FRAUD MANAGEMENT

FRAUD

ISA240-The auditors responsibilities relating to fraud, tells us that the auditors have a duty to identify and communicate any evidence found that fraud is present.

Auditor’s responsibility.

Auditors have a responsibility to obtain reasonable assurance that the financial statements are free from material misstatements, whether they arise from fraud or error.

The key difference between fraud and error is whether the misstatement was intentional or not.

Fraud is criminal activity. There are two types the auditor may see.

  • One is where there is a deliberate misstatement in the financial statements. This is known as fraudulent financial reporting.
  • The other is the theft of company assets or misappropriation of assets.

The auditing standard does not state that it is the auditor’s responsibility to prove whether fraud has happened.

Their responsibility is to identify misstatements during the audit process and assess whether they are because of fraud or error.

The responsibility for ensuring fraud is not present in the financial statements and the company remains with the directors.

This is sometimes referred to as a primary responsibility towards fraud with the auditor’s responsibility being referred to as secondary.

This is because the auditors are given some responsibility, not all as they assess the risk of fraud based on the systems and transactions reviewed during the audit process.

For the auditor to maintain their responsibility,

  • They must maintain professional skepticism throughout the audit process. an inquiring mind can open things that have been concealed within the organization.
  • Assess any audit risks that could lead to fraud. Incentives to commit fraud should be considered. For example, bonus schemes based on profit margins.
  • Generally assessed the risk of material misstatements for the entity.
  • Review how management react to and manage fraud.
  • Talk to management to see if they are aware of any instances of fraud and gather sufficient appropriate evidence from audit procedures designed to assess the risk of fraud.

High risk of fraud

If the risk of fraud is high, the auditor must plan appropriate procedures to ensure that they are in the best position detect fraud.

  • They can ensure more experienced audit staff are available for the audit team.
  • Increase sample sizes.
  • Change audit procedures from what they would normally do as being less predictable could catch out anyone trying to conceal fraud.
  • Focus more on balances containing estimates from management as this would be a popular area to manipulate figures.
  • And focus on the transactions posted around the year end as cutoff. Errors often are an intentional way of increasing or reducing balances.

Steps if fraud is found.

If fraud is found by the auditor, there are some simple steps to follow.

Report it to those responsible for the audit team. For example, the audit manager and audit partner.

They should then consider the evidence obtained and report this to the highest level of management at the client.

If the auditor is suspicious that the management are involved, they should seek legal advice and consider whether they would report externally.

Caution should be taken when reporting externally, as the auditor has a duty to maintain confidentiality.

If the evidence collected on fraud is incorrect, they would have had no reason to break confidentiality.

If the fraud detected is material to the users of the financial information, then the auditor would need to modify the audit report to make the shareholders aware of the issue.

In summary, fraud is an intentional act to deceive.

The auditor may detect this as fraudulent financial reporting or misappropriation of assets.

ISA240 states that they have a responsibility to assess the risk of fraud and perform audit procedures to identify fraud.

However, it is the director’s responsibility to ensure fraud is not present in the organization and the financial statements.

If fraud is found, the auditor must report this and consider whether it is material and whether the audit report should be modified.

I hope you found this useful. Thank you.

AUDIT PLANNING

Laws and Regulations

This session is going to cover the laws and regulations that surround our external auditor.

We will cover.

  1. The regulatory body.
  2. Who requires an external audit.
  3. Who is allowed to form an opinion on the financial statements.
  4. The rights and duties of an auditor.
  5. And auditor’s appointment and removal.

External auditors are regulated to ensure their work is effective, consistent and their credibility remains intact.

There have been historical events such as the collapse of Enron that have caused issues with the reputation of the profession. This has led to tighter controls on what the auditors do when carrying out an external audit.

The regulatory body.

External auditors must therefore follow strict guidance to ensure their work is of the correct standard and maintains that credibility needed so that their opinion is valued.

This includes.

  • The Code of Ethics which is guidance on behavior of the auditor. This is covered in detail in another article.
  • Auditing standards must be followed which is specific advice on areas of the auditor’s work.
  • And corporate law specific to where they are based and where the client operates.

The IFAC International Federation of Accountants is a global supervisory body.

They are an organization working on consistency of accountants across the globe. They have subgroups which then take on specific, more detailed responsibilities for each area of the profession.

The IASB international Auditing and Assurance Standards Board is the group that looks after the external auditor. They have two key outputs.

  • The development of the international standards of auditing or ISA’s, of which there are currently 36.
  • And the international standard on quality control or ISQC, of which there is only currently one.

ISAs are published in a book regularly reviewed and periodically updated by the IASB.

Each ISA gives the auditor specific guidance on elements of the audit process and must be understood and followed by the auditor.

Only in exceptional cases would an auditor be able to depart from the standard guidance. Their decision would need to be justified.

For a new ISA to be developed. There is a lengthy process. This will include lots of discussions with interested parties and debates over whether a new standard should be created or a current one adapted.

The steps include.

