Fundamentals of Auditing

Fundamentals
of
Auditing
Fifth Edition
******ebook converter DEMO Watermarks*******

Fundamentals
of
Auditing
Fifth Edition
B Marx
B Compt (Cum Laude) B Compt (Hons) M Compt (Cum Laude) D Com CA(SA)
RAA ACCA (UK) FCIS
Professor: Department of Accountancy, University of Johannesburg
N Schönfeldt
B Com (Acc) B Com (Acc) Hons M Com CA(SA)
Editor
A van der Watt

Associate Professor: Department of Accountancy, University of Johannesburg
V van Dyk
Senior lecturer in Auditing: Department of Accountancy,
University of Johannesburg
D Maré
B Com (Acc) B Com (Acc) Hons CA(SA) CIMA (passed finalist)
T Ramuedzisi
B.Bus.Sc (Finance Hons) H.Dip.Acc CA(SA)

Members of the LexisNexis Group worldwide
South Africa LexisNexis
DURBAN 215 North Ridge Road, Morningside, 4001
J OHANNES BURG First Floor, 25 Fredman Drive, Sandton, 2196
CAPE TOWN Ground Floor, Waterford House, 2 Ring Road, Century City, 7441
www.lexisnexis.co.za
Australia LexisNexis, CHATSWOOD, New South Wales
Austria LexisNexis Verlag ARD Orac GmbH & Co KG, VIENNA
Benelux LexisNexis Benelux, AM STERDAM
Canada LexisNexis Butterworths, MARKHAM , Ontario
China LexisNexis, BEIJING
France LexisNexis SA, P ARIS
Germany LexisNexis Germany, MÜNSTER
Hong Kong LexisNexis, HONG KONG
Hungary HVG-Orac, BUDAPEST
India LexisNexis Butterworths Wadhwa Nagpur, NEW DELHI
Ireland Butterworths (Ireland) Ltd, DUBLIN
Italy Giuffrè Editore, MILAN
Japan LexisNexis, TOKYO
Korea LexisNexis, SEOUL
Malaysia LexisNexis, KUALA LUM PUR
New Zealand LexisNexis, WELLINGTON
Poland LexisNexis Poland, WARSAW
Singapore LexisNexis, SINGAPORE
United Kingdom LexisNexis Butterworths, LONDON
USA LexisNexis, DAYTON, Ohio
© 2011
ISBN 978 0 409 10703 6
Copyright subsists in this work. No part of this work may be reproduced in any form or by any means without the
publisher’s written permission. Any unauthorised reproduction of this work will constitute a copyright infringement and
render the doer liable under both civil and criminal law.
Whilst every effort has been made to ensure that the information published in this work is accurate, the editors,
publishers and printers take no responsibility for any loss or damage suffered by any person as a result of the reliance
upon the information contained therein.
Editor: Mandy Jonck

Typesetter: Liz Bisschoff

Printed and bound by Interpak Books Pietermaritzburg

Preface
Auditing is a discipline with embedded principles required for all professional

accounting individuals, whether in commerce and industry, or in public practice of
auditing. It entails much more than pure verification of transactions and balances.
Auditing deals with a philosophy of ethical behaviour, professionalism, and
fundamental business principles.
This textbook is written with students in mind whom, for the first time in their studies,
encounter auditing and corporate governance principles, and establishes the basic
principles and fundamental concepts of auditing, governance and accountability. The
authors hope, trust and believe that the textbook will cover these principles and
concepts in such a way that it will form the cornerstone of further auditing studies which
will result in highly competent and professional accountants and auditors.
Where masculine pronouns are used in the general sense, please note that the feminine
is also intended.
The textbook contains all relevant changes in legislation, regulations and standards up
to May 2011.
B Marx
N Schönfeldt
A van der Watt
V van Dyk
D Maré
T Ramuedzisi
September 2011
Johannesburg

Contents
Chapter 1 An introduction to auditing

1 Introduction
2 Definition of auditing
3 Development of auditing
3.1 Internationally
3.2 In South Africa
4 Benefits of an audit
5 Types of auditor
6 Independent Regulatory Board for Auditors
7 Professional bodies governing the accountancy profession
7.1 IFAC
7.2 SAICA
7.3 ACCA
7.4 CIMA
7.5 SAIPA
7.6 IIA
7.7 CFA
7.8 SAIT
8 Auditing pronouncements
8.1 Committee for Auditing Standards (CFAS)
8.2 Practice statements
9 Fundamental principles of the theory of auditing
10 The career path of a prospective auditor
11 References
12 Questions
Chapter 2 The auditor’s regulatory environment

1 Introduction
2 Corporate governance
3 Auditing Profession Act
3.1 Introduction
3.2 Definitions (s 1)
3.3 Registration of individual auditors and firms (ss 37–39)
3.3.1 Registration of individuals as registered auditors
3.3.2 Registration of firms as registered auditors
3.3.3 Termination of registration
3.4 Prohibition against practising in public practice by unregistered persons
(s 41)
3.5 Information to be furnished by registered auditors (s 43)
3.6 Duties in relation to audit (s 44)
3.7 Duty to report on irregularities (s 45)
3.8 Liability incurred by auditor (s 46)
3.9 Practice reviews (s 47)
3.10 Investigation into improper conduct by registered auditors (s 48)
3.11 Offences and penalties (s 41)
3.11.1 Suspended persons in service
3.11.2 Letterheads
3.11.3 Signing of reports
3.11.4 Risk management practices and procedures
3.11.5 Professional fees
4 Companies Act
4.1 Introduction
4.2 Important concepts (ss 1, 2, 3, 4)
4.2.1 Definitions (s 1)
4.2.2 Related and inter-related persons and control (s 2)
4.2.3 Subsidiary relationship (s 3)
4.2.4 Solvency and liquidity test (s 4)
4.2.5 General interpretation and other administrative issues (s 6)
4.3 Incorporation of companies (ss 8, 13–19)
4.3.1 Types of companies
4.3.2 Incorporation of companies (ss 13, 14)
4.3.3 Memorandum of incorporation (MOI) (ss 15, 16)
4.3.4 Legal status of companies (s 19)
4.4 Shareholder and director governance
4.4.1 Shareholders’ governance (ss 57–65)

4.4.2 Directors’ governance (ss 66–69)
4.5 Accountability and transparency
4.5.1 General requirements (ss 84–85)
4.5.2 Company secretary (ss 86–89)
4.5.3 Auditors (ss 90–93)
4.5.4 Audit committees (s 94)
4.6 Accounting, auditing and review requirements
4.6.1 Accounting and reporting (ss 27–30)
4.6.2 Auditing and review requirements (regulations 26–30)
4.6.3 Calculation of public interest score (PIS)
4.6.4 Accounting standards to be applied by entities
4.6.5 Categories of entities required to be audited
4.6.6 Exemptions from audit of review (s 30(2A))
4.6.7 Independent review of annual financial statements
5 Close Corporations Act
5.1 Introduction
5.2 Appointment of accounting officers (s 59)
5.3 Qualifications of accounting officers (s 60)
5.4 Duties of accounting officers (s 62)
6 Public Finance Management Act
6.1 Introduction (ss 1–2)
6.2 Audit requirements for affected institutions
6.2.1 National Treasury and Provincial Treasuries (ss 8, 19)
6.2.2 National and Provincial Departments and Constitutional
Institutions (s 40)
6.2.3 Public entities (ss 55, 58, 62)
7 Other statutes and bills that impose audit and/or reporting responsibilities on a
professional accountant and auditor
8 Questions
Chapter 3 The ethical environment

1 The relationship between business ethics and professional ethics
2 The auditing profession
2.1 The need for auditors
2.2 The auditing profession in South Africa
3 Code of Professional Conduct for Chartered Accountants (SAICA)
3.1 Professional attitudes and behaviour
3.1.1 Introduction
3.1.2 Definitions
3.1.3 The public interest
3.2 Part A – General application of the Code
3.2.1 Fundamental principles
3.2.2 Threats and safeguards
3.2.3 Ethical conflict resolution
3.2.4 Integrity
3.2.5 Objectivity
3.2.6 Professional competence and due care
3.2.7 Confidentiality
3.2.8 Professional behaviour
3.3 Part B – Professional accountants in public practice
3.3.1 Independence
3.3.2 Professional appointment
3.3.3 Conflicts of interest
3.3.4 Second opinions
3.3.5 Fees and other types of remuneration
3.3.6 Marketing professional services
3.3.7 Gifts and hospitality
3.3.8 Custody of client assets
3.3.9 Objectivity – All services
3.3.10 Independence – Assurance engagements
3.4 Part C – Chartered accountants in business
3.4.2 Potential conflicts
3.4.3 Preparation and reporting of information
3.4.4 Acting with sufficient expertise
3.4.5 Financial interests
3.4.6 Inducements
4 Code of Professional Conduct for Registered Auditors (IRBA)
5 Questions
Chapter 4 Corporate governance
1 The definition of and background to corporate governance
2 The development of codes of corporate governance
3 The characteristics of good corporate governance
4 The different models of corporate governance
5 The King Code of Governance for South Africa 2009
6 The future of corporate governance
7 Questions
Chapter 5 The audit process

1 Introduction
2 Framework of audit and related services
3 Importance of the audit process and complying with the ISAs
3.1 Complying with the ISAs and other professional pronouncements
3.2 Adding value
4 Steps in the audit process
4.1 Engagement activities
4.2 Planning activities
4.2.1 Obtaining an understanding of the entity and its environment
(knowledge of the business)
4.2.2 Obtaining an understanding of the accounting information system
and internal controls
4.2.3 Assessing the risk of material misstatements
4.2.4 Setting materiality
4.2.5 Formulating an audit approach
4.2.6 Organising and managing the audit (co-ordination and control)
4.3 Obtaining of audit evidence
4.4 Evaluating, concluding, reporting
4.5 Summary of the audit process
5 Assurance engagements
5.1 Framework for assurance engagements (assurance framework)
5.1.1 Definition
5.1.2 Ethical principles
5.1.3 Framework
5.1.4 Engagement acceptance
5.1.5 Elements of an assurance engagement
5.2 Assurance engagements other than audits or reviews of historical
information (ISAE 3000)
5.2.1 Quality control
5.2.2 Engagement acceptance and continuance
5.2.3 Agreeing on the terms of the agreement
5.2.4 Planning the engagement
5.2.5 Obtaining evidence
5.2.6 Evaluating, concluding and reporting
6 Quality control (ISA 220/ISQC 1/SAAPS 1)
6.1 Explanation of quality control
6.2 Quality control at firm level (ISQC 1)
6.2.1 Leadership responsibilities for quality control within the firm
6.2.2 Relevant ethical requirements
6.2.3 Acceptance and continuance of client relationships and specific
engagements
6.2.4 Human resources
6.2.5 Engagement performance
6.2.6 Monitoring
6.2.7 Documentation of the system of quality control
6.3 Quality control at audit level (ISA 220)
6.3.1 Leadership responsibilities for quality on audits
6.3.2 Ethical requirements
6.3.3 Acceptance and continuance of audit engagements
6.3.4 Assignment of the engagement team
6.3.6 Monitoring
7 Questions
Chapter 6 Computers in the audit environment

1 Introduction
2 Types of computer system
2.1 On-line computer systems
2.1.1 Definition
2.1.2 Characteristics of on-line systems
2.1.3 Advantages
2.1.4 Disadvantages
2.2 Batch processing systems
2.2.1 Definition and characteristics
2.2.2 Advantages
2.2.3 Disadvantages
2.3 Microcomputer systems
2.3.1 Microcomputer
2.4 Database systems
2.4.1 Characteristics of a database
2.5 Networks
3 Characteristics and risk considerations of a general computer environment
3.1 Organisational structure
3.2 Nature of processing
3.3 System design and processing aspects
4 Risks specific to an on-line environment
4.1 Phishing
4.2 Pharming
4.3 Spyware
4.4 Trojan horses and bots
5 Controls in a computer information system environment
5.1 Introduction
5.2 Framework of CIS controls
5.3 General controls
5.3.1 System development and implementation controls
5.3.2 System maintenance (system change controls)
5.3.3 Organisational and management controls
5.3.4 Access controls to data and programmes
5.3.5 Computer operating controls
5.3.6 System software controls
5.3.7 Business continuity controls
5.4 Application controls
5.4.1 Definitions
5.5 Objective of application controls
6 Computer-assisted audit techniques
6.1 Definition
6.2 Methods of computer-assisted audit techniques
6.2.1 Audit software
6.2.2 Test data
6.2.3 Control and reprocessing
6.2.4 Programme code analysis
6.2.5 Simulation
7 Questions
Chapter 7 Engagement activities

1 Introduction
1.1 Risks to the audit firm of unacceptable clients
1.1.1 Legal liability
1.1.2 Reputational damage
1.2 Regulatory and ethical considerations
1.3 Providing a quality audit
2 Obtaining of engagement acceptance information
2.1 New clients
2.2 Existing clients
3 Engagement activities
3.1 Performing a client investigation/client screening
3.1.1 Considering the independence of the auditor
3.1.2 Considering the integrity of the client
3.1.3 Considering changes in the entity for existing clients
3.1.4 Considering information from communication with the previous
auditor
3.2 Determining the skills and competence requirements for the engagement
3.3 Establishing the terms of the engagement
4 Engagement letters (ISA 210: “Agreeing the terms of audit engagements”)
4.1 Purpose of engagement letters
4.2 The issue of engagement letters
4.3 Contents of engagement letters
5 Questions

Chapter 8 Planning the audit
1 Introduction
1.1 Extent of planning
1.2 Benefits of planning
1.3 Person responsible for planning the audit
1.4 Professional scepticism
1.5 Discussion of the audit plan with the client
2 Steps in the planning process (ISA 300: “Planning an audit of financial
statements”)
2.1 Obtaining an understanding of the entity and its environment (ISA 315:
“Identifying and assessing the risks of material misstatement through
understanding the entity and its environment”)
2.1.1 Objective with obtaining of knowledge on the entity and its
environment
2.1.2 Reason for and value of obtaining an understanding of the entity
and its environment
2.1.3 Procedures to obtain knowledge of the entity and its environment
2.1.4 Aspects about which to obtain an understanding
2.1.5 Identifying and assessing the risk of material misstatement
2.2 Obtaining an understanding of the accounting information and internal
control system (ISA 315)
2.2.1 Definitions
2.2.2 The extent of the internal control system
2.2.3 Value to the auditor of understanding the accounting information
and internal control system
2.2.4 Obtaining an understanding of the accounting information and
internal control system
2.2.5 IT (computer) risks and internal controls
2.3 Identifying and assessing audit risk (ISA 315)
2.3.1 Meaning and components of audit risk
2.3.2 Factors that influence audit risk
2.4 Setting of materiality (ISA 320: “Materiality in planning and performing
an audit”; ISA 330: “The auditor’s response in relation to assessed risks”;
ISA 450: “Evaluation of misstatements identified during the audit”)
2.4.1 Definition of materiality (framework for the preparation and
presentation of financial statements)
2.4.2 Interrelationship between materiality and audit risk
2.4.3 Planning materiality
2.4.4 Performance materiality
2.4.5 Identified misstatements as the audit progresses
2.4.5 Final materiality
2.5 Formulating an audit approach (ISA 330: “The auditor’s responses to
assessed risks”)
2.5.1 Definition of an audit approach
2.5.2 Impact of internal controls on the substantive procedures
2.5.3 Meaning of nature, timing, extent of audit procedures (test of
controls and substantive procedures)
2.6 Organising and managing the audit (co-ordination and control) (ISA 330:
“The auditor’s responses to assessed risks”)
3 Questions
Chapter 9 Obtaining audit evidence

1 Introduction
2 Audit statements
2.1 Audit evidence (ISA 500)
2.1.1 Nature of audit evidence
2.1.2 Procedures for obtaining audit evidence
2.1.3 Sufficiency and appropriateness of audit evidence
2.1.4 Source and nature of audit evidence
2.1.5 Information produced by the entity
2.2 Audit documentation (ISA 230)
2.2.1 Documentation requirement for audit work performed
2.2.2 Contents of working papers
2.2.3 Information ordinarily included in working papers
2.2.4 Types of audit file
2.2.5 Property and confidentiality of working papers
2.2.6 Requirements of working papers
2.3 Sampling (ISA 530)
2.3.1 Definitions
2.3.2 Factors influencing sampling size
2.3.3 Sample selection methods
2.3.4 Steps in the process of sampling applications
2.4 Analytical review (ISA 520)
2.4.1 Nature of analytical procedures
2.4.2 Stages when analytical procedures may be used
2.4.3 Factors that the auditor needs to consider when intending to rely
on analytical procedures as substantive procedures
2.4.4 Factors that may influence the auditor’s evaluation of whether the
expectation is sufficiently precise
2.4.5 Investigation of unusual items and fluctuations
2.5 External confirmations (ISA 505)
2.5.1 Use of external confirmations
2.5.2 Assertions addressed by external confirmations
2.5.3 Risk and external confirmations
2.5.4 Process of the design of the external confirmation request
2.5.5 Management’s refusal for auditor to confirm balances
2.5.6 Steps in the confirmation process
2.6 Enquiries regarding litigation and claims (SAAPS 4)
2.6.1 Objective with enquiries
2.6.2 Procedure for enquiry
2.6.3 Advantage for the auditor
2.7 Opening balances (ISA 510)
2.7.1 Assurance required for opening balances
2.7.2 Factors that may influence the obtaining of audit evidence
regarding opening balances
2.7.3 Audit procedures regarding opening balances
2.8 Reliance on other auditors (ISA 600)
2.8.1 Terminology
2.8.2 Factors to consider in relation to the acceptance or continuance of
the engagement as group engagement partner
2.8.3 Understanding the component auditor
2.8.4 Communicating with the component auditor
2.8.5 Reporting considerations
2.9 Reliance on internal audit (ISA 610)
2.9.1 Definitions and functions
2.9.2 Factors to consider when deciding whether to use the work of the
internal auditors
2.9.3 Effect of internal auditor’s work on the external audit
2.10 Reliance on experts/specialists (ISA 620)
2.10.1 Definitions
2.10.2 Considerations
2.10.3 Appointment of an expert
2.10.4 Factors to consider in determining to what extent reliance can be
placed on the expert’s work
2.10.5 Testing the work of the expert
3 Methods to obtain audit evidence
3.1 Risk assessment procedures
3.2 Tests of control
3.3 Substantive procedures
4 Internal controls and tests of controls
4.1 Definition of an internal control system
4.2 Inherent limitations of the internal control system
4.3 Internal control objectives (also referred to as control objectives)
4.4 Basic control procedures/internal control principles
4.4.1 Management control
4.4.2 Supervision
4.4.3 Segregation of duties
4.4.4 Physical safeguarding
4.4.5 Personnel
4.4.6 Description of duties
4.4.7 Document design
4.4.8 Stationery control
4.4.9 Comparisons, reconciliations and control accounts
4.4.10 Insurance
5 Substantive/verification procedures
5.1 Assertions of the financial statements
5.2 Direction of testing
6 Examples of substantive procedures
7 Questions
Chapter 10 Final considerations, concluding and reporting

1 Introduction
2 Subsequent events (ISA 560)
2.1 Events after the end of the financial period but before the date of the
auditor’s report
2.2 Events after the date of the auditor’s report but before the financial
statements are issued to users
2.3 Events after the financial statements have been issued to users
2.4 Effect on the auditor’s report
3 Going concern (ISA 570)
3.1 Definition
3.2 The auditor’s responsibility
4 Written representations (ISA 580)
4.1 Management’s responsibilities
4.2 Material matters
4.3 Basic elements of a management representation letter
5 The auditor’s report on financial statements (ISA 700, SAAPS 3)
5.1 Basic elements of the auditor’s report
5.1.1 Title
5.1.2 Addressee
5.1.3 Introductory paragraph
5.1.4 Management’s responsibility for the financial statements
5.1.5 Auditor’s responsibility
5.1.6 Auditor’s opinion
5.1.7 Auditor’s signature
5.1.8 Date of the report
5.1.9 Auditor’s address
5.2 The auditor’s opinion (ISA 700, ISA 705, ISA 706)
5.2.1 Unqualified opinion
5.2.2 Modified reports
5.3 Example of an unqualified audit report
5.3.1 Unqualified report
5.3.2 Emphasis of matter
5.3.3 Qualified report

5.3.4 Adverse report
5.3.5 Disclaimer report
6 Comparatives (ISA 710)
6.1 Comparative financial statements
6.2 Comparative information
6.3 Corresponding figures
7 Other information in documents containing audited financial statements (ISA 720)
8 Communications of audit matters with those charged with governance (ISA 260)
9 Other types of reports
10 Questions
Chapter 11 Responsibilities of an auditor

1 Introduction
2 Fraud and error (ISA 240)
2.1 Introduction
2.2 Characteristics of fraud
2.3 Responsibilities of those charged with governance and of management
(ISA 260)
2.4 Inherent limitations of an audit in the context of fraud
2.5 Responsibilities of the auditor in detecting material misstatement due to
fraud and in maintaining an attitude of professional scepticism
2.6 Discussion among the engagement team
2.7.1 Inquiries and obtaining an understanding of oversight exercised by
the directors
2.7.2 Consideration of fraud risk factors
2.7.3 Consideration of unusual or unexpected relationships
2.7.4 Consideration of other information
2.8 Identification and assessment of the risks of material misstatement due to
fraud
2.9 Responses to the risks of material misstatement due to fraud
2.9.1 Overall responses to address the risk of material misstatement due
to fraud at financial statement level
2.9.2 Audit procedures addressing risks of material misstatement due to
fraud at assertion level

2.9.3 Audit procedures responsive to management override of controls
2.10 Evaluation of audit evidence
2.11 Management representations
2.12 Communications with management and the directors
2.13 Unable to continue with the engagement
2.14 Documentation
3 Laws and regulations (ISA 250)
3.1 Introduction
3.2 Non-compliance
3.3 Responsibility of management for compliance with laws and regulations
3.4 The auditor’s consideration of compliance with laws and regulations
3.4.1 Procedures when non-compliance is discovered
3.5 Reporting of non-compliance
3.5.1 Reporting to management
3.5.2 Reporting to users of the financial statements
3.5.3 Reporting to regulatory and enforcement authorities
3.6 Withdrawal from the engagement
4 Questions
Appendix 1
Appendix 2

1
An introduction to auditing
Authoritative references
Reference Title
Preface to international standards on quality control, auditing,
Preface
review, other assurance and related services
Glossary Glossary of terms
1 Introduction
Certain companies, as stipulated in the Companies Act 71 of 2008, are required by law
to prepare annual financial statements. It is, however, the responsibility of the board of
directors to prepare these financial statements, and the framework in which the
reporting should be done is prescribed by law and the International Financial Reporting
Standards (IFRS). Shareholders and other interested parties, such as banks, the South
African Revenue Service (SARS), investors, etc., require an independent and objective
opinion as to whether the statements presented by the board of directors provide a fair
reflection of the financial position of the company and the results of its operations. This
is the principal task that the law requires the auditor to perform.
The statutory audit is not the only audit that is performed, however; entities not
required by law to have an audit may request an audit to enhance the credibility and
reliability of their results. An audit is also not necessarily restricted to the verification
of the financial results of an entity.
2 Definition of auditing
The Oxford Interactive Encyclopaedia defines “audit” as “an official examination and
verification of (originally orally presented) financial accounts, especially by an
independent body”. However, “audit” can be either a verb or a noun. The above
definition is of the noun. As a verb, “audit” would mean inspect, examine, scrutinise,
etc, as in “audit the books”.
Dickinson (Lubbe, 1983:1) defined an audit as “an investigation or examination by an
auditor into the evidence from which the financial statements of an organisation have
been prepared. This examination is carried out in order to ascertain that the financial
statements fairly present the summarised transactions for the period under review and of
the financial state of the organisation at the end date, thus enabling the auditor to report
on them”.
The objective of an audit of financial statements is defined in the glossary of terms as
“to enable the auditor to express an opinion whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting
framework”.
It would, however, be impossible to give a single definition of auditing due to the
terms “audit” and “auditing” being used in different disciplines and in different
situations. The above explanations would therefore be regarded as sufficient in this
context.
3 Development of auditing
3.1 Internationally
Although the earliest recorded use of the word “audit” was in the late Middle Ages
(1350–1469), evidence of accounting can be traced to Biblical times (Lubbe, 1983:2).
The English word “audit” stems from the Latin word “audire”, which means to hear.
According to Schandl (Lubbe, 1983:2), the Roman auditor was present at negotiations
without participating in the negotiations. The auditor was expected only to listen to the
negotiations and to identify any misappropriation of funds and unacceptable actions by
the parties.
Two significant developments in the accounting field that had far-reaching
implications for the accounting and auditing professions was the switch-over from
Roman to Arabic notation in the 14th century and later the development of double-entry
bookkeeping. An Italian, Frater Luca Pacioli, made a valuable contribution to the
development of double-entry bookkeeping through the publication of his work Summa
de Arithmetica, Geometria Proportioni et Proportionalita, published in 1494 (Lubbe,
1983:2).
The current practice of auditing of corporations developed over the last 170 years as
a result of the self-regulation of the accounting profession. A regulated auditing
profession was established in the United States in the late 1800s, and in the United
Kingdom only in the mid 1900s. It became a statutory requirement that corporate entities
be audited by an independent person, (Lee, 1988:xxi). This legislative requirement was
necessitated by the change in company structures. Prior to this, companies had been
managed mainly by the owner(s), with no separation between management and
ownership. The growth in the size of companies had resulted in a division between the
managers and the shareholders or owners of the company. The fact that the shareholders
had become less and less involved in the management of the company called for an
independent party to provide an objective view of the operations and results of a
company, leading to the establishment of the auditing profession.
3.2 In South Africa

