Professional Documents
Culture Documents
IPFMAA - Workbook 1 2019 Final PDF
IPFMAA - Workbook 1 2019 Final PDF
IPFMAA - Workbook 1 2019 Final PDF
AUDIT FRAMEWORKS
WORKBOOK 1
Updated 2018
Valid for exams from June 2019 to March 2020
1
Audit and assurance
2
1: Audit frameworks
Table of contents
The syllabus............................................................................ 5
Learning outcomes and content ................................................. 5
1 Introduction to Workbook 1 .................................................... 6
1.1 Audit Frameworks ........................................................... 6
1.2 Topic diagram ................................................................ 6
1.3 Assurance engagements .................................................. 7
1.3.1 What is assurance? .................................................... 7
1.3.2 What is an assurance engagement? ............................. 8
1.3.3 The parties involved .................................................. 8
1.3.4 The nature of the work ............................................... 9
1.3.5 External audit .......................................................... 10
1.3.6 Internal audit........................................................... 11
1.4 Levels of assurance and the concept of reasonable assurance
.................................................................................. 12
1.4.1 Reasonable assurance ............................................... 12
1.4.2 Limited assurance .................................................... 12
1.5 Accountability and stewardship ........................................ 14
1.5.1 Stewardship ............................................................ 14
1.5.2 Accountability .......................................................... 14
1.6 External audit ................................................................ 15
1.6.1 The purpose of external audit..................................... 15
1.6.2 True and fair - practical interpretation ......................... 16
1.7 Audit of financial statements – roles and responsibilities ...... 17
1.7.1 Audit of financial statements- roles and responsibilities .. 17
1.7.2 The auditor’s role and responsibilities .......................... 21
1.7.3 Auditor independence ............................................... 22
1.8 Audit of financial statements – the professional standards
framework ................................................................... 23
1.8.1 International Standards on Auditing (ISAs) .................. 23
1.8.2 International Standards of Supreme Audit Institutions
(ISSAI) ................................................................... 24
1.9 Audit of financial statements – the legal framework ............ 25
3
Audit and assurance
4
1: Audit frameworks
The syllabus
Syllabus aim
Identify and explain the scope, regulatory and ethical environment
within which audits are performed.
Explain the risk assessment and planning procedures required by
relevant auditing standards.
5
Audit and assurance
1 Introduction to Workbook 1
1.1 Audit Frameworks
The need for confidence underpins the process by which audit and
assurance activities have been standardised and professionalised
over time, resulting in the current legal and regulatory frameworks
that are considered in this workbook and throughout this module.
Audit and
assurance
engagements
AUDIT
FRAMEWORKS ISSAIs
6
1: Audit frameworks
7
Audit and assurance
8
1: Audit frameworks
Business outcomes.
or
9
Audit and assurance
Key definition
Audit:
Audit is the systematic process of obtaining, and then objectively
evaluating, the accounts or financial records of an organisation.
The external auditor is a professionally qualified person working
outside the organisation in question, who is commissioned to
perform an audit in accordance with the specific laws and rules that
are in force in a particular place at a particular time.
Why is audit needed?
Audit is needed because there are stakeholders who need to know
that an organisation’s accounts are accurate, but who cannot
possibly develop the insights required to provide that knowledge
themselves.
In the commercial sector, for example, shareholders want to know
that the financial statements provided to them by management are
reliable. Such knowledge is fundamental to the trust that underpins
capital markets and long term investment.
In public sector bodies – for example, government departments and
educational establishments – slightly different considerations apply.
Funding generally comes from taxation rather than private capital,
so it is the general public rather than the shareholder that needs to
know the funding is being accounted for properly.
However, the external auditor plays a fundamentally similar role,
providing an independent professional opinion on the accuracy of the
financial statements.
10
1: Audit frameworks
Key definition
Internal audit:
Internal audit is ‘an independent, objective assurance and consulting
activity designed to add value and improve an organisation’s
operations. It helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control and governance
processes’.1
We can see from this definition that internal audit is provided as a
service to the entity itself rather than to external stakeholders. The
purpose of internal audit is to make a contribution to the improved
management of an organisation. When discussing the role of internal
audit and internal auditors, The Chartered Institute of Internal
Auditors make the following comments:
‘Performed by professionals with an in-depth understanding of the
business culture, systems, and processes, the internal audit activity
provides assurance that internal controls in place are adequate to
mitigate the risks, governance processes are effective and efficient,
and organizational goals and objectives are met.
Evaluating emerging technologies. Analysing opportunities.