  • A debate within the IASB on the issue.
  • If concluded, there is a need for a change in the ISAs they will issue an exposure draft, which is a draft of the standard made public for feedback from interested parties.
  • Comments from external parties are taken on board and approval from the IASB is sought.
  • Finally, the new or adapted ISA is published.

Many countries may have created their own version of auditing standards and choose not to follow the international ones. This is permitted as the IFAC has no legal standing in each country. In the UK, the Financial Reporting Council has adopted and modified the international auditing standards.

Who requires an external audit?

Registered companies are required to have an external audit. In the UK there is a small companies exemption which allows small companies to not appoint external auditors.

These companies need to have revenue at less than 6.5 million. They can still have an external audit if they wish, but there is no legal requirement.

This helps small companies who are often owner managed and have fewer control systems and staff to not be burdened with an external audit whose expense often outweighs any benefits.

Who is allowed to form an independent opinion on the financial statements?

There are no real restrictions on who could be part of the audit team. However, those responsible for the audit and the decisions made on it are referred to as practitioners.

These practitioners are required to be a member of a recognized supervisory body or RSB and be allowed to be a practitioner by their rules. Examples of these RSBs include the ACCA and the ICAEW.

Once you become a member, you are allowed to form an opinion on the financial statements and sign the audit report.

The rights and duties of an auditor.

For the auditor to conduct their audit properly, they need to ensure they have everything in place to allow them to do their job.

Their key rights are.

  • They must be allowed access to all relevant company books and records.
  • They must be given all information and explanations necessary to complete their audits.
  • They must be informed of when and be allowed to attend any general meetings between the management and the shareholders, including the AGM.
  • And they are allowed to be heard at such meetings.
  • They must also be given copies of any written resolutions of the company.

The auditor’s duties are.

  • To audit the financial statements and form an independent opinion on them stating whether they are true and fair.
  • They must also report on any specific legal relevance with inquire to the company being audited.
  • They must also ensure they follow the auditing standards and their ethical code while carrying out the audit.

Auditor’s appointment.

Auditors are generally appointed by the shareholders. This is usually done by vote with the majority decision being taken. However, there are some exceptions to the rule.

If it is the first year that the audit has been required or it is the first year the company has been set up, the directors are allowed to appoint the auditors initially.

This is to ensure that they have an auditor in place as soon as possible rather than waiting until the AGM at the end of the year.

Once the first audit has been completed, it is then the shareholders right to vote to decide whether to keep or change the external auditor going forward.

 If neither the directors or shareholders have appointed the auditors and deadlines for submission of an audit report have past, then the government would usually step him.

They would then appoint an audit firm to complete the work for the company. This is an extreme measure and is quite rare, but the rules are in place to deal with this if it happens.

Auditor’s removal.

There were two main situations where an auditor would no longer act for the company.

Either they are no longer able to act for them and resign as auditors, or they are sacked or removed.

There are many reasons why the auditors may resign.

It may be that being the auditor could affect their ethical behavior or the integrity of the directors and their relationship with them has changed and they feel they should not continue with the audit.

Whatever the reason, the auditors must notify the company and the shareholders in writing as soon as possible.

They issue a statement of circumstances which gives the reasons for the resignation and would then be available to assist with the hand over to the next audit firm appointed.

The shareholders will be responsible for removing the auditors. If the majority vote to remove or sack the auditors, then they continue with this decision.

Once decided, the shareholders then need to inform the directors and the auditors.

Notice is given to both the directors and auditors.

Written confirmation is sent to both parties informing them of the decision and giving notice to ensure any issues are tied up before the auditor leaves. If the auditor feels that the decision is unjust, they have the right to send a response to all parties explaining why they should not be removed.

I hope you found this useful. Thank you.

IDENTIFYING AUDIT RISKS

This article is going to take you through the practical steps that an auditor follows in order to identify audit risk. We have covered the theoretical understanding of audit risk in the previous article, and we use this knowledge just like the auditor does to find the issues that increase audit risk with the client.

Audit risk is the risk of the auditor giving an inappropriate opinion on the financial statements. For example, stating the financial statements are true and fair when there is a material misstatement uncorrected.

The auditor has the audit risk model to understand and calculate audit a risk. They categorized the risks into three areas.

  • Inherent risk.
  • Control risk.
  • And detection risk.

The aim is to identify the risks and then plan how to manage these issues to keep the overall audit risk an acceptable level.

ISA315 requires auditors to perform risk assessment procedures.

ISA200 requires auditors to apply professional skepticism during the audit, including planning the audit. This means they must be alert to issues that may cause these statements and have a questioning mind when carrying out their work.

Both of these auditing standards help guide the auditor through the planning stage and ensure audit risk is assessed properly.

The auditor must somehow identify audit risks so they can be included in the plan.

The risk assessment includes two main pieces of work carried out at this stage.

  • Understanding the entity and its environment
  • And using analytical procedures.

Both of these methods will help identify potential material misstatements and will allow the auditor to factor in the time and work needed to ensure their opinion is an appropriate one.

When obtaining knowledge of the business, the auditor must gain an understanding of.

