Relevant to ACCA Qualification Paper P7 When considering the reporting ‘outputs’ of an audit of historical financial information, attention is usually focused on the report issued by the auditors to shareholders, which contains the audit opinion. However, there is another important reporting ‘output’ produced as a result of the audit process – the auditor’s communication to those charged with governance. This short article outlines the main features of this communication and summarises the requirements of ISA 260, Communication of Audit Matters With Those Charged With Governance, and the UK equivalent, ISA 260 (UK and Ireland), Communication of Audit Matters With Those Charged With Governance. Auditors are required by ISA 260 to communicate audit matters of governance interest to those charged with governance. It is important that those charged with governance have an understanding of all significant issues that have arisen from the audit process. Relevant personsThe first step is to consider to whom the communication should be directed. ISA 260 does not specify this exactly, but states that ‘governance is the term used to describe the role of persons entrusted with the supervision, control and direction of an entity’. This implies that the communication should be with the highest level of management, including the executive and non-executive directors, and the audit committee, where relevant. The identity of the relevant person(s) to whom the communication will be addressed may be clarified in the engagement letter. Matters to be communicated In the second step, the auditor should consider the type of issues that should be communicated. ISA 260 provides some guidance as to the matters which ordinarily could be incorporated in the communication, including:
All of the above are referred to as ‘findings from the audit’ (also often called ‘management letter points’). The reason for communicating such matters is to ensure that the auditors have brought them to the attention of the people responsible for the accounting and financial reporting function of the entity. Those responsible can then discuss the matters and decide any actions that need to be taken in respect of them. For example, if the management of the entity was totally unaware of the matters regarding control weaknesses, it then has the opportunity to implement corrective action. It could also be the case that the management lacks technical knowledge; for example, it may not be appreciated that a specific accounting policy is in breach of acceptable accounting practice. Again, armed with information from the auditor, management can then resolve the problem by deciding on a new accounting policy. It is important that material errors found in the financial statements are highlighted to management; if they are left uncorrected, the audit opinion will be modified. Management must be made aware of this and given the opportunity to correct the financial statements if necessary, in order to avoid a modified audit report. Other relevant matters to be communicated The communication to those charged with governance should not just contain findings from the audit, but should cover the range of issues related to the audit, which the auditor may want to raise with management. Such matters may include:
The timing and form of communication ISA 260 discusses the various forms that the communication should take. In most cases, the communication will be in writing, and in the UK and Ireland this is a requirement of the standard. A communication should be issued even if there are no matters that the auditor wishes to bring to the attention of those charged with governance, stating that there are no significant findings from the audit to be communicated. Outside the UK and Ireland, the communication could be made orally. In this situation, it is important that the auditor has a written record within the audit working papers of the discussion of significant matters with management. Whichever method is used to formally communicate the matters, oral or written, the process should be seen as a two-way dialogue. Management should have the opportunity to respond to the auditor regarding the matters raised. ConclusionThe communication with those charged with governance should be viewed as a crucial reporting ‘output’ of the audit. It allows management to be informed of significant matters arising from the audit process, and allows management the chance to respond to the auditor regarding these matters, and to take action to improve the accounting and financial reporting function of the entity. Written by a member of the Paper P7 examining team Communications with Those Charged with Governance Matters that the auditor may consider communicating with those charged with governance with respect to the auditor’s views about significant qualitative aspects of the entity’s accounting practices related to accounting estimates and related disclosures include:
CONFORMING AND CONSEQUENTIAL AMENDMENTS TO OTHER INTERNATIONAL STANDARDS Note: The following are conforming amendments to other International Standards as a result of the approval of ISA 540 (Revised). These amendments will become effective at the same time as ISA 540 (Revised), and are shown with marked changes from the latest approved versions of the International Standards that are amended. The footnote numbers within these amendments do not align with the International Standards that are amended, and reference should be made to those International Standards. These conforming amendments have received the approval of the PIOB which concluded that due process was followed in the development of the conforming amendments and that proper regard was paid to the public interest. ISA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With International Standards on Auditing Application and Other Explanatory Material Sufficient Appropriate Audit Evidence and Audit Risk (Ref: Para. 5 and 17) Audit Risk Risks of Material Misstatement A42. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made. The ISAs do not ordinarily refer to inherent risk and control risk separately, but rather to a combined assessment of the “risks of material misstatement.” However, ISA 540 (Revised)68 requires a separate assessment of inherent risk and control risk to provide a basis for designing and performing further audit procedures to respond to the assessed risks of material misstatement, including significant risks, for accounting estimates at the assertion level in accordance with ISA 33069. In identifying and assessing risks of material misstatement for significant classes of transactions, account balances or disclosures other than accounting estimates, the auditor may make separate or combined assessments of inherent and control risk depending on preferred audit techniques or methodologies and practical considerations. The assessment of the risks of material misstatement may be expressed in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditor to make appropriate risk assessments is more important than the different approaches by which they may be made. 68 ISA 540 (Revised), Auditing Accounting Estimates and Disclosures, paragraph 16 ISA 230, Audit Documentation Requirements Documentation of the Audit Procedures Performed and Audit Evidence Obtained Form, Content and Extent of Audit Documentation 8. The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand: (Ref: Para. A2–A5, A16–A17)
Application and Other Explanatory Material Documentation of the Audit Procedures Performed and Audit Evidence Obtained Form, Content and Extent of Audit Documentation (Ref: Para. 8) Documentation of Compliance with ISAs (Ref: Para. 8(a)) A7. Audit documentation provides evidence that the audit complies with the ISAs. However, it is neither necessary nor practicable for the auditor to document every matter considered, or professional judgment made, in an audit. Further, it is unnecessary for the auditor to document separately (as in a checklist, for example) compliance with matters for which compliance is demonstrated by documents included within the audit file. For example:
Documentation of Significant Matters and Related Significant Professional Judgments (Ref: Para. 8(c)) A10. Some examples of circumstances in which, in accordance with paragraph 8, it is appropriate to prepare audit documentation relating to the use of professional judgment include, where the matters and judgments are significant:
70 ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment, paragraph 10 Appendix (Ref: Para 1) Specific Audit Documentation Requirements in Other ISAs
ISA 240, The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements Application and Other Explanatory Material Responses to the Assessed Risks of Material Misstatement Due to Fraud Accounting Estimates (Ref: Para. 33(b)) A48. A retrospective review is also required by ISA 540 (Revised). That review is conducted as a risk assessment procedure to obtain information regarding the effectiveness of management’s previous prior period estimation process accounting estimates, audit evidence about the outcome, or where applicable, their subsequent re-estimationof prior period accounting estimates that is pertinent to making to assist in identifying and assessing the risks of material misstatement in the current period , and audit evidence of matters, such as estimation uncertainty, that may be required to be disclosed in the financial statements. As a practical matter, the auditor’s review of management judgments and assumptions for biases that could represent a risk of material misstatement due to fraud in accordance with this ISA may be carried out in conjunction with the review required by ISA 540 (Revised).ISA 260 (Revised), Communication with Those Charged with Governance Application and Other Explanatory Material Matters to Be Communicated Significant Findings from the Audit (Ref: Para. 16) Significant Qualitative Aspects of Accounting Practices (Ref: Para. 16(a)) A19. Financial reporting frameworks ordinarily allow for the entity to make accounting estimates, and judgments about accounting policies and financial statement disclosures, for example, in relation to the use of assumptions in the development of accounting estimates for which there is significant measurement uncertainty . In addition, law, regulation or financial reporting frameworks may require disclosure of a summary of significant accounting policies or make reference to “critical accounting estimates” or “critical accounting policies and practices” to identify and provide additional information to users about the most difficult, subjective or complex judgments made by management in preparing the financial statements.A20. As a result, the auditor’s views on the subjective aspects of the financial statements may be particularly relevant to those charged with governance in discharging their responsibilities for oversight of the financial reporting process. For example, in relation to the matters described in paragraph A19, those charged with governance may be interested in the auditor’s evaluation of the adequacy of disclosures of the estimation uncertainty relating to accounting estimates that give rise to significant risks. views on the degree to which complexity, subjectivity or other inherent risk factors affect the selection or application of the methods, assumptions and data used in making a significant accounting estimate, as well as the auditor’s evaluation of whether management’s point estimate and related disclosures in the financial statements are reasonable in the context of the applicable financial reporting framework. Open and constructive communication about significant qualitative aspects of the entity’s accounting practices also may include comment on the acceptability of significant accounting practices and on the quality of the disclosures. When applicable, this may include whether a significant accounting practice of the entity relating to accounting estimates is considered by the auditor not to be most appropriate to the particular circumstances of the entity, for example, when an alternative acceptable method for making an accounting estimate would, in the auditor’s judgment, be more appropriate. Appendix 2 identifies matters that may be included in this communication.Appendix 1 (Ref: Para. 3) Specific Requirements in ISQC 1 and Other ISAs that Refer to Communications with Those Charged With Governance This appendix identifies paragraphs in ISQC 172 and other ISAs that require communication of specific matters with those charged with governance. The list is not a substitute for considering the requirements and related application and other explanatory material in ISAs.
