Risk related to negative publicity: Due to the falling of balcony and the resultant media criticism, there is a risk of serious damage to the reputation of the company. Audit procedures: Discuss with the management, the impact of this event on the marketability of the company’s existing projects. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 329 SPOTLIGHT Ensure that proper disclosures are made in the financial statements, in respect of this transaction. Risk of revenue recognition: There is a risk of error in recognizing the revenue from the construction of residential apartments as different basis of recognition have been specified by the IFRS i.e. it is either recognized at a point in time or over the period of completion. In case the terms of sale agreement suggest that revenue should be recognized over the period then there is a risk that the stage of completion may not be correctly assessed, resulting in over or under statement of revenue. Audit procedures: AT A GLANCE CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Review subsequent events to see whether there are any unreasonably high number of cancellations or decline in bookings. Assess the impact of the above on the financial statements. Practice Question 16: You are the audit manager of Saqib Shaukat and Company, Chartered Accountants, responsible for the audit of Modern Electronics Limited (MEL) for the year ended 31 May 2018. MEL is a listed company and is engaged in manufacture of wearable sports sensors, smart watches, GPS navigation systems, vehicle cameras and fleet management system, and sells it through a chain of distributors throughout the country. The extracts of segment information as disclosed in the draft financial statements for the year ended 31 May 2018 is as follows: GPS navigation system 2018 Wearable sports sensors 2017 2018 2017 All other segments 2018 2017 Total 2018 2017 AT A GLANCE -------------------- Rs. in million -------------------Revenue 6,323 7,978 4,119 5,319 3,480 2,346 13,922 15,643 Cost of sales (3,830) (5,158) (3,234) (4,149) (2,749) (1,643) (9,813) (10,950) Gross profit 2,493 2,820 885 1,170 731 703 4,109 4,693 Net profit 1,141 1,244 257 351 133 282 1,531 1,877 Fixed assets 1980 2,329 2,395 2,661 2,777 1,662 7,152 6,652 Debtors 633 685 361 488 334 196 1,328 1,369 Inventory 640 665 378 444 294 196 1,312 1,305 SPOTLIGHT The following information is also available: MEL was witnessing a shift of customers from wearable sports sensors to smart watches which have additional features as compared to the features being offered by sports sensors. Therefore, to maintain its customer base MEL started developing its own smart watch and successfully launched it in 2018. MEL intends to expand its product range in the smart watch segment by expanding its manufacturing facility which would be financed through a right issue. On 10 April 2018 MEL publicly announced that it was closing an old (fully depreciated) plant which was used to manufacture a component used in the wearable sports sensors and will instead import it from China at cheaper rates. The management is considering various options in respect of this plant. However, the affected employees were communicated about the decision on the same date and negotiations with the labour union were started for agreeing on the termination payments. A significant portion of the sale of GPS navigation system consists of sale to the tourism industry. The government had made it mandatory for all tour operators to install GPS navigation system. The compliance has to be made by all tour operators over a period of four years. Association representing the country’s tour operators had signed a four-year agreement in April 2016 with MEL under which discounted sale price has been offered to the tour operators which cannot be raised. A natural disaster destroyed the supplier’s plant which supplied several components of the GPS navigation system and consequently MEL has to import these components from Malaysia at twice the cost of local purchase. At the year-end 200 contracts for supply of 4,000 GPS navigation systems are still pending. 330 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Required: Identify the audit risks in the above situation and specify the key audit steps which you will perform in respect thereof. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: With regard to overstatement of revenue / understatement of expenses, hardly any student mentioned that the intention may be to show better results to be able to issue right shares at a much higher premium. Moreover, the students seemed to be unaware of the areas which should be scrutinized when such a risk is identified and only few could mention steps related to review of journal entries, accounting estimates, transactions outside the normal course of business, etc. With regard to assets held for sale the review of board minutes and criteria for classification of non-current assets as held for sale were rarely discussed. Somehow, a number of students wasted a lot of time in discussing the issue of going concern which was hardly relevant as the company had earned substantial profits this year as well as in the past also. With regard to segment reporting procedures for ascertaining whether any other segment had fulfilled the criteria for being reported as a separate segment was mentioned by few students only” Solution: Following are the risks in the given situation and the related procedures which may be undertaken: Impairment of plant and machinery of wearable sports sensors Risk: A continuous decline in sales of this segment and the shift of customers towards smart watches is an indicator of impairment of the plant and machinery of the wearable sports sensors segment. Therefore, there is a risk that value in use of the plant and machinery may have been reduced. Procedures: Ask the management to carry out an impairment review (if not done already) and obtain the working prepared by the management. Obtain an understanding of management process related to identifying, estimating and recording impairments for PPE Review the source data used by the management for impairment testing. Assess the reasonableness of assumptions taken by the management and discount rate used. Consider involving auditor’s expert. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 331 SPOTLIGHT AT A GLANCE “Majority of the candidates were able to identify some of the risks but were unable to identify the relevant audit procedures. Further, risks related to segment reporting, onerous contract and foreign exchange translation were identified by few students only. A major issue with many students was that they gave generalized steps such as “ensure that appropriate provision has been made” instead of specifying what steps have to be taken in this regard. Some of the other common issues are discussed below: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Overstatement of revenue / understatement of expenses: Risk: MEL may be inclined to show better results so that it would be able to issue right shares at a much higher premium. Procedures: AT A GLANCE Understand and evaluate MEL’s financial reporting process and the controls over journal entries and other adjustments. Review accounting estimates for consistency/reasonableness/unbiasness Evaluate business rationale for significant transaction outside the normal course of business Evaluate the selection and application of accounting policies by the entity, particularly those related to subjective measurements. Perform analytical review of revenue and expenses. Perform cut-off test to check that the vouchers have been completely recorded. Perform extensive substantive testing in areas with low control reliance. Segment reporting: Risk: The assets of all other segments are 34% of the total assets. There is a risk that fleet management system, vehicle cameras or smart watches may fulfill the quantitative criteria of being reported as a separate segment and management may not have disclosed it as per IFRS 08. Procedures: SPOTLIGHT Inquire the total assets and revenues of each regularly reviewed segment of MEL and verify the quantitative thresholds of being reported as a separate segment. Ensure that any segment meeting the criteria specified by IFRS is separately disclosed. Review the reconciliations between segment information and consolidated information to assess whether significant items are properly disclosed. Assets held for sale Risk: There is a risk that the criteria for classification of non-current assets as held for sale are met after the reporting period but disclosures in this respect are not made in the financial statements. Procedures: Inquire management if any decision has been finally made for sale of the plant. Read the minutes of the board of director’s meeting subsequent to the year end. Inspect the correspondence file or agreement if any with the prospective buyer. Assess whether plant is available for immediate sale and disposal within 12 months is highly probable. If the criteria for classification of non-current assets as held for sale are met subsequently, ensure that it is adequately disclosed in the financial statements. Provision for staff termination Risk: Since MEL has made a public announcement of closure of the plant and has also communicated the affected employees, a constructive obligation exists for recognizing a restructuring provision. As the negotiations with the labor union has not yet been concluded, there exist a risk that restructuring provision might not be appropriately recorded. 332 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Obtain any working prepared by the client for restructuring provision. Ensure that the restructuring provision has been recorded in accordance with IAS37 and cost related to retraining & relocating of continuing staff has not been included in the provision. Obtain a list of all employees who have been made redundant and ensure that all of them are included in the calculation. Review correspondence with employees to establish the date, when the closure of the facility was communicated to them in order to establish if this was before the year-end. With the permission of the client, inquire from the terminated employees regarding any agreed termination payments. Obtain the minutes of meeting held with the labor union to identify whether any agreement has been reached subsequent to year end. Obtain management representation in respect of agreement with the labor union. Onerous contract Risk: There is a risk that due to the increased cost, the pending orders of GPS navigation systems may result in an onerous contract and MEL would have to recognize a provision for the present obligation. Procedures: Inspect the Purchase agreement to identify the purchase cost. Also assess whether all cost has been included that are part of inventory as per IAS-2. Check whether the revised landed cost exceeds the agreed sale price. If yes, then review the assumptions made by the management for the calculation of expected future sales. Ensure onerous contracts are appropriately recorded and disclosed in the financial statements. Review the agreement and assess, whether MEL has a right to cancel the current or future orders and any cancellation clause or penal provision for exiting the agreement. Ensure that penalties if any and other legal costs etc. and duly considered in determining the amount of provision required. Inventory Risk: There is a risk that that due to the increased cost of manufacturing GPS navigation system, the cost of inventory in hand may exceed it’s selling price and would require to be written down to its net realizable value. Procedures: Review and test the procedures in place for comparing NRV with cost for each item of inventory and assess whether appropriate changes have been made in the light of current situation. Development cost Risk: Due to launch of smart watches, there is a risk that cost incurred for research and development may not have been appropriately accounted for. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 333 SPOTLIGHT AT A GLANCE Procedures: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Procedures: Ensure that all research has been recorded as period cost. Ensure that the criteria mentioned by IAS - 38 for capitalization of development cost has been met. Inquire from management about the ending of research phase and commencement of the development phase and evaluate its appropriateness. Foreign exchange translation risk Risk: Since the company is exposed to foreign exchange risk due to significant imports, there is a risk that gains and losses on translation of foreign currencies are wrongly credited/debited to purchases instead of charging to profit and loss account. Procedures: Check on a sample basis that any gains/losses arising on the translation of foreign currency are correctly recognized as per the requirements of International Financial Reporting Standards. AT A GLANCE Check that appropriate exchange rates are used in translation of foreign currency. Other risk The gross profit of all other segments has declined from significantly from 31% to 21%. Procedures: Inquire from management and evaluate the reasons for such a decline. Practice Question 17: You are the audit manager of Mehmood Auto Limited (MAL), a listed company, for the year ending 31 December 2017. MAL assembles and manufactures a wide range of motor vehicles. All motor vehicles sold by MAL are under warranty up to a mileage of 50,000 km and are also eligible for free service every quarter for two years. The extracts from the draft financial statements prepared by the management are as follows: SPOTLIGHT 2017 2016 Rs. in million Revenue from sales of motor vehicles 54,000 70,000 Revenue from sales of spare parts 1,500 1,000 Cost of sales (49,950) (63,190) Gross profit 5,550 7,810 6,600 4,510 233 194 Instalment sales receivables 1,200 700 Stock in trade 16,000 13,000 Other assets 13,817 15,476 37,850 33,880 Assets Property, plant and equipment Deferred tax During the course of the audit, you came to know that there have been 37 instances of serious accidents involving newly manufactured cars where MAL had to pay compensation aggregating Rs. 145 million plus cost of repairs amounting to Rs. 14 million. 