Examining global issues. Assessing risks, controls, ethics, quality,
economy, and efficiency. Assuring that controls in place are
adequate to mitigate the risks. Communicating information and
opinions with clarity and accuracy. Such diversity gives internal
auditors a broad perspective on the organization. And that, in turn,
makes internal auditors a valuable resource to executive
management and boards of directors in accomplishing overall goals
and objectives, as well as in strengthening internal controls and
organizational governance’.2
Internal audit will be considered in detail in Workbook 7. For now it
is sufficient for you to be aware of what is meant by internal audit.
1
Public Sector Internal Audit Standards (2013)
11
Audit and assurance
Key definition
Reasonable assurance:
‘Audits of financial statements conducted in accordance with the
ISSAIs are reasonable assurance engagements. Reasonable
assurance is high, but not absolute, given the inherent limitations of
an audit, the result of which is that most of the audit evidence
obtained by the auditor will be persuasive rather than conclusive.’
The key points to note here are that reasonable assurance:
12
1: Audit frameworks
Key definition
Limited assurance:
Limited assurance is a lower (but still meaningful) level of assurance
that the risk of material misstatement has been reduced to an
acceptable level, enabling a conclusion to be expressed negatively.
A negative opinion is where the auditors state that they have seen
nothing to indicate that something is not the case.
For example, the auditors might conclude that they have seen
nothing to suggest that financial statements are not materially
misstated. This conclusion might be worded: ‘In the course of
examining client X’s financial statements, nothing has come to my
attention indicating that they contain material misstatement.’
Auditors will be engaged in either a reasonable assurance
engagement or a limited assurance engagement. The level of
assurance required will depend on such factors as the level of
assurance sought by the users and/or responsible party (which
would depend on the nature of the aspect being audited) and any
legal requirements that might exist. The type of assurance
engagement will determine the quantity and quality of evidence
sought and the type of the audit opinion given.
Limited assurance engagements are not covered at present by the
ISSAIs on financial audit.
13
Audit and assurance
1.5.1 Stewardship
One of the key functions of an entity’s financial statements is to
provide information to users about the management’s stewardship
of that entity and its resources. This means, essentially, the way
that management has run the entity and deployed its resources in
the past (e.g. the transactions entered into, the decisions taken, and
the policies adopted), and how they are planning to do so in the
future.
Stewardship is inherently linked to agency theory. That is, the fact
that management of the entity is acting on behalf of, or as agents
for, its owners. In the case of a public service organisation the
owners are principally taxpayers, on whose behalf management runs
that organisation.
Owners need to oversee management behaviour, to ensure that:
1.5.2 Accountability
Related to the idea of stewardship is the notion that management
are accountable to the owners for the performance of the entity
they control. This important term has a number of meanings. In a
literal sense, it means that management have to provide an account
of, or disclose, their activities to the owners, in the form of financial
statements. It also means that they are responsible for the entity
insofar as they manage it, and that they are held accountable for
successes and failures.
14
1: Audit frameworks
Key definition
Audit of financial statements:
‘The purpose of an audit of financial statements is to enhance the
degree of confidence of intended users in the financial statements.
This is achieved through the expression of an opinion by the auditor
as to whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting
framework, or – in the case of financial statements prepared in
accordance with a fair presentation financial reporting framework –
whether the financial statements are presented fairly, in all material
respects, or give a true and fair view, in accordance with that
framework. Laws or regulations binding public-sector audit
organisations may prescribe other wordings for this opinion. An audit
conducted in accordance with standards based on the INTOSAI
Fundamental Principles of Financial Auditing and relevant ethical
requirements will enable the auditor to express such an opinion’.2
External auditors are normally either:
2
ISSAI 200.16
15
Audit and assurance
16
1: Audit frameworks
Company management
The external auditor
The company shareholders
Requirement
If you are working on your own, pick one or more of the above and
complete the fields on the following pages. If you are working in a
group, work on one and compare your answers. Don’t worry if you
find this difficult – you can return again to this exercise after you
have studied the rest of this workbook and Workbook 2.
17
Audit and assurance
Relationships
Who do you answer to? Who is relying on you? Who do you rely on?
Are there any conflicts in these relationships?
Risks
What can go wrong? What are the safeguards in place to protect
against these?
18
1: Audit frameworks
Relationships
Who do you answer to? Who is relying on you? Who do you rely on?
Are there any conflicts in these relationships?
Risks
What can go wrong? What are the safeguards in place to protect
against these?
19
Audit and assurance
Relationships
Who do you answer to? Who is relying on you? Who do you rely on?
Are there any conflicts in these relationships?
Risks
What can go wrong? What are the safeguards in place to protect
against these?