72 ISQC 1, Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements Appendix 2 (Ref: Para. 16(a), A19–A20) Qualitative Aspects of Accounting Practices The communication required by paragraph 16(a), and discussed in paragraphs A19–A20, may include such matters as: Accounting Estimates and Related Disclosures For items for which estimates are significant, issues discussed in ISA 54073, including, for example: Appendix 2 of ISA 540 (Revised) includes matters that the auditor may consider communicating with respect to significant qualitative aspects of the entity’s accounting practices related to accounting estimates and related disclosures.
73 ISA 540, Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures ISA 500, Audit Evidence Introduction Scope of this ISA 1. This International Standard on Auditing (ISA) explains what constitutes audit evidence in an audit of financial statements, and deals with the auditor’s responsibility todesign and perform audit procedures toobtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. 2. This ISA is applicable to all the audit evidence obtained during the course of the audit. Other ISAs deal with specific aspects of the audit (for example, ISA 315 (Revised)74), the audit evidence to be obtained in relation to a particular topic (for example, ISA 570 (Revised)75), specific procedures to obtain audit evidence (for example, ISA 52076), and the evaluation of whether sufficient appropriate audit evidence has been obtained (ISA 20077 and ISA 33078). 74 ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment Effective Date 3. This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009. Objective 4. The objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. Definitions 5. For purposes of the ISAs, the following terms have the meanings attributed below:
79 ISA 402, Audit Considerations Relating to an Entity Using a Service Organization, paragraph 8 Requirements Sufficient Appropriate Audit Evidence 6. The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. (Ref: Para. A1-A25) Information to Be Used as Audit Evidence 7. When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence, including information obtained from an external information source. (Ref: Para. A26-A34f) 8. If information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes: (Ref: Para. A35–A37)
9. When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor’s purposes, including, as necessary in the circumstances: Obtaining audit evidence about the accuracy and completeness of the information; and (Ref: Para. A50-A51) Evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes.(Ref: Para. A52) Selecting Items for Testing to Obtain Audit Evidence 10. When designing tests of controls and tests of details, the auditor shall determine means of selecting items for testing that are effective in meeting the purpose of the audit procedure. (Ref: Para. A53-A57) Inconsistency in, or Doubts over Reliability of, Audit Evidence 11. If:
the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if any, on other aspects of the audit. (Ref: Para. A58) Application and Other Explanatory Material External Information Source (Ref: Para 5(cA)) A1a. External information sources may include pricing services, governmental organizations, central banks or recognized stock exchanges. Examples of information that may be obtained from external information sources include:
A1b. A particular set of information is more likely to be suitable for use by a broad range of users and less likely to be subject to influence by any particular user if the external individual or organization provides it to the public for free, or makes it available to a wide range of users in return for payment of a fee. Judgment may be required in determining whether the information is suitable for use by a broad range of users, taking into account the ability of the entity to influence the external information source. A1c. An external individual or organization cannot, in respect of any particular set of information, be both an external information source and a management’s expert, or service organization or auditor’s expert. A1d. However, an external individual or organization may, for example, be acting as a management’s expert when providing a particular set of information, but may be acting as an external information source when providing a different set of information. In some circumstances, professional judgment may be needed to determine whether an external individual or organization is acting as an external information source or as a management’s expert with respect to a particular set of information. In other circumstances, the distinction may be clear. For example:
81 International Financial Reporting Standards 7 (IFRS), Financial Instruments: Disclosures Sufficient Appropriate Audit Evidence (Ref: Para. 6) A1. Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It may, however, also include information obtained from other sources such as previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit82) or a firm’s quality control procedures for client acceptance and continuance. In addition to other sources inside and outside the entity , the entity’s accounting records and other sources internal to the entity are important source of audit evidence. Information that may be used as audit evidence may have been prepared using the work of a management’s expert or be obtained from an external information source. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. In addition, in some cases the absence of information (for example, management’s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidenceA2. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. Audit procedures to obtain audit evidence can include inspection, observation, confirmation, recalculation, reperformance, and analytical procedures, often in some combination, in addition to inquiry. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. A3. As explained in ISA 20083, reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. A4. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. A5. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. A6. ISA 330 requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained84. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. ISA 200 contains discussion of such matters as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost, which are relevant factors when the auditor exercises professional judgment regarding whether sufficient appropriate audit evidence has been obtained. Sources of Audit Evidence A7. Some audit evidence is obtained by performing audit procedures to test the accounting records, for example, through analysis and review, reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree to the financial statements. A8. More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. A9. Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from third parties and information from an external information source, including analysts’ reports, and comparable data about competitors (benchmarking data). Audit Procedures for Obtaining Audit Evidence A10. As required by, and explained further in, ISA 315 (Revised) and ISA 330, audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing:
A11. The audit procedures described in paragraphs A14-A25 below may be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. As explained in ISA 330, audit evidence obtained from previous audits may, in certain circumstances, provide appropriate audit evidence where the auditor performs audit procedures to establish its continuing relevance85. A12. The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference. A13. Certain electronic information may not be retrievable after a specified period of time, for example, if files are changed and if backup files do not exist. Accordingly, the auditor may find it necessary as a result of an entity’s data retention policies to request retention of some information for the auditor’s review or to perform audit procedures at a time when the information is available. Inspection A14. Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorization. A15. Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity’s application of accounting policies, such as revenue recognition. A16. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets. Inspection of individual inventory items may accompany the observation of inventory counting. Observation A17. Observation consists of looking at a process or procedure being performed by others, for example, the auditor’s observation of inventory counting by the entity’s personnel, or of the performance of control activities. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place, and by the fact that the act of being observed may affect how the process or procedure is performed. See ISA 501 for further guidance on observation of the counting of inventory86. External Confirmation A18. An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. External confirmation procedures frequently are relevant when addressing assertions associated with certain account balances and their elements. However, external confirmations need not be restricted to account balances only. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties; the confirmation request may be designed to ask if any modifications have been made to the agreement and, if so, what the relevant details are. External confirmation procedures also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of a “side agreement” that may influence revenue recognition. See ISA 505 for further guidance87. Recalculation A19. Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically. Reperformance A20. Reperformance involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. Analytical Procedures A21. Analytical procedures consist of evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. See ISA 520 for further guidance. Inquiry A22. Inquiry consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity. Inquiry is used extensively throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. A23. Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that differs significantly from other information that the auditor has obtained, for example, information regarding the possibility of management override of controls. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures. A24. Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management’s intent may be limited. In these cases, understanding management’s past history of carrying out its stated intentions, management’s stated reasons for choosing a particular course of action, and management’s ability to pursue a specific course of action may provide relevant information to corroborate the evidence obtained through inquiry. A25. In respect of some matters, the auditor may consider it necessary to obtain written representations from management and, where appropriate, those charged with governance to confirm responses to oral inquiries. See ISA 580 for further guidance88. 82 ISA 315 (Revised), paragraph 9 Information to Be Used as Audit Evidence Relevance and Reliability (Ref: Para. 7) A26. As noted in paragraph A1, while audit evidence is primarily obtained from audit procedures performed during the course of the audit, it may also include information obtained from other sources such as, for example, previous audits, in certain circumstances, a firm’s quality control procedures for client acceptance and continuance and complying with certain additional responsibilities under law, regulation or relevant ethical requirements (e.g., regarding an entity’s non-compliance with laws and regulations). The quality of all audit evidence is affected by the relevance and reliability of the information upon which it is based. Relevance A27. Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing. For example, if the purpose of an audit procedure is to test for overstatement in the existence or valuation of accounts payable, testing the recorded accounts payable may be a relevant audit procedure. On the other hand, when testing for understatement in the existence or valuation of accounts payable, testing the recorded accounts payable would not be relevant, but testing such information as subsequent disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may be relevant. A28. A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation, but not necessarily cutoff. Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion, for example, the valuation of that inventory. On the other hand, audit evidence from different sources or of a different nature may often be relevant to the same assertion. A29. Tests of controls are designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. Designing tests of controls to obtain relevant audit evidence includes identifying conditions (characteristics or attributes) that indicate performance of a control, and deviation conditions which indicate departures from adequate performance. The presence or absence of those conditions can then be tested by the auditor. A30. Substantive procedures are designed to detect material misstatements at the assertion level. They comprise tests of details and substantive analytical procedures. Designing substantive procedures includes identifying conditions relevant to the purpose of the test that constitute a misstatement in the relevant assertion. Reliability A31. The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalizations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, information obtained from a source independent of the entity may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
A32. ISA 520 provides further guidance regarding the reliability of data used for purposes of designing analytical procedures as substantive procedures89. A33. ISA 240 deals with circumstances where the auditor has reason to believe that a document may not be authentic, or may have been modified without that modification having been disclosed to the auditor90. A34. ISA 250 (Revised)91 provides further guidance with respect to the auditor complying with any additional responsibilities under law, regulation or relevant ethical requirements regarding an entity’s identified or suspected non-compliance with laws and regulations that may provide further information that is relevant to the auditor’s work in accordance with ISAs and evaluating the implications of such non-compliance in relation to other aspects of the audit. External Information Sources A34a. The auditor is required by paragraph 7 to consider the relevance and reliability of information obtained from an external information source that is to be used as audit evidence, regardless of whether that information has been used by the entity in preparing the financial statements or obtained by the auditor. For information obtained from an external information source, that consideration may, in certain cases, include audit evidence about the external information source or the preparation of the information by the external information source, obtained through designing and performing further audit procedures in accordance with ISA 330 or, where applicable, ISA 540 (Revised)92. A34b. Obtaining an understanding of why management or, when applicable, a management’s expert uses an external information source, and how the relevance and reliability of the information was considered (including its accuracy and completeness), may help to inform the auditor's consideration of the relevance and reliability of that information. A34c. The following factors may be important when considering the relevance and reliability of information obtained from an external information source, including its accuracy and completeness, taking into account that some of these factors may only be relevant when the information has been used by management in preparing the financial statements or has been obtained by the auditor:
A34d. The nature and extent of the auditor’s consideration takes into account the assessed risks of material misstatement at the assertion level to which the use of the external information is relevant, the degree to which the use of that information is relevant to the reasons for the assessed risks of material misstatement and the possibility that the information from the external information source may not be reliable (for example, whether it is from a credible source). Based on the auditor’s consideration of the matters described in paragraph A34a, the auditor may determine that further understanding of the entity and its environment, including its internal control, is needed, in accordance with ISA 315, or that further audit procedures, in accordance with ISA 33093, and ISA 540 (Revised)94 when applicable, are appropriate in the circumstances, to respond to the assessed risks of material misstatement related to the use of information from an external information source. Such procedures may include:
A34e. In some situations, there may be only one provider of certain information, for example, information from a central bank or government, such as an inflation rate, or a single recognized industry body. In such cases, the auditor’s determination of the nature and extent of audit procedures that may be appropriate in the circumstances is influenced by the nature and credibility of the source of the information, the assessed risks of material misstatement to which that external information is relevant, and the degree to which the use of that information is relevant to the reasons for the assessed risk of material misstatement. For example, when the information is from a credible authoritative source, the extent of the auditor’s further audit procedures may be less extensive, such as corroborating the information to the source’s website or published information. In other cases, if a source is not assessed as credible, the auditor may determine that more extensive procedures are appropriate and, in the absence of any alternative independent information source against which