CERTIFICATE LEVEL

Subject Fundamentals of Ethics, Corporate Governance & Business Law (BA4)

Boopathy Kahathuduwa
Lecturer Attorney At Law, CIMA Exams Complete, BBA (International Business) UOC

Module Tute 12 - Controls 3 – Part 2

Code BA4/BK/18
 CARRYING OUT AN EXTERNAL AUDIT

PLANNING
ELEMENTS

PRELIMINARY PLANNING
ENGAGEMENT ACTIVITIES

COMPLIANCE DEVELOPING
TERMS OF
WITH ETHICAL AUDIT
ENGAGEMENT
REQUIREMENTS STRATEGY

DEVELOPING
AUDIT PLAN

Planning ensures that the risk of performing a poor quality audit (and ultimately giving an inappropriate
audit opinion) is reduced to an acceptable level.

The planning process

Planning consists of a number of elements. They can be summarised as:

• Preliminary engagement activities:

- evaluating compliance with ethical requirements

- establishing the terms of the engagement.

• Planning activities:

- developing the audit strategy

- developing an audit plan.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 1

 1. Audit Strategy and Audit Plan

The audit strategy

The audit strategy sets the scope, timing and direction of the audit. It allows the auditor to
determine the following:

• the resources to deploy for specific audit areas {e.g. experience level, external experts)

• the amount of resources to allocate (i.e. number of team members)

• when the resources are to be deployed

How the resources are managed, directed and supervised, including the timings of meetings,
debriefs and reviews.

The audit plan

Once the audit strategy has been established, the next stage is to dev specific, detailed plan to
address how the various matters identified in overall strategy will be applied.

The strategy sets the overall approach to the audit, the plan fills in the operational details of how
the strategy is to be achieved.

2. The Engagement Letter

The engagement letter specifies the nature of the contract between the audit firm.

Its purpose is to

• minimise the risk of any misunderstanding between the auditor and client
• confirm acceptance of the engagement
• set out the terms and conditions of the engagement.

The letter will be sent before the audit commences.

It should be reviewed every year to ensure that it is up to date but does need to be reissued every
year unless there are changes to the terms of' engagement. The auditor must issue a new
engagement letter if the scope or context of the assignment changes after initial appointment.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 2

 The contents of the engagement letter

The main contents should include:

• the objective and scope of the audit.

• the responsibilities of the auditor.

• the responsibilities of management.

• the identification of an applicable financial reporting framework.

• reference to the expected form and content of any reports to be issued.

In addition the following items will be included:

• Reference to professional standards, regulations and legislation applicable to the audit.

• Limitations of an audit.
• Expectation that management will provide written representations.
• Basis on which the fees are calculated.
• Agreement of management to notify the auditor of subsequent events after the audit report is
signed.
• Agreement of management to provide draft financial statements in time to allow the audit to be
completed by the deadline.
• Form {and timing) of any other communication during the audit.

Other matters that the engagement letter may cover include:

• Arrangements concerning the involvement of internal auditors and other staff of the entity.
• Limitations to the auditor's liability.

3. Communication with BOD / Audit Committee.

Reporting to those charged with governance

Those charged with governance' includes the directors of a company the members of its Audit
Committee where one exists.

Matters to be communicated to those charged with governance include

• The responsibilities of the auditor in relation to the financial statements audit

• An overview of the planned scope and timing of the audit
• Significant findings of the audit
• For listed clients, matters that have a bearing on auditor independence and the safeguards that
have been put in place to eliminate them

Communication shall be in any appropriate form, although the matters that must be communicated
with regards to independence for listed clients must be communicated in writing.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 3

 4. Letter of Representation (Written representation letter)

A written representation is: a written statement by management pro to the auditor to confirm certain
matters or to support other audit evidence.

The purpose of obtaining this form of evidence is:

• to obtain evidence that management, and those charged with governance, have fulfilled
their responsibility (as agreed and acknowledged in the terms of the audit engagement) for
the preparation of the financial statements, including:
- preparing the financial statements in accordance with an applicable financial reporting
framework;
- providing the auditor with all relevant information and access records
- recording all transactions and reflecting them in the financial statements.