  • The structure of the organization.
  • The industry operates in.
  • And any events that may be relevant to the audit.

At the planning stage, the auditor will have access to all books and records, plus they will also be able to discuss issues with the client management and staff. Therefore, the three main methods of gathering information about the client are.

  • Inquiring with management staff.
  • Observation of control procedures carried out.
  • And inspection of important documents and procedure manuals.

To understand an entity fully, the auditor must gather information on the following.

  • Industry and other external factors that impact on the client and its accounts.
  • Laws and regulations directly affecting the operations of financial statements.
  • The client organizational structure, including how it operates, who owns it, any investment it makes, and the management structure.
  • The accounting policies it follows.
  • The client business planning risks.
  • The financial performance.
  • And internal controls.

This is a lot of information together at the planning stage. However, there are many sources where this information can be obtained.

The four main sources of information are.

  • Within the audit firm.
  • External sources.
  • From the client.
  • And from the individual auditor.

If the client is an existing one, much of the information can be gathered internally within the audit firm. The previous audits will have gained a lot of ground backed information about the client and its structure. Therefore, the previous year’s audit files holding the working papers and the permanent audit file will be a good source of information.

Discussions with the audit partner who will have much knowledge about the client along with the audit manager is also advisable.

Previous years audit teams will also be able to assist in the understanding of the client.

External sources will give you some independent information about the client, these include.

  • Companies House where information on the structure of financial statements can be found.
  • The Internet trade press where auditors may find events related to the client that may be relevant to the audit and the financial statements.
  • Industry surveys and credit reference agencies will also give relevant information on how their food performing and their financial position.

Information from the client regarding their systems and controls and any events relevant can be obtained from the following.

  • Discussions with client management and staff.
  • Observation of procedures.
  • Their website.
  • And any brochures.

Finally, understanding the client also take some audit experience. Past experience from similar clients, for example, will ensure the auditor can identify what is necessary for this particular audit.

Now we have discussed the work in understanding the entity. We can move into the other key piece of work in identifying audit risks, analytical procedures.

The definition of analytical procedures is given in ISA520 as.

Evaluation of financial information through analysis of plausible relationships among both financial and non-financial data. I like to put it more simply as comparing financial and non-financial data to understand changes.

This is an important tool within the audit process, and it must be used at the planning stage.

Auditors are also advised they must again use analytical procedures at the end of the audit process at the completion and review stage and can use it to gather evidence during the substantive testing stage.

The purpose of performing analytical procedures at the planning stage is.

  • To understand the business the client operates.
  • Identify unusual balances and transactions and events that may indicate potential water risks.
  • And identify potential material misstatements due to fraud and error.

The way the auditor does this is to compare the most up-to-date center financial statements. For example, a draft set of financial statements to the previous year, budgets or forecasts, and industry averages with the use of ratios.

Knowledge of ratio calculations is required here as this accounting tool will help highlight potential issues with the numbers better than just looking at the figures in the financial statements.

Ratios can be categorized to review the following.

Profitability, efficiency, liquidity and return.

Profitability ratios include .

  1. The gross profit margin, calculated as gross profit divided by revenue multiplied by 100%.
  2. Net margin is calculated as profit before tax(PBIT) divided by revenue/sales and multiplied by 100%.

These ratios will give you the proportion of profit to revenue in a percentage form.

Efficiency ratios include.

  1. Receivable days ratio calculated as receivables divided by revenue multiplied by 365 days.
  2. Payable days ratio calculated as payables divided by purchases multiplied by 365 days.
  3. Inventory days ratio calculated as inventory divided by cost of sales multiplied by 365 days.

These ratios will keep the average number of days customers take to pay the client, pay suppliers and inventory is held in the business.

Liquidity ratios include.

  1. The current ratio calculated as current assets divided by current liabilities.
  2. The quick ratio calculated as current assets minus inventory divided by current liabilities.

These ratios will show you how comfortably the company can repay its current liabilities.

Return ratios, such as the gearing ratio will show you how much debt is in the business.

This is calculated as debt divided by equity or borrowings divided by share capital and reserves.

The auditor can calculate ratios on the current figures in the financial statements and compare them to the previous year, budgets, and industry averages. This will then highlight unusual differences in results, which can then be investigated in more detail during the audit.

Any unusual results from analytical procedures could be the result of material misstatement. Therefore, lots of variations in figures and disclosures would increase audit risk.

To summarize, to help calculate audit risk, the auditor must identify potential issues that could cause misstatements.

There are many sources where information can be obtained and the auditor must use those resources available, including talking to and observing the client staff and management.

Review of the financial statement is also important and using analytical procedures is required as per audited standards.

All this information obtained from the work we have discussed must be documented in the audio file. This will ensure there is evidence that the work to identify audit risks was in accordance with auditing standards.

I hope you found this article useful. Thank you.

AUDIT RISK

This article is going to cover the topic of audit risk. The aim of this article is to gain an understanding of the factors that must be considered by auditors when deciding what is an acceptable level of risk associated with a client.