The auditing profession in South Africa developed in line with the evolution of
corporate law and governance practices. The profession was formalised in South Africa
just over 100 years ago, after the discovery of diamonds in Kimberley and gold on the
Witwatersrand. These discoveries changed the South African business scene forever, as
large financial deals, amalgamations, etc. demanded the services of accountants and
auditors. The first organised body of accountants, the Institute of Accountants and
Auditors in the South African Republic, was established in the Transvaal in 1894.
In the early days, each province established its own society of accountants. The
Institute of Accountants in Natal was formed in 1895, and in 1904 the Transvaal Society
of Accountants was formed. In 1907 the Society of Accountants in the Cape Colony was
formed under the Companies Act of the Colony, and in 1927 the name was changed to
the “Cape Society of Accountants and Auditors” (PAAB, 2001:2–4).
The Society of Accountants and Auditors in the Orange River Colony was constituted
in 1907. In 1909 the Natal Society of Accountants came into existence under a Natal
Act, restricting practice to those entitled to the designation “Registered Public
Accountant (Natal)” (PAAB, 2001:3–4).
During the next couple of years, attempts were made to establish uniform legislation
between the different provinces. In 1921 the South African Accountants Societies
Examining Board was established, which made provision for uniform conditions of
admission, examinations and regulations for service under articles or with practical
experience in professional offices.
In 1927 the Chartered Accountants Designation (Private) Act was passed in order to
reserve the designation Chartered Accountant (SA) or “CA (SA)” for members of the
provincial societies of chartered accountants (PAAB, 2001:5).
After 1934, service under articles became compulsory with the adoption by the
Societies of uniform by-laws.
In 1945, representatives of the four Societies met, with the aim of consolidating the
profession. As a result, the Joint Council of the Societies of Chartered Accountants of
South Africa was formed (PAAB, 2001:6).
Between 1946 and 1950, a process to unify the respective Societies began. In March
1950 a draft bill was presented to the Minister of Finance, which was accepted by the
Treasury and came into effect on 1 November 1951 as the Public Accountants’ and
Auditors’ Act 51 of 1951.
The Act provided for the establishment of a register of public accountants and
auditors who were entitled to engage in public practice and therefore use the
designation RAA (Registered Accountant and Auditor). It further provided for the
establishment of the Public Accountants’ and Auditors’ Board (PAAB), the registration
and control of articled clerks and the conduct of examinations. The Act also gave the
right to candidates that passed the Qualifying Examination to become members of the
different provincial societies and the right to use the designation CA(SA) (PAAB,
2001:8).
In 1976 PAAB and the National Council of Chartered Accountants (SA) appointed the
Loubser Commission to analyse the profile of the accountancy profession, with special
reference to training, functions and skills. The recommendations of the Loubser
Commission led to the establishment of the South African Institute of Chartered
Accountants (SAICA) with effect from 1 January 1980 (PAAB, 2001:12).
A new Public Accountants’ and Auditors’ Act, Act 80 of 1991 (PAA Act), came into
effect on 21 June 1991. The new Act was similar to the 1950 Act in all material matters.
The purpose of the new Act was to consolidate all the amendments that had been made
to the previous Act, as well as to bring the terminology used in the Act up to date with
practice.
A series of corporate collapses and scandals, both nationally and internationally, cast
doubts on the independence and conduct of auditors. This lead to countries around the
world taking legislative action to introduce stringent requirements for the conduct and
discipline of auditors.
In the light of these legislative changes, a process was established in South Africa to
investigate and address the shortcomings of the PAA Act. The purpose of the new
Auditing Profession Act (Act 26 of 2005), which was implemented during 2006 and
replaced the Public Accountants’ and Auditors’ Act, 1991, was to regulate the auditing
profession; to make provision for the Independent Regulatory Board (IRBA), as well as
a standard-setting board for auditor ethics and a standard-setting board for auditing.

4 Benefits of an audit
Apart from the requirement by law for a company to have an audit, SAICA (2002a:1)
identified a number of other ways in which entities will benefit from an investment in an
audit.
Improving the credibility of financial statements: Published financial information
is relied on by more than just the shareholders. Investors, for example, rely on the
financial statements to assist in their investment decisions. Published information is
widely available through the printed media and the Internet, and it is therefore
imperative that the available information is of the highest possible quality.
Taxation issues: Through the rigorous audit process, taxation issues are normally
identified and adjusted or referred to taxation specialists.
Banking requirements: Enterprises, including those not requiring a statutory audit,
are frequently requested by financial institutions to have their results audited in
order to provide sound financial information on which to base their lending
decisions.
Advice on the structure and operations of systems: Part of the normal audit work is
to review the accounting and internal controls of a company. Any weaknesses
identified by the auditor are reported to the client, with recommendations for
improvement, thus promoting a sound control environment.
Good corporate governance: The importance of including reputational risk
management in a company’s overall risk management procedures has been
recognised. An investment in audit is deemed to be an essential component of good
corporate governance locally as well as internationally (refer to Chapter 4).
5 Types of auditor
“Performing an audit” is no longer restricted to the accounting profession; it is an
activity found in a variety of disciplines and is not necessarily performed by a chartered
accountant. In that sense it merely refers to the investigation of data in order to verify the
accuracy of the data and to express an independent opinion (e.g. the verification of
election results by an independent party).
In terms of the auditing profession, two broad categories of auditor can be identified.
The external auditor is the person with final responsibility for the external audit
function, be it a statutory audit or a voluntarily requested audit. The external auditor is

required to express an independent and objective opinion as to whether, in all material
respects, the financial statements of an entity fairly present
the financial position of the entity at a specific date
the results of its operations and cash flow information for the period ended on that
date.
When forming his opinion, the external auditor should take into consideration all
statutory and other requirements.
The internal audit function is established within an organisation as a service to the
company. As an appraisal activity, the internal auditor’s functions would include,
amongst other things, examining, evaluating and monitoring the adequacy and
effectiveness of the accounting and internal control systems. In the Code of Professional
Conduct of the South African Institute of Chartered Accountants it is indicated that the
internal auditor also has a responsibility to serve the public interest. The internal
auditor could achieve this by, for example, providing assurance about a sound internal
control system which enhances the reliability of the external financial information of the
employer (SAICA, 2003:81).
Apart from the two broad classifications of external and internal auditor, various
types of auditor exist which are based on specific areas of specialisation. Examples of
these are the following:
Forensic auditors concentrate on the investigation and gathering of evidence where
there has been alleged financial mismanagement, theft or fraud.
Government auditors fulfil a role similar to the internal auditor, but in government
departments. They evaluate and investigate the financial affairs of government
departments, reporting their findings to senior government.
Special purpose auditors specialise in a particular field such as environmental
auditors, VAT auditors or IT auditors. The conclusions presented by the special
purpose auditors enhance the degree of confidence with regards to the underlying
figures that they have reviewed (Jackson & Stent, 2007:3)
6 Independent Regulatory Board for Auditors

Implementation of the Auditing Profession Act commenced on 1 April 2006, and one of
its effects was to replace the PAAB with the Independent Regulatory Board for Auditors
(IRBA). The IRBA is a statutory body that controls the section of the accountancy
profession involved with public auditing in South Africa and aims to protect the
financial interests of the people of South Africa.
In order to perform the attest (audit) function, a person must be registered with IRBA.
A registered member of the IRBA is referred to as a Registered Auditor and may use the
designation RA.
The functions of the IRBA, according to the Act, are classified under:
general functions, including:
promoting the integrity of the auditing profession
taking steps to protect public interest when engaging with registered auditors
prescribing standards of professional conduct, ethics and conduct of registered
auditors
prescribing auditing standards
functions with regard to accreditation of professional bodies, registration of
auditors, education, training and professional development and fees and charges.
7 Professional bodies governing the accountancy

profession
7.1 IFAC
The International Federation of Accountants (IFAC) is the global organisation for the
accountancy profession. It works with its member organisations in a number of countries
to protect the public interest by encouraging high quality practices by the world’s
accountants (IFAC, 2004a:1).
IFAC’s main objective is defined as “to serve the public interest, strengthen the
worldwide accountancy profession, and contribute to the development of strong
international economies by establishing and promoting adherence to high-quality
professional standards, furthering the international convergence of such standards, and
speaking out on public interest issues where the profession’s expertise is most relevant”
(IFAC, 2004a:1).
The International Auditing and Assurance Standards Board (IAASB) is an
independent standard-setting body under the auspices of IFAC. The IAASB aims to
establish high-quality auditing, assurance, quality control and related services. Its
mission is further to improve the uniformity of practice by professional accountants
throughout the world, thereby strengthening public confidence in the global auditing
profession and serving the public interest (IFAC, 2004b:1).
The Public Interest Oversight Board (PIOB) oversees the public interest activities of
IFAC. The objective of the PIOB is to increase confidence of investors and others that
such activities, including the setting of standards by the IAASB, are properly responsive
to the public interest. PIOB members are nominated by international institutions and
regulatory bodies (IFAC, 2009).
7.2 SAICA
The leading professional body in governing the accountancy profession in South Africa
is the South African Institute of Chartered Accountants (SAICA). SAICA offers its
members a wide range of services, such as ongoing professional education, tax and
legal advisory services, technical advice and seminars and workshops.
SAICA was established in 1980 after the National Council of Chartered Accountants
(SA) was dissolved. SAICA has subsequently established itself as one of the leading
institutes on the global front through its involvement in international activities. SAICA
holds a seat on the Council of IFAC and on the board of the International Accounting
Standards Committee (IASC). It is also a member of the respected “Group of Ten”, a
group of the ten leading institutes worldwide, and the Chartered Accountants Group of
Executives (CAGE), which consists of the seven major Chartered Institutes (SAICA
2002b:3).
Members of SAICA can hold the designation of highly regarded Chartered
Accountant (South Africa), or “CA(SA)”. In order to do so, members must have
mastered certain skills through education and training, as explained in a later section of
this chapter.
7.3 ACCA
The Association of Chartered Certified Accountants (ACCA) is an international
accountancy body with statutory recognition in the UK and Ireland. Members of ACCA
are known as Chartered Certified Accountants and can work as registered auditors in
the abovementioned countries. The ACCA was established to provide more open access
globally to the accountancy profession and has developed into an authority on
professional accounting and associated public policy matters, as well as taxation of
corporate and non-corporate entities and law (ACCA, 2004:1). The ACCA was
launched in South Africa in 1994 and, although the ACCA qualification does not qualify
one to provide auditing services in South Africa, members to the ACCA in South Africa
are recognised as accounting officers for Closed Corporations.
7.4 CIMA
The Chartered Institute of Management Accountants (CIMA) is an internationally
recognised professional management accounting body. The CIMA qualification has a
focus towards accounting for business, as well as an excellent understanding of finance,
operations, change management, relationship and project management, marketing, as
well as applied management accounting techniques (CIMA, 2011:1). A member to
CIMA will hold the designation of Chartered Management Accountant.
7.5 SAIPA
The South African Institute of Professional Accountants (SAIPA) is the second-largest
accounting institute in South Africa and is also a member of IFAC. Professional
accountants are recognised as Independent Reviewers by the Companies Act 71 of 2008
and may also report on other business forms, such as Non-profit Organisations and
Closed Corporations (SAIPA, 2011:1).
7.6 IIA
Established in 1941, the Institute of Internal Auditors (IIA) is an international
professional association. The IIA is recognised as the leading professional body for
internal auditors and oversees the certification, education, research and technical
guidance of various internal audit-related qualifications of which Certified Internal
Auditors (CIA) is the most well-known qualification (IIA, 2011:1).
7.7 CFA
The members of the CFA Institute (a global association of investment professionals) are
known as Chartered Financial Analysts (CFA). The Institute has its origin in the
Financial Analysts Federation that dates back to 1947. It is the institute’s mission to
promote an investment profession of which the members adhere to the highest standard
of ethics, integrity, and excellence of practice (CFA Institute, 2011:1).
7.8 SAIT
The South African Institute of Tax Practitioners (SAIT) is yet another professional
organisation in the accountancy and taxation field. The SAIT stands for advancing the
knowledge and understanding of laws relating to taxation in South Africa. The various
fields of tax include income tax, value-added tax, employee tax, secondary tax on
companies, skills development levies, transfer duties, estate duties, customs and excise
duties, capital gains tax, tax planning, estate planning, taxation services and foreign
taxation laws, to name but a few (SAIT, 2011:1).
8 Auditing pronouncements
In the past, statements of generally accepted auditing standards in the South African
context were referred to as the South African Auditing Standards (SAASs). The
Auditing and Assurance Standards Board of IRBA adopted the entire set of international
pronouncements issued by the IAASB for use in South Africa. These pronouncements
replaced the SAAS statements.
The international pronouncements include:
the International Standards on Auditing (ISAs)
the International Standards on Review Engagements (ISREs)
the International Standards on Assurance Engagements (ISAEs)
the International Standards on Related Services (ISRSs)
the International Standards on Quality Control (ISQC).
Statements of ISA contain basic principles and essential procedures to be followed by
auditors in performing their work, together with further guidance in the form of
explanatory and other material. Auditing standards are binding on all registered auditors
and should be applied in the audit of financial statements and other information, and to
related services.
Practice statements are issued to provide practical assistance to auditors in
implementing particular statements of ISA and to promote good practice.
8.1 Committee for Auditing Standards (CFAS)

The Auditing Profession Act requires, in terms of Sections 20 and 22, the IRBA to
establish a Committee for Auditing Standards. The functions of the CFAS are to assist
the IRBA in the following ways:
to develop, maintain, adopt, issue or prescribe auditing pronouncements
to consider international developments and influence the nature of international
pronouncements, and
to promote and ensure the relevance of auditing pronouncements.
The CFAS must consist of at least the following members:
five registered auditors
one person with experience of business
representatives from the Office of the Auditor-General, the Financial Services
Board, the JSE Securities Exchange, SARS and the Registrar of Banks

an academic.
8.2 Practice statements

Practice statements are also made available by the IRBA and provide practical
assistance to auditors in implementing particular statements of ISA and promoting good
practice.
9 Fundamental principles of the theory of auditing

Auditing is a science based on fundamental principles called postulates. These are
listed below:
Financial data can be verified.
Conflict of interests does not necessarily exist between the auditor and management
of the audited company.
The financial statements and other information presented for review are free from
conspiracies and other irregularities.
Internal control procedures reduce the possibility of errors and irregularities.
The consistent application of International Financial Reporting Standards results in
fair presentation.
In the absence of clear evidence to the contrary, what was true in the past will
remain true in the future.
When an auditor investigates financial data in order to express an objective opinion,
he acts exclusively in his capacity as the auditor.
The professional status of the independent auditor implies certain professional
responsibilities (Marx, Van Der Watt, Hamel & Bourne, 2003:1–4).
10 The career path of a prospective auditor

The IRBA will have a duty to the public to ensure that all its members have the required
standard of professional competence before being allowed to practise. Therefore, all
prospective registered trainees will have to pass a Public Practice Examination (PPE)
and complete a period of practical training before being allowed to register as an RA.
A profession is characterised by, among others things, the mastery of a particular
intellectual skill that is acquired through training and education.
Membership of the accountancy profession therefore requires a candidate to display a
particular intellectual skill that he has developed through formal training and education.
First of all, a prospective candidate should hold the Certificate in the Theory of
Accounting (or equivalent) from an accredited university. An accredited university is a
tertiary institution where the academic curriculum has been approved by SAICA as
sufficient in terms of the CA training requirements. The required academic programme
develops core knowledge and skills that will form the basis for professional
competence in later years. This programme requires the completion of a three-year
university degree and a one-year post-graduate degree from an accredited university.
A prospective candidate should further gain relevant practical experience in the
office of a Registered Auditor who has been approved for training purposes. Sufficient
training opportunities are ensured through a compulsory three-year training contract that
has to be approved by SAICA. In order to be admitted to the Public Practice
Examination (PPE), a candidate should have completed, apart from the other
requirements, the largest part of a recognised training programme.
The aim of the recognised education programme is to integrate practical experience,
theoretical knowledge and skill to develop professional competence. A candidate
should attempt the recognised education programme after completing Part I of the
Qualifying Examination and while undertaking the period of practical training.
Admission requirements for entry into the Public Practice Examination are:
successful completion of a recognised academic programme (CTA or equivalent)
successful completion of a recognised core assessment programme (SAICA Part I of
the Qualifying Examination)
successful completion of the largest part of a recognised training contract (SAICA
approved training contract)
successful completion of a recognised education programme (Auditing Specialist
course).
The Auditing Specialist Course is valid for a period of five calendar years after the
calendar year in which the education programme was successfully completed.
Thereafter, the candidate must repeat the education programme successfully before
being able to enter the PPE again.
Following qualification as a Chartered Accountant (CA), accountants entering public
practice will be required to register with the IRBA and will be governed by its
regulations. After registration with the IRBA members will be able to use the
designation RA.
Chartered Accountants entering other disciplines, apart from public practice, such as
taxation, internal audit, and financial management, will not have to register with the
IRBA, but have to be members of the SAICA if they wish to use the designation CA
(SA).
SAICA has adopted a new competency framework that all candidates would need to
comply with before they would be able to register with the Institute.
The required competencies are divided into certain
compulsory skills,
elective skills, and
residual skills
that students would need to have advanced experience in.
The compulsory skills include ethics and professionalism, personal attributes,
financial and non-financial reporting as well as professional skills.
One elective skill has to be chosen from the following options:
strategy, risk and governance
financial management
auditing and assurance
taxation
management decision making.
Enough time to achieve a comprehensive understanding and application of the concepts
and techniques in complex environments are required for both the compulsory as well
as the elective skills.
The remaining residual skills (not selected under the elective skill option) only
require basic experience; therefore enough time to achieve a general awareness of the
vocabulary and related concepts of the discipline which should be able to be
demonstrated in simple uncomplicated situations.
Career path of a prospective auditor

11 References
Association of Chartered Certified Accountants, 2004. About ACCA. [On-line].
Accessed on 19/04/2004. Available http://www.acca.co.uk/ about/
Chartered Financial Analyst Institute, 2011. History. [On-line]. Accessed on
21/07/2011. Available
http://www.cfainstitute.org/about/strategy/mission/Pages/index.aspx
Chartered Institute of Management Accountants, 2011. CIMA vs ACCA. [On-line].
Accessed on 23/06/2011. Available http://www.cimaglobal.com
International Federation of Accountants, 2004a. About IFAC. [On-line]. Accessed on
28/04/2004. Available http://www.ifac.org/About/
International Federation of Accountants, 2004b. International Auditing and Assurance
Standards Board. [On-line]. Accessed on 28/04/2004. Available
http://www.ifac.org/IAASB/
International Federation of Accountants, 2009. International Auditing and Assurance
Standards Board Fact Sheet. [On-line]. Accessed on 07/05/2009. Available
http://www.ifac.org/IAASB/
Institute of Internal Auditors, 2011. About the IIASA. [On-line]. Accessed 23/06/2011.
Available http://www.iiasa.org.za/
Jackson, R.D.C. & Stent, W.J. 2007. Auditing Notes for South African Students. Sixth
edition. Durban: LexisNexis.
Lee, T.A. 1988. The Evolution of Audit Thought and Practice. London: Garland
Publishing, Inc.
Lubbe, D.S. 1983. Inleiding tot die Ouditkunde. Durban: Butterworths.
Marx, B., Van der Watt, A., Hamel, A. & Bourne, P. 2003. Dinamiese Ouditkunde.
Sesde uitgawe. Johannesburg: Butterworths.
Oxford Interactive Encyclopedia. 1997 (CD). West Sussex, United Kingdom: The
Learning Company, Inc.
Public Accountants’ and Auditors’ Board, 2004a. Status of the Board. [On-line].
Accessed on 05/03/2004. Available http://www.paab.co.za/ about.asp
SAICA, 2002a. Benefits of an Audit. [On-line]. Accessed on 05/03/2004. Available
http://www.saica.co.za/Displaycontent.asp?theID=586
SAICA, 2002b. About SAICA. [On-line]. Accessed on 05/03/2004. Available
http://www.saica.co.za/Displaycontent.asp?theID=118
SAICA, 2003. Code of Professional Conduct. SAICA Handbook Ethics/Circulars
Volume 3 2003/2004. South Africa: LexisNexis Butterworths.
SAICA, n.d. Changing lanes, Remodeling the CA training route (Brochure).
Johannesburg: SAICA.
South African Institute of Professional Accountants, 2011. Benefits of membership. [On-
line]. Accessed on 23/06/11. Available http://www.saipa.co.za/page/658/benefits-
membership
South African Institute of Tax Practitioners, 2011. SAIT vision. [On-line]. Accessed on
21/07/11. Available http://www.thesait.org.za/?page=Vision

12 Questions
QUESTION 1.1 22 MARKS

One of your friends and quite an entrepreneur, William Harris, is in the process of
starting his own property development company (a private company). William is
currently deciding on various aspects of the business before it commences its
operations. He knows that you are studying B.Com Accounting and he has approached
you to assist him with certain aspects of operating as a private company. He does not
have an auditing background and wants you to specifically explain certain aspects of
having his company audited annually.
YOU ARE REQUIRED TO:

(a) Explain to William Harris what the benefits of having an audit are. (10)
(b) Explain the fundamental principles of the theory of auditing that an audit will be
based on. (8)
(c) Briefly describe the two broad categories of auditors to William. (4)
PART A
You are a registered auditor.
A friend of yours, Luscious Lucy, loves beauty contests. She asks you why the
announcers of the Miss World competitions made a special announcement that the
results of the competition were verified by external auditors.

Respond to her question. (5)
PART B
You are an audit partner in a large auditing firm. One of the leading residential
universities invited your firm to present a guest lecture to the second-year auditing
students. This will be these students’ first encounter with the subject “Auditing” and you
are requested to give a presentation on the auditing profession.

(a) Explain the role of the auditor with regards to financial statements. (3)
(b) State the objective of an audit. (4)

2
The auditor’s regulatory environment
Auditing Profession Act, 26 of 2005
Companies Act, 71 of 2008 Companies Regulations, 2011
Closed Corporations Act, 69 of 1984
Public Finance Management Act, 1 of 1999
1 Introduction
The auditor operates in an environment where laws and regulations play an important
role. Accordingly there are numerous laws and regulations that the auditor has to
consider in the audit of financial statements. Some of these laws (e.g. the Companies
Act) apply to all companies, but there are laws that are applicable to specific
institutions only (e.g. the Banks Act, the Insurance Act).
In order to provide a proper service and to reduce the audit risk, the auditor has to
ensure that he has proper knowledge of the laws and regulations impacting on the
various audit assignments for which he is responsible. Similarly, directors and
managers of companies should have a good understanding of the legal and regulatory
environment in which the entity operates, as well as the accompanying responsibilities
placed on them. It is therefore essential that they have a proper understanding of the
relevant laws and regulations affecting their entities.
2 Corporate governance
Auditors, directors and managers should be aware of the regulatory environment which
governs companies on a broad basis. The broad regulatory environment is determined
by the respective laws and regulations governing corporate entities in South Africa.
They should, however, also be aware of the narrow governance of entities. The
narrow governance of entities refers to the regulation of internal aspects of entities by
different requirements. Although not an Act, the King Reports on Corporate Governance
provide an important framework for entities. For example, the Code of Corporate
Practices and Conduct of the King II Report placed responsibilities on the directors of a
company to ensure that proper systems exist by which a company can be directed and
controlled.
The King II Report adopted an inclusive approach to corporate governance.
Consequently, the directors are considered to not only be accountable to shareholders,
but to act responsibly in regard to all stakeholders of the company. The King III Report
goes further and revolves around leadership, sustainability and corporate citizenship.
King III was developed to align King II with the new Companies Act’s requirements.
It functions on an “apply or explain” basis and could be viewed by courts as the
benchmark for the required standard of best practice. The King III Report is widely
regarded as guidance for what good governance entails and for setting the benchmark
for directors’ conduct.
Auditors, directors and managers should further also understand the concepts and
principles relating to business ethics, and the risk management and internal control
processes of companies.
3 Auditing Profession Act
Contents Paragraph(s)
Definitions 1
Registration of individual auditors and firms 37–40
Conduct by and liability of registered auditors 41–46
Accountability of registered auditors 47–51
Reportable irregularities and false statements in connection 52
with audits
3.1 Introduction
After 1 April 2006, all persons registered with the Independent Regulatory Board for
Auditors (IRBA) have to comply with the regulations of the Auditing Profession Act, 26
of 2005.