• to support other audit evidence relevant to the financial statements determined necessary
by the auditor.

A representation to support other audit evidence may be appropriate more reliable forms of evidence
are not available, particularly in relation to matters requiring management judgement or knowledge
restricted to management. Examples include:

• plans or intentions that may affect the carrying value of assets ex liabilities

• confirmation of values where there is a significant degree of estimation or judgement

involved, e.g. provisions and contingent liabilities

• formal confirmation of the directors' judgement on contentious e.g. the value of assets
where there is a risk of impairment

• aspects of laws and regulations that may affect the financial statements, including
compliance.

A written representation should be in the form of a representation addressed to the auditor.

Note that written representations cannot substitute for more reliable evidence that should be available
and do not constitute sufficient appropriate evidence on their own, about any of the matters with which
they deal.

Written representations should only be sought to support other audit evidence.

In practice, the auditor will often draft the written representations letter but it must be printed on client
headed paper and signed by the client.

The letter must be signed by an appropriate senior member of client management, with appropriate
responsibilities for the financial statements and knowledge of the matters concerned. This would
normally be the chief executive and chief financial officer.

The date of the written representation letter should be the same as the date the financial statements
are authorised. It must be obtained (and signed) before the audit report is finalised.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 4

 5. Audit Report

As discussed above one of the objectives of an auditor is to express an opinion which is executed
through a written report.

When the auditor concludes that the financial statements are prepared, in all material respects, in
accordance with the applicable financial reporting framework they issue an unmodified opinion in the
audit report.

If there are no other matters which the auditor wishes to draw to the attention of the users, they will
issue an unmodified report.

Contents of an unmodified audit report

1 Title and Addressee
2 Introductory Paragraph
3 Management's Responsibilities
4 Auditor’s Responsibilities
5 Opinion
6 Other Reporting Responsibilities
7 Signature, Date and Address

The other types of audit report are:

• Modified without modifying the opinion – the financial statements show a true and fair view but there
is something that needs to be brought to the attention of the user by way of an additional paragraph.
• Modified with a modified opinion – the financial statements don’t fully show a true and fair view or
the auditor has not obtained sufficient appropriate evidence to make that conclusion.

6. The Management Letter

This covers reporting deficiencies in internal control that have been identified during the course of the
audit. It is a by-product of the audit and may not be a comprehensive list of deficiencies.

This report, traditionally known as a management letter, is usually sent at the end of the audit process.

The report would generally include

• A covering letter.
• Appendices showing, typically in tabular format, the control deficiencies, implications and
recommendations for improvement.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 5

The table in the appendix would normally have 3 sections:

• Deficiency
• Consequences
• Recommendations

When the auditor reports deficiencies, it should be made clear that:

• The report is not a comprehensive list of deficiencies, but only those that have come to light
during normal audit procedures.
• The report is for the sole use of the company.
• No disclosure should be made to a third party without the written agreement of the auditor.
• No responsibility is assumed to any other parties.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 6

Distinction between external and internal audit
External audit
Objective Express an opinion on the
truth and fairness of the
financial statements in a
written report.
Reporting Reports to shareholders
Availability of report Publicly available
Scope of work Verifying the truth and
fairness of the financial
statements.
Appointment and By the shareholders of the
removal company.
Relationship with Must be independent of
company the company
BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa
Internal audit
Improve the company's operations by
reviewing the efficiency and
effectiveness of internal controls.
Reports to management or those
charged with governance
Not publicly available. Usually only seen
by management or those charged with
governance
Wide in scope and dependent on
management's requirements
By the audit committee or board of
directors
May be employees (which limits
independence) or s' outsourced
function (which enhances
independences)
7
 Audit Firm Governance Code.
In January 2010 the FRC and Institute of Chartered Accountants in England and Wales (ICAEW)
published the Audit Firm Governance Code.
The Code is the result of a recommendation in the October 2007 report of the FRC's Market Participants
Group that "every firm that audits public interest entities should comply with the provisions of a
Combined Code-style best practice corporate governance guide or give a considered explanation".
It was recommended that the code should be applicable to those firms that audit more than 20 listed
companies and that it should apply to financial years beginning on or after 1 June 2010.
The Code applies to seven audit firms that together audit about 95% of the companies listed on the
Main Market of the London Stock Exchange.
The purpose of the Code is to provide a formal benchmark of good governance practice against which
firms which audit listed companies can report for the benefit of the shareholders in such companies.
Contents
The Code is split into five sections. It comprises twenty principles which are supported by thirty-one
provisions.
The main principles of each section are outlined below (reference to 'a firm' means 'a firm that audits
listed companies'):