334 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT An investigation into the matter has revealed that 15 such accidents were because of failure of the brakes. The management has assured you that the fault has been identified and appropriate corrective measures have been taken in this regard. However, you have noted that the entire compensation amount is being shown as receivable from a supplier who has provided the brake system. Required: Identify the audit risks in the above situation and specify the key audit steps which you will perform in respect thereof. While answering the question, major probable errors to be avoided are as follows: Not being able to identify the risks related to installments receivable, write down of inventory, impairment of plant and proper segregation of revenue between revenue from sale of cars and services revenue. Wrongly identifying the issue of going concern and deferred tax as the risks which is inappropriate as the company is still earning substantial profits. Audit steps aimed at obtaining evidence to support completeness assertion might be overlooked by many students. Solution: Following are the risks in the given situation and the related procedures which may be undertaken: AT A GLANCE Tutorial Notes: Litigations and claims: Risk: Even though the company has to pay Rs. 145 million in damages and Rs. 14 million in repairs, there is still a risk that our audit team might not be aware of further damage claims filed against MAL. There is also a risk that further accidents may occur or further cases are filed against MAL after the balance sheet date. Procedures: Send confirmation requests to MAL’s legal advisors. Consider engaging own legal counsel for assessing the impact of the cases filed against the company. Inquire the management and MAL’s legal counsel about how the management would deal if any further damage claims are filed against MAL. Assess potential impact of recognizing a charge or disclosing a contingent liability in light of IAS 37. Assess whether a penalty may be imposed on MAL by any government authority. Verify current and subsequent legal expenses incurred by MAL for identification of any undisclosed damage claim. Impairment of plant and machinery Risk: Sales of MAL has declined by 23% and is expected to remain under pressure in the future also, because of the situation. Therefore, there is a risk that value in use of the plant and machinery may have been reduced. Procedures: Review the working prepared by the client relating to value in use. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 335 SPOTLIGHT CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Assess reasonableness of assumptions taken by the management and discount rate used. Consider involving auditor’s expert and obtaining a report about nature of fault in production process and whether management’s claim, that it has been fixed can be relied upon. Warranty provision Risk: In the given scenario, the probability / size of warranty claims may exceed the initial estimate and therefore the existing provision may not be adequate. Procedures: Review warranty claims / payments after the balance sheet date. Review any revised working which the client may have prepared. Consider the appropriateness of the MAL’s model and assumptions used in the light of current situation. AT A GLANCE Consider involving an expert to calculate warranty provision to be included in financial statements. Write down of inventory to NRV: Risk: There is a risk that the company might not be able to sell the affected cars or witness decline in its price, therefore there is a risk that net realizable value of the inventory may be lower than its cost. Procedures: Evaluate the cost of necessary changes required to be made in the current inventory of the cars, to bring them in a saleable condition. SPOTLIGHT Review and test the procedures in place for comparing NRV with cost for each item of inventory and assess whether appropriate changes have been made in the light of current situation. Refund liability: Risk: There is risk that the customers might return back cars or MAL may have to recall sold cars. Procedures: Obtain management’s assessment and projections of the number of cars which may be returned by the customer or MAL may have to call them back and assess the adequacy of projections and assumptions used. Receivable from supplier: Risk: MAL cannot record a receivable from the supplier until it is virtually certain that the amount will received, therefore, there is a significant risk that receivable may need to be written off. Procedures: 336 Discuss with the client the basis on which it has decided to book the receivable. Obtain the legal advisor’s opinion on the matter and the notice issued to the supplier. Review correspondence with the supplier. Review the contract with the supplier for identification of any clause related to indemnification of damages Send confirmation request to the supplier with regard to the receivable balance. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Provision for doubtful installment sales receivable: Risk: The sales for the year have decreased but the installments sales receivable has increased. It indicates that there is a risk that more than usual number of installments may have become overdue and might not be recoverable. Procedures: Check aging of installments receivable and identify any overdue installments. Obtain confirmation from major debtors. Assess the adequacy of provision against overdue installments. Review the subsequent recovery of installment sales receivable. Separate revenue for free service: Risk: Providing free service after a certain mileage is a separate performance obligation. As it is provided to all customers, it’s revenue should be recorded separately by appropriately bifurcating the revenue from sale of cars. There is a risk that the revenue may have been included in the revenue from sale of motor vehicles. Procedures: Identify the price at which such services are regularly provided to the customers to assess whether the bifurcation has been made appropriately. Ensure that revenue from sale of cars has been appropriately recognized by excluding the amount pertaining to provision of services which should have been recorded as a liability. AT A GLANCE Practice Question 18: Your firm is the external auditor of Namura Limited (NL), a listed company. Following information has been made available to you at the planning stage: SPOTLIGHT Extracts from statement of comprehensive income for the year ended 31 March 2017 2017 2016 Rs. in ‘000 Profit/(loss) before tax 161,990 (241,075) Taxation (50,000) 74,000 Profit/(loss) after taxation 111,990 (167,075) 2017 2016 Extracts from statement of financial position as at 31 March 2017 Assets Rs. in ‘000 Property, plant and equipment 1,472,690 1,475,000 Intangible assets 650,000 750,000 Investment in PCL Limited 75,000 250,000 Deferred tax asset 175,000 199,000 Current assets 850,000 723,015 3,222,690 3,397,015 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 337 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS 2017 Equity and liabilities Share capital 2016 Rs. in ‘000 700,000 700,000 Reserves (378,010) (490,000) Long term debt 1,652,000 1,920,000 Current liabilities 1,248,700 1,267,015 3,222,690 3,397,015 In February 2017, the company has increased its product prices by 20% after consultation with its legal advisor, which has resulted in additional revenue of Rs. 200 million. However, in March 2017, a Regulatory Authority has issued a show cause notice against the price increase and has fixed a date for hearing at 28 June 2017. AT A GLANCE In 2013, NL had developed a product, Vital, at a cost of Rs. 350 million. Vital is a premium product which has a very large market with no significant competition. It was registered with the patent registration authority in the same year. The total useful life of the intangible is estimated as 10 years. A competitor has recently announced the successful development of a product which is expected to reduce the market share of Vital. NL’s marketing director has informed that the product would be launched by the end of next year. Required: a) Specify the information which you would like to obtain for evaluating the key issues arising from the above scenario. b) Assuming that all matters identified by you have been resolved to a larger extent and you intend to issue an unqualified report, draft points to be included in the letter to those charged with governance specifying the significant matters which you would like to highlight. Tutorial Notes: SPOTLIGHT The following mistakes should be avoided: Part (a) 1. Instead of stating the information which the auditor would like to obtain, students may try to identify the risks and in some cases, the procedures which would need to be performed. 2. Not considering the need to obtain information about the lawyer’s opinion. 3. Some other key points may not be identified by many of the students such as grounds on the basis of which the notice was issued, disposal of investment and the consequent issues, information regarding the events occurring up to the date of the auditor’s report, assumptions used for projecting future profitability and impairment testing, etc. Part (b) 338 1. Students may be unaware of what matters are to be reported to those charged with governance. 2. Instead of mentioning the specific information based on the given scenario, selected contents of ISA 260 may be reproduced by some students. 3. Wrongly discussing qualification of report though it is clearly mentioned in the question that it may be assumed that all issues have been satisfactorily resolved. 4. A key point that the improved performance seemed mainly on account of price increase and any adverse decision of the regulator with respect to price increase may have serious consequences, can also be missed by many of the students. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Solution: Part (a) I would like to obtain following information for evaluating the key issues arising from the given scenario: Going concern: (i) Management’s assessment/future projections justifying the use of going concern assumption. (ii) Assumptions used therein. Impairment of intangible assets: (i) Patent agreement and the amortization policy. (ii) Working related to impairment testing and the assumptions used therein. Deferred tax asset: (i) Projections of future profitability. AT A GLANCE (ii) Assumptions used therein. Show cause notice: (i) Grounds on which RA has issued the notice. (ii) Legal advisor’s opinion on the matter. (iii) Details of previous price increases, their basis and whether any approval was sought /taken. (iv) Correspondence with the relevant regulatory authorities. Investment in PCL: SPOTLIGHT (i) Reason for decrease in investment i.e. disposal, impairment, recording of loss/dividend under equity method. (ii) Gain/loss on such disposal and how was it accounted for. (iii) Procedure followed to carry out the disposal. (iv) In case of loss, impact on remaining investments, if any. Other matters: Information regarding the events occurring up to the date of the auditor’s report. Part (b) The following matters will be reported to those charged with governance: Going concern: The entity has significant brought forward losses. Significant amount of liabilities is outstanding. The current liabilities exceed the current assets of the company and the current ratio is only 0.68. Long-term debt is 5.13 times the equity. Although, the profitability, debt equity ratio and current ratio has improved this year, the improvement is mainly due to the price increase. If the decision of the RA goes against the company, the situation could become much worse. Key assumptions of the future projections provided by the management. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 339 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Decrease in carrying value of investment in PCL: Reason for the decrease and its implication (if any). Significance of the matter and any defect in the process followed to carry out the transaction. Show cause notice by RA: Details of the notice issued by RA, its significance to the financial statements. Disclosure requirement in the financial statements. Impairment of intangibles: Results of impairment testing and the key assumptions used. Deferred tax: The recognition of deferred tax asset is subject to the availability of future taxable benefits. Key assumptions of the working provided by the management in respect of the above. Practice Question 19: AT A GLANCE Your firm has been appointed as the auditor of New Cement Limited (NCL), for the year ended 30 November 2016. NCL is a listed company which owns one of the largest cement plants in the country. 