20
1: Audit frameworks
Key definition
Audit of financial statements:
‘The purpose of an audit [of financial statements] is to enhance the
degree of confidence of intended users in the financial statements.
This is achieved by the expression of an opinion by the auditor on
whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting
framework. In the case of most general purpose frameworks, that
opinion is on whether the financial statements are presented fairly,
in all material respects, or give a true and fair view in accordance
with the framework’.3
ISSAI are auditing standards issued by the International
Organization of Supreme Audit Institutions (INTOSAI). We shall
return to consider both in detail later in this workbook.
Key to this definition is that the core function of the auditor is to give
an opinion on the financial statements, based on an examination of
those statements and the evidence available to support them. This is
quite a narrow and precise remit and this can lead to what is often
referred to as an ‘expectation gap’ between public expectations of
auditors and their actual roles and responsibilities. For example, for
reasons we will explore later, auditors are not expected to:
3
ISSAI 1200.3
4
ISSAI 1200.4
5
Ibid.
21
Audit and assurance
Key definition
Governance:
Those charged with governance are ‘the person(s) or organization(s)
(for example, a corporate trustee) with responsibility for overseeing
the strategic direction of the entity and obligations related to the
accountability of the entity’.6
Management:
Management are ‘the person(s) with executive responsibility for the
conduct of the entity’s operations’.7
Governance is thus concerned with oversight, whereas management
is concerned with ‘day-to-day’ executive responsibilities, including
the preparation of financial statements. Both have a role to play in
preparing the accounts but the key point here is that it is the
responsibility of the audited organisation itself to prepare accurate
financial statements and not the auditor.
6
ISSAI 1003
7
Ibid.
8
ISSAI 1200.14
22
1: Audit frameworks
23
Audit and assurance
The full verbatim text of the related ISA, issued by the IAASB;
9
ISSAI 1000.14
24
1: Audit frameworks
http://www.intosai.org/issai-executive-
summaries/4-auditing-guidelines/general-
auditing-guidelines.html 1.9 Audit of financial
statements – the legal framework
25
Audit and assurance
26
1: Audit frameworks
27
Audit and assurance
10
ISSAI 100.20
28
1: Audit frameworks
29
Audit and assurance
11
ISSAI 100.36
12
ISSAI 100.37
13
ISSAI 100.38
14
ISSAI 100.39
15
ISSAI 100.40
16
ISSAI 100.41
30
1: Audit frameworks
Documentation
Auditors should prepare audit documentation that is sufficiently
detailed to provide a clear understanding of the work performed,
evidence obtained and conclusions reached.17
Communication
Auditors should establish effective communication throughout the
audit process.18
Auditors should ensure that the terms of the audit have been
clearly established.
17
ISSAI 100.42
18
ISSAI 100.43
19
ISSAI 100.44-48
20
ISSAI 100.49 & 50
21
ISSAI 100.51
31
Audit and assurance
32
1: Audit frameworks
1.11.3 GUIDs
Documents which are categorised at GUIDs represent
INTOSAI guidance that supports the standards (ISSAIs) by
translating them into more specific, detailed and operational
guidelines. GUIDs are in the nature of non-mandatory
guidance for an SAI that help the auditor gain a better
understanding of how to apply the elements and principles of
the standards (ISSAIs) during an audit.
Within the IFPP, the GUIDs are divided into various
categories; SAI organisational guidance, supplementary
financial audit guidance, supplementary performance audit
guidance, supplementary compliance audit guidance, subject
matter specific guidance, and other guidance.
1.11.4 CMPs
Competency Pronouncements (COMPs) set out the
competencies and professional skills, knowledge, ethics,
values and attitudes required by the public sector auditor to
undertake audits in line with the ISSAIs. COMPs are further
distinguished between COMP standards and principles, and
GUIDS.
You can follow the development of the IFPP at
http://www.issai.org/en_us/site-issai/issai_ifpp/
33
Audit and assurance
22
ISSAI 1200.17
34
1: Audit frameworks
1.13.1 Introduction
The arrangements for audit in the public sector are often more
complex than those for the private sector.
This section will briefly compare company and public audit models
and considering some of the wider roles that auditors play in the
public services.
35
Audit and assurance
36
1: Audit frameworks
37
Audit and assurance
Summary
38
1: Audit frameworks
23
ISSAI 200.16
39
Audit and assurance
40
1: Audit frameworks
Quiz questions
41
Audit and assurance
42
1: Audit frameworks
Quiz answers
1. D
2. D
3. C
4. B
5. A
43
Audit and assurance
77 Mansell Street
London E1 8AN
+ 44 (0)20 75435600
Email: studentsupport@cipfa.org
Website: www.cipfa.org
44