The definition of audit risk is the risk that the auditor gives an inappropriate audit opinion. I.e., There are material misstatements present in the financial statements.

Before we go into the practicalities of audit risk, let us ensure we understand what material misstatements are. This is defined in ISA450 as.

A difference between the amount classification, presentation or disclosure of a reported financial statement item and the amounts classification, presentation or disclosure that is required for the item to be in accordance with the applicable financial reporting framework.

 Misstatements can arise from Error or fraud. This is a very wordy definition and difficult to remember to help. Remember, we could summarize as follows.

A misstatement is the difference between what is in the financial statements and what should be in the financial statements in accordance with the applicable financial reporting framework.

These material misstatements, if present in the financial statements could cause inappropriate decisions to be made by the users of the information. For example, a decision could be made by the bank to give finance to the company based on the financial statements. In reality, if a material misstatement is present in liabilities, causing them to be understated. Once corrected, the lender may not come to the same conclusion.

If there are material misstatements present and the auditor states in their opinion that the financial statements are true and fair, then their opinion is wrong.

This leads to users making incorrect decisions, but also could lead to others questioning the auditor’s competence, therefore affecting their reputation and future client relationships.

The aim is therefore to keep audit risk as low as possible for every client. Auditors must identify the risks associated with the client at the planning stage of an audit.

To calculate audit risk for each client, they use the audit risk model.

This is shown as follows. AR (which stands for audit risk) = IR * C r * d R.

Each of the three components of audit risk in the model need to be considered by the auditor to decide the level of risk.

IR is inherent risk.

This is the risk of a material misstatement in the financial statement due to the nature of the client, whether it be the business itself or the industry which they operate within.

Inherent risk may be high due to the level of regulation that must be followed by the client. If heavily regulated, there is a stronger risk they may have not followed industry rules and disclosure in the financial statements may be inadequate.

It could also be related to what they traded or produced, for example. If the products are frequently being improved and replaced by new products, there is a risk inventory held in the financial statements may not be valued correctly, leading to material misstatements.

Clients trading in technology are always high inherent risk clients.

The auditor cannot change the level of inherent risk. They must identify it and then plan how to manage it.

CR is control risk.

This is the risk of a material misstatement in the financial statements due to poor client controls.

Control risk may be high due to the financial reporting system itself. For example, it may not be integrated with other systems which provide it with information.  If human input is required, this increases the risk of misstatements being present.

Control risk may also be higher as the client does not perform adequate control procedures within their business. For example, if the client does not perform a yearend inventory count, it increases the risk of the inventory balance being materially misstated.

Again, the auditor cannot change the level of control risk. The auditors can recommend changes for the future. For now, these issues must be identified to decide the level of, and type of audit work needed.

Dr is detection risk.

This is the risk of a material misstatement in the financial statements due to the auditor not spotting the error.

This is the one element of the audit risk model that the auditor can do something about.

The auditor must ensure that their audit procedures carried out during the audit process are able to detect misstatements that could be material.

The level of work needed will depend on the client circumstances.

 If the client is imposing a tight deadline, it may mean the long working hours could cause misstatements to be missed or the auditor may cut corners to get the work completed on time and perform less procedures than they should.

If the client is new, the audit team may lack knowledge of the business, which could mean they miss something important in spotting a misstatement.

So, we can see that inherent and control risk cannot be changed. The auditor therefore needs to identify these risks, which will then help them decide what the detection risk level can afford to be.

This audit risk model needs to ensure the overall audit risk is kept as low as possible.

If the auditors have a tricky client and inherent and control risk are high, the detection risk must be low. The only way to reduce detection risk is to increase the work carried out on the audit.

  • More audit procedures would be needed.
  • More time should be spent on the audit.
  • Sample sizes should be increased.
  • And even more experienced audit staff should be used to help detect material misstatements.

If the client is a fairly stable one with no previous or current issues in a non risky industry, the detection risk can afford to be a little higher. This does not mean the auditor relaxes the rules when carrying out the audit work as they still must follow auditing standards and ensure they have collected sufficient appropriate evidence to form their independence opinion.

What it does mean is that they can afford to test smaller samples of transactions and therefore spent less time on the audit in comparison to a more high-risk client.

The audit risk model is key to understanding audit risk. The three components inherent risk, control risk and detection risk identify the overall risk of the auditor forming an inappropriate opinion on the financial statements.

Remember that the nature of the client’s business and industry and the quality of their control systems could cause material misstatements, and these risks must be identified by the audit team at the planning stage. They then need to decide on the level of acceptable detection risk.

For detection risk to be low, more audit work and time spent is needed by the audit team. This often helps decide on the audit procedures needed to be carried out and the key financial statement balances that need most focus.

If audit risk is assessed correctly, the audit opinion will be appropriate at the end of the process. I hope you found this article useful. Thank you.

THE ENGAGEMENT LETTER

This article will cover the engagement letter.

The engagement letter is an agreement that is put in place at the start of the audit process. Once the auditor has concluded the acceptance stage and agrees to continue with or accept a new audit engagement, the engagement letter. Is prepared.