All audits must also be performed under the requirements of the Auditing Profession
Act.
3.2 Definitions (s 1)
The examination of, in accordance with prescribed or

applicable auditing standards –
financial statements with the objective of expressing
an opinion as to their fairness or compliance with an
identified financial reporting framework and any
Audit applicable statutory requirements; or
financial or other information, prepared in
accordance with suitable criteria, with the objective
of expressing an opinion on the financial and other
information.
A firm refers to a partnership, company or sole proprietor
Firm
registered with the Regulatory Board.
A public accountant is a person engaged in public
Public accountant
practice.
Public practice refers to the practice of a registered
Public practice auditor who places professional services at the disposal
of the public for reward.
The training contract is a written contract entered into in
the prescribed form and registered with the Regulatory
Board whereby A prospective registered auditor is duly
Training contract
bound to serve a registered auditor for a specified period
and is entitled to receive training in the practice and
profession of a registered auditor.
3.3 Registration of individual auditors and firms (ss 37–39)

3.3.1 Registration of individuals as registered auditors
A person wishing to register as an auditor has to submit a request, on the prescribed
application form, to the IRBA.
The following minimum requirements for registration as an auditor are listed in
section 37 of the Auditing Profession Act:

The applicant must have completed the required training contract and passed the
prescribed examinations.
The applicant must have complied with the prescribed competency requirements.
The IRBA has to be of the opinion that the applicant is fit and proper to be
registered as an auditor.
The applicant has to be a resident of the Republic of South Africa.
The IRBA will refuse registration if:
the person was removed from office of trust on account of misconduct
the applicant was convicted of theft, fraud, forgery, uttering a forged document,
perjury, offence under the Prevention and Combating of Corrupt Activities Act or
any other offence that involves dishonesty and for which he has been sentenced to
imprisonment (without the option of a fine) or received a fine of more than such an
amount as prescribed by the Minister
the applicant is of unsound mind or unable to manage his own affairs, or
the applicant was disqualified from registering in terms of punishment imposed by
the Auditing Profession Act.
3.3.2 Registration of firms as registered auditors
A registered auditor may engage in public practice alone, in partnership with other
registered auditors or in a company.
In order to engage in public practice as a company the following requirements have to
be met:
The company has to be incorporated and registered in terms of the Companies Act,
1973 and have a share capital.
The memorandum of association has to provide that all directors (including
previous directors) are jointly and severally, together with the company, liable for
any debts incurred while holding office as a director.
Only persons who are registered auditors may be a shareholder of the company.
Every director must be a shareholder and every shareholder must be a director.
If a shareholder dies or ceases to qualify as a member, his estate or himself may
hold his shares for 6 months. During that time his estate or he will not have any
voting rights and he may not act as a director or receive any financial benefits from
the company.
The company may purchase shares without a reduction in the share capital and
without confirmation from the court, provided that the articles of association allows
for it. Repurchased shares are available for allotment as determined by the
company’s article of associations.
Members are not entitled to appoint other persons than members to act as proxies at
any meetings of the company.
3.3.3 Termination of registration
The Regulatory Board will cancel registration if:
a person, subsequent to registration, is disqualified in terms of the above-mentioned
specifications, or
a person’s registration was made in error or using false information.
The Regulatory Board may cancel registration if:
the estate of a registered auditor is sequestrated or he enters into an arrangement
with his creditors, or
a person ceases to be a member of an accredited professional body.
The registration of an auditor will lapse if his prescribed fees are not paid.
A registered auditor will be able to submit a written request to the IRBA to be
removed from the register, but he will remain responsible for any liabilities incurred
prior to the date of his removal.
3.4 Prohibition against practising in public practice by unregistered

persons (s 41)
Only an auditor registered with the IRBA and who has paid all relevant prescribed fees
will be permitted to:
engage in public practice
present himself as an auditor in public practice
use the registered auditor description/designation.
The following instances are not prohibited:
A salaried person employed exclusively by an organisation will be permitted to use
the description of accountant or internal auditor in the context of the employer.
A member of a club, institution or association that exists without a profit motive will
be permitted to act as the auditor, provided that he is not remunerated for his
services.
The Auditor-General will be permitted to appoint unregistered people to carry out
an audit on his behalf.
3.5 Information to be furnished by registered auditors (s 43)

A registered auditor will have to notify the IRBA within 30 days of a change in name,
address or composition of his practice.
A registered auditor will have to provide the following information within 14 days of
receipt of a request from a client or potential client:
the name(s) or titles under which he practises
the place(s) of business of all partnerships of which he is a partner in public
practice
the full names of all partners of such partnerships
his own names, surname, nationality, business and residential address.
3.6 Duties in relation to audit (s 44)

In order for the auditor to issue an unqualified audit report or to express an unqualified
opinion, the following requirements will have to have been met:
The audit work will have to have been carried out free from any restricttions and in
compliance with the required auditing pronouncements.
He will have to be satisfied that the assets and liabilities reflected in the financial
statements exist.
The auditor will have to have ensured that proper accounting records have been kept
by the entity in one of the official languages of the country.
The auditor will have to have obtained all information and documents needed to
perform the audit work.
If applicable, the auditor will have to have adhered to all the legal requirements
imposed on him by the respective laws.
He will have to be satisfied that the statements give a fair reflection of results.
In the case of the existence of a reportable irregularity, the auditor will have to be
convinced that the situation has been solved appropriately.
If the auditor or member of his firm has performed any secretarial or accounting work
for the audited entity, this will have to be disclosed in any reports.

3.7 Duty to report on irregularities (s 45)
If a registered auditor of an entity is satisfied or has reason to believe that a reportable
irregularity has taken place or is taking place in respect of that entity, he will have to
notify the IRBA of such irregularity without delay and in writing. The report will have
to give particulars of the reportable irregularity as well as such other information as the
registered auditor considers appropriate.
Within three days of reporting to the IRBA, the registered auditor will be required to
notify the entity’s management board that he has submitted the report. Such notification
will have to be accompanied by the provisions of section 45 and a copy of the report
sent to the IRBA.
Within 30 days of submitting the report to the IRBA, the registered auditor will have
to
discuss the report with the entity’s management board
afford the members of the management board the opportunity to make representation
in respect of the report
send another report to the IRBA stating that:
no reportable irregularity took place or is taking place
the suspected reportable irregularity is no longer taking place and that adequate
steps have been taken to prevent or recover any loss as a result thereof, or
the reportable irregularity is continuing.
The IRBA must disclose the information regarding the reportable irregularity to any
appropriate regulator to which the report relates.
The auditor will be permitted to carry out any investigation to gather information on the
irregularity that he feels is necessary, and he will be required to consider information
that comes to his knowledge from any source.
3.8 Liability incurred by auditor (s 46)

A registered auditor will incur a liability in terms of an opinion expressed or report
issued if it is proved that the opinion or report was issued maliciously or that he was
negligent in his conduct.
The auditor will be liable to any third party that relied on his opinion or report if the
following can be proved:
The registered auditor knew or was reasonably expected to know that the report or
opinion would be used by his client to convince a third party to take a specific
decision.
The registered auditor knew or was reasonably expected to know that a third party
would rely on his report or opinion when making a decision.
The registered auditor indicated to a third party after the opinion or report was
issued that it is correct that he knew or was reasonably expected to know that the
third party would base his decision on the information.
The fact that a person performed his duties as an auditor will not be sufficient evidence
that he was expected to know that the client or a third party would rely on the
information in his report or opinion.
A registered auditor may incur liability to any partner, member, shareholder, creditor
or investor of an entity if the registered auditor fails to report a reportable irregularity.
3.9 Practice reviews (s 47)

The IRBA may at any time review the practice of a registered auditor, but practice
reviews will have to be performed at least every three years.
During these practice reviews the confidentiality obligation of the registered auditor
will be set aside, and he will have to present to the reviewer all required information.
3.10 Investigation into improper conduct by registered auditors (s 48)

The IRBA may order an inquiry into the circumstances where a registered auditor failed
to perform his duties as the auditor with the necessary care and skill, or where he was
negligent in the performance of his duties. If the inquiry proves that the person is guilty,
the IRBA may impose on him a punishment deemed appropriate in the circumstances.
3.11 Offences and penalties (s 41)

3.11.1 Suspended persons in service
A registered auditor will not be permitted to employ, without the consent of the IRBA, a
person who is:
suspended from public practice
not registered as an auditor but who was previously registered, or
not registered as an auditor and who was refused registration by the IRBA.
If a registered auditor is suspended from practice, he will not be permitted to engage in
public practice for that period.

3.11.2 Letterheads
All letterheads will have to include the first names or initials and surname of the
practitioner. In the case of a partnership, letterheads will have to include at least the
details of the managing partners, or active partners if there are no managing partners. In
the case of a company, the names of the directors are required by the Companies Act.
3.11.3 Signing of reports
A registered auditor will be permitted to sign the audit report only if the work was done
by or under the direct supervision of the auditor or his partners.
3.11.4 Risk management practices and procedures
A registered auditor will not be permitted to perform audits unless adequate risk
management practices and procedures are in place.
3.11.5 Professional fees
A registered auditor will not be permitted to share or transfer any audit fees or share
profits in partnership with persons not registered with the IRBA.
4 Companies Act
Contents Sections
Important concepts 1, 2, 3, 48
Incorporation and types of companies 8, 15, 16
Directors and shareholders governance 60–78
Accountability and transparency 84–94
30, 90–93,
Auditing and review requirements Regulations,
2011
4.1 Introduction
The South African corporate law reform programme was initiated in 2005 by the
Department of Trade and Industry. This resulted in short-term amendments to the
Companies Act, 1973, which became effective on 14 December 2007, and a new
Companies Act (71 of 2008) signed by the President on 8 April 2009 and gazetted in the
Government Gazette (No 32121)). The new Companies Act and Companies
Regulations, 2011, came into effect on 1 May 2011.
Companies Regulations
In terms of section 223, and Item 14 of Schedule S of the Companies Act, 2008, the
Minister of Trade and Industry publishes regulations relating to the functions of the
Companies Commission, the Takeover Regulation Panel and the Companies Tribunal, as
well as other matters relating to the regulation of companies, to take effect at the same
time that the Companies Act, 2008 takes effect.
In section 30(2) the Act states that the annual financial statements of all public and
state-owned companies must be audited. In the case of any other type of company, the
annual financial statements must be:
audited if so required by the regulations issued by the Minister, or if decided at the
option of the company to be voluntarily audited, or
independently reviewed in a manner prescribed by the Minister in the regulation.
Private companies will be exempted from the above-mentioned requirements to be
audited or independently reviewed, if all the shareholders are directors and if it does
not meet the public interest score (PIS) that requires an audit.
4.2 Important concepts (ss 1, 2, 3, 4)

Included below are some important concepts with regards to the interpretation, purpose
and application of the Act.
4.2.1 Definitions (s 1)
Reference should be made to section 1 of the Act for the meanings and definitions of the
terms used in the Act. The following definitions are provided for background purposes:
Information in writing or electronic format concerning the

financial affairs of the company, and including but not
Accounting records
limited to, documents, ledgers, etc., used in the
preparation of the financial statements.
In case of assets, more than 50% of the gross assets at fair
All or greater part of
market value (irrespective of liabilities), or in the case of
the assets or
the company’s undertaking, more than 50% of the value of
undertaking
its entire undertaking, at fair market value.
The meaning thereof as per the Auditing Profession Act.
Audit
[Refer to paragraph 3 of this chapter.]
The Public and Intellectual Properties Commission
Commission
[Section 185].

Director Any director, alternate director or other person occupying
such position, by whatever name designated.
Transfer of money or property of the company, excluding
its own shares, to or for the benefit of the shareholders of
the company or another company within the same group,
in the form of dividends, capitalisation shares, or for
Distribution
consideration of shares bought back (share buybacks). It
also includes the incurrence of debt by a company for the
benefit of a shareholder, or forgiveness, or waiver of a
debt owed to the company by a shareholder.
Holding company A juristic person that controls a subsidiary.
Means ‘significant’ in the circumstances of a particular
Material matter or which might reasonably affect a person’s
judgement or decision-making in the matter.
For non-profit companies, a person who holds
Member membership in and has specified rights in respect of the
non-profit company.
The document:
– setting out the rights, duties and responsibilities of
Memorandum of shareholders, directors and others within/in relation
incorporation (MOI) to a company, and
– by which the company is incorporated.
A direct material interest of that person, of a financial
Personal financial
monetary or economic nature, or to which such a value
interest
may be attributed.
The holder of a share issued by a company and who is
Shareholder entered as such in the certified or uncertified securities
register.
State-owned A company listed in schedule 2 or 3 of the Public Finance
entity/company Management Act, or which is owned by a municipality.
Despite not being a director, a person who exercises
general executive control over and management of the
Prescribed officer whole, or significant portion of the business and activities
of the company, or regularly participates to a material
degree therein.

4.2.2 Related and inter-related persons and control (s 2)
An individual is related to another individual if they are married, live together in a
relationship similar to marriage, or are separated by no more than two degrees of
natural or adopted affinity.
An individual is related to a juristic person if the individual directly or indirectly
controls the juristic person.
A juristic person (company, corporation or trust) is related to another juristic
person if either of them directly or indirectly controls the other (“holding company”), is
a subsidiary of the other, or if a person directly or indirectly controls both of them
(“fellow-subsidiaries”).
Control means:
having the ability to exercise or control the exercise of a majority of the voting
rights, or
having the right to appoint or control the appointment or election of directors of that
company who control a majority of the votes at a meeting of the board.
Note: This definition should be considered where consideration is given to the
requirements for transactions (e.g., issuing shares to a person related to a director will
require the same authorisation as for a director).
4.2.3 Subsidiary relationship (s 3)
A company will be a subsidiary of another company if that company (holding company)
has control as stated above.
Note: The Act does not specify when financial statements should be consolidated and
the format thereof, but in this regard the provisions of IAS 27 should be followed
(financial statements must be prepared according to the accounting standards).
4.2.4 Solvency and liquidity test (s 4)
A company will satisfy the solvency and liquidity test if, at a particular time,
considering all reasonable foreseeable financial circumstances of the company at that
time:
the assets of the company fairly valued, equal or exceed the liabilities, fairly valued,
and
it appears that the company will be able to pay its debts as they become due in the
ordinary course of business for a period of 12 months of the date on which the test is
considered, or 12 months after a distribution was made.
Financial information considered must be based on accounting records that are accurate
and complete, and financial statements that present fairly the state of affairs according to
financial reporting standards.
The board must consider a fair valuation of the assets and liabilities, including
reasonable foreseeable contingent assets and liabilities.
The liquidity and solvency test should be done for every individual company, where a
group situation exists.
4.2.5 General interpretation and other administrative issues (s 6)
Notices, documents, records, statements, etc., may be retained in electronic format. Such
documents, statements, notices, etc., may also be published or delivered electronically,
provided they can be conveniently printed by the recipient within reasonable time and at
a reasonable cost.
If an inconsistency exists between this Act and another, the provisions of both Acts
apply. Where there is an inconsistency and it is not possible to apply both Acts, the
following will take preference and prevail:
Auditing Professions Act, Labour Relations Act, Promotion of Access to
Information Act, Promotion of Administrative Justice Act, Public Finance
Management Act, Securities Services Act, Banks Act.
In other cases, the provisions of the Companies Act will prevail.
4.3 Incorporation of companies (ss 8, 13–19)

4.3.1 Types of companies (s 8)
Two types of companies may be formed and incorporated under the Act, namely:
A: NON-PROFIT COMPANIES
This is a company:
incorporated for public benefit, or whose objective is related to cultural or social
activities or communal or group interests
whose income and assets are applied to advance its objective as stated in the
memorandum, and
who may not, directly or indirectly, transfer any of its assets or pay any of its income
to its members or directors (except as reasonable remuneration for services
rendered).
All sections of the Act apply similarly to non-profit companies, except that they do not
need a company secretary or audit committee (unless so required by the MOI).
B: PROFIT COMPANIES
A profit company is a company incorporated for the purpose of financial gain for its
shareholders (section 1). It can consist of four types of companies, namely:
B1: State-owned companies
This is a company (section 1) that:
falls within the meaning of a state-owned enterprise in terms of the Public Finance
Management Act, or
is owned by a municipality.
B2: Private companies
A private company:
is not state-owned, and
through its memorandum of incorporation:
prohibits the offering of its securities to the public, and
restricts the transferability of its securities.
Note: No limitation is placed on the number of shareholders of a private company as
was the case under the old Companies Act (previously 50).
B3: Personal liability companies
This is a company that:
meets the criteria for a private company (its memorandum prohibits the offering of
its securities to the public and also restricts the transfer thereof), and
stipulates in the MOI that it is a personal liability company.
Note: In terms of section 19(3), the directors and past directors are liable for the
company’s debts.
This type of company is normally used by professionals, such as lawyers, doctors, and
registered auditors, as it is a prerequisite of their respective professional bodies to
incorporate under this format of company.
B4: Public companies
A public company is a profit company that is not a state-owned company, a private
company or a personal liability company.
4.3.2 Incorporation of companies (ss 13, 14)
One or more persons may incorporate a profit company, and three or more persons may
incorporate a non-profit company by:
completing and each signing, in person or by proxy, the MOI, and
filing a notice of incorporation (NOI).
The Commission may reject the NOI if it is incomplete, and will reject it if there is less
than the required number of directors (at least three for public and non-profit
companies, and at least one for private and personal liability companies).
The Commission will:
assign the company a registration number
endorse the NOI and the MOI, and
issue and deliver a registration certificate to the company. The registration
certificate is conclusive evidence that all requirements for incorporation have been
complied with and that the company is incorporated.
If the name of the company stated in the NOI is already in use, the Commission will
register the company under its registration number as the interim name.
4.3.3 Memorandum of incorporation (MOI) (ss 15, 16)
The statutory document that incorporates the company’s rights, duties and
responsibilities is called a Memorandum of Incorporation
The MOI may:
include provisions dealing with matters the Act does not address, or alter
provisions that may be altered
impose a higher standard or more onerous provisions than what the unalterable
provisions require
contain restrictive conditions for the amendment thereof
not include provisions that negate, limit or alter the effect of unalterable provisions.
(a) Rules relating to governance
The board of a company (except where the MOI provides otherwise) may make, amend
or repeal rules relating to the governance of the company not addressed in the Act by
publishing a copy of the rules as required by the MOI and filing a copy of the rules with
the Commission.
Such rules must be consistent with the Act and the MOI, and if not, are void. The
rules take effect 20 days after they are published, or as specified in the rules, and:
are binding on an interim basis until voted on at the next shareholders’ meeting
are permanently binding after the shareholders have ratified them.
Any failure to ratify a rule does not affect the validity of any actions in terms of those
rules during the period they had an interim effect.
The MOI, and any rules of the company, are binding between:
the company and its shareholders
the shareholders
the company and its directors
the company and members of the audit committee or other committee of the board.
(b) Amendment of the MOI (s 16)
The MOI can be amended by:
a court order
the board, regarding changes made to the company’s shares (changing the authorised
shares, their rights, preferences, classifications – section 36(3)).
a special resolution, if proposed by the board or by shareholders entitled to exercise
at least 10% of the voting rights on such a resolution
the MOI may specify other requirements for amendments.
An amendment may be in the form of a new MOI, or alterations thereto, and should be
submitted to the Commission together with a notice of amendment (NOA).
The amendment to the MOI takes effect from the date that the Commission accepts the
filing of the NOA, or the later date set in the NOA.
4.3.4 Legal status of companies (s 19)
After incorporation, the company is a juristic person, exists continuously and has all the
legal powers and capacity of an individual, except to the extent that the MOI provides
otherwise.
A person is not, solely by reason of being a shareholder or director, liable for any of
the company’s liabilities or obligations, except as otherwise provided in the Act, or the
MOI.
The directors and past directors of a personal liability company are jointly and
severally liable, together with the company, for any debts and liabilities incurred during
their respective terms of office.
4.4 Shareholder and director governance

4.4.1 Shareholders’ governance (ss 57–65)
(a) Voting (s 60)
Shareholders can vote on resolutions:
at a shareholders’ meeting, or
in writing (by poll), within 20 business days after the resolution has been submitted.
(b) Shareholders’ meetings
General meetings (s 61)
The board, or persons specified in the MOI (if any), may call a shareholders’ meeting.
The board must call a shareholders’ meeting:
if so requested by the holders of at least 10% of the voting rights (the MOI may
specify a lower %), and
annually as an annual general meeting (AGM).
A company may apply to the court to set aside a request for a shareholders’ meeting on
the ground that the demand is frivolous.
Annual general meeting (AGM) (s 61)
A public company must convene an AGM:
within 18 months of incorporation
thereafter within 15 months of the previous AGM.
The AGM must, as a minimum, deal with the following business (section 61(8)):
presentation of the:
directors’ report
audited financial statements, and
audit committee report
election of directors
appointment of:
an auditor for the ensuing year, and
an audit committee
any matters raised by the shareholders (with or without advance notice).
Notice of meetings (s 62)

Notice of shareholders’ meetings must:
be given at least 15 business days before the meeting for public or non-profit
companies, and 10 days in other cases
in writing (paper or electronically), and must:
include the date, time and place of the meeting
state the purpose of the meeting
include copies of proposed resolutions
for an AGM: include a copy of the financial statements to be presented or a
summarised form thereof, and directions for obtaining a complete set
include a statement that shareholders may appoint proxies.
When no notice is given, or a defect exists in the information, the meeting may go ahead,
provided the shareholders agree thereto at the meeting.
Conduct of meetings (s 63)
Any person attending a shareholders’ meeting must identify him-/herself and the
company must verify that the person is entitled to vote.
Unless the MOI provides otherwise, notices may be sent electronically and
shareholders’ meetings may be conducted electronically.
Meeting quorum and adjournment (s 64)
A shareholders’ meeting may not begin until (quorum):
sufficient persons are present to be able to exercise in aggregate 25% of all of the
voting rights in respect of at least one matter (or a lower percentage specified in the
MOI), and
at least three shareholders are present at the meeting (if the company has more than
two shareholders).
No matter may be decided upon unless at least 25% of all of the voting rights that are
entitled to be exercised on a matter, are present at the meeting (or a lower percentage
specified in the MOI).
(c) Shareholders’ resolutions (s 65)