Leadership
1. The management of a firm should be accountable to the firm's owners and no individual
should have unfettered powers of decision.
2. A firm should have effective management which has responsibility and clear authority for
running the firm.

Values
1. A firm should perform quality work by exercising judgement and upholding values of integrity,
objectivity, professional competence and due care, confidentiality and professional behaviour
in a way that properly takes the public interest into consideration.
2. A firm should publicly commit itself to this Audit Firm Governance Code.
3. A firm should maintain a culture of openness which encourages people to consult and share
problems, knowledge and experience in order to achieve quality work in a way that properly
takes the public interest into consideration.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 8

Independent Non-Executives
1. A firm should appoint independent non-executives who through their involvement
collectively enhance shareholder confidence in the public interest aspects of the firm's
decision making, stakeholder dialogue and management of reputational risks including
those in the firm's businesses that are not otherwise effectively addressed by regulation
2. The independent non-executives' duty of care is to the firm. They should command the
respect of the firm's owners and collectively enhance shareholder confidence by virtue of
their independence, number, stature, experience and expertise.
3. Independent non-executives of a firm should have rights consistent with their role including
a right of access to relevant information and people to the extent permitted by law or
regulation, and a right to report a fundamental disagreement regarding the firm to its
owners and, ultimately this cannot be resolved and the independent non-executive resigns,
to report this resignation publicly.

Operations

1. A firm should comply with professional standards and applicable legal and regulatory
requirements.

2. A firm should maintain a sound system of internal control and risk management over the
operations of the firm as a whole to safeguard the owners' investment and the firm's
assets.

3. A firm should apply policies and procedures for managing people across the whole firm that
support its commitment to the professionalism, openness and risk management principles
of this Audit Firm Governance Code.

4. A firm should establish and apply confidential whistleblowing policies and procedures across
the firm which enable people to report, without fear, concerns about the firm's commitment
to quality work and professional judgement and values in a way that properly takes the public
interest into consideration.

Reporting
1. The management team of a firm should ensure that members of its governance structures,
including owners and independent non-executives, are supplied with information in a timely
manner and in a form and of a quality appropriate to enable them to discharge their duties.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 9

 2. A firm should publish audited financial statements prepared in accordance with a recognised
financial reporting framework such as International Financial Reporting Standards or UK
GAAP.

3. The management of a firm should publish on an annual basis a balanced and understandable
commentary on the firm's financial performance, position and prospects.

4. A firm should publicly report how it has applied in practice each of the principles of the Audit
Firm Governance Code and make a statement on its compliance with the Code's provisions or
give a considered explanation for any non-compliance.

5. A firm should establish formal and transparent arrangements for monitoring the quality of external
reporting and for maintaining an appropriate relationship with the firm's auditors.

Dialogue
1. A firm should have dialogue with listed company shareholders, aswell as listed companies and
their audit committees, about matters covered by this Audit Firm Governance Code to enhance
mutual communication and understanding and ensure that it keeps in touch with shareholder
opinion, issues and concerns.
2. Shareholders should have dialogue with audit firms to enhance mutual communication and
understanding.

3. Shareholders should have dialogue with listed companies on the process of recommending
the appointment and re-appointment of auditors and should make considered use of votes in
relation to such recommendations.

BA4 Nov. 2020 – Tute 12 - Controls 3 Part 2 – Boopathy Kahathuduwa 10