In this article we must cover.

  • The purpose.
  • ISA210 agreeing the terms of audit engagements.
  • And the contents of an engagement letter.

Purpose of the engagement letter.

The engagement letter is a way of communicating and agreeing the audit process with the audit client. Its main purpose is to minimize the risk of any misunderstandings between the two parties and reduce the expectation gap. This is the difference between what auditors do, and what many perceive them to be doing.

Explain the audit process and the terms and conditions of the audit engagement.

And it acts as a way of both parties accepting the audit process in writing.

The terms of audit engagements

ISA210 states that the engagement letter should be prepared, agreed, and signed by both the auditor and the client before any audit work starts.

The engagement letter contents should be reviewed every year to ensure it is up to date.

Any changes in the engagement would mean the engagement letter should be updated.

A new engagement letter is not required every year If changes have not occurred.

Contents of an engagement letter.

ISA210 also outlines the contents of an engagement letter. The main contents should include.

  • The objective and scope of the audit.
  • The auditors’ responsibilities.
  • The client management responsibilities.
  • The Financial Reporting framework.
  • And the form and content of any reports used.

The objective and scope of the audit.

  • The objective of the audit is to provide sufficient appropriate evidence to form an independent opinion on the financial statements.
  • The scope of the audit is to plan and perform or do procedures to audit the financial statements, including the statement of financial position, the statement of profit and loss, statement of changes in equity, and the statement of cash flows.

The auditors’ responsibilities.

  • The auditor’s responsibilities are to carry out their audit in accordance with auditing standards.
  • They must plan and perform all the procedures to give reasonable assurance on whether the financial statements show true and Fairview.
  • They must obtain sufficient and appropriate evidence to form an independent opinion.
  • And they must communicate any issues, including any deficiencies found in control systems to management.

The client management responsibilities.

  • The client management responsibilities are to prepare the financial statements properly following relevant financial reporting standards.
  • Ensure controls are sufficient to ensure the financial statements are free from material misstatements. And to provide the auditor with access to all relevant books and records and provide information and explanations required.

The Financial Reporting framework.

  • The engagement letter would also include a mention of the financial reporting framework being followed when preparing the financial statements. For example, international financial reporting standards.

The form and content of any reports used.

  • Throughout the engagement letter, it will mention the formal contents of reports. For example, the formal written audit report at the end of the audit process will show the audit opinion.
  • Any control deficiencies will also be reported in writing in the form of the management letter or report to management.

In addition, other matters may also be included, for example.

  • Confirming the use of experts during the audit engagement.
  • The basis of fees.
  • The reliance of some of the internal auditors’ work, if appropriate.
  • Acknowledgement of any specific regulations relating to the audit.
  • Provision of additional services.
  • The limitations of an audit and the timings of any communications during the audit.

If the engagement letter is not reviewed every year, the information within it may be out of date.

The auditors may provide additional services not included or the fee basis may have changed.

In addition, if there is not an up-to-date signed copy of an engagement letter, then the auditor has not received confirmation that the management except their responsibilities.

This could cause problems later in the audit and without an engagement letter, the audit standard ISA210 is not being followed.

I hope you found this article useful. Thank you.

AUDITING-THE ACCEPTANCE STAGE

In this article, we’re going to cover what needs to be considered by the auditor at the acceptance stage of an external audit.

This is the very first stage in the audit process, and it is in general terms whether they should continue the audit assignment.

There are two situations either the auditor will be considering whether they continue to act for an existing client or they will be considering whether to accept a new engagement.

Either way, both of these situations will require the same process to ensure the correct decision is made by the auditor.

The new audit clients are generally gained by three methods,

  • Client request.
  • Advertising.
  • And tendering.

Clients are often recommended by existing clients and make contact the auditors directly to take on their audit work and other services.

Advertising services often results in new clients approaching them.

The tendering process often occurs with larger, often listed clients. It is where several audit firms will set up presentations to the potential client to promote themselves as the best audit firm for the assignment.

The company will then select which audit firm they were most impressed with. Whichever way the auditor gains a new client, care should be taken as to whether the client should be accepted.

There are many considerations as to why they may not want to accept an audit assignment. These considerations can be split into two stages.

  • The preconditions of an audit.
  • And any other acceptance considerations.

Stage one – The preconditions of an audit.

If the auditors are not satisfied with the preconditions, then the auditors should not continue any further with the audit assignment.

ISA210 tells us that the preconditions are.

  • Is the client following an acceptable financial reporting framework?
  • And does the client management accept their responsibilities?

The auditor would need to consider whether the financial reporting framework is appropriate. For example, is it consistent with previous years as well as if it is appropriate to the organization?

In terms of management responsibilities,

  • They must accept that they prepare the financial statements in accordance with applicable reporting framework.
  • Ensure controls are sufficient to ensure financial statements are free from material misstatements.
  • And provide the auditor with all relevant information and explanations necessary to complete the audit assignment.

As I mentioned before, if the preconditions are not present then they should not accept the audit assignment.