Shareholders’ resolutions can be an ordinary resolution or a special resolution.
The board may propose shareholders’ resolutions to be voted on (at a meeting or by
written consent).
Two or more shareholders may propose a resolution to be considered:
at a meeting requested specifically therefore
at the next shareholders’ meeting, or
by written vote.
An ordinary resolution requires more than 50% of the voting rights exercised on the
matter, and a special resolution 75% of the voting rights exercised on the matter.
The MOI can increase the percentage to more than 50% (except for the removal of a
director), and lower the percentage to less than 75% for a special resolution.
A special resolution is required for:
amending the MOI
ratifying a consolidated version of the MOI
ratifying actions of directors in excess of their capacity
approving the issue of shares or options to directors, or to the others if it represents
more than 30% of the votes
providing financial assistance for the acquisition of company shares
authorisation of directors’ loans, and loans to related and inter-related companies
(intercompany loans)
authorisation of directors’ remuneration
approving the winding up or liquidation of the company
approving proposed fundamental transactions (takeovers and mergers)
approving the transfer of a company to a foreign jurisdiction
any other matter as required by the MOI.
4.4.2 Directors’ governance (ss 66–78)
(a) Board, directors and prescribed officers (ss 66–69)
The business and affairs of the company are managed by or under supervision of the
board, which has the authority to exercise all of the powers and perform any of the
functions of the company, except to the extent excluded by the Act or the MOI.
The minimum number of directors required (except if the MOI specifies a higher
number) is:
a private or personal liability company: at least one

a public or non-profit company: at least three
This is in addition to the minimum number of directors that the company must have to
satisfy any other requirement of the Act or the MOI, for example, to appoint an ethics
and social committee and an audit committee.
For example: All public companies must have an audit committee of three directors,
thus the absolute minimum of directors required for a public company would be six.
The MOI may provide for:
the direct appointment and removal of directors by any person so named
ex-officio directors
the appointment of alternate directors.
The MOI must provide for at least 50% of the directors to be appointed by the
shareholders.
An ex-officio director (“executive director”) has the same powers, functions, duties
and liabilities of any other director (except where the MOI restricts certain powers).
The election of a director is a nullity if the person is ineligible or disqualified.
(b) Directors’ remuneration
Directors’ remuneration may:
be paid to directors for services as directors (except to the extent that the MOI
provides otherwise), and
only be paid in accordance with a special resolution approved by shareholders
within the previous two years.
Failure to have less than the minimum number of directors does not limit or negate the
authority of, or invalidate anything done, by the board.
The shareholders elect the directors (except those directly appointed ex-officio
directors).
Directors can serve for an indefinite term or for terms as set out in the MOI (section
68).
The directors can fill vacancies on the board by appointing a person to serve as a
director on a temporary basis until the vacancy has been filled.
(c) Ineligibility and disqualification of directors (s 69)
In the section on the ineligibility and disqualification of persons to be a director or
prescribed officer, the reference to “director” includes alternate directors, prescribed
officers, board committee members and audit committee members.
An ineligible or disqualified person must not be appointed as a director, and the
company should not knowingly permit such a person to serve as a director.
A person who becomes ineligible or disqualified while serving as a director, ceases
immediately to be a director.
A person placed under probation by the court (“delinquent director”) may not serve
as a director, except as permitted by the court.
The MOI may impose additional grounds for disqualification or ineligibility.
The following persons are ineligible to be a director:
a juristic person
an incapacitated minor, or person under legal disability
a person specified as such in the MOI.
The following persons are disqualified to be a director:
a person prohibited by a court to be a director, or declared delinquent
an unrehabilitated insolvent
a person prohibited by any public regulation to be a director
a person removed from office of trust on the grounds of misconduct involving
dishonesty
a person convicted and imprisoned without a fine, or fined for more than the
prescribed amount, for theft, fraud, forgery, perjury or offences involving fraud,
misrepresentation or dishonesty in the management of a company.
(d) Vacancies on the board (s 70)
A person ceases to be a director, and a vacancy arises on the board:
when the person’s term of office expires (if the MOI provides for fixed terms)
in any other case if:
the person resigns or dies
an ex-officio director ceases to hold the office
a person becomes incapacitated to the extent that he/she is unable to perform the
functions of director
the person is declared delinquent, or is placed under probation by a court

the person became ineligible or disqualified in terms of section 71(3), or
is removed by a resolution of the board, the shareholders or a court order.
A vacancy on the board can be filled:
by a new appointment (as per MOI), or
through election at the next AGM.
If the company is not required to have an AGM (private and personal liability
companies), the vacancy must be filled within six months at a shareholders’ meeting, or
by means of a poll.
(e) Removal of directors (s 71)
Despite anything in the MOI, rules, or agreement, a director may be removed by an
ordinary shareholders’ resolution.
Where a company has more than two directors, and a director or shareholder alleges
that a director is ineligible, incapacitated or has neglected the functions of a director:
the board, other than the director concerned, must consider and determine the matter
on resolution, and may remove a director.
The director, or person who appointed the director, may apply to court to review the
decision. Any director, who voted otherwise on the decision, can apply to court to
review the decision.
The director concerned must be given notice of the meeting, and a reasonable
opportunity to make a presentation at the meeting, before a resolution to remove him/her
is taken.
(f) Board committees (s 72)
Except to the extent that the MOI provides otherwise, the board may appoint a number
of committees of directors and delegate any authority of the board thereto.
Except to the extent that the MOI or rules determine otherwise, the committee:
may include persons who are not directors (co-opt members), provided they are not
disqualified as directors, and no such person may vote on a committee matter
may consult or receive advice from any person
has the full authority of the board in respect of a matter referred.
The creation of a committee and delegation of power thereto do not alone satisfy or
constitute compliance by a director with the required duties of care and skill as per
section 76 (Standards of directors’ conduct).
The minister may by regulation prescribe that a company or category of companies
has a social and ethics committee, if it is considered desirable in the public interest.
Regulation 43 requires that a social and ethics committee should be established
within 12 months from the effective date, for all listed public companies, state-
owned entities and any other company with a PIS greater than 500.
The committee should comprise at least three directors or prescribed officers, of
which at least one should be a non-executive director (for at least the last three
years).
The committee should monitor the company’s activities in regard to relevant
legislation, other legal requirements and codes relating to:
social and economic development
corporate citizenship
the environment, health, public safety, and the impact of the company’s products
and services
drawing matters to the board’s attention.
The committee should report to the shareholders at the AGM on the matters within
its mandate.
(g) Board meetings (ss 73–74)
A director may call a board meeting at any time, and a board meeting must be called if
so requested by 25% of the directors if there are at least 12 directors, or two directors
in other cases (the MOI may specify a higher or lower percentage).
A board meeting may be conducted electronically, or certain directors may
participate electronically as long as all persons are able to participate in the meeting.
Except where the MOI provides otherwise:
the meeting may proceed if all directors agree thereto, where the company has failed
to give notice of the meeting, or where there was a defect therein
a majority of directors must be present before a vote may be called
each director has one vote
matters are decided by majority vote, and in the case of a tied vote, the chair has the
deciding vote.
Minutes must be kept of board meetings, resolutions taken, and directors interests
disclosed.

Resolutions must be dated, numbered and are effective as of the date of the
resolution, unless otherwise stated. Minutes of meetings or a resolution signed by the
chair are evidence of the proceedings of the meeting.
Except if the MOI determines otherwise, directors’ decisions can be adopted by
written consent.
(h) Directors’ personal financial interests (s 75)
A director includes an alternate director, a prescribed officer, or a person who is a
member of a committee of a board of a company, irrespective of whether the person is
also a board member.
A director with a personal financial interest in a matter to be considered at a board
meeting:
must disclose the interest and its general nature before the matter is considered
must disclose to the meeting any material information relating thereto
may disclose observations or pertinent insights thereto
must leave the meeting after making the disclosure
may not take part in the consideration (vote) of the matter
while absent from the meeting:
forms part of the quorum of the meeting for the purpose of considering if
sufficient directors are present
is not considered as being present for the purpose of determining whether the
resolution has sufficient support to be adopted
must not execute any document on behalf of the board regarding the matter, unless
requested by the board to do so.
If a director acquires an interest after a matter has been decided by the board, the
director must disclose the nature and extent of the interest to the board.
A decision, transaction or agreement in which a director has a personal financial
interest is valid if:
it was approved by the board (after the interest has been disclosed, etc.), or
it was ratified by the shareholders, or
a court has declared the transaction valid.
Where a company has only one director, but other shareholders, a matter in which the
director has a personal financial interest must be approved by the shareholders.
(i) Standards of directors conduct (s 76)
A director of a company must:
not use the position of director, or information obtained while acting as a director, to
gain an advantage for him-/herself or another person other than the company or
wholly-owned subsidiary
not knowingly cause harm to the company or a subsidiary
communicate to the board, as soon as practically possible, information that comes to
the director’s attention.
A director must exercise the powers and perform the functions of director:
in good faith
in the best interest of the company
with the degree of care, skill and experience that may be reasonably expected of a
like person in a similar position.
A director will meet the above obligation if he/she:
has taken reasonably diligent steps to become informed about the matter
has no personal financial interest in the matter, or has disclosed the interest, and
made a decision, or supported a decision of a committee of the board, on a rational
basis.
A director is entitled to rely on the information obtained and responsibilities performed
by:
one or more employees
legal council, accountants, other professional persons, or
a committee of the board of which the director is not a member, unless the director
has reason to believe the actions of the committee do not merit reliance.
(j) Liability of directors (s 77)
A director may be held liable:
in accordance with the principles of the common law relating to a breach of
fiduciary duties or relating to delict (conflict of interest, care, skill and diligence)
for loss, damage or costs sustained by the company
in terms of the Companies Act for:
acting in the name of the company without the authority to do so
taking part in the carrying on of the business being conducted recklessly or under
insolvent conditions
being a party to an act or omission of the company intended to defraud a
creditor, employee or shareholders, or for fraudulent purposes
signing, consenting to or authorising the publication of financial statements that
are false or misleading in a material respect, or a prospectus containing untrue
statements
being present at a meeting and failing to vote against:
– the issuing of unauthorised shares (s 36)
– issuing of shares to directors without approval of a special resolution (s 41)
– granting of options for unauthorised shares (s 42(4))
– providing loans to directors not approved by a special resolution (s 45(6))
– approval of a distribution when the liquidity and solvency test has not been
met (s 46(4))
– acquisition of company shares when the liquidity and solvency test has not
been met (ss 46 and 48)
– allotment of shares contrary to the stated requirements (s 109(1)).
The liability of a person is joint and several with any other person who is or may be
held liable.
Proceedings to recover losses, damages, etc., may not be commenced more than three
years after the act or omission (prescription).
4.5 Accountability and transparency

4.5.1 General requirements (ss 84–85)
Every public company and state-owned company must comply with sections 84 to 94
and appoint a company secretary, an auditor and an audit committee.
Every private, non-profit and personal liability company must, if required by the
Act or regulations to be audited, comply with sections 90 to 93 regarding the statutory
audit, but do not need to appoint a company secretary or audit committee.
If the directors fail to make an appointment as required above, the Commission may
call a shareholders’ meeting to make such an appointment.
Every public company must maintain a record of its secretaries and auditors stating:

the name and date of appointment, and
if a firm is appointed as auditor
the name
registration number
office address, and
the name of the audit partner.
4.5.2 Company secretary (ss 86–89)
Every public company and state-owned company must have a company secretary. A
juristic person may also be appointed as secretary.
A company secretary’s duties include, but are not restricted to:
providing the directors of the company collectively and individually with guidance
as to their duties, responsibilities and powers
making the directors aware of laws relevant to or affecting the company
reporting to the company’s board any failure on the part of the company or a director
to comply with the MOI or rules of the company or this Act
ensuring that minutes of all shareholders’ meetings, board meetings and meetings of
any committees of the directors, or of the company’s audit committee, are properly
recorded in accordance with this Act
certifying in the company’s annual financial statements whether the company has
filed the required returns and notices in terms of this Act, and whether all such
returns and notices appear to be true, correct and up to date
ensuring that a copy of the company’s annual financial statements is sent, in
accordance with this Act, to every person who is entitled to it
carrying out the functions of a person designated in terms of section 33(3).
4.5.3 Auditors (ss 90–93)
(a) Appointment of the auditor (s 90)
Upon its incorporation, and each year at its AGM, a public company or state-owned
company must appoint an auditor. The appointed auditor will hold office until the next
AGM.
In order to qualify for appointment as auditor, the person or firm must:
be a registered auditor
not be disqualified from acting as the auditor:
(i) not a director of the company
(ii) not an employee or consultant of the company who was, or has been engaged
for more than one year to maintain the company’s accounting records or prepare
the financial statements
(iii) not a director, officer or employee of the person appointed as company
secretary
(iv) not a person who, at any time during the five financial years immediately
preceding the appointment, was a person contemplated in (i) to (iii) above
(v) not a person related to a person in (i) to (iv) above
be acceptable to the company’s audit committee as being independent. In this regard,
the audit committee should ensure that the auditor did not receive any direct or
indirect benefit from the company, except remuneration as auditor, and for the
rendering of other non-audit services as approved by the audit committee.
If the company has appointed a firm as auditor, the individual (engagement partner)
determined by that firm as required in terms of section 44(1) of the Audit Professions
Act, should meet the requirements above. (Therefore the individual, and not the firm, is
disqualified from acting as auditor if any of the above disqualifications exist.)
If the company has not appointed an auditor when it registers the MOI, the directors
have to appoint the first auditor within 40 business days after incorporation of the
company. The first appointed auditor will hold office until the first AGM of the
company.
A retiring auditor may be automatically reappointed at the AGM without a resolution
passed to the effect, unless any of the following circumstances exist:
The auditor no longer qualifies for appointment, or is unwilling to accept the
appointment.
The audit committee objects to the appointment.
The company gave notice of its intent to appoint another auditor.
If no appointment of an auditor is made at the AGM, the directors have to appoint an
auditor within 40 business days of the AGM.
(b) Resignation of an auditor and vacancies (s 91)
The auditor may resign at any time by giving one month’s notice (or less than one month
with the board’s approval) to the company.

The resignation of the auditor is effective when the notice is filed.
The directors of the company:
have to appoint a new auditor within 40 business days if there was only one
incumbent auditor
may appoint a new auditor at any time if there was more than one auditor (while
such a vacancy exists, the surviving or continuing auditor may act as auditor).
Before any appointment as auditor is made, the board must propose to the audit
committee, within 15 business days after the vacancy, the name of at least one registered
auditor to be considered as auditor, and may go ahead with the appointment if the audit
committee does not object thereto within five business days after delivering the
proposal.
(c) Rotation of auditors (s 92)
The same individual may not serve as designated auditor for longer than five years.
Such individual may also not be reappointed as auditor within two years of rotation
thereafter.
The transitional arrangements (schedule 7(11)) state that the five consecutive years
must be calculated from the commencement of the Act (thus meaning all partners have
five years before the need to rotate will exist).
(d) The auditor’s rights (s 93)
The auditor has right of access to all accounting records, books and documents of the
company as well as to obtaining information and explanations from the directors and
officers of the company as he/she deems necessary to perform his/her duties as the
auditor.
The auditor of a holding company has the right of access to current and previous
financial statements of subsidiaries, as well as to obtaining information and
explanations from the directors and officers of the subsidiary and holding companies as
considered necessary to perform his/her task.
The auditor also has the right to attend any shareholders’ meeting of the company, be
heard at any shareholders’ meeting, and to receive all notices and other communications
sent to the members of the company regarding the respective meeting.
An auditor may apply to court to enforce the above rights.
4.5.4 Audit committees (s 94)
At each AGM, a public company or state-owned company, or other company that has
voluntarily determined to have an audit committee, must elect an audit committee
comprising at least three members, unless:
the company is a subsidiary of another company that has an audit committee, and
the audit committee of that other company will perform the functions required under
this section on behalf of that subsidiary company.
The first members of the audit committee may be appointed by:
the incorporators of a company, or
by the board, within 40 business days after the incorporation of the company.
Each member of an audit committee of a company must:
be a director of the company who satisfies any applicable requirements prescribed
in terms of section 94(5) (qualifications)
not be:
involved in the day-to-day management of the company’s business or have been
so involved at any time during the previous financial year
a prescribed officer, or full-time employee, of the company or another related or
inter-related company, or have been such an officer or employee at any time
during the previous three financial years, or
a material supplier or customer of the company, such that a reasonable and
informed third party would conclude in the circumstances that the integrity,
impartiality or objectivity of that director is compromised by that relationship,
and
not be related to any person who falls within any of the criteria set out above.
The Minister may prescribe minimum qualification requirements for members of an
audit committee as necessary to ensure that any such committee, taken as a whole,
comprises persons with adequate relevant knowledge and experience to equip the
committee to perform its functions. The regulations require that at least 1/3 of the
members should have a qualification or experience in economics, law, corporate
governance, finance, accounting, commerce, industry, public affairs or human
resource. This is questionable, as no financial experience and expertise requirement
was set.
The board of a company must appoint a person to fill any vacancy on the audit
committee within 40 business days after the vacancy arises.
An audit committee of a company has the following duties:
to nominate, for appointment as auditor of the company under section 90, a
registered auditor who, in the opinion of the audit committee, is independent of the
company
to determine the fees to be paid to the auditor and the auditor’s terms of engagement
to ensure that the appointment of the auditor complies with the provisions of this Act
and any other legislation relating to the appointment of auditors
to determine the nature and extent of any non-audit services that the auditor may
provide to the company, or that the auditor must not provide to the company, or a
related company
to pre-approve any proposed agreement with the auditor for the provision of non-
audit services to the company
to prepare a report, to be included in the annual financial statements for that
financial year:
describing how the audit committee carried out its functions
stating whether the audit committee is satisfied that the auditor was independent
of the company, and
commenting in any way the committee considers appropriate on the financial
statements, the accounting practices and the internal financial control of the
company
to receive and deal appropriately with any concerns or complaints, whether from
within or outside the company, or on its own initiative, relating to:
the accounting practices and internal audit of the company
the content or auditing of the company’s financial statements
the internal financial controls of the company, or
any related matter
to make submissions to the board on any matter concerning the company’s
accounting policies, financial control, records and reporting, and
to perform other such functions as determined by the board.
In considering whether a registered auditor is independent of a company, the audit
committee of that company must:
ascertain that the auditor does not receive any direct or indirect remuneration or
other benefit from the company, except in his/her capacity as auditor or for
rendering other services to the company, to the extent permitted above

consider whether the auditor’s independence may have been prejudiced:
as a result of any previous appointment as auditor, or
having regard to the extent of any consultancy, advisory or other work
undertaken by the auditor for the company, and
consider compliance with other criteria relating to independence or conflict of
interest as prescribed by the Independent Regulatory Board for Auditors established
by the Auditing Profession Act, in relation to the company, and if the company is a
member of a group of companies, any other company within that group.
Nothing in this section precludes the appointment by a public company at its AGM of an
auditor other than one nominated by the audit committee, but if such an auditor is
appointed, the appointment is valid only if the audit committee is satisfied that the
proposed auditor is independent of the company.
Neither the appointment nor the duties of an audit committee reduce the functions and
duties of the board or the directors of the company, except with respect to the
appointment, fees and terms of engagement of the auditor.
4.6 Accounting, auditing and review requirements

4.6.1 Accounting and reporting (ss 27–30)
(a) Financial year and accounting records (ss 27–28)
Every company must have a financial year (and year-end) as specified in the NOI. The
first financial year may not be more that 15 months after incorporation.
The board may change the year-end, but not more than once during the year and the
new year-end must be later than the date on which the notice is filed. The financial year
may also not be more that 15 months.
The company must keep accurate and complete accounting records at or accessible
from the registered office in at least one of the official languages to enable the proper
compilation of financial statements and conduct an audit or review as required by the
Act
The prescribed records should include records of all assets and liabilities, loans to
directors, prescribed officers and employees, liabilities and obligations, property held
in fiduciary capacity, revenue and expenses, and shares.
(b) Financial statements (s 29)
Financial statements must:
be prepared according to accounting standards
present fairly the state of affairs and business of the entity, and explain the
transactions and financial position
show the assets, liabilities and equity, as well as the entity’s income and expenses
disclose the date on which the statements were produced as well as the accounting
period
on the first page state:
whether it is audited, reviewed or not, and
the name and professional designation of the individual who prepared it or
supervised the preparation thereof.
Financial statements may not be false, misleading or incomplete, and any person who is
a party to the preparation, approval, dissemination or publication of false, misleading or
incomplete financial statements is guilty of an offence in terms of section 214(2).
A company may provide a summary of financial statements, provided the first page
states:
that it is a summary
whether the original statements have been audited
the name of the person who prepared the original statements, and
the steps to obtain a copy of the original statements.
(c) Annual financial statements (s 30)
Every company must prepare annual financial statements within six months of its year-
end (or shorter period if the AGM is earlier).
The annual financial statements must be:
audited in the case of a public company
in the case of any other profit or non-profit company:
audited voluntarily if the company so chooses
audited, if so determined, by the Minister per regulation (if considered to be
desirable in the public interest – can be based on turnover, size of workforce, or
nature or extent of activities)
be independently reviewed (in the manner prescribed by the Minister in the
regulations as to the manner, form and procedures for the independent review,
and the professions whose members may conduct such a review).

Exemption from audit and review (owner-managed entities): If every person who is
a security holder, or has a beneficial interest in the company’s securities, is also a
director of the company, the company will be exempt from the audit or review
requirement, unless it meets the PIS for an audit.
The annual financial statements must:
include an auditor’s report (if audited)
include a directors’ report
be approved by the board
be signed by an authorised director
be presented at the first shareholders’ meeting after approval thereof by the board.
The financial statements of companies that are required to be audited must disclose the
following (section 30(4)):
the remuneration and benefits received by each director
amount of pensions paid, or contributions to a pension scheme for current and past
directors
the amount paid for loss of office of current and past directors
the number and class of securities issued to a director, or person related to them,
and the consideration received therefor
details of service contracts of current directors or officers.
The above should be for amounts received from the company or other companies in the
group, or related thereto.
Remuneration will include:
fees for services rendered, as well as amounts paid for accepting office
salary, bonuses and performance-related payments
expense allowances (for which he/she is not required to account for)
contributions to pension funds
the value of options given (past, present and future directors)
financial assistance received (past, present and future directors) to subscribe for
shares in the company or inter-related companies
regarding loans or other financial assistance to directors (past, present and future
directors), the value of any interest deferred, and the difference in value between
interest actually charged and market-related rates.
4.6.2 Auditing and review requirements (regulations 26–30)
The notes below apply to the accounting framework required to be applied, and the
audit and review requirements for companies and close corporations, as well as the
calculation of the PIS.
Note: In the section below, entity refers to a company or close corporation.
(a) Definitions
A person who is:

a registered auditor in terms of the Audit Profession Act,
or
a member in good standing of a professional body
accredited in terms of section 33 of the Audit Profession
Act, or
qualified to be appointed as an accounting officer of a
close corporation in terms of section 60(1), (2), (4) of
the CC Act,
Independent accounting and, who
professional
does not have a personal financial interest in the entity
or group, and
is not involved in the day-to-day management of the
entity’s business, nor has been so involved during the
previous three years, or
is a prescribed officer, or full-time executive employee,
of the entity, or has been at any time during the previous
three years
is not related to any person above.
Annual financial statements that are prepared:

by an independent accounting professional
Independently compiled on the basis of financial records provided by the entity,

and reported and
in accordance with any relevant financial reporting

standards.
(b) Standard to be followed for review engagements

ISRE 2400 is the International Standard for Review Engagements, as issued from time
to time, by the International Auditing and Assurance Standards Board, or its successor
body.
4.6.3 Calculation of public interest score (PIS)
For the purposes of the regulations every entity must calculate its ‘public interest score’
at the end of each financial year, calculated as the sum of the following:
the number of points equal to the average number of employees of the entity during
the financial year
one point for every R1 million (or portion thereof) in third-party liability of the
entity, at the financial year-end
one point for every R1 million (or portion thereof) in turnover during the financial
year, and
one point for every individual who, at the end of the financial year, is known by the
entity to directly or indirectly have a beneficial interest in any of the entity’s issued
securities.
Note: For subsidiary companies, the number of shareholders of the holding company
will be counted, as they are beneficial holders.
This can be illustrated as follows:

4.6.4 Accounting standards to be applied by entities
Category of companies Financial Reporting Standard

IFRS, but in the case of any conflict with
any requirement in terms of the Public
State-owned companies
Finance Management Act, the latter
prevails.
Public companies listed on an exchange IFRS
One of:
IFRS, or
Public companies not listed on an IFRS for SMEs, provided that the
exchange company meets the scoping
requirements outlined in the IFRS
for SMEs.
One of:
IFRS, or
Profit companies, other than state-owned
or public companies, whose PIS for the IFRS for SMEs, provided that the
particular financial year is at least 350 company meets the scoping
requirements outlined in the IFRS
for SMEs.
Profit companies, other than state-owned One of:
or public companies:
(a) whose public interest score for the IFRS, or
particular financial year is at least 100 but IFRS for SMEs, provided that the
less than 350, or company meets the scoping
(b) whose public interest score for the requirements outlined in the IFRS
particular financial year is less than 100, for SMEs, or
and whose statements are independently SA GAAP.
compiled.
Profit companies, other than state-owned
The Financial Reporting Standard as
or public companies, whose PIS for the
determined by the company for as long as
particular financial year is less than 100,
no Financial Reporting Standard is
and whose statements are compiled
prescribed.
internally
4.6.5 Categories of entities required to be audited

In addition to public companies and state-owned entities:
any profit or non-profit entity (company or corporation) holding assets in the
ordinary course of business in a fiduciary capacity for persons who are not related
to the company, in aggregate value at any time during the financial year of more than
R5 million
certain non-profit entities incorporated by the state or an organ of state
any other entity whose PIS in that financial year, as calculated in accordance with
regulation 26 (2)
is 350 or more, or
is at least 100, but less than 350, if its annual financial statements for that year
were compiled internally.
4.6.6 Exemptions from audit or review (s 30(2A))
If, with respect to a particular entity (company or corporation), every person who is a
holder of, or has a beneficial interest in, any securities issued by that entity is also a
director (or member) of the entity, that entity is exempt from the requirements in this
section to have its annual financial statements audited or independently reviewed. This
exemption does not apply if the entity falls into a class that is required to have its annual
financial statements audited in terms of the regulations.
It also does not relieve the entity of any requirement to have its financial statements
audited or reviewed in terms of another law, or in terms of any agreement to which the
corporation is a party.
Note: This means that if an entity (company or close corporation) is exempt from an
audit, it will not need a review.
4.6.7 Independent review of annual financial statements
(a) Definitions
For purposes of the Companies Regulations:
A person referred to in regulation 29 (4), namely an independent

Independent accounting professional (refer paragraph 4.6.2), and who has
reviewer been appointed to perform an independent review under this
regulation.
Any act or omission committed by any person responsible for the
management of a entity which
unlawfully has caused or is likely to cause material
financial loss to the entity or to any member, shareholder,
Reportable creditor or investor of the company in respect of his, her
irregularity or its dealings with that entity, or
is fraudulent or amounts to theft, or
causes or has caused the company to trade under insolvent
circumstances.
(b) Exemption
This regulation applies to an entity (company or corporation), with respect to any
particular financial year, unless the company or corporation:
is exempt, in terms of section 30 (2A), from any requirement to have its annual
financial statements for that year audited or reviewed
is required by its own MOI, or required in terms of the Act or regulation 28, to have
its annual financial statements for that financial year audited, or
has voluntarily had its annual financial statements for that year audited.
(c) Standard to be followed
An entity to which this regulation applies must have its annual financial statements
independently reviewed in accordance with ISRE 2400.
(d) Requirements for independent review
The independent review of the annual financial statements must be carried out:
in the case where the PIS for the particular financial year was at least 100, by a
registered auditor, or a member in good standing of a professional body that has
been accredited in terms of section 33 of the Auditing Professions Act (currently
only CA(SA)s), or
in the case where the PIS for the particular financial year was less than 100, by:
a person contemplated above, or
a person who is qualified to be appointed as an accounting officer of a close
corporation in terms of sections 60 (1), (2) and (4) of the Close Corporations
Act, 1984 (Act 69 of 1984).
(e) Disqualification
An independent review of the annual financial statements must not be carried out by an
independent accounting professional who was involved in the preparation of the said
annual financial statements.
(f) Reportable Irregularities
An independent reviewer that is satisfied or has reason to believe that a reportable
irregularity has taken place or is taking place in respect of the entity must, without
delay, send a written report to the Commission.
Note: Where a reportable irregularity is identified during an independent review,
it is reported to the Commission, as opposed to a reportable irregularity that is
identified during a statutory audit, in which case it should be reported to the
IRBA.
The report must give particulars of the reportable irregularity and must include such
other information and detail as the independent reviewer considers appropriate.
The independent reviewer must, within three business days of sending the report to
the Commission, notify the members of the board/members of a close corporation of
the entity in writing of the sending of the report referred and the provisions of this
regulation, and attach a copy of the report sent to the Commission.
The independent reviewer must as soon as reasonably possible but not later than 20
business days from the date on which the report was sent to the Commission:
take all reasonable measures to discuss the report referred with the members of
the board of the entity (company or corporation)

afford the members of the board of the entity (company or corporation) an
opportunity to make representations in respect of the report, and
send another report to the Commission, which report must include a statement:
– that the independent reviewer is of the opinion that no reportable irregularity
has taken place or is taking place, or
– that the suspected reportable irregularity is no longer taking place and that
adequate steps have been taken for the prevention or recovery of any loss as
a result thereof, if relevant, or
– the reportable irregularity is continuing.
The Commission must as soon as possible after receipt of a report notify any
appropriate regulator in writing of the details of the reportable irregularity to which the
report relates and provide it with a copy of the report and may investigate any alleged
contravention of the Act.
For the purpose of the reports relating to a reportable irregularity an independent
reviewer may carry out such investigations as the independent reviewer may consider
necessary and, in performing any duty referred to in the preceding provisions of this
regulation, the independent reviewer must have regard to all the information which
comes to the knowledge of the independent reviewer from any source.
5 Close Corporations Act
Contents Paragraph
Appointment of accounting officers 59
Qualifications of accounting officers 60
Duties of accounting officers 62
5.1 Introduction
Smaller entities can obtain legal status by registering as close corporations. The
registration of new close corporations will however be terminated at the date that
section 13 of the Companies Act, 71 of 2008, which governs the registration of
companies, becomes effective. The registration of existing close corporations at such
date will remain, although the registration of new close corporations thereafter will not
be allowed.