to compare, may consider whether performing procedures to obtain information from the external information source, when practical, is appropriate in order to obtain sufficient appropriate audit evidence. A34f. When the auditor does not have a sufficient basis with which to consider the relevance and reliability of information from an external information source, the auditor may have a limitation on scope if sufficient appropriate audit evidence cannot be obtained through alternative procedures. Any imposed limitation on scope is evaluated in accordance with the requirements of ISA 705 (Revised)95. Reliability of Information Produced by a Management’s Expert (Ref: Para. 8) A35. The preparation of an entity’s financial statements may require expertise in a field other than accounting or auditing, such as actuarial calculations, valuations, or engineering data. The entity may employ or engage experts in these fields to obtain the needed expertise to prepare the financial statements. Failure to do so when such expertise is necessary increases the risks of material misstatement. A36. When information to be used as audit evidence has been prepared using the work of a management’s expert, the requirement in paragraph 8 of this ISA applies. For example, an individual or organization may possess expertise in the application of models to estimate the fair value of securities for which there is no observable market. If the individual or organization applies that expertise in making an estimate which the entity uses in preparing its financial statements, the individual or organization is a management’s expert and paragraph 8 applies. If, on the other hand, that individual or organization merely provides price data regarding private transactions not otherwise available to the entity which the entity uses in its own estimation methods, such information, if used as audit evidence, is subject to paragraph 7 of this ISA, but is being information from an external information source and not the use of a management’s expert by the entity. A37. The nature, timing and extent of audit procedures in relation to the requirement in paragraph 8 of this ISA, may be affected by such matters as:
The Competence, Capabilities and Objectivity of a Management’s Expert(Ref: Para. 8(a)) A38. Competence relates to the nature and level of expertise of the management’s expert. Capability relates the ability of the management’s expert to exercise that competence in the circumstances. Factors that influence capability may include, for example, geographic location, and the availability of time and resources. Objectivity relates to the possible effects that bias, conflict of interest or the influence of others may have on the professional or business judgment of the management’s expert. The competence, capabilities and objectivity of a management’s expert, and any controls within the entity over that expert’s work, are important factors in relation to the reliability of any information produced by a management’s expert. A39. Information regarding the competence, capabilities and objectivity of a management’s expert may come from a variety of sources, such as:
A40. Matters relevant to evaluating the competence, capabilities and objectivity of a management’s expert include whether that expert’s work is subject to technical performance standards or other professional or industry requirements, for example, ethical standards and other membership requirements of a professional body or industry association, accreditation standards of a licensing body, or requirements imposed by law or regulation. A41. Other matters that may be relevant include:
A42. A broad range of circumstances may threaten objectivity, for example, self-interest threats, advocacy threats, familiarity threats, self-review threats and intimidation threats. Safeguards may reduce such threats, and may be created either by external structures (for example, the management’s expert’s profession, legislation or regulation), or by the management’s expert’s work environment (for example, quality control policies and procedures). A43. Although safeguards cannot eliminate all threats to a management’s expert’s objectivity, threats such as intimidation threats may be of less significance to an expert engaged by the entity than to an expert employed by the entity, and the effectiveness of safeguards such as quality control policies and procedures may be greater. Because the threat to objectivity created by being an employee of the entity will always be present, an expert employed by the entity cannot ordinarily be regarded as being more likely to be objective than other employees of the entity. A44. When evaluating the objectivity of an expert engaged by the entity, it may be relevant to discuss with management and that expert any interests and relationships that may create threats to the expert’s objectivity, and any applicable safeguards, including any professional requirements that apply to the expert; and to evaluate whether the safeguards are adequate. Interests and relationships creating threats may include:
Obtaining an Understanding of the Work of the Management’s Expert (Ref: Para. 8(b)) A45. An understanding of the work of the management’s expert includes an understanding of the relevant field of expertise. An understanding of the relevant field of expertise may be obtained in conjunction with the auditor’s determination of whether the auditor has the expertise to evaluate the work of the management’s expert, or whether the auditor needs an auditor’s expert for this purpose96. A46. Aspects of the management’s expert’s field relevant to the auditor’s understanding may include:
A47. In the case of a management’s expert engaged by the entity, there will ordinarily be an engagement letter or other written form of agreement between the entity and that expert. Evaluating that agreement when obtaining an understanding of the work of the management’s expert may assist the auditor in determining the appropriateness of the following for the auditor’s purposes:
A48. In the case of a management’s expert employed by the entity, it is less likely there will be a written agreement of this kind. Inquiry of the expert and other members of management may be the most appropriate way for the auditor to obtain the necessary understanding. Evaluating the Appropriateness of the Management’s Expert’s Work (Ref: Para. 8(c)) A49. Considerations when evaluating the appropriateness of the management’s expert’s work as audit evidence for the relevant assertion may include:
Information Produced by the Entity and Used for the Auditor’s Purposes (Ref: Para. 9(a)–(b)) A50. In order for the auditor to obtain reliable audit evidence, information produced by the entity that is used for performing audit procedures needs to be sufficiently complete and accurate. For example, the effectiveness of auditing revenue by applying standard prices to records of sales volume is affected by the accuracy of the price information and the completeness and accuracy of the sales volume data. Similarly, if the auditor intends to test a population (for example, payments) for a certain characteristic (for example, authorization), the results of the test will be less reliable if the population from which items are selected for testing is not complete. A51. Obtaining audit evidence about the accuracy and completeness of such information may be performed concurrently with the actual audit procedure applied to the information when obtaining such audit evidence is an integral part of the audit procedure itself. In other situations, the auditor may have obtained audit evidence of the accuracy and completeness of such information by testing controls over the preparation and maintenance of the information. In some situations, however, the auditor may determine that additional audit procedures are needed. A52. In some cases, the auditor may intend to use information produced by the entity for other audit purposes. For example, the auditor may intend to make use of the entity’s performance measures for the purpose of analytical procedures, or to make use of the entity’s information produced for monitoring activities, such as reports of the internal audit function. In such cases, the appropriateness of the audit evidence obtained is affected by whether the information is sufficiently precise or detailed for the auditor’s purposes. For example, performance measures used by management may not be precise enough to detect material misstatements. 89 ISA 520, paragraph 5(a) Using the Work of an Auditor’s Expert, paragraph 7Selecting Items for Testing to Obtain Audit Evidence (Ref: Para. 10) A53. An effective test provides appropriate audit evidence to an extent that, taken with other audit evidence obtained or to be obtained, will be sufficient for the auditor’s purposes. In selecting items for testing, the auditor is required by paragraph 7 to determine the relevance and reliability of information to be used as audit evidence; the other aspect of effectiveness (sufficiency) is an important consideration in selecting items to test. The means available to the auditor for selecting items for testing are:
The application of any one or combination of these means may be appropriate depending on the particular circumstances, for example, the risks of material misstatement related to the assertion being tested, and the practicality and efficiency of the different means. Selecting All Items A54. The auditor may decide that it will be most appropriate to examine the entire population of items that make up a class of transactions or account balance (or a stratum within that population). 100% examination is unlikely in the case of tests of controls; however, it is more common for tests of details. 100% examination may be appropriate when, for example:
Selecting Specific Items A55. The auditor may decide to select specific items from a population. In making this decision, factors that may be relevant include the auditor’s understanding of the entity, the assessed risks of material misstatement, and the characteristics of the population being tested. The judgmental selection of specific items is subject to non-sampling risk. Specific items selected may include:
A56. While selective examination of specific items from a class of transactions or account balance will often be an efficient means of obtaining audit evidence, it does not constitute audit sampling. The results of audit procedures applied to items selected in this way cannot be projected to the entire population; accordingly, selective examination of specific items does not provide audit evidence concerning the remainder of the population. Audit Sampling A57. Audit sampling is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it. Audit sampling is discussed in ISA 53097. 97 ISA 530, Audit Sampling Inconsistency in, or Doubts over Reliability of, Audit Evidence (Ref: Para. 11) A58. Obtaining audit evidence from different sources or of a different nature may indicate that an individual item of audit evidence is not reliable, such as when audit evidence obtained from one source is inconsistent with that obtained from another. This may be the case when, for example, responses to inquiries of management, internal auditors, and others are inconsistent, or when responses to inquiries of those charged with governance made to corroborate the responses to inquiries of management are inconsistent with the response by management. ISA 230 includes a specific documentation requirement if the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter98. 98 ISA 230, Audit Documentation, paragraph 11 ISA 580, Written Representations Appendix 1 (Ref: Para. 2) List of ISAs Containing Requirements for Written Representations This appendix identifies paragraphs in other ISAs that require subject-matter specific written representations. The list is not a substitute for considering the requirements and related application and other explanatory material in ISAs.