Stage Two – Any other acceptance considerations.

Once the preconditions have been identified, the auditor must move on to any other considerations that may affect their decision to continue the audit. We will go through each consideration in detail.

  1. Professional clearance.

If the audit firm has been approached to audit a new client, the best source to identify if there were any issues which may cause them not to accept would be the previous auditors. Therefore, they should write to the previous auditors and ask them if there are any professional reasons why they should not accept the audit assignment. This is known as a professional clearance letter.

Professional reasons not to accept may include.

  • Overdue fees still owing to the previous auditors.
  • Breach of law and regulations discovered by the previous auditors.
  • Disagreements with management during that audit.
  • And a lack of integrity from management which may affect the auditor’s reputation.

It is important to review this feedback to ensure a client is not accepted who may risk causing the audit firm to act unethically or unprofessionally.

This feedback affects confidentiality as it is discussing client information with the third party. Therefore, permission is needed from the client to write to the previous auditors and the previous auditors must also get permission in order to respond.

If permission is not given, it is unlikely that an audit firm would feel comfortable continuing with this assignment.

  • Auditor considerations.

Auditors must review the time needed, the skills required, and the fee.

The audit firm must ensure it is practical to take on an audit client. Audit firms must ensure that they have the time to complete the audit work properly.

if they already have a terribly busy time of year where a lot of their clients have the same year end, it would not be sensible to take on another client with the same year end and therefore similar deadlines to other clients. This may affect the quality of building work provided.

They must also ensure that they are able to complete the audit work competently. Just because an auditor can audit one type of business, it does not mean they have the skills to audit them all. Therefore, they must ensure they have the necessary skills and experience to deal with every client.

The fees should also be considered. Fees must be based on the amount of work expected from a client. Any contingent fee should not be accepted. The risk of nonpayment should also be considered by the audit firm.

  • Audit risk considerations.

While the auditors may not yet have access to all books and records, it is important to identify any issues that may indicate audit risk is high.

Audit risk is the risk of the auditor giving an inappropriate opinion, and this risk should always be kept to an acceptable level. If there are indications that there is an unacceptable level of audit risk associated with the client and the audit assignment should not be accepted.

  • Ethical considerations.

The auditors need to ensure they maintain their ethical standards so as not to affect their reputation or the reputation of the profession.

At the acceptance stage, they must identify if there are any potential conflicts of interest with existing clients. If they are both clients need to be made aware, and if they are both happy to continue being audited by the same audit firm, then appropriate safeguards for confidentiality must be implemented.

The auditors must also identify any potential threats to objectivity. These are.

  • Self-interest.
  • Self-review.
  • Familiarity.
  • Advocacy.
  • And intimidation.

Again, any threats must be identified, and they must consider if they can be managed. If not, the assignment should not be accepted. Based on all of these issues, a decision is then made as to whether they should accept or reject the client.

If the risks are too high, being associated with the client, then they should reject.

If they accept the auditors, then move on to the next stage of the audit process, the engagement letter.

I hope you found this article useful. Thank you.

INTERNAL AUDITORS

INTERNAL AUDITORS

This article will cover internal auditors and how they impact on an external audit. To fully understand this, we are going to cover.

  • The internal auditor’s role.
  • The key differences between an internal and external auditor.
  • How the external auditor can rely on the work of an internal auditor.
  • Who requires an internal auditor?
  • And outsourcing the internal audit function to an audit firm.

The internal auditor’s role.

The internal auditor’s role can vary depending on the requirements of the entity. They can cover a broad range of activities. Their main aim is to advise management. The internal audit team usually work within and report to the management of the entity.

The expected role of an internal auditor includes.

The review of control activities.

This would be a review of the control systems within the entity that would highlight any control deficiencies that may need to be addressed. This will assist in reducing the risk of fraud and error.

To examine the timeliness of control information.

This will enable management to react appropriately to information received from their systems. The internal auditor will regularly review systems and ensure issues are reported.

Value for money audits.

This is to identify whether a decision is appropriate for the organization. This could include a new product service, or even whether to go ahead with a new supplier.

They will review the three E’s.

  • The economy, the best price.
  • The efficiency, the best use of resources.
  • And effectiveness, the best result to help decide whether to go ahead with the plan.

Identifying business risks.

Internal auditors are best placed when reviewing the entity and its control systems to identify potential risks to the company. They will then report these to management and recommend how the entity can reduce that risk. They will examine compliance. Again, they have the expertise to identify noncompliance of laws and regulations. They can report these to management and assess how they be avoided in the future.

Support the audit committee.

The audit Committee is a group of non-executive directors who manage external and internal auditors. If internal auditors report to this committee, they improve independence from the board and also very often improve the effectiveness of decisions made of their work.

Finally, they complete special investigations requested by the entity management.

This can include fraud investigations, mystery shopper reviews, inventory counts and asset inspections. Each of these investigations will assist the management in improving the organization.

The key differences between an internal and external auditor.

It is worth noting that internal and external auditors have some key differences. These are.