A close corporation can be formed by between one and ten members that qualify for
membership.
A number of differences exist between companies and close corporations. The
differences in terms of the external audit, ownership and management, responsibility for
the annual financial statements and the decision-making structure are highlighted here.
Companies Close corporations

An external audit will be required
if the corporation meets the PIS
An external audit or review is a
Audit or review for an audit or review, unless the
statutory requirement.
exemption of owner management
applies.
Ownership of the legal entity lies
The members of the close
in the hands of the shareholders,
Ownership and corporation are normally actively
while the directors are
management involved in the management of the
responsible for the day-to-day
entity.
management of the company.
Decision making is more
Decision making in companies is
informal, with decisions being
influenced by the significance of
Decision-making made through consultation with
the decision being made.
structure members, written consent by
Approval requirements range
members or on members’
from directors to shareholders.
meetings.
Annual financial
Responsibility of the directors. Responsibility of the members.
statements
5.2 Appointment of accounting officers (s 59)

A close corporation has to appoint an accounting officer. The founding statement of the
close corporation, which is the only statutory document required to form a close
corporation, must include the name and postal address of the accounting officer. The
accounting officer has to be a qualified person or entity that has given his or its written
consent to act in that capacity, and the appointment is effective as of the date of
registration.
5.3 Qualifications of accounting officers (s 60)

No person can act as the accounting officer of a close corporation unless he is qualified
to do so. Note the following in this regard:
The person has to be a member of a recognised profession which as a condition for
membership requires its members to have passed examinations in Accounting and
related fields of study.
The Minister of Trade and Industry approved that the members of that profession can
act as accounting officers, the list of approved professions being published in the
Government Gazette from time to time.
The profession can exclude a person from membership if he is found guilty of
negligence or behaviour that discredited the profession.
A person is disqualified from acting as the accounting officer of a close corporation if
he is a member or employee of that close corporation. In the case of an audit firm’s
being the accounting officer, the firm is disqualified from holding office as the
accounting officer if a partner or employee of the firm is a member or employee of the
close corporation, unless all the members have given written consent.
5.4 Duties of accounting officers (s 62)

The accounting officer has a number of duties defined in the Close Corporations Act:
He has to ensure that the annual financial statements agree with the accounting
records of the close corporation.
He has to consider the appropriateness of the accounting policies applied by the
close corporation.
He has to report to the members on the above-mentioned considerations.
He has to report contraventions of the Close Corporations Act.
He has to submit the relevant reports within three months after completion of the
annual financial statements.
He has to report to the Registrar of Close Corporations if:
the close corporation is not carrying on with business or is not in operation with
no intention of resuming the operations within the foreseeable future
changes in the details of the founding statement have not been registered
the annual financial statements indicate that the liabilities of the close
corporation exceed its assets, or
the annual financial statements show that the assets exceed the liabilities, but it
is incorrect or the accounting officer is of the opinion that it is not the case.
6 Public Finance Management Act
Object of this Act 1
Institutions to which this Act applies 2
8, 19, 40, 55,
Audit requirements for affected institutions 58, 62
6.1 Introduction (ss 1–2)

The aim of the Public Finance Management Act is to ensure transparency, accountability
and sound management of the funding and application of funds by
national and provincial departments
major public entities (as specified in Schedules 2 and 3 of the Act)
constitutional institutions (listed in Schedule 1 of the Act)
parliament
the provincial legislatures.
6.2 Audit requirements for affected institutions

6.2.1 National Treasury and Provincial Treasuries (ss 8, 19)
The National Treasury and Provincial Treasuries each have to prepare consolidated
financial statements for the institutions specified in the Act.
The consolidated financial statements for the National Treasury are in respect of:
national departments
public entities under the ownership control of the national executive
constitutional institutions
the South African Reserve Bank
the Auditor-General
parliament.
For the Provincial Treasuries, the consolidated financial statements represent the results
of:
provincial departments in that province
public entities under the ownership control of the provincial executives of the
province
the provincial legislature in the province.
The respective treasuries have to submit the consolidated financial statements to the
Auditor-General within three months after the financial year end for audit purposes. The
Auditor-General has to complete his audit and report his findings to the treasuries
within three months of receipt of the consolidated statements.
6.2.2 National and Provincial Departments and Constitutional Institutions (s 40)
The accounting officer of a department or constitutional institution is responsible for the
preparation of annual financial statements and for submitting it to the Auditor-General
within two months after the financial year end for audit purposes. The Auditor-General
has to complete his audit and submit his audit report to the accounting officer within two
months of receipt of the financial statements.
6.2.3 Public entities (ss 55, 58, 62)
For audit purposes, the accounting authority of a public entity is required to prepare
annual financial statements and to submit the statements to the appointed auditor within
two months after the financial year end. The auditor of public entities is the Auditor-
General. If the audit is not performed by the Auditor-General, a Registered Accountant
and Auditor in practice can act as the auditor of the entity, but the appointment must be
made in consultation with the Auditor-General.
7 Other statutes and bills that impose audit and/or

reporting responsibilities on a professional accountant
and auditor
Apart from the legal requirements listed above, the auditor has to ensure that he
possesses the necessary legal knowledge to perform adequately his duties as the auditor.
Examples of legislation and other statutes that an auditor might need to consider are:
the JSE Securities Exchange Listing Requirements
the Insider Trading Act
the regulations of Medical aid schemes, Pension and provident funds
the Banks Act

the Insurance Act
money laundering legislation
labour legislation
electronic commerce
the Access to Information Act
environmental legislation
the Financial Advisers and Intermediaries Act.
8 Questions

Chuck Bartowski and Morgan Grimes are best friends; they studied together at
university and have also recently completed their TIPP articles at the same audit firm.
After completing their articles and qualifying as CA(SA)s at the end of 20X8, they
decided to open their own auditing firm called Nerd Herd Auditors Inc.
Chuck and Morgan are currently busy with the audit of one of their new clients, Buy-
More (Pty) Ltd. (You can assume that the directors decided that the financial statements
of the company will be voluntarily audited, if they do not meet any regulations
prescribed for audit.) They have been appointed as auditors of Buy-More (Pty) Ltd with
effect from 1 March 20X9, to replace the previous auditors, NSA Auditors Inc, that
resigned at the previous annual general meeting.
During the audit, Chuck met the lovely creditors clerk Sarah Walker and the two of
them really get along well. Chuck decided to ask Sarah on a date, which she gladly
accepted. During the date, they started talking about work and Sarah revealed something
interesting, which made Chuck feel a bit uneasy.
Sarah said that the financial manager at Buy-More (Pty) Ltd, Mr Chang, has been
selling reject electronic goods on the side. Before the reject electronics are returned to
the supplier, he gets his son to fix the products and then sells the reject electronics from
his wife’s cosmetic store over weekends. Mr Chang asked Sarah to open a separate
Pastel accounting module to record the sales from the reject products and he pays her an
additional R500 per month for her help. Sarah wondered why the R500 was not
reflected on her payslip and whether it was not his way of keeping her quiet about his
reject sales. She was, however, unsure about what to do and whom to report this to.
Chuck reassured her that he would take up the matter with management and that she did
not have to worry about it any more.
The next day at the office, Mr Chang overhears a conversation between Chuck and
Sarah while they are discussing the sales of the reject products. He is very upset about
the matter and realises that fingers will be pointed at him. To prevent him from being
implicated, he decides that Nerd Herd Auditors should not accept the reappointment as
auditors of Buy-More (Pty) Ltd at the next annual general meeting on 15 May 20X10.

(a) Explain the requirements to Chuck and Morgan to register an individual as a
Registered Auditor in terms of section 37 of the Auditing Profession Act. (3)
(b) Discuss whether the above-mentioned sale of reject electronics constitutes a
reportable irregularity, as well as what Chuck and Morgan should do in terms of
section 45 of the Auditing Profession Act. (16)
(c) Discuss the requirements of the Companies Act regarding filling a vacancy for an
auditor. (5)
Presentation (1)

Clark Kent is an audit partner at the firm of Smallville Auditors (Pty) Ltd. He is
currently busy with the audit of his largest client, Cryptonite Limited, a company that
specialises in the supply of farming equipment. This is the first year that Clark is
performing the audit of Cryptonite Limited as their previous auditors resigned during the
course of the current financial year.
During the execution of the audit procedures, Lana Lang, one of the senior audit
clerks, discovered some irregularities in the taxation calculation. She approached the
financial director, Lex Luther, for some explanations regarding the inconsistencies she
noted in her audit procedures of the taxation balance. Unfortunately Lex Luther was
unavailable to answer any of her questions due to his busy schedule. He suggested she
talk to the financial manager, Chloë Sullivan, who assisted him with the calculation of
taxation owing.
During Lana’s meeting with Chloë, she confided to Lana that she did not understand
some of the adjustments that Lex Luther had made on the tax calculation. He just asked
her to process the journals, but would give her no explanation as to how the calculation
was done and why certain amounts were deducted from taxable income, showing a
lower tax amount to be paid to SARS than what Chloë had calculated.
Lana then approached Clark Kent with the matter and he promised to investigate it
further. To his dismay he discovered that the financial director is evading company tax.
Lex Luther found out that Clark Kent had discovered his tax evasion. In an attempt to
save himself from embarrassment of exposure, he decided to call a meeting in which
Smallville Auditors (Pty) Ltd would be removed as the auditors of the company. He sent
a letter to the shareholders stating only that urgent business needs to be discussed at
such a meeting in ten days’ time. At this stage he only wants to remove Smallville
Auditors (Pty) Ltd as auditors. He has no other auditing firm in mind with which to
replace Smallville Auditors (Pty) Ltd.

(a) Discuss the requirements of the registration of a company such as Smallville
Auditors (Pty) Ltd as a Registered Auditor in terms of section 38 of the Auditing
Profession Act. (10)
(b) Discuss the requirements, in terms of the Companies Act, that the audit committee
should adhere to when appointing new auditors. (3)
(c) Discuss whether the above tax evasion constitutes a reportable irregularity, as well
as what Clark Kent should do in terms of section 45 of the Auditing Profession
Act. (17)
(d) Discuss the auditor’s right of access to books and to be heard at general meetings.(3)
Presentation (2)

Section 44 of the Auditing Profession Act indicates that an unqualified or “clean” audit
report has certain implications.

List the requirements for the issue of an unqualified audit opinion as required by section
44 of the Auditing Profession Act. (7)
QUESTION 2.4
John and his friend Sipho are the two owners of an asset management company called
Invest-a-rand (Pty) Ltd. They are the only two shareholders and are both directors of the
company. During the year, the company had R26 million of third-party funds under their
management. The year-end of the company is drawing near, and Sipho and John are
unsure of whether Invest-a-rand needs to be audited or not. John seems to be of the
opinion that since they are the only two shareholders and directors, the company
qualifies for the exemption in the Companies’ Act.

Write a memo to John and Sipho to explain whether, in terms of the Companies Act,
Invest-a-rand is required to be audited, independently reviewed or neither. (6)
QUESTION 2.5
Cowalicious Ltd is a dairy company whose shares are held by 65 individual farmers.
The company has six directors, three of them farmers and the other three some local
businessmen. The company sells milk collected from all the different farmer’s farms and
supplies it to a local retailer. All sales proceeds go to the company, which then declares
an annual dividend to the farmers.
During the year a new farmer wanted to buy some shares in the company, but did not
have enough money for the required amount. The directors then decided that the
company would give the new farmer a loan, which he would pay back through his
dividends.
The company also needs some new bottling equipment in the coming year. One of the
directors, Jane Patrick, approached her brother (with whom she owns a bottling
equipment company) for a quote to supply Cowalicious Ltd with this equipment. The
matter is to be discussed at the next board meeting. The company also needs to hold an
AGM in the next two months.

(a) Provide the Companies Act requirements relating to the requirement for an AGM
and what should be discussed at such a meeting. (8)
(b) Discuss the Companies Act requirements applicable to the situation in which Jane
finds herself. (6)
(c) State the requirements, per the Companies Act, for the decision to loan the new
shareholder money to purchase the company’s shares to be properly approved. (4)
(d) Discuss whether the company is required to have a company secretary or not, and
the duties of such a person. (7)
QUESTION 2.6
Four friends who all graduated from the same university decided to establish their own
auditing firm. They all did their articles at one of the BIG 4 auditing firms in Gauteng
and realised that since they had all qualified as chartered accountants, the world was
their oyster and they wanted to harness the opportunity to do their own thing.

The friends got together and decided to establish a personal liability company in
terms of the Companies Act 71 of 2008, where they would all be directors as well as
shareholders in the company. They registered the company with the Registrar of
Companies and will trade under the name of Clever & Young Inc. Clever & Young also
registered their company as a firm in public practice with the IRBA.
Some background regarding the four friends:
Successfully completed articles in 20X10

Sarah Morgan CA(SA)RA
Registered member of SAICA as well as IRBA
Successfully completed articles in 20X8 Registered
Brian Grims CA(SA) RA
member of SAICA as well as IRBA.
Successfully completed articles in 20X9 Registered
Simon Tshabalala CA(SA)RA
member of SAICA as well as IRBA.
Successfully completed articles in 20X10
Sam Naidoo CA(SA) Registered member of SAICA. Registration with the
IRBA as a Registered Auditor is still outstanding

(a) Give the definition of a personal liability company according to the Companies Act
71 of 2008. (3)
(b) Provide the requirements for the registration of Sam Naidoo with the IRBA. (5)
(c) Provide the requirements in terms of section 46 of the Auditing Professions Act
relating to when the directors of Clever & Young would incur legal liability. (6)
(d) Discuss the requirements in terms of the Companies Act 71 of 2008 relating to the
issuing of a notice of a shareholders’ meeting. (3)
(e) Discuss whether, under the current management structure, the four directors are
permitted to share the profits amongst themselves. (3)

3
The ethical environment
Code of Professional Conduct for Chartered Accountants (SAICA Member’s
Handbook Volume 3)
Code of Professional Conduct for Registered Auditors (Independent Regulatory
Board for Auditors)
By-Laws of the South African Institute of Chartered Accountants Part B – Applicable
only to Chartered Accountants
Rules Regarding Improper Conduct for Registered Auditors (IRBA)
1 The relationship between business ethics and

professional ethics
Chartered accountants and registered auditors, whether working in public practice,
within a consulting capacity or in the corporate environment, operate in a business
environment. To understand the relationship between the ethical environment which
exists within business and the ethical environment with respect to the accounting and
auditing profession, a brief discussion on business ethics follows.
Business or an economic activity can be defined as any situation where people
voluntarily enter into transactions of economic exchange for goods or services
(Rossouw, 2002:2). To understand the role of ethics in the business environment,
economic activity should be considered in three broad dimensions:
the macro or systematic dimension, which comprises the wider policy framework
within which economic exchange occurs
the meso or institutional dimension, which describes the relations between
economic organisations and others

the micro or intra-organisational dimension, which concentrates on the economic
actions and decisions of individuals within an organisation.
Ethics concerns itself with what is good or right in the human interaction and involves
considerations of “good”, the “self”, and the “other”. Each of these three concepts
should be included in the definition of ethics.
Ethics plays a role in each of the three dimensions of economic activity, and thus in
business.
The macro/systematic dimension: Economic systems are designed to achieve
certain objectives, such as economic growth, efficiency and productivity, and
ultimately human well-being. The rationale behind economic systems is therefore an
ethical one.
The meso/institutional dimension: Within relationships between business and
society, businesses never exist in isolation. The legitimacy of any business depends
on its ethical relationship with society; as does its survival and success.
The micro/intra-organisational dimension: Working within a business means
working with other people, and actions within a business have an impact on all that
work in and with the business. Therefore, ethical behaviour is necessary for
sustained business success.
To create an ethical environment and to monitor the ethical behaviour of a business and
the ethical performance of its employees, ethical guidance or rules are often formalised
in the form of an ethical code or code of conduct. As there is limited regulatory
guidance with respect to the content, format and implementation of ethical codes within
businesses, the regulatory and professional bodies of the certain professions in South
Africa have compiled documents to give guidance to professionals on their ethical
responsibilities.
Chartered accountants and auditors enjoy a professional status in the corporate
environment. Their professional status results in certain professional obligations being
placed on the individual. The professional and ethical responsibilities of chartered
accountants, as well as registered auditors are discussed in this chapter.
2 The auditing profession
2.1 The need for auditors

The stakeholders of entities require assurance that the financial statements prepared by
such entities contain reliable information. An audit not only ensures fair presentation of
the financial information audited, it also plays an important role in protecting the
interests of the shareholders and creditors.
An audit increases the credibility of the financial statements and plays an important
role in the capital markets of the world. It provides inter alia the following benefits:
Investors can base their investment decisions on audited information.
Employees can base any decisions concerning their employee benefits, etc., on
audited information.
The state can use audited information for the collection of taxes.
Creditors can base their decisions regarding the provision of trade credit on audited
information.
2.2 The auditing profession in South Africa

The Independent Regulatory Board for Auditors (IRBA) as the regulatory body and
SAICA as the professional body of the accounting and auditing professions in South
Africa, have compiled documents which set out the ethical and professional
responsibilities of chartered accountants and registered auditors. These are:
the Code of Professional Conduct for Chartered Accountants (SAICA)
the Code of Professional Conduct for Registered Auditors (IRBA)
by-laws of SAICA
the Rules Regarding Improper Conduct for Registered Auditors (IRBA).
All chartered accountants will be disciplined for contraventions of the Code of
Professional Conduct for Chartered Accountants (SAICA) in terms of the by-laws of
SAICA.
The Rules Regarding Improper Conduct for Registered Auditors (IRBA) is also
based on the IFAC code and is similar to the Code of Professional Conduct for
Chartered Accountants (SAICA).
3 Code of Professional Conduct for Chartered

Accountants (SAICA)
This Code deals with the professional attitudes of members of SAICA and associates of
the Institute, whether they are in public practice, industry and commerce, the public
sector or education.
The board of SAICA has adopted the revised IFAC code in its entirety but has,
however, included additional guidance in Part A to assist with the local application of
certain requirements applicable to all chartered accountants in South Africa.
3.1 Professional attitudes and behaviour

3.1.1 Introduction
The board of the Institute has identified skills and integrity as the pre-eminent
professional attributes of chartered accountants (South Africa). The same principles are
applicable to associates and students of the Institute. The board is committed, in the
interests of the accountancy profession as a whole, to enhancing these qualities in all
members, associates and students by providing appropriate guidance. This Code deals
with professional attitudes and behaviour.
A profession is distinguished by certain characteristics including:
mastery of a particular intellectual skill, acquired by training and education
acceptance of duties to society as a whole in addition to duties to the client or
employer
an outlook which is essentially objective
rendering personal services to a high standard of conduct and performance.
3.1.2 Definitions
A level at which a reasonable and informed third party

would likely to conclude, weighing all the specific facts
Acceptable level and circumstances available to the chartered accountant at
that time, that compliance with the fundamental principles
is not compromised.
Act The Auditing Profession Act, 2005 (Act 26 of 2005)
The communication to the public of information as to the
Advertising services or skills provided by chartered accountants with
a view to procuring professional business.
The responsible party that is the person (or persons) who:
in a direct reporting engagement, is responsible for the
subject matter, or
Assurance client
in an assertion-based engagement, is responsible for
the subject matter information and may be responsible
for the subject matter.