60% of the company’s shares are owned by the same family. The CEO, CFO and Director Operations belong to the family. Following are the extracts from the draft financial statements: Extracts from statement of financial position Assets Rs. in million Property, plant and equipment 21,115 SPOTLIGHT Deferred tax 270 Trade debtors 4,700 Other current assets 2,753 Equity and liabilities Share capital Reserves 6,500 (1,462) Surplus on revaluation of fixed assets 2,000 Non-current liabilities 13,000 Current liabilities 8,800 Extracts from statement of comprehensive income 340 Turnover – net 17,210 Gross profit 1,417 Operating loss (164) Other income 223 Finance cost (1,560) Loss before taxation (1,501) THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Sales have declined during the past two years because of lower exports, however, the decline in exports has been partially offset by slightly higher local sales. The management is hopeful of a significant increase in local sales in the coming years. NCL’s debtors have increased by 25%. The debtors include an amount of Rs. 330 million due from a government owned entity. The amount became due on 30 June 2016. However, the amount has been rescheduled and is now recoverable in 6 equal instalments over a period of three years. On 1 November 2016, the management entered into a contract with a new supplier for supply of its main raw material. The new supplier has offered 15% lower prices. The contract with the previous supplier has been terminated. The audit team has also been informed that a senior member of purchase department was fired in September 2016. NCL revalues its plant and machinery after every three years. The last revaluation was carried out in 2014. The internal audit department comprises of five staff members including Chief Internal Auditor, who is a Chartered Accountant. The Chairman of the audit committee is an independent director. The internal audit department has carried out number of assignments. The reports of the internal auditor include many good suggestions for improving the efficiency of the operations; however, they do not contain any serious deficiencies/adverse comments in any area. Required: a) Briefly evaluate the overall control environment of the company. b) Based on the above information identify areas of risk for the audit and the planned audit approach. AT A GLANCE Other information: (Note: Detailed audit procedures are not required) The requirement is to evaluate the overall control environment which includes both the positive and the negative aspects. Solution should cover positive aspects as well which include that internal audit department is headed by a chartered accountant and chairman of the audit committee was an independent member of the Board. Solution: a) Evaluation of control environment: The Internal Audit department is headed by a Chartered Accountant whereas the chairman of the audit committee is an independent director. These two factors are positive and consequently are evident of strong control environment. However, at the same time, it should also be kept in consideration that: ¯ NCL is a family owned enterprise and family members of the company are actively involved in the management of the company. This may lead to the possibility of management override of controls. ¯ The commitment to competence of management may appear to be weak as the major positions in the company are assigned to the family members instead of hiring professionals from the market. It seems that internal audit staff is under the influence of the family members as their reports contain no serious issues or problems identified. Procurement policies and procedures appear to be weak as in the last month of the year a supplier was hired offering 15% less rates as compared to previous rates. The firing of senior member of the procurement department is an indication in that direction. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 341 SPOTLIGHT Tutorial Notes: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS b) Above discussed factors are indicating that NCL may lack effective and efficient internal controls, resulting in weak control environment. AT A GLANCE SPOTLIGHT 342 Risks Audit Approach Use of going concern assumption Although the company’s equity is positive, NCL’s current ratio is 0.85, which is quite low with reference to acceptable benchmarks; and debt equity ratio is 65:35 which is very high and adverse and has incurred a loss of Rs. 1.501 billion which has completely wiped off the reserves of the company. If the debt due from government is also classified in the non-current assets, it will further deteriorate the current ratio. Further, if the debt due from government bears no interest then it would further deteriorate the position. If NCL’s performance follows the same track in the coming year then NCL might face operating difficulties resulting in a material uncertainty that NCL might not be able to continue as a going concern in the coming years. Obtain the management assessment / future projections prepared justifying the use of going concern assumption as appropriate in the financial statements of the company Analyse the assumptions used therein. The underlying assumptions used by the management needs to be supported by solid facts. Ensure that proper disclosure is given in the financial statements of the material uncertainty and the management’s assessment. Increase in receivable despite decrease in turnover: Trade receivable might include slow moving or doubtful debts as these had increased by Rs. 610 million excluding the effect of dues from Government entity, which is unusual due to decrease in turnover. This might result in overstated current assets and understated provisions / bad debts and losses thereof. Dues from Government owned entity might not be accounted for properly and may exclude the effect of discounting. Rescheduled loan from Government might be classified in short term receivables. Review the entity’s policy provision of doubtful debts. Check aging of debtors and identify any slow moving and doubtful debts. Obtain confirmation from major debtors and check against ledger balances. Ensure proper disclosure and accounting of Government owned debts as per IFRS. Impairment in the value of plant and machinery: Due to decline in sales the value of plant and machinery might be impaired which could result in overstatement of property, plant & equipment, understatement of impairment and overstatement of profits. Engage experts (management and auditor’s) to revalue the property to identify any impairment/decline in surplus on revaluation. Review working for value in use, if necessary. Risk of fraud: Operating results NCL may be inclined to show better results to the financial institutions from which it has obtained financing. Understand and evaluate NCL’s financial reporting process and the controls over journal entries and other adjustments and determine whether they have been implemented. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN for CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Risks Audit Approach Perform substantive testing in all the areas with low control reliance. Perform cut-off test to check that the vouchers have been completely recorded. Risk of fraud: Management override of controls As it is a closely held entity with majority shareholding owned by a single family and with key positions occupied by family members, there is always a risk of fraud due to management override of controls. There is an increased risk of fraud as evident from the termination of employee in September 2016, and working of internal audit department as it is evident from their reports. Test the appropriateness, authorization and completeness of journal entries recorded in the general ledger and other adjustments. Use professional judgment to determine the nature, timing and extent of journal entries testing and other adjustments and assess the completeness of the population subject to testing Risk of misstatement in opening balances: It is the first year audit and there is a possibility that prior year opening balances are materially misstated and are not correctly brought forward. Deferred Tax Asset: Deferred tax asset can only be recognized to the extent that the company expects that it would generate sufficient profits to realize the benefit. In the given scenario it seems difficult for the company to generate sufficient taxable profits in the near future to realize the deferred tax assets. Review prior year working papers of the previous auditor. Design audit procedures to provide evidence relevant to opening balances. Review the management’s future projection of taxable profits and reasonableness of the assumptions used. SPOTLIGHT AT A GLANCE CFAP 6: AARS Practice Question 20: During the course of audit of a brokerage house, following observations were documented in the working papers. Journal vouchers were not pre-numbered. There was no mechanism for recording the phone lines of equity traders. Margin requirements in case of certain individual clients were below the normal margin requirements of 30%. Required: Identify the implications of the above matters which are to be included in the management letter. Solution: Journal vouchers were not pre-numbered There could be no assurance that all JVs have been posted in the ledger. There was no mechanism for recording the phone lines of equity traders In the absence of recording of phone lines, the transparency of deals executed by the dealers cannot be ensured. There would be no recourse in case of a dispute or in case something goes wrong. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 343 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Margin requirements in case of certain individual clients is below the normal margin requirements of 30% In case of any default by customer or crash of market, company will be required to bear the losses. Excess financial charges or margin requirements are to be borne by the company. Maintaining margin requirements below the prescribed limits may attract legal implications. Practice Question 21: You are the audit manager of Diversified Products Limited (DPL), a listed company. Following are the extracts from the draft financial statements for the year ended 30 September 2015. Rs. in billion AT A GLANCE Sales 95.0 Cost of sales 62.0 Total assets 150.0 Net equity 15.0 Creditors * 10.4 Debtors * 10.5 Deferred tax asset 1.2 *Debtors and creditors have normal credit terms of 40 days SPOTLIGHT The company is engaged in polyester, pharmaceutical and fertilizer businesses. Performance of each segment is discussed below: Polyester Business (PB) Major source of revenue is the export of polyester to European countries. PB has been incurring losses since last five years. In 2014-15, PB incurred a loss of Rs. 600 million. During the previous year, DPL had made a provision of Rs. 3.5 billion for impairment of existing plant. The major reason for losses is non-availability of gas. Accordingly, DPL had started a project to convert its plant from gas to coal. The original completion date of the project was 31 January 2015 but it has been extended by two years due to delay in financing arrangements. A cost of Rs. 1.5 billion has been incurred on the project up to 30 September 2015. Pharmaceutical Segment The major source of revenue is the sale of medicines imported from Xanax International Plc (XIP). Segment profit for 2014-15 amounted to Rs. 200 million. DPL is currently negotiating with various suppliers to replace XIP because during the past few years XIP has significantly increased the prices and has expressed its intention to increase it further at the time of renewal of the contract, which is due in March 2016. Fertilizer Business The main source of income is the supply of fertilizers and pesticides. Segment profit for 2014-15 amounted to Rs. 700 million. Due to major floods in August 2015, the Government has requested the fertilizer manufacturers to reduce their prices to support the farmers in the flood affected areas and as an incentive, it has guaranteed the regular supply of gas for the fertilizer factory. Required Discuss the audit risks based on the above situation. 344 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Solution: Fraud Risk Factors: a) Risk of fraud in revenue recognition: There is a risk of overstatement of revenue as the management may be inclined to show better results or because it is seeking financing for its Polyester Business. b) Management override of control: Management is in a position to perpetrate fraud because of its ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively Going concern: The overall profit is only Rs. 300 million with a gross profit margin of around 35%. Even a marginal decline in profit margin could bring significant losses. Profits would be under pressure in the coming years because of the following: ¯ Impact of floods, as the Gas supply in fertilizer business is subject to lowering of prices. ¯ Lower margins in pharmaceutical segment, which are not expected to improve as XIP intends to increase the prices further. ¯ Company is already a highly leveraged company, obtaining more financing for new plant will also have a negative impact on profitability of the company. ¯ Due to Flood, the fertilizer business of the company can be affected and situation may not improve as the supplies may be affected in coming period. ¯ Delay in Obtaining funding for conversion of plant from gas to coal may deteriorate the situation. Creditors’ turnover days are 61 as against the normal credit term of 40 days which depicts that payment capacity of the company has weakened. Impairment of plant and machinery: Because of the delay in completion of coal to gas commission project, the company may continue to incur losses. However, the value of the capital work in progress as well as the existing plant and machinery relating to polyester business may have been impaired. Although impairment was also recorded in 2014, however, since the completion of plant has been delayed again by two years further impairment is possible. Provision against value of stock: Reduction in price of fertilizers as requested by the Government may adversely affect the prices of company’s products and company may be required to book a provision against impairment of stock. Deferred tax assets: Deferred tax asset can only be recognized to the extent that the company expects that it would generate sufficient profits to realize the benefit. In the current scenario it seems difficult for the company to generate sufficient taxable profits in the near future to realize the deferred tax assets. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 345 SPOTLIGHT AT A GLANCE The company might face going concern issues due to following reasons: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Foreign Currency Risk: As the company is engaged in export of polesyter and import of medicines, the company is exposed to significant foreign currency exposures which are required to be properly managed. Practice Question 22: You are the manager responsible for the audit of Chaudhry Packaging Limited (CPL) a listed company, for the year ended 31 March 2015. During the planning stage, the audit team has presented the following points for your consideration: AT A GLANCE During the year, after the death of previous chief executive, his son was appointed as the new chief executive. Sales of the company declined significantly during the first 10 months on account of general economic downturn. However, sales in the last month showed improvement and were 20% higher than the average sales of the previous months. Deferred tax recognized on losses amounted to Rs. 170 million. Scrap sales showed significant increase during the year. CPL experienced significant turnover in its management team. Initial test of controls reveal that list of approved suppliers is not maintained. The management is of the view that in order to get the lowest quotes any supplier is allowed to quote prices and therefore a formal list of suppliers is not prepared. Required In light of the above facts identify the audit risks and the key audit steps to address them. (Note: While describing the key audit steps, the answer should be restricted to a maximum of three major points in case of each risk) Solution: SPOTLIGHT Audit Risks (i) (ii) 346 From listed company’s point of view, the appointment of son of the previous Chief Executive, as a new Chief Executive is indicative of a closely held entity, transparency of business might be in doubts. Sales may be overstated as it has suddenly increased during the last month of the year. Audit Steps These would be ensured specially by checking that there are no control lapses, and controls have not been overridden by CEO in specific instances. Make inquiries about the changes in control environment during the current year and assess the latest situation. Ensure that legal requirements are complied with respect to the appointment/ remuneration of new Chief Executive. Send confirmations to debtors. Checking recoveries made subsequent to the year end, analyzing and checking subsequent sales return, comparing them with last year and assessing their reasonableness Checking cut-off. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Audit Steps (iii) Deferred tax asset can only be recognized to the extent that the company expects that it would generate sufficient profits to realize the benefit. There is a risk that the company might be recording deferred tax assets to overstate profits. The auditor would be required to review the management’s future projection reasonableness of the assumptions used and perform recalculation. (iv) Increase in scrap sales may indicate the following: The auditor would be required to assess the reasons for increase in scrap sale by performing the following: review the list of Scrap sales to establish its reasonableness. Ensure proper procedure such as obtaining quotations/ auction has been followed for scrap sales. check segregation of duties in the processing of sales and dispatch documents. Review the impairment testing done by the client. Significant turnover in management can also result in significant risk. In case of high rotation, the responsibilities cannot be fixed. There might be some unethical practices / fraud going on in the company. The auditor would be required to: establish the reasons through inquiry; review of exit interview of ex-employees and; specially performing procedures on the areas where there have been significant turnover of employees. Frequently switching suppliers is not itself a problem, but it does not mean that a list of approved suppliers cannot be maintained. If totally new suppliers really are being used so frequently, then there might be issues with quality rather than price. Consider changing the audit strategy for extensive substantive procedures on areas such as: Inventory valuation Warranty issues Sales return subsequent to year end (v) (vi) Abnormal losses and defected inventory Inventory valuation issues Scrap sales may be used to transfer out funds from the company illegally. Impairment in value of plant and machinery. Practice Question 23: You are the auditor of Reliable Generators Limited (RGL) for the year ended 30 September2014. RGL is primarily engaged in the business of manufacturing and sale of generators. The generators are supplied all over the country through a network of distributors. On receipt of order from a distributor, the order is recorded electronically and transmitted to the factory. 100% payment is received in advance. Following are the extracts from draft financial statements provided by the client: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 347 AT A GLANCE Audit Risks SPOTLIGHT CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Income Statement for the Year Ended 30 September 2014 (Draft) 2013 (Draft) -----(Rs. In '000')-----Revenue 60,222 59,638 Purchase 42,676 40,848 Gross Profit 21,249 19,681 Statement of Financial Position as at 30 September 2014 (Draft) 2013 (Draft) -----(Rs. In '000')-----Trade Payable 1,653 1,895 Provision for Warrant Claims 1,265 1,193 AT A GLANCE Other related information is as follows: Effective 01 October 2013, in order to match its competitors, RGL has increased the warranty period from 3 to 5 years. A discount of 20% was offered to address issue of reduced demand witnessed in 3rd quarter. As a result of discount situation improved significantly, during 4th quarter. In August 2014, serious defects were discovered in one of the major components. Consequently, significant quantity of such components was returned to the supplier. However, return was recorded in September 2014 on receipt of supplier’s credit note. Scanning of the suppliers’ ledger accounts revealed various payments for which no satisfactory reply was given by the management. However, said amounts were recovered before the year end. SPOTLIGHT Required Identify and evaluate the audit risks in the above situation and how you would respond to these risks. (Note: Routine verification steps may not be mentioned) Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: “This question was poorly answered and candidates displayed lack of analytical ability. In most cases, they missed out the fact that the question required them to identify the “risks” involved rather than just giving comments on the financial information. For example, they mentioned correctly that increase in gross profit is not in line with the decline in sales and special discount allowed during the year; but could not assess as to what type of risk it posed and how it may be addressed. Majority of the students missed an important risk i.e. the risk of misuse of company’s funds by making payments and showing them as payment to suppliers and re-depositing them near the year-end. Further, many among those who were able to identify the risks, failed to mention how such risks may be addressed. In this regard, a lot of repetition was also observed. Some students mentioned routine verification steps which were not required.” 348 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Solution: (i) Revenue There is a risk that revenue is overstated due to: Early recognition as customers pays in full when placing an order. The increase in revenue by 1%, is although immaterial, but requires attention due low sales between in 3rd quarter and discount allowed. There is a risk of understatement as payables days have fallen from 17 to 14 days and the gross margin has increased There is a risk of understatement as the provision as a percentage of revenue is the same as the previous year. By the increase in warranty period, the provision of 2% is expected to be increased keeping in view the quality issues and increased warranty claims. (iv) Impairment of stock: Inspect post year-end payments/credit notes for significant amounts to ensure whether revenue is overstated or not. Review last minute adjustments and cutoffs more carefully to ensure that revenue is not overstated. Review overall sales reconciliation for the year (global) and carry out tests for verification thereof. Evaluate and test the system for recording suppliers’ invoices and payments to suppliers Reconcile payables balances in the purchase ledger with supplier statements or consider direct confirmation where supplier statements are not available On sample basis, match the inventory on sample basis in the store with inventory records in the accounts departments, any difference found should be investigated. Discuss with the client as regards lower than expected increase in provision and verify reasons provided by the client with the related workings. Inspect board minutes for an indication of problems with any of the company’s products Compare the warranty provisions with those of similar companies. Discuss with client about the possibility of defected components being used in the finished goods, or their presence in the closing inventory. If the client reply is affirmative, then ask the management to make impairment testing and accordingly adjust the financial statements. Fall in payables despite the increase in purchase is something exceptional. (iii) Warranty provision Evaluate and test the system for recording revenue The increase in gross profit margin from 33% to 35% is also surprising in light of the 20% discount granted on sales between July and September (ii) Purchases and trade payables The stock in hand might have been impaired due to the fact that although the significant quantity of defected component is returned to the supplier, there is a possibility that some defected parts might have been used in finished products and some defected parts might have been remaining in the inventory. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 349 AT A GLANCE Auditor’s response SPOTLIGHT Audit Risks CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Practice Question 24: You have been appointed as a manager in the audit department of Sachal Sarmast & Company, which is a medium size firm of chartered accountants. The audit of Consumer Products Limited has been assigned to you. This audit was previously assigned to another manager who has resigned. The predecessor manager has identified a number of risks. Two such risks along with their classification and related assertions are discussed in the working paper files. The relevant extracts are as follows: S. No. Risk Factor Type of Risk Related Assertions (1) Decentralized operating structure supported by different IT applications Inherent Risk Presentation and disclosures– occurrence and right and obligation and completeness (2) Financial Crises Significant Risk Accounts payable–rights and obligations, valuation and completeness; Property and equipment–rights AT A GLANCE and obligations; Accounts receivable–valuation; Inventory–valuation; Cash–valuation; Turnover –occurrence Required: Do you agree with the above risk assessments? Discuss. Solution: Decentralized operating structure supported by different IT applications: SPOTLIGHT It is classified as inherent risk, which is not correct, because it does not indicate a susceptibility of an assertion about a class of transactions or account balance or disclosures to misstatements. Decentralized operating structure could potentially lead to misstatements in the financial statements due to the following: Unintentional mistakes due to variety of applications holding the information and the complexity involved. Potential frauds being committed by taking advantage of the complexities of the system. Therefore, it may be argued that this risk should be classified as a significant risk and in certain circumstances even a fraud risk. The noted assertions are correct, but the following should also be added: the occurrence, completeness, classification assertions for the class of transactions. The existence, rights and obligations and completeness assertions for yearend account balances. Financial Crisis The classification of risk as a significant risk can be justified on its linkage with the recent economic development; however, it would be more appropriate to classify the factors of financial crisis into specific risks, depending upon. 350 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT How the financial crisis will affect the client and how does it translate into a risk? This will vary depending on the industry sector in which the client operates; or How the financial crisis will impact certain portfolios/customers related to client? The linkage with related assertions is too vague, because almost assertions related to all areas have been included. The auditor should reassess the relevance of the risks to link to the financial statement assertions and may need to reclassify the Related assertions with respect to categories of risk. Practice Question 25: You are the manager responsible for the annual audit of Tameer Limited (TL) for the year ending 31 December 2013. TL is a listed company and is engaged in the business of construction, renting and selling of apartments and office buildings to individuals, businesses and government departments. Extracts from TL’s draft Profit and Loss Account are as follows: 2013 2012 ---Rs. In million---Revenue 1,520 1,883 Operating Expenses 1,165 1,470 Operating profit 355 413 Financial charges 190 225 Profit before tax 165 188 AT A GLANCE (Up to Nov) On 31 January 2014 tenancy agreements of office buildings rented to municipal corporations in 15 small cities in the province of Sindh, are expiring. The concerned departments have informed TL that they would not renew the agreements. These properties are also held as security with the company’s bankers. In August 2013, an apartment block which was completed and sold in 2009 was severely damaged in an earthquake. The residents have filed a claim for damages against TL amounting to Rs. 400 million. The company denies any liability in this regard. However, to maintain its goodwill TL has agreed to compensate the residents by making a payment of Rs. 100 million in four quarterly installments and accordingly this amount has been provided in the accounts. The residents have rejected the offer and filed a suit against the company. During the year, construction equipment costing Rs. 300 million was acquired on lease. The lease rentals were allocated to the contracts on the basis of time utilized. Lease rentals pertaining to idle time were charged to financial expenses. During the year TL sold a two story office building to Ali Limited. According to the contract of sale, TL is entitled to construct further offices on the third and fourth floors. Required: Identify the audit risks that exist in the above scenarios and describe the manner in which you would address those risks. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 351 SPOTLIGHT During planning stage, audit team has presented following points for your consideration: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: AT A GLANCE Rent agreements of 15 different properties were expiring subsequent to year end and were not being renewed. Majority of the students jumped to the conclusion that this issue may result in failure of the company to continue as going concern. This was not a valid argument because the company had many other ongoing projects and it had earned substantial profits during the year under review. However, it did pose the risk of impairment in the value of properties which majority of the students failed to identify. A building constructed by the company had been seriously damaged in an earthquake and the residents had lodged a substantial claim. The company denied any wrongdoing but as a gesture of goodwill, had offered to pay 25% of the claimed amount. The performance here was much better as the students were generally able to identify the risk of over or under statement of liability and the need to seek lawyer’s opinion and the use of an expert for valuation of the loss. However, many candidates emphasized on making appropriate provision without appreciating that a provision in excess of the amount already agreed by the company would only be required if the loss is probable and can be determined with reasonable accuracy. The company had obtained a construction equipment on lease and the lease rentals were being allocated to the contracts on the basis of time utilized whereas rentals pertaining to idle time were being recorded as financial charges. The candidates were generally able to identify the risk of misclassification of the lease and the need to verify whether the treatment was correct. However, many candidates did not identify the error whereby the lease rentals pertaining to idle time were being charged as financial expenses. This was an interesting situation whereby the company had sold a two story building but retained the right to construct the 3rd and the 4th floors. Majority of the candidates failed to identify the risk of incorrect valuation of the company’s right of construction and sale of 3rd and the 4th floors. Majority of them discussed accounting of construction contracts which was not relevant. SPOTLIGHT Solution: Audit Risks: The audit risks that exists in the given scenarios and the manner in which the auditor would have to deal with them are discussed hereinafter: Expiry of tenancy agreements If the management of CL does not find any tenant after the expiry of rental agreements with the municipal corporation there is a possibility that value of Investment Property may be impaired. Manner in which the risk is to be addressed: 352 The auditor should ask the management to make impairment testing of the Investment Property and make appropriate provision, if required. The auditor would need to assess the assumptions used by the management in determining the fair value and whether the management has considered the effect of expiry of tenancy agreements. If the assumptions applied are unreasonable or does not include the effect of expiry of tenancy agreements, the auditor should discuss and resolve the matter with the management. In case the auditor is not satisfied with the assumptions applied by the management or the effect of such assumptions on the valuation he may consider hiring an expert. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Claim against destruction of apartment block The claim for damages against the company is indicative of contingent liabilities that may require provision or disclosure in the financial statements and there is a risk that liabilities related to the alleged claim may not be recognized appropriately in the financial statements. Manner in which the risk is to be addressed: The petition filed by the residents and the basis of their claim would be reviewed. The information provided to the prospective buyers during the marketing campaign would be reviewed to assess whether any claim was made by the company e.g. claim regarding the building being earthquake proof etc. Legal opinion would be obtained from the company’s lawyers. A valuer may be consulted to assess the loss. If loss is probable and can be determined with reasonable accuracy management would be asked to make a provision, otherwise a disclosure would be appropriate. Manner in which the risk is to be addressed: It appears that TL is treating the leasing equipment as an operating lease. The auditor should determine from the leasing agreements whether the lease is a finance lease or operating lease. If the auditor considers that treatment of lease is incorrect, the auditor should ask the management to recognize the lease appropriately. In case of operating lease, recognizing of lease rentals pertaining to idle time in financial charges is not appropriate. The auditor should ask the management to charge the rentals to the overhead expenditures. If the lease is a finance lease, then the auditor should ask the management to recognize it accordingly. Construction of three story building There is a risk that value of right related to use of land for construction of 3rd and 4th floor is not valued and is not recognized appropriately. Manner in which the risk is to be addressed: The auditor would need to assess how this right has been valued in TL’s financial statements. The auditor would need to review the terms of the sale agreement relating to the first two floors and assess the extent of rights available with the TL relating to the use of building i.e. construction of third and fourth floor. If required a legal opinion may be obtained. If appropriate, the auditor may obtain a valuation report to assess the value of the rights available with the client regarding the rights presently attached with the building. Based on the above information, the auditor would assess whether the accounting treatment (carrying value of land) is appropriate. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 353 SPOTLIGHT The accounting treatment of allocation of lease rentals to financial expenses is not appropriate. There is a risk of wrong classification of lease that may affect the operating results and financial position of the company. AT A GLANCE Construction equipment CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Practice Question 26: You are the job in charge on the audit of Ghalib Petroleum Limited (GPL) for the year ending 30 June 2013. GPL is engaged in the exploration and production of crude oil. The last year’s audit file contains the following information In 2005, GPL had entered into an agreement with the Government for exploration and production of oil for fifteen years. The license for exploration was granted at a fee of Rs. 600 million. Under a separate agreement Mir Petroleum Limited (MPL), a 100% government owned entity, had guaranteed the purchase of all crude oil to be produced by GPL for a period of ten years from the start of commercial production i.e. 2008. The plant and equipment was imported in 2006 at a total cost of Rs. 6 billion which includes a decommissioning provision of Rs. 500 million. The cost of the plant was financed by GPL’s parent company by way of a long-term foreign currency loan. During the current year’s planning stage, you have observed the following conditions: AT A GLANCE The problem of circular debts has become severe and as a result GPL as well as MPL have accumulated huge receivables and payables. An environmental control agency has filed a suit alleging that at the time of abandoning one of its oil wells, GPL has failed to restore the site in accordance with the prescribed standards. The company believes that it has met all its obligations and plans to contest the case strongly. Due to law and order situation the Government has not been able to provide infrastructure facilities as were agreed in the exploration agreement. The management had budgeted a profit of Rs. 200 million for the current year but latest estimates suggest that profit would be somewhere between Rs. 100 to Rs. 120 million. Required: SPOTLIGHT Identify and evaluate the audit risks in the above situation and specify the audit procedures that you would perform to address those risks. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: “The situation given in this question pertained to a company engaged in oil exploration activities. The company was faced with a difficult situation in which its profits were falling and its receivables and payables had increased significantly. Certain other information was also given such as terms of licensing agreement with the government, governments guarantee for purchase of entire production of the company, a suit filed against the company and general difficulties faced by the company in the given business environment. An average performance was witnessed as the students were able to identify some of the risks and actions required to be taken by the auditor. However, very few students could identify all the major risks as the following were rarely mentioned: 354 Foreign Exchange Translation Risk (due to long term foreign currency loan). Impairment of plant and machinery Under or over valuation of assets due to incorrect estimation of decommissioning costs. Over statement of profit, due to pressures on account of reduced earnings. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Many students seemed to have little understanding of the implications of the given information. For example, while discussing that the company’s profits were significantly below the budget, many students started commenting on the management’s ability to prepare the budgets and importance of assumptions used etc. instead of relating it to the risk of misstatement in Profit and Loss because of earning pressure on the management” Solution: Audit risks: Impairment of assets: Values of license granted by the Government and the value of plant and machinery for exploration purposes may be impaired due to the following: Government has not been able to provide the required infrastructure facilities due to which the exploration work might be affected and GPL might not be able to obtain the expected benefits from the use of plant and machinery. Due to the problem of circular debt, MPL may not be able to purchase oil as agreed in the contract. Review the exploration contract with the Government to assess whether it contains appropriate clauses to address the situation. Ask GPL to carry out the impairment testing of the value of license and check the working thereof. Review the agreement with MPL and check what remedy is available to GPL in case MPL fails to purchase oil from GPL. Ask GPL to calculate value in use, of the plant and machinery and check the working thereof. Discuss with GPL’s its relationship with MPL and what measures MPL is taking to resolve its liquidity issue and to ensure that it continues to purchase oil and make regular payments. Review the measures that are being taken by the two companies and the Government to resolve the circular debt issue. Ensure that in case there is a doubt about the recoverability of the amount, appropriate provision is made in the financial statements. If the measures taken above indicate an impairment, ensure appropriate adjustment in the financial statements. Going Concern: On account of MPL’s inability to purchase oil as agreed or to make payments there against GPL’s may face going concern issues. Actions to be taken to address the risk: Ask management to make its assessment of the entity’s ability to continue as a going concern, if already not performed by the entity. Evaluating management’s plans for future actions in relation to its going concern assessment. Where the entity has prepared a cash flow forecast. The auditor shall: ¯ Evaluate the reliability of the underlying data used in preparation of the forecast. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 355 SPOTLIGHT Due to circular debt problem there is a possibility that amount of receivable from MPL may be impaired. Actions to be taken to address the risk: AT A GLANCE CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT ¯ CFAP 6: AARS Determining whether there is adequate support for the assumptions used in preparation of the forecast. Request written representations from management and where appropriate, those charged with governance, regarding their plans for future action and feasibility of these plans. Foreign Exchange Translation Risk: The company is exposed to foreign exchange risk as a major part of the cost of plant was financed through foreign currency loan from a parent company and the value of foreign currency loan may fluctuate due to fluctuation in the exchange rates. Actions to be taken to address the risk: The auditor should ensure that year-end balance is accurately reported keeping in view that the year-end balance may differ depending upon whether the client has helped the risk or is maintaining an open position. Undervaluation of liabilities: AT A GLANCE The alleged suit against the company may be indicative of contingent liabilities that may require provision or disclosure in the financial statements and there is a risk that liabilities related to the alleged suits may not be recognized appropriately in the financial statements. Actions to be taken to address the risk: Obtain opinion of the legal advisor. Ensure that proper disclosure or adjustment is made in the financial statements, in accordance with IFRS. Over/ Undervaluation of assets: SPOTLIGHT In case the undervaluation of liabilities (as discussed above) is probable it may be indicative of the fact that the decommissioning provision in other case has also not been estimated correctly and the related plant and machinery may be undervalued or overvalued. Actions to be taken to address the risk: Review the suit filed by the environmental agency and what other actions GPL would need to take to become compliant. Review the prescribed standards related to the requirements of restoring the site. Ask the management to review the de-commissioning provision accordingly. Review the steps taken by management for re-estimating the amount of decommissioning provision. Overstatement of Results: The latest estimates show that the company would fail to achieve the budgeted profit. Therefore, there is a possibility that the management may be inclined to overstate or manipulate the results in order to show better position of the company as compared to the budgeted profits. Actions to be taken to address the risk: 356 Increase the extent of substantive procedures because the above factor would increase the risk of material misstatement. Review last minute adjustments and cut-offs more carefully to ensure that the accounts are not misstated. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Practice Question 27: You are the Audit Manager of Mustafa and Company, Chartered Accountants, responsible for the audit of Standard Home Appliances Limited, a listed company. Extracts from the company’s financial statements are presented below: 30- Sept- 2014 30- Sept- 2013 -----(Rs. In Million)-----Revenue 1,190 1,174 Gross profit 509 537 Operating profit 242 227 Finance charges -77 -69 Profit before tax 165 158 1,054 833 Intangible assets 140 100 Inventory 423 260 Trade receivables 417 250 Cash and bank balances 29 54 2,063 1,497 1,000 1,000 Retained earnings 218 233 Long-term borrowings 277 50 Liabilities against assets subject to finance lease 180 - Bank overdraft 185 52 Trade and other payables 203 162 Total equity and liabilities 2,063 1,497 Statement of financial position Total assets AT A GLANCE Property, plant and equipment Share capital During the year, the company has introduced various products based on latest technologies. These new products are being manufactured on a new plant which has been acquired under a lease agreement for a period of four years. The plant commenced operations on 01 January 2012.The useful life of the plant is 5 years. Intangible assets represent cost of software installed and designs which have been acquired from a renowned multinational company. Required: Identify and evaluate the audit risks in the above situation. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 357 SPOTLIGHT Equity and liabilities CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS “Extracts from financial statements were given along with information pertaining to acquisition of a new plant and intangible assets (software installed). Students delved a lot on horizontal changes with little focus on vertical analysis. Most of them were able to identify the apparent risks such as impairment in inventories and debtor, liquidity issues, understatement of financial charges. However, they were found lacking as regards the following: While discussing the liquidity, most of the students were concerned about the concept of ‘going concern’. Although the liquidity position of the company seemed to have worsened, yet, apparently there was no indication that it may lead to a going concern issue. Most of the students were unable to identify the fact that operating expenses have declined as compared to the previous year which was quite unusual in the given scenario, i.e. when the company had introduced new products. Most of the students pointed out the risk of impairment of plant and intangible assets but did not provide any significant reason to support their point of view. In fact, there was quite an imminent risk of impairment in the value of plant because of the fact that the overall sales had increased by only Rs. 16 million i.e. 1.5% despite the fact that several new products were being manufactured on the new plant” AT A GLANCE Solution: Audit Risks: Impairment of assets: SPOTLIGHT A meagre increase in sales by Rs. 16 million i.e. 1.4% against a capital expenditure of approximately Rs. 200 million in property, plant and equipment and in intangible assets, indicates that the new products have generated minimal sales or the sales of existing products have declined. The minimal increase may indicate the impairment of plant specifically bought for the manufacturing of new products or impairment in the value of existing assets and of intangible assets including the software and designs which have been acquired for new products. Understatement of operating expenses: Operating expenses have declined by 13.87%. This seems unrealistic because the company had introduced new products and installed a new plant, which should have resulted in an increase in the operating expenses such as on advertisement costs and other sales related costs incurred on launching of new product. Hence there is a risk of understatement of expenses. Finance charges: The financial charges have increased by approximately 11.59% whereas the debt on the company has increased by 6.20 times. This seems unrealistic and there is a risk that some of these charges may have remained unrecorded. Liquidity: The company’s liquidity position has weakened which is normal i.e. on account of heavy expenditures on new product/plant. However, the situation has worsened on account of a disproportionate increase in receivables and inventories as compared to increase in sales. MPCL is clearly relying on its overdraft to fund operating cash flows. Liquidity issues may arise in future, especially when repayment of long term loan and lease payments becoming due. Current Assets: Inventories and receivables both have increased. As compared to increase in sales amounting to Rs. 16 million the receivables have increased by Rs. 167 million and inventory Rs. 163 million which is approximately 67% and 63%, respectively. Therefore, there is a risk that inventories and receivables might be overstated. (Necessary provision may not have been made) 358 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Practice Question 28: You have been appointed as the auditor of Tee Pharmaceuticals Limited (TPL) for the year ended31 March 2012. An extract from the draft financial statements is presented below: During the planning process, you have gathered the following information: Three new products have been introduced for which patent rights have been purchased. The new products were introduced in the market in December 2011. A new plant has been acquired which is expected to reduce the cost of production significantly. The above measures have been financed through a bank loan against hypothecation of stocks and trade receivables. TPL has had a dispute with a major distributor who alleges that products were delivered in damaged packets and the quantities therein were short as compared to the numbers mentioned on the packets. A franchisor has initiated a legal action against the company on grounds of infringements of patent rights. TPL had entered into a one-year agreement with a foreign supplier for supply of raw material. On 20 April 2012 the government of the country in which the supplier is registered, has initiated legal proceedings against that supplier for breach of quality standards. Consequently, the government of the country in which TPL is operating has banned all imports from that supplier. AT A GLANCE TPL’s operations were highly successful until 2008. However, due to increased competition the profitability has reduced significantly over the last four years. Consequently, the company has embarked upon an ambitious plan whereby it has taken the following steps: Required Identify the audit risks that exist in the above scenario and the manner in which you would address those risks, during the audit under the following headings: SPOTLIGHT (i) Raw materials (ii) Intangibles(iii) Trade receivables (iv) Liquidity issues Solution: Raw Material: Inventory of raw material may be overvalued and require provision for obsolescence because raw material acquired from the foreign supplier may not be used in production due to breach of quality standard. TPL may face shortage of raw material, if it is unable to find alternative supplier from which the raw material can be obtained. The shortage of raw material may affect the operations of the company. Actions to be taken to address the risk: Review the reasons and reports based on which the Foreign Government has acted against the concerned supplier; Ask client to determine the net realizable value of the raw material keeping in view the risks identified above and review the clients working. Discuss with management about extent of reliance on the foreign supplier and any alternative source of supplies. If the extent of reliance on foreign supplier is significant and TPL is unable to find alternative supplier, assess the impact thereof on TPL’s operations. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 359 CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Trade Receivables: An increase of about 20% in trade receivables and significant dispute with a customer over packaging and short delivery issues indicate that some accounts receivable might not be recoverable. An increase in Debtors Turnover days from 87 days to 101 days indicates the existence of slow moving and doubtful debts, which may require provisioning. Actions to be taken to address the risk: Obtain age analysis from the management to identify any long outstanding debts. Check subsequent recovery of debtors and obtain confirmation from major debtors. Discuss with management about the reason for increase in debtors’ turnover days i.e. is it on account of lower collection or on account of change in collection policy. Consider adequacy of provisions. Intangibles: AT A GLANCE Legal case filed by the franchisor on account of alleged patent infringements indicates that the value of intangibles may be impaired. Valuation of inventory may be also be impaired on account of patent infringements The legal case may lead to substantial fines and penalties. Actions to be taken to address the risk: SPOTLIGHT Review the agreement of patent with the franchisor and assignment deed. Obtain confirmation from the legal advisor relating to the possible outcome of the case filed by the franchisor. Ask the client to calculate value in use, of the patents and check the working thereof. Consider the opinion of legal advisor to assess the impact of patent violation on the valuation of finished goods. Liquidity Issues: Although TPL had successfully negotiated with the bank by obtaining long and short term loans, interest expense as a percentage of profit has increased significantly. It could hamper the company’s ability to pay the finance charges and the principal. Short term loans were obtained by hypothecation of the stocks and receivables. A significant decline in the value of stock in trade and trade receivables is probable as discussed in (i) and (ii) above. TPL’s bankers may ask the company to provide further securities or to pay off the loan amount. Actions to be taken to address the risk: 360 Review the steps taken by the management of the company to counter the liquidity problems faced by it. Review the projections of the company to assess whether the company will be able to overcome the current liquidity crisis. If the steps taken by the management are not considered satisfactory consider the impact thereof on the company’s ability to continue as a going concern. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Practice Question 29: Your firm has recently been appointed as the statutory auditor of Chaudhry Limited (CL) for the year ending 31 December 2011. The previous auditors, from whom your firm has received professional clearance, did not wish to be re-appointed as auditors. CL is involved in the supply of imported consumer products. The company has its own retail outlets in all major cities. It also supplies goods to large retailers most of whom are allowed 45 days’ credit. Time required to import the goods is approximately two months. 50% of the amount is paid at the time of booking of order and the remaining amount is paid at the time of receipt of goods. The goods are required to be insured by CL. Day to day expenses of the retail outlets are paid out of cash receipts from customers. Balance cash is deposited into the bank on a daily basis. The management accounts show that the company has not been able to achieve the sales target for the current year although the sales have increased by 12% as compared with the same period in 2010.Stocks and trade debtors have significantly increased and the management attributes this to be on account of increase in sales. CL is planning to expand its business and intends to fund the expansion through a bank loan. CL’s existing bankers have declined to increase the borrowing limits and therefore, the company has approached another banker for the loan. The management has requested you to complete the audit by 15 February 2012 to enable it to submit the audited financial statements to the new bankers. Required Identify and evaluate the audit risks in the above situation and specify the audit procedures that you would perform to address those risks. Solution: Audit Risks Opening Balances: There is a risk that opening balances may not have been brought forward correctly from the previous year’s financial statements as this is the first year of audit. This risk is compounded by the fact that the retiring auditor was not willing to be re-appointed. Actions to be taken to address the risk: We need to review the previous period’s accounting records and schedules to ensure that opening balances have been correctly brought forward to the current period. If the predecessor auditor permits, review his working papers to ensure the correctness of the opening balances. Audit procedures performed in the current period may provide evidence relating to the correctness of opening balances. We also need to consider the reasons on account of which the retiring auditor is not willing for re-appointment. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 361 SPOTLIGHT All imported goods are initially placed in a warehouse in Karachi. Supplies are made against orders which are mostly received over telephone by the sales department. The warehouse incharge prepares a summary of all dispatches which is approved by the sales manager, on a daily basis. Stock records are computerized. Physical stock taking is carried out on a regular basis, at the warehouse as well as retail outlets. Therefore, a 100% physical count is not undertaken at the year-end. AT A GLANCE CL’s suppliers are mainly based in Middle East. Due to political disturbances, a major supplier has recently ceased its operations. CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Foreign Currency Transactions: As the imports of consumer goods will involve transactions in foreign currencies, there is a risk that gains or losses on translation of foreign currencies are wrongly credited/ debited to purchases instead of charging to Profit and Loss Account. Actions to be taken to address the risk: Perform test of controls to ensure that any gains/ losses arising on the translation of foreign currency are correctly recognized as per the requirements of International Financial Reporting Standards and appropriate exchange rates are used in translation of foreign currency. Overstatement/ Understatement of purchases/ stocks/ liabilities: Since all goods are imported and 50% advance is paid at the time of ordering, the amount of purchases may be misstated resulting in misstatement of stock as well as payables. Actions to be taken to address the risk: Check that purchases are recorded when all the risk and rewards of ownership are transferred to the company. AT A GLANCE Ensure that the amount of deposit is properly reconciled with the pending orders and goods in transit. Insurance in transit: Goods in transit may not be adequately insured. Actions to be taken to address the risk: Review the insurance policies at year end and match them with the consignments in transit. Going Concern/Liquidity Issues: The company’s existing bankers have declined to provide financing facilities to the company, which is indicative of a weakening relationship and risk of non-fulfillment of covenants of borrowing. SPOTLIGHT One of the major suppliers of the company has ceased operations. If the company is unable to find a suitable replacement, the company’s results and liquidity may suffer. Actions to be taken to address the risk: Discuss with management and assess the significance of the supplies from that particular supplier and the impact of disruption in supplies on the company’s operations. Discuss and review the related documentation to ascertain the reasons on account of which the company bankers had declined to provide further financing facility to the company, and assess its impact on the company’s operations. Overstatement of assets: Increase in stock in trade and debtors may not be on account of increase in sales only. There may be other reasons, such as obsolete stocks and uncollectible debtors. Actions to be taken to address the risk: 362 Review the stock count procedures and the related documentation and assess whether adequate controls exist. Ascertain the management’s system of identification of obsolete and slow moving stock and assess whether appropriate controls exist. Review age analysis of debtors to ensure that any long outstanding debt that requires provisioning is appropriately identified and adjusted. Carry out substantive procedures (Confirmation, Aging Analysis etc.) based on your assessment of controls. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN Misstatement of sales/ stock in trade: Sales and stock in trade can be misreported/ misappropriated due to the fact that sales orders are taken over telephone and in the absence of strong controls over the processing of orders, there is a risk that sales/stock in trade can be misappropriated/ misreported through collusion among staff members. Actions to be taken to address the risk: Check whether summary of dispatches is confirmed with the list of orders by an independent person. In the absence of proper segregation of duties between the approving and initializing authorities and other related controls, we need to consider the impact thereof on the extent of substantive procedures. Unrecorded cash sales/ Misappropriation of cash: Cash sales can easily be misappropriated. Teaming and lading is possible since day to day expenses are adjusted before the deposit of cash into bank. Actions to be taken to address the risk: Evaluate and test the controls over cash receipts, at the retail outlets. Perform analytical review on profit margins to identify any unusual trends. In case of weak controls, or unusual results of the analytical procedures the extent of substantive testing may be enhanced. Time schedule for audit: Tight audit deadlines may restrict the: Extent of procedures that may be carried out. Time available for review of subsequent events. Being a new client the restriction may represent a more serious threat. Actions to be taken to address the risk: Working papers should be independently reviewed by second partner, especially those related to judgmental and high risk areas. Practice Question 30: You are the audit manager responsible for the audit of Laila Pharmaceuticals Limited (LPL), a listed company, for the year ended March 31, 2011. During your initial meeting with the chief executive officer and the chief financial officer of the company the following issues have been brought to your attention: At the year end, the net assets of LPL have reduced to Rs. 270 million (2010: Rs. 310 million). A comparison of the draft income statement with the declared results for the nine months ended December 31, 2010 is as follows: Revenue cost of sales gross profit operating expenses financial charges operating profit /(Loss) gain on sale of property net profit/(Loss) Nine month ended Year ended December 31, 2010 March 31, 2011 -----(Rs. In Million)-----500 530 -400 -477 100 53 -70 -90 -15 -20 15 -57 0 20 15 -37 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 363 AT A GLANCE CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT SPOTLIGHT CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS On April 1, 2010 LPL had acquired 45% shareholdings in Sohni (Private) Limited (SPL). The spouse of a director of LPL is a director in SPL. On May 1, 2010 LPL purchased new office premises from SPL for Rs. 40 million. In January 2011these premises were sold to Anarkali Limited (AL), an associated undertaking of LPL, for Rs. 60million. Subsequent to the sale, LPL signed a five years’ agreement with AL to acquire the office premises on a rent of Rs. 12 million per annum. Required Assess the above matters and discuss how you would address the related implications during the course of the audit. Tutorial Notes: Please read tutorial notes to this question only after attempting this question in writing. Some of the common issues identified by examiner in the relevant examiner comments to this questions are reproduced as follows: AT A GLANCE “In this question, a practical scenario was given. The students were required to identify the important issues that they as an auditor, would need to consider and to elaborate as to how could they address these issues during the course of audit. The performance was poor mainly on account of the following: Interim figures for the nine months were given along with the figures pertaining to the yearend. Many students failed to read the question carefully. They produced the whole answer on the presumption that these were comparative figures for two different years. Many students restricted their answers to issues pertaining to related party transactions. Other issues were ignored. The fact that the sale for the last quarter, as depicted by the information provided, was only 6% of the annual sales, was seldom identified. Most of the students were able to pick the very obvious issues only. Very few candidates seemed to have the ability to explore those issues which were not very apparent” SPOTLIGHT Solution: Following are the important matters that the auditor would have to deal with: a) Drastic reduction in sales: Drastic reduction in sales indicates that the management may have misstated the operating results disclosed in the financial statements for the nine months ended December 31, 2010. The auditor should evaluate the situation and if a misstatement is confirmed, the auditor would need to reassess his initial risk assessment and revise the audit procedures accordingly. b) Inability of the company to generate operating cash flows: Following are the factors that may indicate the inability of the company to generate adequate cash flows from its operations: i. Decline in net assets value by 13% because of net loss for the year; ii. Selling of property to the associated undertaking under sale and leaseback arrangement in order to generate cash inflows. The auditor would discuss the matter with the management and those charged with governance about their future course of action regarding the cash flows issues. If the matter is not resolved or remains uncertain, the auditor should perform the additional procedures to evaluate the appropriateness of going concern assumption. 364 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT c) Sale and leaseback transaction: This transaction raises the following issues: i. Whether it is an arm’s length transaction, especially in view of the fact that it involves a related party. ii. Whether the accounting treatment is in accordance with IAS-17 The above issues are discussed hereunder: i. It seems that the transaction has not been entered in the ordinary course of business as it is evident that: Annual rental amount represents 20% of the sale proceeds. The auditor would need to assess whether any undue favour has been allowed to the associated company in order to book profit or to resolve the immediate liquidity issue. If the answer is in the affirmative, the auditor would need to reassess his initial risk assessment and consider revising the audit procedures accordingly. ii. In view of the given information it seems that LPL has recorded the transaction as an operating lease. If this is the case, the decision to book the entire profit in the current year may have been justified. However, the auditor needs to assess whether the sale proceeds represent the fair value of the premises, on the date of transaction. In case this is not true, the auditor should advise the management to record the sale and profit, based on fair value and defer the remaining amount and amortize it over the lease period. In case, the auditor believe that the transaction should be recorded as a finance lease the entire difference of Rs. 20 million should be amortized over the lease period. d) Consolidation of Sohni (Private) Limited: The auditor should be mindful of the fact that LPL may be exercising control over more than 50% of voting power in SL through the spouse of the LPL’s director. The auditor should discuss the above possibility with the management. If it is established that the control exists either through the spouse of the director or due to any other similar situation, he should advise the management to present consolidated accounts. e) Impairment testing of Investments in Sohni (Private) Limited: Purchase of 45% investment in Sohni (Pvt.) Ltd. where spouse of a director of LPL is also a director creates the doubt that transaction had not been made in the ordinary course of business and its value may have been impaired The auditor should ask the management to perform test of impairment and make appropriate provision, if required. f) Investment in associated undertaking: The auditor should also verify whether all the requirements of the Companies Ordinance, 1984 relating to investment in associated undertaking have been complied with. In this regard he should discuss the matter with the management and corroborate the discussion with the relevant documents (e.g. minutes of the shareholder’s meetings). Practice Question 31: You are planning the statutory audit of the financial statements of Mahiwal Limited (ML) for the year ending June 30, 2011. ML sells and distributes networking equipment and accessories to corporate and retail customers. Since January 1, 2009 ML has exclusive country-wide distribution rights of ‘Bisco’ and ‘Portel’, which are the leading international brands of networking equipment. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 365 AT A GLANCE LPL earns 50% profit in a short period. SPOTLIGHT CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Your review of the prior year’s working papers has disclosed that ML has expanded its operations significantly after securing the distribution rights of ‘Bisco’ and ‘Portel’. By June 30, 2010 there had been a 60% increase in its customer base whereas the number of its branches had increased from 3 to 10and the number of employees had risen from 30 to 115. The latest available draft financial statements show that the sales of ‘Bisco’ and ‘Portel’ represent 90% of its total sales. During a recent meeting with the finance director, you have been informed as follows: ML has shifted its warehouse and customer service center to larger premises in order to handle increased inventory level and the rising level of after sales warranty claims. ML has witnessed a slight fall in sales of ‘Bisco’ and ‘Portel’ because of tough competition from other low priced brands. A review of the draft financial statements has also disclosed that ML had revalued a property in accordance with the requirements of the International Financial Reporting Standards. The property was acquired many years ago to earn rental income. Required: a) Identify and evaluate the audit risks in the above situation. b) Discuss an audit strategy to take into account identified risks in overall audit plan. AT A GLANCE Solution: a) Excessive reliance on two products Sales of Bisco and Portel constitute 90% of its turnover. If ML is not able to sell any of its product due to any reason (e.g. withdrawn of distribution right, launching of new product by the competitor, etc), it would be difficult for ML to continue as a going concern entity. Rapid Growth ML has experienced rapid growth over the period. This raises the following audit risks SPOTLIGHT Effectiveness of internal control ML increased its customer base significantly, increased its branch network, taken on significantly more staff and moved its warehouse and customer service centre to new premises. All these factors require appropriate changes in the control. If control and systems have not grown with the company or internal control has been inadequate there is a significant risk of errors and even fraud in the financial statements; Cash flow considerations ¯ Because of the rapid expansion ML may have been overtrading, creating a risk that it may not be able to generate enough working capital to finance its operations. ¯ The situation will be further deteriorated by the additional fixed costs that ML has committed while carrying out the expansion. Inventory Obsolescence ¯ Increase in rising level of after sales warranty