  • Independence.
  • Scope of work.
  • Objective.
  • Reporting.
  • Appointment and removal.
  • And whether they are a legal requirement.

Independence.

  • External auditors must be independent for them to form an opinion that will be trusted by the users of the financial statements.
  • Internal auditors, however, work within the organization and often report directly to the directors. They therefore are not independent from the entity, and they lack objectivity when performing their work.

Scope of work.

  • The scope of detail of what these auditors do is also different. The external auditor plans and performs audit procedures on the control systems and the transactions and balances within the financial statements. This identifies whether the financial statements are true and fair.
  • Internal auditors, as we have already seen, covered many areas looking at the systems and controls used by the entity. The amount of work will depend on the requirements of management.

The objective.

  • The objective of the external auditor is to form an independent opinion on whether the financial statements are true and fair. This is provided in a written report at the end of the audit process.
  • The objective of an internal auditor is to advise management and improve the control systems.

Reporting.  

  • External auditors report to the shareholders of the entity.
  • internal auditors report to the directors or the Audit Committee, if available.
  • External auditors are appointed and removed by the shareholders. This is done by vote, usually at the AGM.
  • Internal auditors are appointed and removed by the Board of Directors or the Audit Committee, if available.

Legal requirement.

  • An external audit is required by law. There may be exemptions, for example, in the UK there is a small company exemption which allows smaller companies to not carry out an audit, but all medium to large sized companies will need one.
  • Internal audits are not required by law. They are recommended by corporate governance to ensure sound control systems.

How can the external auditor rely on the work of an internal auditor?

External auditors may be able to use some of the work that an internal auditor produces. For example, the review of control systems to highlight deficiencies and testing of control systems is something that the external auditor carries out as part of their audit work.

It may be possible to use some of this work with permission so that they can then concentrate on other more complex areas of the audit.

Before they decide whether they can use the work of the internal auditor, they must consider how reliable it is.

Considerations would be.

The scope of work.

  • They would address, how much detail has gone into the work as external auditors must provide reasonable assurance on the work they carry out.

The technical competence.

  • They would need to review the experience and qualifications of the internal audit team.

The report quality.

  • They would need to identify it, whether there is enough written evidence to ensure it, forms sufficient appropriate evidence for the audit.

Independence.

  • If the internal auditors report to the audit Committee, this would improve independence and also how reliable they would be for the external auditor.

Based on what we have just mentioned, the external auditor would then decide whether they can use some of the internal auditors work as evidence.

Who requires an internal auditor?

Not all companies require an internal auditor. For example, if the company has simple systems, is small in size, and only one location, there is very little need to have the internal auditors support the organization.

There are some indicators of requiring an internal audit function, including.

  • If the company is large.
  • If it has complex systems and regulations that must be followed.
  • If it is listed on the Stock Exchange.
  • If it has been known to have problems, for example, fraud or internal control deficiencies that lead to fraud and error.

Each organization must decide whether an internal audit function would benefit them and fit in the plans for their future.

If an entity would benefit from an internal audit department, but it is not prepared to have a full-time employee internal audit function, they may outsource.

Audit firms have the expertise to take on the role of an internal auditor for the organization.

Many have internal audit departments with dedicated staff who work on assignments for these clients and assist the management with the role of the internal auditor.

This setup has many advantages and disadvantages.

The advantages are.

  • It can be cost effective as using an external audit firm to take on a short-term assignment would be cheaper than having an employed internal auditor or internal audit team.
  • This option also removes employment costs such as recruitment and tax.
  • Audit firms may have more specialized skills from the experience they gained with other clients. This means the company may benefit more from the work completed by an outsourced function.
  • This option increases independence for the internal auditor. If the internal auditor is not employed by the management and working full time, then their work may be seen as more reliable.
  • It reduces the burden of having a department to manage. It will allow them to focus on more important areas.

The disadvantages of an outsourced internal audit function are.

  • They may lack the knowledge of the business to fully understand the whole operation. This may lead to them misinterpreting something incorrectly.
  • They can be expensive thanks to the generous charge out rates issued by the audit firm. Therefore, long term use may become less cost effective.
  • They may not be available immediately. Due to other responsibilities, they may not be ready for the client when they need them, leading to delays in decisions.
  • There is a possible conflict of interest if the audit firm carries out the external audit. Many countries will not allow this. For example, in the UK, ethical standards stop external auditors being the internal auditors if they are to place much reliance on the work during the external audit.

We have covered lots of areas relating to our internal auditor. You should now understand.

  • The varied role of an internal auditor.
  • How they differ from an external auditor.
  • How the external auditor can often place reliance on the work of the internal auditor as evidence and what they must consider before they do this.
  • When an internal auditor is beneficial for an organization.
  • And how outsourcing the internal audit function to an audit firm works and what are the key advantages and disadvantages.

I hope you found this article useful. Thank you.

Who requires an internal auditor?

Who requires an internal auditor?

Not all companies require an internal auditor. For example, if the company has simple systems, is small in size, and only one location, there is very little need to have the internal auditors support the organization.