An engagement in which a chartered accountant in public
practice expresses a conclusion designed to enhance the
Assurance engagement degree of confidence of the intended users other than the
responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria.
All members of the engagement team for the assurance
engagement
All others within a firm who can directly influence the
outcome of the assurance engagement, including:
those who recommend the compensation of, or
who provide direct supervisory, management or
other oversight of the assurance engagement
partner in connection with the performance of the
Assurance team
assurance engagement
those who provide consultation regarding technical
or industry-specific issues, transactions or events
for the assurance engagement, and
those who provide quality control for the
assurance engagement, including those who
perform the engagement quality control review for
the assurance engagement.
An entity in respect of which a firm conducts an audit
engagement.
When the client is a listed entity, an audit client will
Audit client always include its related entities. When the audit client is
not a listed entity, an audit client includes those related
entities over which the client has direct or indirect
control.
A reasonable assurance engagement in which a chartered
accountant in public practice expresses an opinion
whether financial statements are prepared, in all material
respects (or give a true and fair view or are presented
fairly, in all material respects) in accordance with an
Audit engagement applicable financial reporting framework, such as an
engagement conducted in accordance with International
Standards on Auditing. This includes a statutory audit,
which is an audit required by legislation or other
regulation.
All members of the engagement team for the audit
engagement
outcome of the audit engagement, including:
other oversight of the engagement partner in
connection with the performance of the audit
engagement including those at all successively
senior levels above the engagement partner
through to the individual who is the firm’s Senior
Audit team or Managing Partner (Chief Executive or
equivalent)
for the engagement, and
engagement, including those who perform the
engagement quality control review for the
engagement, and
All those within a network firm who can directly
influence the outcome of the audit engagement.
Chartered accountant A chartered accountant that provides professional
in public practice services.
A bank account which is solely for the banking of client
Client account
monies.
Any monies, including documents of title to money such as
bills of exchange and promissory notes, as well as
documents of title which can be converted into money,
Client monies
such as bearer bonds, received by a chartered accountant
to be held or paid out on the instruction of the person from
whom or on whose behalf they are received.
A parent, child or sibling who is not an immediate family
Close family
member.
A fee calculated on a predetermined basis relating to the
Contingent fee outcome or result of a transaction or the result of the work
performed. A fee that is established by a court or other
public authority is not a contingent fee.
A financial interest:
owned directly by/and under the control of an
Direct financial individual/entity or
interest beneficially owned through a collective investment
vehicle, estate, trust or other intermediary over which
the individual or entity has control.
Those charged with the governance of an entity,
Director or officer
regardless of their title.
The partner or other person in the firm who is responsible
for the engagement and its performance, and for the report
Engagement partner that is issued on behalf of the firm, and who, where
required, has the appropriate authority from a
professional, legal or regulatory body.
A process designed to provide an objective evaluation,
Engagement quality before the report is issued, of the significant judgments the
control review engagement team made and the conclusions they reached
in formulating the report.
All personnel performing an engagement, including any
Engagement team experts contracted by the firm in connection with that
engagement.
A chartered accountant in public practice currently
holding an audit appointment or carrying out accounting,
Existing accountant
taxation, consulting or similar professional services for a
client.
An individual (who is not a partner or a member of the
professional staff, including temporary staff, of the firm or
a network firm) or organisation possessing skills,
External expert knowledge and experience in a field other than accounting
or auditing, whose work in that field is used to assist the
chartered accountant in obtaining sufficient appropriate
evidence.
An interest in equity or other security, debenture, loan or
other debt instruments of an entity, including rights and
Financial interest obligations to acquire such interest and derivatives
directly related to such interest.
The balance sheets, income statements or profit and loss
accounts, statements of changes in financial position
(which may be presented in a variety of ways, for
Financial statements example, as a statement of cash flows or a statement of
fund flows), notes and other statements and explanatory
material which are identified as being part of the financial
statements.
In the case of a single entity, the financial statements
Financial statements of that entity.
on which the chartered
accountant will In the case of consolidated financial statements, also
express an opinion referred to as group financial statements, the
consolidated financial statements.
A partnership, company or sole proprietor

An entity that controls the parties above, through
Firm ownership, management or other means, and
An entity controlled by the parties above, through
ownership, management or other means.
Information expressed in financial terms in relation to a
particular entity, derived primarily from that entity’s
Historical financial
accounting system, about economic events occurring in
information
past time periods or about economic conditions or
circumstances at points in time in the past.
Immediate family A spouse (or equivalent) or dependent.
Independence is:
Independence of mind – the state of mind that permits
the provision of an opinion without being affected by
influences that compromise professional judgment,
allowing an individual to act with integrity, and
exercise objectivity and professional judgment
Independence Independence in appearance – the avoidance of facts
and circumstances that are so significant a reasonable
and informed third party, having knowledge of all
relevant information, including any safeguards
applied, would reasonably conclude a firm’s, or a
member of the assurance team’s, integrity, objectivity
or professional scepticism had been compromised.
A financial interest beneficially owned through a
Indirect financial collective investment vehicle, estate, trust or other
interest intermediary over which the individual or entity has no
control.
The engagement partner
The individual responsible for the engagement quality
control review, and
Key audit partner Other audit partners, if any on the engagement team
who make key decisions or judgments on significant
matters with respect to the audit of the financial
statements on which the firm will express an opinion.
Depending upon the circumstances and the role of the
individuals on the audit, “other audit partners” may
include, for example, audit partners responsible for
significant subsidiaries or divisions.
An entity whose shares, stock or debt are quoted or listed
on a recognised stock exchange, or are marketed under the
Listed entity
regulations of a recognised stock exchange or other
equivalent body.
A larger structure:
that is aimed at co-operation, and
that is clearly aimed at profit or cost sharing, or
Network shares common ownership, control or management,
common quality control policies and procedures,
common business strategy, the use of a common brand
name, or a significant part of professional resources.
Network firm A firm or entity that belongs to a network.
A distinct sub-group, whether organised on geographical
Office
or practice lines.
Services requiring accountancy or related skills
performed by a chartered accountant including accounting,
auditing, review, other assurance and related services,
taxation, management consulting and financial
management services. These include but are not limited
to:
Audit, review, other assurance and related services
financial statement audits and reviews, other
assurance and related services such as regulatory
reporting, sustainability, compliance and
performance reporting
company accounting advisory services such as
preparation of accounting records and financial
statements in accordance with recognised
financial reporting standards and applicable
statutes, and
company statutory services.
Professional services
Taxation services:
tax return preparation and submission
tax calculations for the purpose of preparing
accounting entries
tax planning and other tax advisory services, and
assistance in the resolution of tax disputes.
Advisory services:
accounting advisory and financial management
advisory services: accounting support, conversion
services for new and revised accounting
standards, financial modelling and project
management
business performance services: business
effectiveness people and change management,
operational and business finance
internal audit: risk and compliance services,

review and monitoring of internal controls, risk
management, compliance services, corporate
governance and audit committee advisory services
corporate finance services: mergers and
acquisitions, valuations, infrastructure financing,
debt and capital markets, due diligence reviews,
transaction services and designated advisor
services to listed companies
corporate recovery services: liquidation and
insolvency administration, curator bonis,
administration of deceased estates, judicial
management and trusteeships
financial risk management services: actuarial
services, banking and risk advisory, regulatory
and compliance services, technical accounting
information technology (IT) advisory services:
security, privacy and continuity, enterprise
resource planning, information system audit
services, IT project advisory, governance and
performance
forensic services: dispute advisory and resolution,
ethics and integrity monitoring, fraud risk
management, intellectual property and other
investigations and regulatory compliance.
The practice of a chartered accountant who places
Public practice professional services at the disposal of the public for
reward.
A listed entity, and
An entity
defined by regulation or legislation as a public
interest entity, or
Public interest entity for which the audit is required by regulation or
legislation to be conducted in compliance with the
same independence requirements that apply to the
audit of listed entities. Such regulation may be
promulgated by any relevant regulator, including
an audit regulator.
To prepare and produce material in printed or electronic
Publish
form for distribution and usually sale.
An entity that has any of the following relationships with
the client:
(a) An entity that has direct or indirect control over the
client provided the client is material to such entity;
(b) An entity with a direct financial interest in the client
provided that such entity has significant influence
over the client and the interest in the client is
material to such entity;
(c) An entity over which the client has direct or indirect
Related entity control;
(d) An entity in which the client, or an entity related to
the client under (c) above, has a direct financial
interest that gives it significant influence over such
entity and the interest is material to the client and its
related entity in (c); and
(e) An entity which is under common control with the
client (hereinafter a “sister entity”) provided the
sister entity and the client are both material to the
entity that controls both the client and sister entity.
An entity in respect of which a firm conducts a review
Review client
engagement.
An assurance engagement, conducted in accordance with
International Standards on Review Engagements or
equivalent, in which a chartered accountant in public
practice expresses a conclusion on whether, on the basis
of the procedures which do not provide all the evidence
Review engagement that would be required in an audit, anything has come to
the chartered accountant’s attention that causes the
chartered accountant to believe that the financial
statements are not prepared, in all material respects, in
accordance with an applicable financial reporting
framework.
All members of the engagement team for the review
engagement, and
outcome of the review engagement, including:
other oversight of the engagement partner in
connection with the performance of the review
engagement including those at all successively
senior levels above the engagement partner
through to the individual who is the firm’s Senior
Review team or Managing Partner (Chief Executive or
equivalent)
for the engagement, and
engagement, including those who perform the
engagement quality control review for the
engagement, and
All those within a network firm who can directly
influence the outcome of the review engagement.
Financial statements prepared in accordance with a
Special purpose
financial reporting framework designed to meet the
financial statements
financial information needs of specified users.
The persons with responsibility for overseeing the
Those charged with strategic direction of the entity and obligations related to
governance the accountability of the entity. This includes overseeing
the financial reporting process.
3.1.3 The public interest

A distinguishing characteristic of a profession is acceptance of its responsibility to the
public. Therefore, a chartered accountant’s responsibility is not exclusively to satisfy
the needs of an individual client or employer. In acting in the public interest a chartered
accountant should observe and comply with the ethical requirements of this Code.
This Code is in divided into parts, namely:
Part A – General application of the Code
Part B – Chartered accountants in Public Practice
Part C – Chartered accountants in Business

Part A establishes the fundamental principles of professional ethics for chartered
accountants and provides a conceptual framework for applying those principles. The
conceptual framework provides guidance on fundamental ethical principles. Chartered
accountants are required to apply this conceptual framework to identify threats to
compliance with the fundamental principles, to evaluate their significance and, if such
threats are other than clearly insignificant, to apply safeguards to eliminate them or
reduce them to an acceptable level such that compliance with the fundamental principles
is not compromised.
Parts B and C illustrate how the conceptual framework is to be applied in specific
situations. It provides examples of safeguards that may be appropriate to address threats
to compliance with the fundamental principles and also provides examples of situations
where safeguards are not available to address the threats and consequently the activity
or relationship creating the threats should be avoided.
Part B applies to chartered accountants in public practice. Part C applies to chartered
accountants in business.
3.2 Part A – General application of the Code

3.2.1 Fundamental principles
A chartered accountant is required to comply with the following fundamental principles:
(a) Integrity
A chartered accountant should be straightforward and honest in all professional and
business relationships.
(b) Objectivity
A chartered accountant should not allow bias, conflict of interest or undue influence of
others to override professional or business judgments.
(c) Professional competence and due care
A chartered accountant has a continuing duty to maintain professional knowledge and
skill at the level required to ensure that a client or employer receives competent
professional service based on current developments diligently and in accordance with
applicable technical and professional standards when providing professional services.
(d) Confidentiality
A chartered accountant should respect the confidentiality of information acquired as a
result of professional and business relationships and should not disclose any such
information to third parties without proper and specific authority unless there is a legal
or professional right or duty to disclose.
Confidential information acquired as a result of professional and business
relationships should not be used to the personal advantage of the chartered accountant or
third parties.
(e) Professional behaviour
A chartered accountant should comply with relevant laws and regulations and should
avoid any action that discredits the accountancy profession.
Each of these fundamental principles is discussed further in more detail in Part A.
As chartered accountants are faced with threats to compliance with the fundamental
principles of professional ethics regularly, the Code proposes a conceptual approach
that requires chartered accountants to:
identify such threats
consider the significance of the threats, and
apply safeguards to eliminate threats or reduce the threats to an acceptable level
should it not be clearly insignificant.
In any circumstances where it is not possible to eliminate or reduce the threats to an
acceptable level, the chartered accountant should not accept or continue with the
service, and where necessary resign from the engagement to ensure that compliance with
the fundamental principles is not compromised.
Compliance with the fundamental principles may potentially be threatened by a broad
range of circumstances. Many threats fall into the following categories:
self-interest threats, which may occur as a result of the financial or other interests
of a chartered accountant or of an immediate or close family member
self-review threats, which may occur when a previous judgment made by the
chartered accountant needs to be re-evaluated by that chartered accountant
advocacy threats, which may occur when a chartered accountant promotes a
position or opinion to the point that subsequent objectivity may be compromised
familiarity threats, which may occur when, because of a close relationship, a
chartered accountant becomes too sympathetic to the interests of others, and
intimidation threats, which may occur when a chartered accountant may be deterred
from acting objectively by threats (actual or perceived).
Parts B and C of this Code, respectively, provide examples of circumstances that may
create these categories of threats and safeguards for chartered accountants in public
practice and chartered accountants in business. Chartered accountants in public practice
may also find the guidance in Part C relevant to their particular circumstances.
Certain safeguards may increase the likelihood of identifying or deterring unethical
behaviour. Such safeguards may be created by:
the accounting profession
legislation
regulation, or
the work environment.
The nature of the safeguards to be applied will vary depending on the circumstances. In
exercising professional judgment, a chartered accountant should consider what a
reasonable and informed third party, having knowledge of all relevant information,
including the significance of the threat and the safeguards applied, would conclude to be
unacceptable.
3.2.3 Ethical conflict resolution
In evaluating compliance with the fundamental principles, a chartered accountant may
be required to resolve a conflict in the application of fundamental principles.
When initiating either a formal or informal conflict resolution process, a chartered
accountant should consider the following, either individually or together with others, as
part of the resolution process:
relevant facts
ethical issues involved
fundamental principles related to the matter in question
established internal procedures, and
alternative courses of action.
Having considered these issues, a chartered accountant should determine the following:
appropriate course of action
weigh the consequences of each possible course of action
if the matter remains unresolved, the chartered accountant should consult with other
appropriate persons within the firm or employing organisation for help in obtaining
a suitable resolution.
Where a matter involves a conflict with, or within, an organisation, a chartered
accountant should also consider consulting with those charged with governance of the
organisation, such as the board of directors or the audit committee, and document any
discussions and decisions.
If a significant conflict cannot be resolved, a chartered accountant may wish to obtain
professional advice from the Regulatory Board (IRBA), from a relevant professional
body or legal advisors, and thereby obtain guidance on ethical issues without breaching
confidentiality.
If, after exhausting all relevant possibilities, the ethical conflict remains unresolved,
a chartered accountant should, where possible, refuse to remain associated with the
matter creating the conflict.
The chartered accountant may determine that, in the circumstances:
it is appropriate to withdraw from the engagement team, or
specific assignment, or
to resign altogether from
the engagement
the firm, or
the employing organisation.
3.2.4 Integrity
The principle of integrity imposes an obligation on all chartered accountants to be
straightforward and honest in professional and business relationships. Integrity also
implies fair dealing and truthfulness.
A chartered accountant should not be associated with reports, returns,
communications or other information where they believe that the information:
contains a materially false or misleading statement
contains statements or information furnished recklessly, or
omits or obscures information required to be included where such omission or
obscurity would be misleading.
3.2.5 Objectivity
The principle of objectivity imposes an obligation on all chartered accountants not to
compromise their professional or business judgment because of bias, conflict of interest
or the undue influence of others.
A chartered accountant may be exposed to situations that may impair objectivity. It is

impracticable to define and prescribe all such situations. Relationships that bias or
unduly influence the professional judgment of the chartered accountant should be
avoided.
3.2.6 Professional competence and due care
The principle of professional competence and due care imposes the following
obligations on chartered accountants:
to maintain professional knowledge and skill at the level required to ensure that
clients or employers receive competent professional service, and
to act diligently in accordance with applicable technical and professional standards
when providing professional services.
Competent professional service requires the exercise of sound judgment in applying
professional knowledge and skill in the performance of such service. Professional
competence may be divided into two separate phases:
attainment of professional competence, and
maintenance of professional competence.
The maintenance of professional competence requires a continuing awareness and an
understanding of relevant technical professional and business developments. Continuing
professional development develops and maintains the capabilities that enable a
chartered accountant to perform competently within the professional environments.
Diligence encompasses the responsibility to act in accordance with the requirements
of an assignment, carefully, thoroughly and on a timely basis. A chartered accountant
should take steps to ensure that those working under the chartered accountant’s authority
in a professional capacity have appropriate training and supervision. Where
appropriate, a chartered accountant should make clients, employers or other users of the
professional services aware of limitations inherent in the services to avoid the
misinterpretation of an expression of opinion as an assertion of fact.
A chartered accountant shall not undertake or continue with any engagement which he
is not competent to perform, unless he obtains advice and assistance which enables him
to carry out the engagement satisfactorily.
3.2.7 Confidentiality
The principle of confidentiality imposes an obligation on chartered accountants to
refrain from:
disclosing outside the firm or employing organisation confidential information
acquired as a result of professional and business relationships without proper and

specific authority or unless there is a legal or professional right or duty to disclose,
and
using confidential information acquired as a result of professional and business
relationships to their personal advantage or the advantage of third parties.
A chartered accountant should maintain confidentiality in the following circumstances:
social environment
the possibility of inadvertent disclosure, particularly in circumstances involving
long association with a business associate or a close or immediate family member
a prospective client or employer
information within the firm or employing organisation.
A chartered accountant should take all reasonable steps to ensure that staff under the
chartered accountant’s control and persons from whom advice and assistance are
obtained respect the chartered accountant’s duty of confidentiality.
The need to comply with the principle of confidentiality continues even after the end
of relationships between a chartered accountant and a client or employer. When a
chartered accountant changes employment or acquires a new client, the chartered
accountant is entitled to use prior experience. The chartered accountant should not,
however, use or disclose any confidential information either acquired or received as a
result of a professional or business relationship.
A chartered accountant may be required to disclose confidential information or such
disclosure may be appropriate when:
disclosure is permitted by law and is authorised by the client or the employer
disclosure is required by law, for example:
production of documents or providing of evidence in the course of legal
proceedings, or
disclosure to the appropriate public authorities including disclosures of
reportable irregularities reported to the Regulatory Board (IRBA) as required
by section 45 of the Auditing Profession Act, and
there is a professional duty or right to disclose, when not prohibited by law:
to comply with the quality review of the Regulatory Board (IRBA) or a
professional body
to respond to an inquiry or investigation by the Regulatory Board (IRBA) or
regulatory body
to protect the professional interests of a chartered accountant in legal
proceedings, or
to comply with technical standards and ethics requirements.
3.2.8 Professional behaviour
Chartered accountants must comply with relevant laws and regulations and avoid any
action that may bring discredit to the profession. This includes actions which a
reasonable and informed third party, having knowledge of all relevant information,
would conclude negatively affects the good reputation of the profession.
(a) Publicity, advertising and solicitation
Chartered accountants should be honest and truthful, and should not, in marketing and
promoting themselves and their work:
make exaggerated claims for the services they are able to offer, the qualifications
they possess, or experience they have gained, or
make disparaging references or unsubstantiated comparisons to the work of others.
(b) Multiple firms
An individual chartered accountant is permitted to be a member of more than one
registered audit firm and some other type of professional firm providing professional
services. It is also permissible to practice under different firm names for different
offices, provided this is not misleading.
Individual chartered accountants who are members of registered audit firms as well
as members of other accounting or consulting firms that provide professional services
and have individual members who are not chartered accountants, must ensure there is a
clear distinction between the different firms and the members thereof, and that they do
not unwittingly contravene section 41(2) of the Auditing Profession Act, or cause it to
be contravened by the members of those other accounting or consulting firms who are
not individual chartered accountants.
(c) Signing convention for Reports or Certificates
A chartered accountant shall not delegate to any person who is not a partner, or fellow
director, the power to sign audit, review or other assurance reports or certificates that
are required, in terms of any law or regulation, to be signed by the chartered accountant
responsible for the engagement. In specific cases where emergencies of sufficient
gravity arise, this prohibition may however be relaxed, provided the full circumstances
giving rise to the need for delegation are reported both to the client of the chartered
accountant concerned and to the Regulatory Board, where applicable.

The individual chartered accountant responsible for the audit, review or other
assurance engagements shall, when signing any audit, review or other assurance report
or certificate, reflect the following:
the individual chartered accountant’s full name
if not a sole proprietor, the capacity in which he/she is signing, namely as the
‘partner’ or ‘director’
the designation ‘Chartered Accountant’ underneath his/her name, and
if not set out on the firm’s letterhead, the name of the chartered accountant’s firm.
(d) Recruiting
A chartered accountant shall not, directly or indirectly, offer employment to an
employee of another chartered accountant without first informing the latter. However, an
employee of another chartered accountant who, in response to an advertisement or of his
own initiative, applies to him for employment may be engaged subject to his informing
the applicant’s employer.
(e) Responsibilities to colleagues
A chartered accountant shall conduct himself in a manner which will promote co-
operation and good relations between chartered accountants and within the profession.
A chartered accountant should assist his fellow chartered accountants in complying
with this Code and shall co-operate with appropriate disciplinary authorities in
applying the Code.
In developing his practice, a chartered accountant shall not seek to displace another
chartered accountant in a client relationship by means which will lessen the
effectiveness of technical performance, and in particular the integrity and objectivity of
assurance opinions or impinge upon the rights of third parties to reliable information.
Further, a chartered accountant shall not act in any way that reflects negatively on fellow
chartered accountants.
A chartered accountant shall extend the same professional considerations and
courtesies to any non-member with whom he may have a professional relationship. He
shall follow the same procedures of conduct as he would with a chartered accountant
where there is a change in appointment.
3.3 Part B – Chartered accountants in public practice

This part of the Code illustrates how the conceptual framework contained in Part A is to
be applied by chartered accountants in public practice. The chartered accountant must
apply the framework when faced with any circumstance.
When faced with a circumstance, the professional account should deal with it as
follows:
Identify the ethical issue.
Identify the threats.
Identify the applicable fundamental principle.
Implement safeguards.
If the safeguards do not reduce the threat to an acceptable level, take action.
3.3.1 Independence
This section is based on a conceptual approach that takes into account:
threats to independence
accepted safeguards.
(a) Threats to independence
Independence is potentially affected by the following threats:
Self-interest threats include:
a financial interest in a client or jointly holding a financial interest with a client
undue dependence on total fees from a client
having a close business relationship with a client
concern about the possibility of losing a client
potential employment by a client
contingent fees relating to an assurance engagement
a loan to or from an assurance client or any of its directors or officers.
Self-review threat occurs under the following circumstances:
the discovery of a significant error during a re-evaluation of the work of the
chartered accountant in public practice
reporting on the operation of financial systems after being involved in their
design or implementation
having prepared the original data used to generate records that are the subject
matter of the engagement
a member of the assurance team being, or having recently been, a director or

officer of that client
a member of the assurance team being, or having recently been, employed by the
client in a position to exert direct and significant influence over the subject
performing a service for a client that directly affects the subject matter of the
assurance engagement.
Advocacy threats include:
promoting shares in a listed entity when that entity is a financial statement audit
client
acting as an advocate on behalf of an assurance client in litigation or disputes
with third parties.
Familiarity threats include:
a member of the engagement team having a close or immediate family
relationship with a director or officer of the client
a member of the engagement team having a close or immediate family
relationship with an employee of the client who is in a position to exert direct
and significant influence over the subject matter of the engagement
a former partner of the firm being a director or officer of the client or an
employee in a position to exert direct and significant influence over the subject
accepting gifts or preferential treatment from a client, unless the value is clearly
insignificant
long association of senior personnel with the assurance client.
Intimidation threats include:
being threatened with dismissal or replacement in relation to a client engagement
being threatened with litigation
being pressured to reduce inappropriately the extent of work performed in order
to reduce fees.
(b) Safeguards
Appropriate safeguards should be identified and applied to eliminate the threats that are
significant, or to reduce them to an acceptable level.
Safeguards fall into two broad categories:
safeguards created by the profession, legislation or regulation
safeguards within the work environment.
(i) Safeguards created by the profession, legislation or regulation
Safeguards created by the profession, legislation or regulation include, but are not
restricted to:
educational, training and experience requirements for entry into the profession
continuing professional development requirements
corporate governance regulations
professional standards
professional or regulatory monitoring and disciplinary procedures, and
external review by a legally empowered third party of the reports, returns,
communications or information produced by a chartered accountant.
(ii) Safeguards within the work environment
The relevant safeguards within the work environment will vary depending on the
circumstances.
Work environment safeguards comprise:
firm-wide safeguards, and
engagement specific safeguards.
A chartered accountant in public practice should exercise judgment to determine how to
best deal with an identified threat. In exercising this judgment, a chartered accountant in
public practice should consider what a reasonable and informed third party, having
knowledge of all relevant information, including the significance of the threat and the
safeguards applied, would reasonably conclude to be acceptable.
This consideration will be affected by matters such as the:
significance of the threat
nature of the engagement, and
structure of the firm.
3.3.2 Professional appointment
Before accepting a client, a specific engagement or replacing another chartered
accountant in public practice, a chartered accountant in public practice should consider
whether acceptance would create any threats to compliance with the fundamental
principles. The threats should be evaluated and if they are clearly significant, the
appropriate safeguards should be applied to eliminate or reduce these threats to an
acceptable level.
(a) Client acceptance
Threats to professional behaviour and integrity include:
client involvement in illegal activities (such as money laundering)
dishonesty, or
questionable financial reporting practices.
Appropriate safeguards may include:
obtaining knowledge and understanding of the client, its owners, managers and those
responsible for its governance and business activities, or
securing the client’s commitment to improve corporate governance practices or
internal controls.
A chartered accountant in public practice should decline to enter into the client
relationship if these threats cannot be reduced to an acceptable level.
Acceptance decisions should be periodically reviewed for recurring client
engagements.
(b) Engagement acceptance
A chartered accountant in public practice should agree to provide only those services
that he/she is competent to perform to ensure that a self interest threat to professional
competence and due care is not created.
Safeguards to these threats may include:
acquiring an understanding of the nature of the client’s business, the complexity of
its operations, the specific requirements of the engagement and the purpose, nature
and scope of the work to be performed
acquiring knowledge of relevant industries or subject matters
assigning sufficient staff with the necessary competencies
using experts where necessary
agreeing on a realistic time frame for the performance of the engagement
complying with quality control policies and procedures.
(c) Changes in a professional appointment
A chartered accountant in public practice who is asked to replace another chartered
accountant in public practice, or who is considering tendering for an engagement
currently held by another chartered accountant in public practice, should determine
whether there are any reasons, professional or other, for not accepting the engagement,
such as circumstances that may threaten professional competence and due care.
An existing accountant is bound by confidentiality. The extent to which the chartered
accountant in public practice can and should discuss the affairs of a client with a
proposed accountant will depend on the nature of the engagement and on:
whether the client’s permission to do so has been obtained, or
the legal or ethical requirements relating to such communications and disclosure.
The proposed accountant shall treat any information provided by the existing accountant
in the strictest confidence.
In the absence of specific instructions by the client, an existing accountant should not
ordinarily volunteer information about the client’s affairs.
Such safeguards may include:
discussing the client’s affairs fully and freely with the existing accountant
requesting the existing accountant to provide information on any facts or
circumstances, that, in the existing accountant’s opinion, the proposed accountant
should be aware of before deciding whether to accept the engagement.
The client’s permission (in writing) must be obtained to discuss whether there are any
professional reasons not to accept the engagement with an existing accountant. In the
absence of specific instructions by the client, the existing accountant should not
volunteer information about the client’s affairs.
If communication with the existing accountant is not possible, the proposed
accountant should try to obtain information about any possible threats by other means,
such as:
inquiries of third parties
background investigations on senior management or those charged with governance
of the client.
Where the threats cannot be eliminated or reduced to an acceptable level through the
application of safeguards, a chartered accountant in public practice should not accept
the engagement.
Where the proposed client refuses to give permission for the proposed accountant to
communicate with the existing accountant, or fails to do so, the proposed accountant