Appendix 2 (Ref: Para. A21) Illustrative Representation Letter The following illustrative letter includes written representations that are required by this and other ISAs. It is assumed in this illustration that the applicable financial reporting framework is International Financial Reporting Standards; the requirement of ISA 570 (Revised)99 to obtain a written representation is not relevant; and that there are no exceptions to the requested written representations. If there were exceptions, the representations would need to be modified to reflect the exceptions. (Entity Letterhead) (Date) (To Auditor) This representation letter is provided in connection with your audit of the financial statements of ABC Company for the year ended December 31, 20XX100 for the purpose of expressing an opinion as to whether the financial statements are presented fairly, in all material respects, (or give a true and fair view) in accordance with International Financial Reporting Standards. We confirm that (, to the best of our knowledge and belief, having made such inquiries as we considered necessary for the purpose of appropriately informing ourselves): Financial Statements We have fulfilled our responsibilities, as set out in the terms of the audit engagement dated [insert date], for the preparation of the financial statements in accordance with International Financial Reporting Standards; in particular the financial statements are fairly presented (or give a true and fair view) in accordance therewith. Significant The methods, the data, and the significant assumptions used in making accounting estimates, including those measured at fair value, and their related disclosures are appropriate to achieve recognition, measurement or disclosure that is reasonable in the context of the applicable financial reporting framework. (ISA 540 (Revised)) 99 ISA 570 (Revised), Going Concern ISA 700 (Revised), Forming an Opinion and Reporting on Financial Statements Requirements Forming an Opinion on the Financial Statements 13. In particular, the auditor shall evaluate whether, in view of the requirements of the applicable financial reporting framework:
ISA 701, Communicating Key Audit Matters in the Independent Auditor’s Report Requirements Determining Key Audit Matters 9. The auditor shall determine, from the matters communicated with those charged with governance, those matters that required significant auditor attention in performing the audit. In making this determination, the auditor shall take into account the following: (Ref: Para. A9–A18)
Application and Other Explanatory Material Determining Key Audit Matters (Ref: Para. 9–10) Considerations in Determining Those Matters that Required Significant Auditor Attention (Ref: Para. 9) Significant Auditor Judgments Relating to Areas in the Financial Statements that Involved Significant Management Judgment, Including Accounting Estimates that Have Been Identified as Having Are Subject to a High Degree of Estimation Uncertainty (Ref: Para. 9(b))ISA 260 (Revised) requires the auditor to communicate with those charged with governance the auditor’s views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures101. In many cases, this relates to critical accounting estimates and related disclosures, which are likely to be areas of significant auditor attention, and also may be identified as significant risks. However, users of the financial statements have highlighted their interest in accounting estimates that are subject to a been identified as having high degree of estimation uncertainty (see ISA 540 (Revised)102) that may have not been determined to be significant risks. Among other things, such estimates are highly dependent on management judgment and are often the most complex areas of the financial statements, and may require the involvement of both a management’s expert and an auditor’s expert. Users have also highlighted that accounting policies that have a significant effect on the financial statements (and significant changes to those policies) are relevant to their understanding of the financial statements, especially in circumstances where an entity’s practices are not consistent with others in its industry.101 ISA 260 (Revised), paragraph 16(a) , Including Fair Value Accounting Estimates, and Related Disclosures. |