claims may be on account of increased sales however it may also be indicative of manufacturing fault in the quality of equipment. This may affect the value of inventory in-hand particularly if the drop in sales experienced recently is indicative of the defect being publicized. ¯ If the main products or products are ultimately found to be defective, it may result in following issues: 366 Impact on valuation of inventories decline in sales which may result in accumulation of slow moving items THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT high level of sales returns The risk of obsolescence will be considered “High” if ML does not have recourse to the manufacturer in respect of defective inventory. Provision for Warranty Claim There has been an increase in sales warranty claim which may require significant material provisions in the financial statements. Valuation of Investment Property Revaluation generally involves making estimates based on a number of assumptions. Because of this reason, there is the chance that: professional valuer/ management may not be sufficiently experienced to make the assumption. assumptions may be manipulated by the Management to obtain the most favorable fair value in the financial statements b) Audit Strategy i. The auditor should not seek to place heavy reliance on controls, and instead undertake more substantive testing. ii. A major audit risk in the income statement is the cost of wages and salaries, particularly if controls have not been strong. There has been a high number of new staff and if controls are weak, there is scope for errors and even fraud to have been perpetrated. iii. Risk related to cash flows as discussed above may have raised the going concern issues. The auditors should carry out extensive going concern procedures. AT A GLANCE You are the manager responsible for the statutory audit of Parrot Limited (PL), a listed company engaged in the business of manufacture and sale of sports goods. It has three factories located at Karachi, Lahore and Sialkot. Summarized statement of financial position as of September 30, 2010 (unaudited) and 2009(audited) are as follows: 2010 2009 -----(Rs. In Million)-----Assets Property, Plant and Equipment Investment in a subsidiary Stocks Debtors Other current assets Total assets Equity and liabilities Paid-up capital Accumulated losses Long-term bank borrowings Creditors and other payables Total equity and liabilities 1960 520 2,480 720 530 280 1,530 4,010 2130 590 2,720 510 330 210 1,050 3,770 1,800 -1,650 150 2,350 1,510 4,010 1,800 -1,350 450 2,310 1,010 3,770 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 367 SPOTLIGHT Practice Question 32: CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Following further information is available: PL acquired a subsidiary in 2005 which is engaged in the business of manufacture and export of sportswear. The investment is recorded in PL’s financial statements under the equity method. The last dividend was paid by the subsidiary in 2007. During the physical count of stocks at Karachi on September 30, 2010 it has been observed that stocks worth Rs. 100 million is obsolete and would require a provision of 20% to 30% of the carrying value. During the year, PL and its bank agreed to reschedule the loan on the following terms: Repayment date was extended from 3 years to 6 years. Rate of interest was increased from 1-year KIBOR + 3% to 1-year KIBOR + 4%. PL shall be required to maintain a current ratio of 1:1. In the event of noncompliance of this requirement, the loan would become immediately payable. However, on October 25, 2010, the bank agreed to waive this requirement. Required: AT A GLANCE a) Identify the risks that may result in material misstatements in PL’s financial statements. b) Discuss the key areas on which you should place emphasis upon, to address the risks identified in (a) above. Solution: SPOTLIGHT 368 (a)Audit Risk (b) Key Areas on which emphasis to be placed Investment in subsidiary: As the carrying value of the subsidiary is declining, there is a risk that value of investment appearing in the books may be impaired. The management should be asked to carry out impairment testing by comparing recoverable amount of the subsidiary with the carrying amount of investment. The assumptions used in the impairment testing specially for determining the value-in-use needs to be analyzed for reasonableness. The management should also be asked to state the investment in subsidiary in its Financial Statements at cost or as per requirement of IAS-39. Debtors: There is a significant increase in the debtors. Therefore, there is a risk of material misstatement in case the company fails to make appropriate provision against doubtful debts. The ageing of the debtors needs to be carefully analyzed and long outstanding debtors needs to be inquired with the management. Circularize confirmations to the debtors and evaluate the response. Check subsequent payments received from debtors. Review the basis of provision against doubtful and assess its reasonableness. Stocks in trade: The valuation of stocks at its NRV creates a risk that the company may not be able to determine the degree of obsolescence on a reasonably accurate basis resulting in misstatement. The need to employ an independent valuer may be considered. Check subsequent sale of obsolete stock in order to assess the amount of provision required. Discuss the reasons of obsolescence of stock at Karachi and assess whether similar situation may be prevailing at other locations also. Review movement in stocks of material items. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT (a)Audit Risk (b) Key Areas on which emphasis to be placed Bank borrowings: The bank has rescheduled the loans after imposing tough conditions. There is a likelihood that FL will not be able to comply with the term of borrowings related to current ratio and loan may become payable immediately. Going concern issue: The financial position and erosion of significant equity creates the doubt that FL may not be able to continue in business for foreseeable future. Ensure that management performs an assessment of the entity’s ability to continue as a going concern. Evaluate management’s plans for future actions in relation to its going concern assessment. If the entity has prepared a cash flow forecast, and analysis of the forecast is a significant factor in considering the future outcome of events or conditions in the evaluation of management’s plans for future action: ¯ Evaluate the reliability of the underlying data generated to prepare the forecast; and ¯ Determine whether there is adequate support for the assumptions underlying the forecast. Request written representations from management and, where appropriate, those charged with governance, regarding their plans for future action and feasibility of these plans. Consider whether any additional facts or information have become available since the date on which management made its assessment. Practice Question 33: You are the manager in-charge on the annual audit of Decimal World Limited (DWL) for the year ended December 31, 2009. DWL is a leading manufacturer of electrical appliances.35% of its shares are held by Binary Pakistan Limited (BPL). However, with the help of some consenting shareholders, BPL has been able to nominate 5 out of 8 directors on the Board. During the planning phase of the audit you became aware of the following matters: a) A foreign investor has made a public offer to purchase 51% shares of DWL at a price of Rs. 13 per share. The share price has ranged between Rs. 12 to Rs. 14 per share during the past six months. b) The company’s statement of financial position includes a deferred tax asset of Rs. 30million on account of unutilized tax losses which have accumulated during the lossmaking period 1999-2004. The management is of the view that future taxable profits would be sufficient to utilize the available tax losses. c) DWL has established an e-commerce division to sell its products through internet. This new division is administered centrally by the head office. This step has been quite successful as the online sales have risen to 20% of the total sales during the year. Required: Identify and explain the audit risks which the auditor should consider while planning the audit of DWL. Also highlight the key areas on which the auditor should place emphasis upon, to address the above risks. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 369 AT A GLANCE All current assets and current liabilities should be analyzed for their completeness. In case any adjustment is required which resultantly (e.g. recording the stocks at NRV) reduce the current ratio from 1: 1, the loan should be classified as current liability. Reviewing outstanding creditors and assess: ¯ the company’s dependence on such creditor ¯ risk of litigation SPOTLIGHT CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT CFAP 6: AARS Solution: a) Audit risk Pressure to maintain the earnings i. The management of DWL is under pressure to maintain the earnings of the company in order to keep the share price of the company over Rs. 12.5 so that the offer of foreign investor will not attract the small investors. ii. The areas requiring the auditors’ attention are as follows: iii. revenues are recorded correctly as to amount and period. iv. inventories are properly valued and recorded in the correct period. v. all expenses and provisions are recorded correctly as to amount and period. b) Audit risk: Recoverability of deferred tax assets AT A GLANCE i. Under IAS-12, deferred tax assets can only be recognized when it is probable that taxable profits will be available against which the deductible temporary differences can be utilized. The company will therefore need to show that future profits will be generated for the unutilized tax losses to be offset against. If this is not possible, the deferred tax asset should be limited to the amount of profits that can be measured with reasonable certainty. ii. The main areas which require auditors’ attention are as follows: a) The income tax provisions related to carry forward of tax losses and their adjustment against future profits. b) Amount of future profits and reasonableness of such forecast. c) Audit risk SPOTLIGHT Issues relating to e-commerce sales i. Risk of non-compliance with taxation, legal and other regulatory issues ii. Risk of technological failure resulting in business interruption iii. Loss of transaction integrity iv. Risk of frauds by customers and employees v. Risk of application of improper accounting policies in respect of capitalization of costs such as website development, translation of foreign currencies, allowances for returns, revenue recognition., etc. vi. The main areas which require auditors’ attention are as follows: 370 The effect of e-commerce model on the existing accounting policies The adequacy of internal controls in place. Process alignment. It refers to the way various IT systems are integrated with one another and thus operate, in effect, as one system. Key security issues and how the management intends to address them Legal issues and opinion of the legal advisors. THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN CFAP 6: AARS CHAPTER 7: UNDERSTANDING THE ENTITY AND THE RISK ASSESSMENT Practice Question 34: Mr. Ansari who represents ABC & Company, Chartered Accountants, is the manager responsible for the first year audit of Stello Limited (SL) for the year ending December 31, 2009. Previously the financial statements were audited by a very well reputed audit firm. ABC & Company has now been appointed as the auditors, in pursuance of SL’s policy according to which the statutory auditors are to be rotated after every five years. While reviewing the working papers at the planning stage, Mr. Ansari became aware of the following facts: Background Management Policies The company has developed a sound system of Corporate Governance. Most of the executive heads are experienced professionals. The company believes in employing a satisfied workforce. In addition to competitive market based salaries, it also offers performance based bonuses at all levels, including the senior management. AT A GLANCE The main business of the company is the operation of smelting plants that produce steel from iron ore. The company was founded almost five years ago by a group of entrepreneurs. Its managing director is Mr. Sami who has vast experience of working in reputed national and international companies. Since inception, the company has experienced exceptional growth. To generate funds for some of its future plans, the management is considering to get the company listed before December 2010. The management expects to raise Rs. 700 million by issuing 50 million ordinary shares at a premium of Rs. 4 per share. System of Accounting and Controls The sale and disposal of scrap is managed by Mr. Sultan who is an Assistant Manager and reports to the Senior Manager Marketing. The scrap generated is collected by a local merchant on a daily basis. The rate is negotiated by Mr. Sultan once every three months. Only Mr. Sultan is authorized to sign the gate pass but quite often, in his absence, it is signed by the delivery clerk. Operating Results and Projections The compound annual growth in company’s earnings over the last three years has exceeded20% per annum and the projected earnings growth for the year ending December 31, 2009 is in excess of 35%. The growth is mainly on account of profitable contracts which the company has secured with two local manufacturers. Some of the important events that have taken place during the current year are as follows: Acquisition of Neptune Enterprise On July 1, 2009 Stello Limited acquired 80% shares of Neptune Limited, a company based in Argentina. This company manufactures steel products that are sold in its local markets. The purchase was financed by means of a foreign currency loan. The loan is repayable in five equal annual installments, commencing on July 1, 2010. The financial year-end of Neptune Limited is June 30. Major Capital Expenditure THE INSTITUTE OF CHARTERED ACCOUNTANTS OF PAKISTAN 371 SPOTLIGHT The review of working papers indicates that
0
advertisement
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users