shall decline the appointment, unless there are exceptional circumstances of which the
proposed accountant has full knowledge, and the proposed accountant is satisfied
regarding all relevant facts, by some other means.
3.3.3 Conflicts of interest
Threats to the fundamental principles may arise in the following circumstances:
threat to objectivity – if a chartered accountant in public practice competes directly
with a client or has a material business relationship with a direct competitor of a
client
threat to confidentiality and objectivity – if a chartered accountant in public practice
performs services for clients whose interests are in conflict or the clients are in
dispute with one another.
The following safeguards may be implemented should the threats be clearly
insignificant:
notifying the client of the firm’s business interest or activities that may represent a
conflict of interest, and obtaining their consent to act in such circumstances, or
notifying all known relevant parties that the chartered accountant in public practice
is acting for two or more parties in respect of a matter where their respective
interests are in conflict, and obtaining their consent to so act, or
notifying the client that the chartered accountant in public practice does not act
exclusively for any one client in the provision of proposed services and obtaining
their consent to so act.
The chartered accountant in public practice should also implement the following
safeguards:
the use of separate engagement teams
procedures to prevent access to information
clear guidelines for members of the engagement team on issues of security and
confidentiality
the use of confidentiality agreements signed by employees and partners of the firm,
and
regular review of the application of safeguards by a senior individual not involved
with relevant client engagements.
The chartered accountant in public practice should not accept a specific engagement or
resign from one or more conflicting engagements if the threats cannot be reduced to an

acceptable level or eliminated.
3.3.4 Second opinions
Should a chartered accountant in public practice be asked to provide a second opinion
on the application of accounting, auditing, reporting or other standards or principles to
specific circumstances or transactions by or on behalf of a company or an entity that is
not an existing client, threats to compliance with the fundamental principles may arise
and the appropriate safeguards must be applied.
Safeguards may include:
seeking client permission to contact the existing accountant
describing the limitations surrounding any opinion in communications with the
client, and
providing the existing accountant with a copy of the opinion.
A chartered accountant in public practice should consider whether it is appropriate to
provide the second opinion if the client denies him/her the opportunity to communicate
with the existing accountant.
3.3.5 Fees and other types of remuneration
(a) Lowballing
A chartered accountant in public practice may, mostly, quote whatever fee is deemed to
be appropriate for the services rendered. It is not considered unethical to quote a lower
fee than another accountant when negotiating a professional appointment, but any threats
to the fundamental principles must be considered. A self-interest threat to professional
competence and due care may be created if the fee that is quoted is so low that it may be
difficult to perform the engagement in accordance with the applicable technical and
professional standards. The level of the fee quoted and the services to which it applies
must be considered when considering the threats.
Safeguards include:
making the client aware of the terms of the engagement and, in particular, the basis
on which fees are charged and which services are covered by the quoted fee
assigning appropriate time and qualified staff to the task.
(b) Contingency fees
Contingent fees are generally used for certain types of non-assurance engagements. A
self-interest threat to objectivity may arise when contingency fees are being charged.
The significance of such threats will depend on factors including:
the nature of the engagement
the range of possible fee amounts
the basis for determining the fee
whether the outcome or result of the transaction is to be reviewed by an independent
third party.
Such safeguards include:
an advance written agreement with the client as to the basis of remuneration
disclosure to intended users of the work performed by the chartered accountant in
public practice and the basis of remuneration
quality control policies and procedures
review by an objective third party of the work performed by the chartered
accountant in public practice.
(c) Commission/referral fees
A chartered accountant in public practice may receive a referral fee or commission
relating to a client in various circumstances. For example, where the chartered
accountant in public practice does not provide the specific service required, a fee may
be received for referring a continuing client to another chartered accountant in public
practice or other expert.
A chartered accountant in public practice may receive a commission from a third
party (e.g., a software vendor) in connection with the sale of goods or services to a
client. However, accepting such a referral fee or commission may give rise to self-
interest threats to objectivity and professional competence and due care.
A chartered accountant in public practice may also pay a referral fee to obtain a
client, for example, where the client continues as a client of another chartered
accountant in public practice but requires specialist services not offered by the existing
accountant. The payment of such a referral fee may also create a self-interest threat to
objectivity and professional competence and due care.
Safeguards include:
disclosing to the client in advance, in writing, any arrangements to pay a referral fee
to another chartered accountant for the work referred
disclosing to the client in advance, in writing, any arrangements to receive a referral
fee for referring the client to another chartered accountant in public practice
obtaining advance agreement from the client for commission arrangements in
connection with the sale by a third party of goods or services to the client.
A chartered accountant in public practice may purchase all or part of another firm on the
basis that payments will be made to individuals formerly owning the firm or to their
heirs or estates. Such payments are not regarded as commissions or referral fees.
3.3.6 Marketing professional services
When a chartered accountant in public practice solicits new work through advertising or
other forms of marketing, a self-interest threat to compliance with professional
behaviour may be created if services, achievements or products are marketed in a way
that is inconsistent with that principle.
The chartered accountant in public practice should be honest and truthful and should
not:
make exaggerated claims for services offers, qualifications possessed or experience
gained, or
make disparaging references to unsubstantiated comparisons to the work of another.
Should doubt exist as to whether a proposed form of advertising or marketing is
appropriate, the chartered accountant shall consider consulting with the Regulatory
Board or relevant professional body.
3.3.7 Gifts and hospitality
The receipt of gifts and hospitality may give rise to threats to compliance with the
fundamental principles. For example, self-interest threats to objectivity may be created
if a gift from a client is accepted; intimidation threats to objectivity may result from the
possibility of such offers being made public.
The significance of such threats will depend on the nature, value and intent behind the
offer. Offers made in the normal course of business will not pose a significant threat.
3.3.8 Custody of client assets
A chartered accountant in public practice should not assume custody of client monies or
other assets unless permitted to do so by law and, if so, in compliance with any
additional legal duties imposed on a chartered accountant in public practice holding
such assets.
The holding of client assets creates a self-interest threat to professional behaviour
and may be a self-interest threat to objectivity arising from holding client assets. To
safeguard against such threats, a chartered accountant in public practice entrusted with
money (or other assets) belonging to others should:
keep such assets separately from personal or firm assets
use such assets only for the purpose for which they are intended
at all times, be ready to account for those assets, and any income, dividends or gains
generated, to any persons entitled to such accounting, and
comply with all relevant laws and regulations relevant to the holding of and
accounting for such assets.
When a chartered accountant is entrusted with client monies, or property other than
monies belonging to others in the course of providing professional services, the
chartered accountant shall:
for all client monies which come into the chartered accountant’s possession or under
the chartered accountant’s control, and for which the chartered accountant is liable
to account to a client or any other person:
maintain one or more bank accounts with an institution or institutions registered
in terms of the Banks Act 1990 (Act 94 of 1990) that are separate from the
chartered accountant’s own bank account; and
appropriately designate such accounts (which account or accounts may be a
general account in the chartered accountant’s name or specific accounts
operated in the names of the relevant clients or any other person to whom the
chartered accountant is accountable), and
deposit client monies without delay to the credit of such client account indicated
above, and
for property other than money which comes into the chartered accountant’s
possession or under the chartered accountant’s control and for which the chartered
accountant is liable to account to a client or to any other person (including, but
without limitation, trust property which is expressly registered in the name of the
chartered accountant, or jointly in the name of the chartered accountant and any other
person, in their capacity as administrator, trustee, curator or agent, as the case may
be), the chartered accountant shall:
maintain such records as may be reasonably expected to ensure that the property
can readily be identified as being the property of such client or other person,
and
if the property is in the form of documents of title to money, or documents of title
that can be converted into money, shall make such arrangements as may be
appropriate in the circumstances to safeguard such documents against
unauthorised use.
3.3.9 Objectivity – All services
A chartered accountant in public practice should consider when providing any
professional service whether there are threats to compliance with the fundamental
principle of objectivity resulting from having interests in, or relationships with, a client
or directors, officers or employees.
A chartered accountant in public practice who provides an assurance service is
required to be independent of the assurance client.
Independence of mind and in appearance is necessary to enable the chartered
accountant in public practice to express a conclusion without bias, conflict of interest or
undue influence of others.
The existence of threats to objectivity when providing any professional service will
depend upon the particular circumstances of the engagement and the nature of the work
that the chartered accountant in public practice is performing.
Safeguards include:
withdrawing from the engagement team
supervisory procedures
terminating the financial or business relationship giving rise to the threat
discussing the issue with higher levels of management within the firm
discussing the issue with those charged with governance of the client.
3.3.10 Independence – Assurance engagements
Independence requires:
Independence of mind
The state of mind that permits the expression of a conclusion without being affected by
influences that compromise professional judgment, allowing an individual to act with
integrity, and exercise objectivity and professional scepticism.
Independence in appearance
The avoidance of facts and circumstances that are so significant that a reasonable and
informed third party, having knowledge of all relevant information, including safeguards
applied, would reasonably conclude a firm’s, or a member of the assurance team’s,
integrity, objectivity or professional scepticism had been compromised.
3.4 Part C – Chartered accountants in business

This part of the Code illustrates how the conceptual framework contained in Part A is to
be applied by chartered accountants in business.
Self-interest threats include:
financial interests, loans or guarantees
incentive compensation arrangements
inappropriate personal use of corporate assets
concern over employment security
commercial pressure from outside the employing organisation.
Self-review threats include:
business decisions or data being subject to review and justification by the same
chartered accountant in business responsible for making those decisions or
preparing that data.
Familiarity threats include:
a chartered accountant in business in a position to influence financial or nonfinancial
reporting or business decisions having an immediate or close family member who is
in a position to benefit from that influence
long association with business contacts influencing business decisions
acceptance of a gift or preferential treatment, unless the value is clearly
insignificant.
Intimidation threats include:
threat of dismissal or replacement of the chartered accountant in business or a close
or immediate family member over a disagreement about the application of an
accounting principle or the way in which financial information is to be reported
a dominant personality attempting to influence the decision-making process, for
example with regard to the awarding of contracts or the application of an accounting
principle.
Safeguards that may eliminate or reduce to an acceptable level the threats faced by
chartered accountants in business fall into two broad categories:
(a) safeguards created by the profession, legislation or regulation, and
(b) safeguards in the work environment.
Safeguards in the work environment include:
the employing organisation’s systems of corporate oversight or other oversight

structures
the employing organisation’s ethics and conduct programmes
recruitment procedures in the employing organisation emphasising the importance of
employing high-calibre competent staff
strong internal controls
appropriate disciplinary processes
leadership that stresses the importance of ethical behaviour and the expectation that
employees will act in an ethical manner
policies and procedures to implement and monitor the quality of employee
performance
timely communication of the employing organisation’s policies and procedures,
including any changes to them, to all employees and appropriate training and
education on such policies and procedures
policies and procedures to empower and encourage employees to communicate to
senior levels within the employing organisation any ethical issues that concern them
without fear of retribution
consultation with another appropriate chartered accountant.
3.4.2 Potential conflicts
A potential conflict may exist between an employing organisation’s ethical objectives
and compliance with fundamental principles of professional ethics which may exert
pressure on an accountant to:
act contrary to law or regulation
act contrary to technical or professional standards
facilitate unethical or illegal earnings management strategies
lie to, or otherwise intentionally mislead (including misleading by remaining silent)
others, in particular:
the auditors of the employing organisation, or
regulators
issue, or otherwise be associated with, a financial or non-financial report that
materially misrepresents the facts, including statements in connection with, for
example:
tax compliance
legal compliance, or
reports required by securities regulators.
Safeguards include:
obtaining advice where appropriate from within the employing organisation, an
independent professional advisor or a relevant professional body
the existence of a formal dispute resolution process within the employing
organisation
seeking legal advice.
3.4.3 Preparation and reporting of information
A chartered accountant in business should prepare or present information fairly,
honestly and in accordance with relevant professional standards so that the information
will be understood in its context. Financial statements should be presented in
accordance with the applicable financial reporting standards.
Self-interest or intimidation threats to objectivity or professional competence and due
care may be created where a chartered accountant in business may be pressured to
become associated with misleading information or to become associated with
misleading information through the actions of others.
Safeguards include
consultation with superiors within the employing organisation (e.g., the audit
committee or other body responsible for governance), or
with a relevant professional body.
3.4.4 Acting with sufficient expertise
A chartered accountant in business should only undertake significant tasks for which the
chartered accountant in business has, or can obtain, sufficient specific training or
experience. A chartered accountant in business should not intentionally mislead an
employer as to the level of expertise or experience possessed, nor should a chartered
accountant in business fail to seek appropriate expert advice and assistance when
required.
The ability of a chartered accountant in business to perform duties with the
appropriate degree of professional competence and due care may be threatened by:
insufficient time for properly performing or completing the relevant duties
incomplete, restricted or otherwise inadequate information for performing the duties
properly
insufficient experience, training and/or education
inadequate resources for the proper performance of the duties.
Safeguards include:
obtaining additional advice or training
ensuring that adequate time is available for performing the relevant duties
obtaining assistance from someone with the necessary expertise
consulting, where appropriate, with:
superiors within the employing organisation
independent experts, or
a relevant professional body.
3.4.5 Financial interests
Financial interests, or the financial interests of immediate or close family members,
could give rise to self-interest threats. The nature (either direct or indirect interest) will
affect the significance of the threat.
Safeguards include:
policies and procedures for a committee independent of management to determine
the level of form of remuneration of senior management
disclosure of all relevant interests, and of any plans to trade in relevant shares to
those charged with the governance of the employing organisation, in accordance
with any internal policies
consultation, where appropriate, with superiors within the employing organisation
consultation, where appropriate, with those charged with the governance of the
employing organisation or relevant professional bodies
internal and external audit procedures
up-to-date education on ethical issues and the legal restrictions and other regulations
around potential insider trading.
3.4.6 Inducements
Threats to compliance with the fundamental principles of professional behaviour can be
created when a chartered accountant in business or an immediate family member is
offered an inducement, or when he/she offers an inducement to inappropriately influence
the professional judgement of a third party. No chartered accountant in business should
do so.
The significance of the threats created will depend on the nature, value and intent
behind the offer, although an offer in the normal course of business will not generally
create a significant threat.
The following actions should be considered when an inducement has been received:
immediately inform higher levels of management or those charged with governance
of the employing organisation
inform third parties of the offer – for example, a professional body or the employer
of the individual who made the offer; a chartered accountant in business should,
however, consider seeking legal advice before taking such a step, and
advise immediate or close family members of relevant threats and safeguards where
they are potentially in positions that might result in offers of inducements, for
example as a result of their employment situation, and
inform higher levels of management or those charged with governance of the
employing organisation where immediate or close family members are employed by
competitors or potential suppliers of that organisation.
4 Code of Professional Conduct for Registered Auditors

(IRBA)
The Code of Professional Conduct for Registered Auditors of the IRBA is essentially
the same as Parts A and B of the SAICA Code of Professional Conduct for Chartered
Accountants, as both Codes are based on the principles of the IFAC Code.
5 Questions
QUESTION 3.1
You are a chartered accountant and registered auditor working as the technical partner at
a large auditing firm. You are regularly consulted with on situations and queries that the
other partners have.
Query 1
Jaco Janse van Vuuren is working on a proposal to replace the existing auditors of
CranApple Limited. Jaco is confident that the firm will get the audit, as the audit fee
they are asking is at least 5% less than CranApple Limited’s existing auditor. Jaco
wants to know whether he can include the lower fee in the proposal. (7)
Query 2
Elbi Scholtz is the partner in charge of the Up-the-Creek (Pty) Ltd audit. The managing
director of the company (a most unpleasant person) phoned Elbi at 4:00 this morning to
threaten the firm with a lawsuit. Elbi would like to have information on the legal
liability of the auditor according to the Auditing Profession Act. (7)
Query 3
Marita Terblanche has decided to resign as partner and leave the bustling city life. A
client of the firm, Rooiland Limited, has offered her an appointment as financial
manager at their Kakamas branch office. Marita wants to know if she can accept the
appointment at Rooiland Limited. (3)
Query 4
Deon van der Walt was made partner at the beginning of August 2003. He has instructed
his personal assistant to have his new business cards printed, and reminds her that he is
also a member of the South African Institute of Chartered Accountants and the
Independent Regulatory Board for Auditors.
Deon’s personal assistant wants to know why Deon told her about his membership
with SAICA and the IRBA. (2)
Query 5
Jan Painting is the owner of Services (Pty) Limited. His company specialises in
providing support services to auditing firms. He has approached the partners at your
firm with the following proposal: (2)
(a) As Services (Pty) Limited has contacts at most other auditing firms, they are well
placed to identify staff at other firms and offer them positions at your firm. (4)
(b) Services (Pty) Limited can also assist the firm in expanding their base of audit
clients. They believe their success lies in using any and all forms of
communication: telephoning prospective clients; mailing, faxing and e-mailing
brochures to clients. They also have software available that makes the mass
sending of SMS messages possible. (8)
The other partners want your comment on Jan’s proposal.

Query 6
Mark Nzuza is the partner in charge of the audit of a local medical practice. Your audit
firm also completes the tax returns of the individual doctors. Mark informs you that
while he was completing the tax return of Doctor Scalpel he became aware of the fact
that some fees for services rendered are not being deposited in the practice’s bank
accounts. When Mark asked about this fact, he was informed that it is common practice
for the doctors to do this with cash payments and that nobody needed to know about this.
Mark wants to know what his responsibilities are with regards to the tax evasion. (5)

Respond to each of the situations listed above in terms of the requirements of the Code
of Professional Conduct, Disciplinary Rules and the Auditing Profession Act.
QUESTION 3.2
Andrew Malcolm Inc. is a relatively new auditing firm owned by Andrew Malcolm.
Due to its recent entry to the market, the firm is quite small and is willing to accept
almost any client to ensure revenue. During the year, the firm obtained quite a big audit
client, Trendy Fashions (Pty) Ltd, which accounted for almost 40% of the firm’s
revenue. The financial director of Trendy Fashions has also proposed that Andrew
Malcolm Inc. do some consulting work for the company, as it’s easier if the consulting
and the auditing are done by the same person so that the financial director doesn’t face
“the usual stupid questions from the auditors” repeatedly.
If Andrew accepts the consulting engagement, the total fees from Trendy Fashions
will almost double, making the total fees from Trendy Fashions account for almost 70%
of Andrew Malcolm Inc.’s total revenue. This sounds very exciting, because if the fees
for this year are high enough, Andrew can declare himself a big bonus and finally get to
take his family on that overseas trip they have been waiting for.

(a) Discuss, in terms of the SAICA CPC, what threats to the fundamental principles of
ethical behaviour are evident from the scenario above. (7)
(b) Discuss the safeguards that Andrew Malcolm can put in place to address these
threats. (3)
QUESTION 3.3
Sipho Majali is a chartered accountant working as the financial director for a company
called Electronic Sounds (Pty) Ltd. The company has been making losses recently due
to stocking outdated sound equipment which has not been selling very well. The stock is
selling so badly that Sipho suggested that they write it down to net realisable value in
order to comply with fair presentation.
The CEO, Jack Malone, has refused that this be done as he says it will result in the
company having a net liability position, which will look really bad to the shareholders.
He is not willing to lose his bonus because of some “bogus” accounting requirements.
He tells Sipho that if he doesn’t keep his “silly accountant” mouth shut, he may be
reading the classifieds for a new job very soon.

(a) Discuss, in terms of the CPC, what threats to the fundamental principles of ethical
behaviour are evident from the scenario above. (6)
QUESTION 3.4
You are an audit partner at City Inc., a small auditing firm based in Sandton. One of your
biggest clients is Joburg (Pty) Ltd (“Joburg”), for whom you have been doing
bookkeeping and compiling financial statements for the past five years. Joburg recently
got rid of their auditors for reasons that Jabulani (the managing director of Joburg) says
are “not really important”, so he has now approached you (City Inc.) to be the new
auditors of Joburg. Jabulani says that since he knows you so well, he feels he can trust
you with the audit of his company, and that it should be easy anyway since you know
everything that is going on. Jabulani promises that, should you take Joburg as an audit
client, he will pay you twice as much as he pays for the bookkeeping services. This
means that the total revenue from Joburg would make up more than half of City Inc.’s
annual revenue.
The only thing that Jabulani requires of you is that in the audited set of financial
statements, you adjust the assets so that Joburg can appear to have a higher net asset
value. “I know you won’t be as stubborn or stupid as that last auditor. At least you know
better than to jeopardise losing such a big fee – since we’re effectively two clients in
one”, he says to you with a chuckle (patting you on the back).

(a) Discuss the types of threats evident in the above scenario, and the safeguards that
you can apply to eliminate the identified threats. (15)
(b) Discuss the two types of independence requirements that auditors should consider
for assurance engagements. (5)
(c) Discuss, in terms of the SAICA CPC, the steps that City Inc. should take before
accepting the appointment as the new auditors. (4)

4
Corporate governance
The King Report on Corporate Governance 1994
The King II Report on Corporate Governance in South Africa 2002
The King III Report on Corporate Governance in South Africa 2009
PricewaterhouseCoopers Corporate Governance Series September 2009
1 The definition of and background to corporate

governance
Corporate governance can be defined as the system whereby entities are managed and
controlled.
Although the concept of corporate governance was born only at the beginning of the
1990s with the publication of the first corporate governance codes, corporate entities
were regulated by various forms of legislation throughout the nineteenth century.
Examples of such legislation are company law, and environmental and labour
legislation. Various forms of legislation and regulation therefore also form part of the
system whereby entities are directed and controlled and could be seen as part of
corporate governance in the broader sense of the word.
Several factors led to the development and publication of codes of corporate
governance internationally and nationally. The most important factor, according to
various publications, is the separation between ownership and the control of entities
that took place in the late 1980s. A situation developed within a number of companies
where the owners of the company were no longer involved in the management of the
company. Management of companies was handed over to professional managers. It was
therefore important for the owners of the company to lay down proper principles
according to which companies could be managed.
After the publication of the first codes of corporate governance at the beginning of the
1990s, several factors again led to major efforts to improve standards of corporate
governance across the globe. This took effect in the form of the revision of codes, as
well as the publication of new codes of corporate governance. The major factors were:
A series of corporate collapses and scandals occurred nationally and
internationally.
The interest of not only the shareowners of the company, but that of all the
stakeholders became relevant for corporate decision making.
The role of institutional investors shifted from trading in shares to being major, more
permanent shareowners in companies. Institutional investors no longer sell their
shares when they are unhappy with the way in which the company is managed, but
actively try to influence management in addressing corporate governance issues.
During 2008 a series of corporate collapses in the banking and financial services sector
led to a renewed focus on the strengthening of corporate governance, specifically
regarding performance-related remuneration, transparency, risk management,
accountability and ethical behaviour.
2 The development of codes of corporate governance

The King Committee on Corporate Governance was formed in 1993 under the auspices
of the Institute of Directors in Southern Africa. This led to the publication of the first
King Report on Corporate Governance in November 1994. The second King Report on
Corporate Governance was published in March 2002 by the King Committee after a
review of corporate governance standards and practices in South Africa. International
developments since 2002, as well as the promulgation of the new Companies Act 71 of
2008, necessitated a review of the second report by the King Commission. The third
report on corporate governance in South Africa was published in September 2009.
Internationally, the Treadway Commission in the United States and the Cadbury
Committee in the United Kingdom were the first to investigate and make
recommendations relating to the financial aspects of corporate governance.
The Cadbury Committee was set up in the United Kingdom in May 1991 because of
the lack of confidence that was perceived in financial reporting and in the ability of the
auditors to provide the assurances required by the users of the financial statements. The
Committee considered, primarily, financial reporting and accountability, good practice
concerning the responsibilities of executive and non-executive directors, the case for
audit committees, the principal responsibilities of auditors and the links between
shareholders, boards and auditors. There have since been a number of reviews of
corporate governance in the United Kingdom. The first Combined Code was issued in
1998, followed by the revised Combined Code in July 2003.
In the United States, the Sarbanes-Oxley Act was passed in 2002 after several
corporate scandals, of which Enron and WorldCom are two examples, dented
confidence in corporate governance in the United States.
The Organisation for Economic Cooperation and Development (OECD) issued the
OECD Principles of Corporate Governance in 1999. This document is widely
recognised as an international reference point on corporate governance issues. A
revised report was also issued by the OECD in 2004.
3 The characteristics of good corporate governance

Most international codes of corporate governance require companies to comply with an
evolving set of principles that reflect best practice, rather than inflexible and rule-based
legislation. The one notable exception to the principle-based approach is the Sarbanes-
Oxley Act in the United States, of which reference was made above.
The King Commission adopted the principle-based approach. According to this
approach, corporate governance hinges on four cardinal values: fairness, accountability,
responsibility and transparency. It is the intention of the King Report that all the
recommendations thereof are merely mechanisms for ensuring that companies adhere to
the four characteristics of good corporate governance.
The four characteristics of good corporate governance can be described as follows:
(a) Transparency
Transparency is the ease with which an outsider is able to make meaningful analysis of
a company’s actions and its economic fundamentals. Management must make the
necessary information available candidly, accurately and timeously. It should be
possible to obtain a clear and true picture of what is happening inside a company from
the information supplied by the company.
(b) Accountability
Individuals or groups in a company who make decisions and take actions on specific
issues need to be accountable for their decisions and actions. Mechanisms must exist
and be effective to allow for accountability, thus facilitating both transparency and
responsibility. This provides investors with the means to query and assess the actions of
the board and its committees.