There are some indicators of requiring an internal audit function, including.

  • If the company is large.
  • If it has complex systems and regulations that must be followed.
  • If it is listed on the Stock Exchange.
  • If it has been known to have problems, for example, fraud or internal control deficiencies that lead to fraud and error.

Each organization must decide whether an internal audit function would benefit them and fit in the plans for their future.

If an entity would benefit from an internal audit department, but it is not prepared to have a full-time employee internal audit function, they may outsource.

Audit firms have the expertise to take on the role of an internal auditor for the organization.

Many have internal audit departments with dedicated staff who work on assignments for these clients and assist the management with the role of the internal auditor.

This setup has many advantages and disadvantages.

The advantages are.

  • It can be cost effective as using an external audit firm to take on a short-term assignment would be cheaper than having an employed internal auditor or internal audit team.
  • This option also removes employment costs such as recruitment and tax.
  • Audit firms may have more specialized skills from the experience they gained with other clients. This means the company may benefit more from the work completed by an outsourced function.
  • This option increases independence for the internal auditor. If the internal auditor is not employed by the management and working full time, then their work may be seen as more reliable.
  • It reduces the burden of having a department to manage. It will allow them to focus on more important areas.

The disadvantages of an outsourced internal audit function are.

  • They may lack the knowledge of the business to fully understand the whole operation. This may lead to them misinterpreting something incorrectly.
  • They can be expensive thanks to the generous charge out rates issued by the audit firm. Therefore, long term use may become less cost effective.
  • They may not be available immediately. Due to other responsibilities, they may not be ready for the client when they need them, leading to delays in decisions.
  • There is a possible conflict of interest if the audit firm carries out the external audit. Many countries will not allow this. For example, in the UK, ethical standards stop external auditors being the internal auditors if they are to place much reliance on the work during the external audit.

We have covered lots of areas relating to our internal auditor. You should now understand.

  • The varied role of an internal auditor.
  • How they differ from an external auditor.
  • How the external auditor can often place reliance on the work of the internal auditor as evidence and what they must consider before they do this.
  • When an internal auditor is beneficial for an organization.
  • And how outsourcing the internal audit function to an audit firm works and what are the key advantages and disadvantages.

I hope you found this article useful. Thank you.

How can the external auditor rely on the work of an internal auditor?

How can the external auditor rely on the work of an internal auditor?

External auditors may be able to use some of the work that an internal auditor produces. For example, the review of control systems to highlight deficiencies and testing of control systems is something that the external auditor carries out as part of their audit work.

It may be possible to use some of this work with permission so that they can then concentrate on other more complex areas of the audit.

Before they decide whether they can use the work of the internal auditor, they must consider how reliable it is.

Considerations would be.

The scope of work.

  • They would address, how much detail has gone into the work as external auditors must provide reasonable assurance on the work they carry out.

The technical competence.

  • They would need to review the experience and qualifications of the internal audit team.

The report quality.

  • They would need to identify it, whether there is enough written evidence to ensure it, forms sufficient appropriate evidence for the audit.

Independence.

  • If the internal auditors report to the audit Committee, this would improve independence and also how reliable they would be for the external auditor.

Based on what we have just mentioned, the external auditor would then decide whether they can use some of the internal auditors work as evidence.

I hope you found this article useful. Thank you.

DIFFERENCES BETWEEN AN INTERNAL AND EXTERNAL AUDIT

The key differences between an internal and external auditor.

It is worth noting that internal and external auditors have some key differences. These are.

  • Independence.
  • Scope of work.
  • Objective.
  • Reporting.
  • Appointment and removal.
  • And whether they are a legal requirement.

Independence.

  • External auditors must be independent for them to form an opinion that will be trusted by the users of the financial statements.
  • Internal auditors, however, work within the organization and often report directly to the directors. They therefore are not independent from the entity, and they lack objectivity when performing their work.

Scope of work.

  • The scope of detail of what these auditors do is also different. The external auditor plans and performs audit procedures on the control systems and the transactions and balances within the financial statements. This identifies whether the financial statements are true and fair.
  • Internal auditors, as we have already seen, covered many areas looking at the systems and controls used by the entity. The amount of work will depend on the requirements of management.

The objective.

  • The objective of the external auditor is to form an independent opinion on whether the financial statements are true and fair. This is provided in a written report at the end of the audit process.
  • The objective of an internal auditor is to advise management and improve the control systems.

Reporting.  

  • External auditors report to the shareholders of the entity.
  • internal auditors report to the directors or the Audit Committee, if available.
  • External auditors are appointed and removed by the shareholders. This is done by vote, usually at the AGM.
  • Internal auditors are appointed and removed by the Board of Directors or the Audit Committee, if available.

Legal requirement.

  • An external audit is required by law. There may be exemptions, for example, in the UK there is a small company exemption which allows smaller companies to not carry out an audit, but all medium to large sized companies will need one.
  • Internal audits are not required by law. They are recommended by corporate governance to ensure sound control systems.

I hope you found this article useful. Thank you.

Create your website with WordPress.com
Get started