(c) Responsibility
Responsibility pertains to management behaviour that follows internal mechanisms to
allow for corrective action and the sanctioning of mismanagement. When necessary,
responsible management would put in place what it takes to set the company on the right
path.
(d) Fairness
The systems that exist within the company must be balanced in taking into account all
those who have an interest in the company and its future. The rights of various groups
have to be acknowledged and respected. Minority shareholder interests must receive
equal consideration to that of the dominant shareholder(s).
4 The different models of corporate governance

International codes of corporate governance that are principle based all accept the four
principles of fairness, accountability, responsibility and transparency. However,
corporate governance systems differ on whether companies should adopt an exclusive
or an inclusive approach to corporate governance. The central question is: To whom
should companies be fair, accountable, responsible and transparent? According to an
exclusive approach, all the efforts of the company should focus on the shareowners of
the company, and therefore it will not necessarily always be fair, accountable,
responsible and transparent towards other stakeholder groupings. According to the
inclusive approach, companies focus on the interests of all stakeholders and not only the
shareowners.
The inclusive approach requires companies to identify relevant stakeholders, to
engage with them, and to build and manage a relationship with each of them in the
interests of the company.
The following stakeholders could be of importance to any company:
The shareowners as the providers of capital.
Parties that have a contractual relationship with the company, either as providers of
input to its business processes or activities, or as users of its products or services.
Examples include employees, customers, suppliers, business partners and
subcontractors.
Parties that do not have a contractual relationship with the company, but who
provide the company with its licence to operate. This includes society in general,
local communities and non-governmental organisations (NGOs).
The State as policy-maker, legislator and regulator.
5 The King Code of Governance for South Africa 2009

The King Commission issued a Code of Governance and a Report in September 2009.
The Code deals with the Principles and the Report provides recommendations of best
practice for each of the principles in the Code. Practice Notes are also published by the
Institute of Directors in Southern Africa (IoD) which provides detailed implementation
guidance and tools.
The Code applies to all entities regardless of form of incorporation, size or whether
it is operating in the private or public sector.
King III is on an “apply or explain” basis. Internationally, the principle-based
approach to governance has evolved into different approaches of which the “comply or
explain”, “adopt or explain” and the “apply or explain” approaches are some examples.
In following for instance the “apply or explain approach”, the board of directors
could conclude that an interpretation of the governance principle which is different from
the recommendation contained in the Code will be in the best interest of the company.
The board may therefore apply the principle differently and still achieve the
overarching governance principles of transparency, accountability, responsibility and
fairness. Explaining how the principles and recommendations were applied, or if not
applied, the reasons, results in compliance with the Code.
Affected companies
King III applies to all entities, regardless of the manner and form of incorporation or
establishment and whether in the public sector, private sector or non-profit sector.
The King III Report is effective from 1 March 2010.

The King Code of Governance for South Africa 2009, issued by the
Institute of Directors in Southern Africa. Unless otherwise stated, all
SOURCE:
references in this section are to the principles in the Code of
Governance, issued during September 2009.
1 Ethical leadership and corporate citizenship

Principles and recommendations of the code

1.1 The board should provide effective leadership based on an ethical
foundation.
The board is ultimately responsible to provide strategic direction to the company:
The strategy of the board should ensure the long-term sustainability of the
company with due consideration for the impact of the strategy on the economy,
the environment and other stakeholders of the company.
The strategy and actions of the company should therefore promote an inclusive
approach to governance meaning that the company should always act in the best
interest of all stakeholders.
The strategy and actions of the company should also always be based on the four
characteristics of good corporate governance, namely transparency,
accountability, responsibility and fairness. (See section 3 above.)
The company should conduct its business in an ethical manner. The board should set
the values of the company and ensure the formulation thereof in a code of conduct.
1.2 The board should ensure that the company is and is seen to be a
responsible corporate citizen.
Responsible corporate citizenship equates to the adoption of an inclusive approach
to governance. The company should engage with stakeholders in order to protect,
enhance and invest in their well-being and to ensure an ethical relationship of
responsibility between the company and the society in which it operates.
The company must develop corporate citizenship policies and implement
measurable programmes in this regard.
1.3 The board should ensure that the company’s ethics are managed
effectively.
The board should ensure that:
An ethical corporate culture is built and sustained in the company;
It determines ethical standards which are clearly understood by the company and
that the company ensures adherence in all aspects of its business;
Adherence to the ethical standards is measured;
The ethical performance of external business partners is aligned around the ethical
standards of the company;

The risk management process incorporates ethical risks and opportunities;
The company introduces a code of conduct and that ethics-related policies are
implemented;
The operations of the company are based on compliance with the code of ethics;
The company assesses, monitors, reports, and discloses its ethical performance.
2 Boards and directors

Background
The board of directors is the most important governance structure, as it is ultimately
responsible for the performance and affairs of the company. Several investigations after
recent corporate collapses pointed towards a lack of effective accountability within
companies. The board of directors can therefore be seen as the vocal point of any
corporate governance system, and the code as part of its recommendations lists the
duties and responsibilities of the board of directors from a corporate governance point
of view.
After the separation between the control and ownership of companies, the
management of companies was entrusted to the board of directors of a company. The
owners of companies that were no longer part of the management of companies
therefore relied on the board of directors to act as their agents. The opposite often
happened with boards of directors and managers pursuing their own interests.
Types of directors
Directors of companies can serve in either an executive or non-executive capacity
Executive director
A member of the board who is:
– a salaried employee of the company or its subsidiaries, and/or
– involved in the day-to-day running of the company or its subsidiaries
For example, the managing director, chief executive officer, financial director
Non-executive director
A member of the board who is:
– not involved in the day-to-day running of the company or its subsidiaries, and
– not a full-time salaried employee of the company or its subsidiaries.

Independent non-executive directors
A non-executive director who:
– is not a representative of a shareholder who has the ability to control or
significantly influence management
– has not been employed by the company or the group of which it currently
forms part, in any executive capacity for the preceding three financial years
– is not a member of the immediate family of an individual who is, or has been
in any of the past three financial years, employed by the company or the
group in an executive capacity
– is not a professional advisor to the company or the group other than in a
director capacity
– is free from any business or other relationship which could be seen to
interfere materially with the individual’s capacity to act in an independent
manner
– does not have a direct or indirect interest in the company (including any
parent or subsidiary in a consolidated group with the company) which is
either material to the director or to the company (a holding of 5% or more is
considered material), and
– does not receive remuneration contingent upon the performance of the
company.
Boards of directors were often dominated by executive directors, making it easy to
pursue only the interests of management, to the detriment of shareowners’ interests. The
Code therefore makes several recommendations regarding the composition of the board
to ensure that it will be able to act in the best interests of shareowners.
Another issue that the Code deals with as part of the section on boards and directors
is the remuneration of directors. Remuneration has been a corporate governance issue
for years, with shareholders that were in many instances of the opinion that directors
and top management were earning too much. The Code attempts to address this issue by
encouraging transparency with regard to remuneration issues.
The Code finally deals with board committees and the role of the company secretary.
It is recommended that the board of directors makes use of different board committees
to enhance the business of the board and to help share the board’s workload. The Code
makes several recommendations on how the company secretary could assist the board to
properly fulfil its duties.

2.1 The board should act as the focal point for and custodian of
corporate governance.
A charter should set out the responsibilities and functions of the board and the board
should meet at least four times a year.
2.2 The board should appreciate that strategy, risk, performance and
sustainability are inseparable.
In achieving the above, the board should ensure that the strategy of the company
takes into account all potential risks and that it will ensure the sustainability of not
only of the company, but also of the planet.
2.3 The board should provide effective leadership based on an ethical

foundation.
2.4 The board should ensure that the company is and is seen to be a
responsible corporate citizen.
2.5 The board should ensure that the company’s ethics are managed
effectively.
2.6 The board should ensure that the company has an effective and
independent audit committee.
2.7 The board should be responsible for the governance of risk.
2.8 The board should be responsible for information technology (IT)

governance.
2.9 The board should ensure that the company complies with applicable
laws and considers adherence to non-binding rules, codes and
standards.
2.10 The board should ensure that there is an effective risk-based

internal audit.
2.11 The board should appreciate that stakeholders’ perceptions affect

the company’s reputation.
2.12 The board should ensure the integrity of the company’s integrated
report.
2.13 The board should report on the effectiveness of the company’s

system of internal controls.
2.14 The board and its directors should act in the best interests of the
company.
The best interest of the company will be served should directors comply with all the
legal duties of a director, not deal in securities of the company whilst in possession
of price-sensitive information which is not available to the general public, and if
their judgment is not affected by conflicts of interest.
Directors should be allowed to obtain independent advice in connection with their
duties. An agreed-upon process should exist in this regard.
It is expected from directors to disclose real and perceived conflicts of interests to
the board.
All listed companies should have a policy regarding dealings in securities by
directors and selected employees.
2.15 The board should consider business rescue proceedings or other

turnaround mechanisms as soon as the company is financially
distresses as defined in the Act.
The directors should monitor the liquidity and solvency of the company on an
ongoing basis and act where indications are that the company is financially
distressed.
One mechanism which the board could consider is a business rescue procedure in
which case:
a suitable practitioner should be appointed
the practitioner should provide sufficient security for the value of the assets of
the company.
2.16 The board should elect a chairman of the board who is an

independent non-executive director. The CEO of the company
should not fulfil the role of chairman of the board as well.
The members of the board should elect the chairman annually and he/she should be
independent and free of conflict upon appointment.
A lead independent director should be appointed in situations where the company
can justify the appointment of an executive director as chairman or where the
chairman is not independent or conflicted. This should be justified fully in the
integrated report.
The role of the chairman should be formalised and he/she should have the ability to
add value.
The performance of the chairman against the determined functions and
responsibilities should be assessed annually.
It is possible for the CEO to become the chairman after retirement as an executive
director, but only after a period of three years has lapsed.
It is accepted practice that the chairman will also hold other chairmanships outside
of the company. The number of other appointments should be considered by the
chairman and the board.
A succession plan should be in place for the role of the chairman.
2.17 The board should appoint the chief executive officer and establish
a framework for the delegation of authority.
The role and function of the CEO should be formalised and the board should
evaluate the performance of the CEO against these criteria.
A succession plan should exist for the role of the CEO and other senior executives
and officers.
The board should also provide input regarding the appointment of senior
management within the company.
2.18 The board should comprise a balance of power, with a majority of

non-executive directors. The majority of non-executive directors
should be independent.
Requirements regarding knowledge, skills and resources should determine the
number of board appointments.
The board should ensure that its size, diversity and demographics make it effective.
A minimum number of two executive directors should be appointed, with at least the
CEO and the director responsible for finance.
The board should ensure that at least one third of the non-executive directors rotate
every year.
The board, through its nomination committee, should recommend the eligibility of
prospective directors to the shareholders.
The board should perform a rigorous review of the independence and performance
of any independent non-executive director serving for more than nine years.
The independence of independent non-executive directors should be assessed by the
board and a statement in this regard should be included in the integrated report.
The board should have the prerogative to remove any director without shareholder
approval.
2.19 Directors should be appointed through a formal process.

The process should comprise the following:
the identification of suitable members; the nomination committee should assist in
this regard
background and reference checks performed on the individuals before nomination
and appointment
a letter of appointment to formalise the appointment
full disclosure regarding individual directors to enable shareholders to make their
own assessment of directors.
2.20 The induction of and ongoing training and development of

directors should be conducted through formal processes.
The board should ensure that:
new directors undergo a formal induction programme
mentorship programmes are introduced to assist the development of inexperienced
directors

continuing professional development programmes are implemented, and
directors are updated regularly regarding changes in legislation, regulation, risks or
the environment.
2.21 The board should be assisted by a competent, suitably qualified

and experienced company secretary.
The company secretary should be appointed by the board and should be empowered
to fulfil his/her responsibilities. The board should however have the right to remove
him/her.
The company secretary should:
have an arms-length relationship with the board
not be a director of the company
assist the nomination committee with the process of appointing the director
assist with director induction, training and development
provide guidance to the directors regarding their duties and good governance
ensure that board and committee charters are kept up to date
prepare and circulate board papers
elicit responses, feedback and input for board and board committee meetings
assist in the drafting of annual work plans
ensure the preparation and circulation of minutes of board and board committee
meetings, and
assist with the evaluation of the board, its committees and individual directors.
2.22 The evaluation of the board, its committees and the individual
directors should be performed every year.
The annual evaluation of directors should be performed by the chairman or an
independent advisor.
The results of the performance evaluations should form the basis for the
determination of the development and training needs of directors.
The role, functions, duties and performance criteria of the board should serve as a
benchmark for the performance appraisal.

The integrated report should contain an overview of the appraisal process, including
the results and actions flowing from that.
Nomination of a director for re-appointment should only take place after a proper
performance appraisal.
2.23 The board should delegate certain functions to well-structured

committees but without abdicating its own responsibilities.
The terms of reference of committees should be established and approved formally,
and reviewed annually.
Committees should be appropriately constituted.
The terms of reference and the composition of all committees should be disclosed in
the integrated report.
Public and state-owned companies must appoint an audit committee.
All other companies should establish an audit committee. Its composition and terms
of reference should be defined in its memorandum of incorporation.
Companies should also establish risk, nomination and remuneration committees.
Committees, with the exception of the risk committee, should consist of a majority of
non-executive directors of which the majority should be independent.
External advisors and executive directors should attend committee meetings by
invitation.
Committees should be able to take independent professional advice from outside of
the company at the expense of the company and after following an approved
process.
2.24 A governance framework should be agreed between the group and

its subsidiary boards.
Listed subsidiaries should comply with the rules of the relevant stock exchange
regarding the prevention of insider trading.
Holding companies should respect the fiduciary duties of directors who are serving
as representatives of the holding company on the board of a subsidiary.
Subsidiary companies should only adopt and implement policies, procedures or
processes of the holding company after due consideration and after approval by the
subsidiary company. Disclosure should take place in the integrated report of

policies which were adopted and implemented in this regard.
2.25 Companies should remunerate directors and executives fairly and

responsibly
Remuneration policies should be aligned with the strategy of the company and
should be linked to individual performance.
The remuneration committee should assist the board in setting and administering
remuneration policies.
The remuneration policy should address base pay and bonuses, employee contracts,
severance and retirement benefits, and share-based and other long-term incentive
schemes.
Non-executive fees should comprise a base fee as well as an attendance fee per
meeting.
2.26 Companies should disclose the remuneration of each individual

director and certain senior executives.
The integrated report should contain a remuneration report which should include:
all benefits paid to directors
the salaries of the three most highly paid employees who are not directors
the policy on base pay
participation in share incentive schemes
the use of benchmarks
incentive schemes to encourage retention
justification of salaries above the median
material payments that are ex-gratia in nature
policies regarding executive employment, and
the maximum expected potential dilution as a result of incentive awards.
2.27 Shareholders should approve the company’s remuneration policy.

This should be done by the passing of a non-binding advisory vote by the
shareholders.

The shareholders should vote on whether the remuneration of executive directors is
in accordance with the remuneration policy.
Important points from Section 2: Boards and directors

The board should comprise a majority of non-executive directors, the majority of
whom are independent.
A minimum of two executive directors should be appointed; the CEO and director
responsible for finance.
At least one third of the non-executive directors should retire, by rotation, each
year.
The board should meet at least once a quarter.
The chairman should be an independent non-executive director.
Where the chairman is not independent, a lead independent director should be
appointed.
The CEO should not be the chairman of the board.
Non-executive directors should not receive share options.
Minimum committees to be appointed: audit; remuneration; risk and nomination
Summary of board committees

Audit Remuneration Nomination
Risk committee
committee committee committee
Independent Independent Independent
Chairman of Not specified in
non-executive non-executive non-executive
the committee King III
director director director
Majority should
Majority should be non-
be non- executive
All members executive directors
should be directors Majority of non- Executive and
Membership independent Majority of non- executive non-executive
non-executive executive directors should directors
directors directors should be independent
be independent Board chairman
should be a
member
May not be a May be a Should be a May be a
Chairman of member, but may member May not member May be member May not
the board attend meetings be chairman of chairman of the be chairman of
by invitation the committee committee the committee
May not be a May not be a May not be a May be a
Chief
member, but member, but member, but member May not
Executive
should attend by should attend by should attend by be chairman of
Officer invitation invitation invitation the committee
3 Audit committees
Background
The audit committee is currently viewed as one of the most important governance
structures within the modern company. The Companies Act also regulates the
appointment, role and composition of the audit committee and stipulates the institution
of an audit committee for all public companies and state-owned entities. The King Code
furthermore stipulates that the board should ensure that the company has an effective and
Principles and recommendations of the Code
3.1 The board should ensure that the company has an effective and
The terms of reference of the audit committee should be approved by the board.
The audit committee should meet as often as is necessary to fulfil its mandate, but at
least twice a year.
The audit committee should meet with the external and internal auditors at least
annually without management being present.
3.2 Audit committee members should be suitably skilled and

experienced independent non-executive directors.
The audit committee should consist of at least three members and all the members
The audit committee should consist of at least three members and all the members
should be independent non-executive directors.
The chairman of the board cannot be a member or the chairman of the committee.
Vacancies on the audit committee should be filled by the board as soon as it arises.
The audit committee should collectively possess the skills, qualifications and
expertise required to fulfil its mandate.
Members are therefore required to keep up to date with relevant developments and
should also be allowed to consult with specialists or consultants according to a
process approved by the board.
3.3 The audit committee should be chaired by an independent non-

executive director.
The chairman of the audit committee should be elected by the board.
The chairman of the committee should participate in the setting of the agenda for
meetings and should be present at the AGM.
3.4 The audit committee should oversee integrated reporting.

As part of its oversight role over the integrated report, the audit committee should:
consider all factors and risks which could impact on the integrity of the
integrated report
review and comment on the financial statements
review the disclosure of sustainability issues to ensure its reliability and that no
conflict exists with the financial information
recommend to the board the engagement of external assurance providers on
material sustainability issues.
The audit committee should consider the need to issue interim results and should
review the content of any summarised information.
The external auditors should be engaged to provide assurance on the summarised
financial information.
3.5 The audit committee should ensure that a combined assurance

model is applied to provide a coordinated approach to all assurance
activities.
internal auditors and ensure that the combined approach addresses all the significant
risks which the company is faced with.
3.6 The audit committee should satisfy itself of the expertise, resources
and experience of the company’s finance function.
The audit committee should perform an annual review of the finance function and the
results should be published in the integrated report.
3.7 The audit committee should be responsible for overseeing of

internal audit.
The oversight role of the audit committee includes:
its responsibility to appoint and dismiss the Chief Audit Executive (CAE)
taking responsibility for the performance appraisal of the CAE
approving the internal audit plan
ensuring that the internal audit function is subject to an independent quality review
as and when the committee determines it appropriate.
3.8 The audit committee should be an integral component of the risk

management process.
The responsibility of the audit committee regarding risk management should be set
out in its charter.
The committee should specifically have oversight of:
financial reporting risks
internal financial controls
fraud and IT risks as these relate to financial reporting.
3.9 The audit committee is responsible for recommending the

appointment of the external auditor and overseeing the external
audit process.
The audit committee should recommend to the board an external assurance provider
(auditor) to provide assurance on the financial statements. The audit committee is
responsible for:

nominating the external auditor for appointment
approving the terms of engagement and remuneration of the external auditors
monitoring and reporting on the independence of the external auditors
defining a policy dealing with the provision of non-audit services by the external
auditors
approving contracts for non-audit services, and
reviewing the quality and effectiveness of the external audit process.
The committee should be informed of any reportable irregularity identified and
reported by the external auditors in terms of s 45 of the Auditing Profession Act.
3.10 The audit committee should report to the board and shareholders
on how it has discharged its duties.
The audit committee is required to report internally to the board and externally to
the shareholders.
Reporting to the board will include how the committee has discharged its statutory
duties as well as the duties assigned to it by the board.
Reporting to the shareholders will relate to how its statutory duties were discharged
and will include:
how its duties were carried out
whether the committee is satisfied with the independence of the external auditors
the committee’s view on the financial statements and the accounting practices,
and
whether the internal financial controls are effective.
The integrated report should contain a section which summarises the role of the
committee, its composition, number of meetings held, and details of other activities.
The audit committee should recommend to the board whether the integrated report
should be approved.
4 Risk management
Background
Regulators and financial markets are increasingly focusing on the need for companies to
introduce proper risk management systems to manage the risks they are faced with
effectively. Proper risk management will also allow companies to better fulfil their
objectives and is therefore also an important part of any corporate governance system.
The process of risk management can be described as the identification, evaluation
and measurement, management and monitoring of all major risks with which the
company is faced with.
4.1 The board should be responsible for the governance of risk.

A policy and plan for a system and process of risk management should be
developed.
The integrated report should contain the view of the board regarding the
effectiveness of the system and process of risk management.
The board charter should set out the board’s responsibility regarding risk
management and the responsibility should manifest itself in a documented risk
management policy and plan which is approved by the board and widely distributed
throughout the company.
The implementation of the risk management plan should be reviewed by the board
annually and also be monitored continually.
Induction and development programmes for directors should focus on risk
management.
4.2 The board should determine the levels of risk tolerance.

The levels of risk tolerance should be set by the board once a year.
The board should also determine the risk appetite of the company.
The board should continuously monitor whether risks taken by the company are
within the tolerance and appetite levels.
4.3 The risk committee or audit committee should assist the board in
carrying out its risk responsibilities.
The board should appoint a committee which is responsible for risk, specifically to
consider the risk management policy and plan, and to monitor the risk management
process.
The committee should consist of a minimum of three members who could be
executive and non-executive directors, members of senior management, and
independent risk management experts as invitees.
The committee should meet at least twice a year and its performance should be
evaluated by the board at least once a year.
4.4 The board should delegate to management the responsibility to

design, implement and monitor the risk management plan.
Management should execute the board’s risk strategy through the implementation of
systems and processes.
Management is accountable to the board for the integration of risk management into
the day-to-day activities of the company.
The Chief Risk Officer (CRO) should have regular access and interaction with the
board or the designated committee and executive management on strategic issues.
The CRO should also be suitably qualified and experienced.
4.5 The board should ensure that risk assessments are performed
continually.
The company should perform a systematic and formal risk management assessment
at least once a year.
Risks should also be prioritised and ranked in order for the company to properly
focus risk strategies and interventions.
The assessment of risk should be in the form of a top-down approach.
The board should receive a risk register regularly highlighting the key risks which
the company is faced with.
The board should review the register and ensure that the key risks are quantified.
4.6 The board should ensure that frameworks and methodologies are
implemented to increase the probability of anticipating
unpredictable risks.
4.7 The board should ensure that management considers and

implements appropriate risk responses.
Risk responses should also provide for the use of opportunities.

4.8 The board should ensure continual risk monitoring by
management.
The risk management plan should assign responsibility for the monitoring of risks.
4.9 The board should receive assurance regarding the effectiveness of

the risk management process.
Management should provide assurance to the board that risk management is
integrated into the day-to-day activities of the company.
The internal audit should also provide a written assessment regarding the
effectiveness of the system of risk management and the related internal controls.
4.10 The board should ensure that there are processes in place enabling
complete, timely, relevant, accurate and accessible risk disclosure to
stakeholders.
The board’s view on the effectiveness of the risk management process should be
disclosed in the integrated report.
The integrated report should also deal with undue, unexpected or unusual risks.
5 The governance of information technology

5.1 The board should be responsible for information technology (IT)

governance.
The board should:
ensure that an IT charter and policies are established and implemented
ensure promotion of an ethical IT governance culture and awareness, and a common
IT language
ensure that an IT internal control framework is adopted and implemented, and
receive independent assurance on the effectiveness of the IT internal controls.
5.2 IT should be aligned with the performance and sustainability

objectives of the company.

The board should be sensitive to how opportunities could be identified and
exploited in order to improve the performance and sustainability of the company
through the use of IT.
5.3 The board should delegate the responsibility for the implementation
of an IT governance framework to management.
An IT steering committee may be appointed by the board to assist management with
its responsibility regarding the governance of IT.
The CEO should appoint a Chief Information Officer (CIO) responsible for the
management of IT.
The CIO should have regular access and interaction with the board or the designated
committee and executive management on strategic IT issues. The CIO should also be
suitably qualified and experienced.
5.4 The board should monitor and evaluate significant IT investments

and expenditure.
The board should specifically focus on value for money, return on investment and
the protection of intellectual property.
Assurance on IT internal controls should also include outsourced services.
5.5 IT should form an integral part of the company’s risk management.

Management should regularly demonstrate to the board that sufficient disaster
recovery procedures are in place.
The board should ensure that the company complies with all IT-related laws and
regulations.
5.6 The board should ensure that information assets are managed
effectively.
The board should ensure that an information security management system is
developed and implemented.
The information security strategy should be approved by the board and its
implementation should be delegated to management.
The board should ensure that personal information is treated as an important asset of
the company.
5.7 A risk committee and audit committee should assist the board in
carrying out its IT responsibilities.
The risk committee should ensure that IT risks are adequately addressed and
assurance should be obtained regarding controls in place.
IT should be considered by the audit committee in relation to financial reporting and
going concern. It should also be considered how the use of IT could improve audit
coverage and efficiency.
6 Compliance with laws, rules, codes and standards

6.1 The board should ensure that the company complies with applicable
laws and considers adherence to non-binding rules, codes and
standards.
Compliance with laws and legislation should be an ethical imperative and
exceptions should be dealt with in an ethical manner.
The board should have an understanding of the laws the company should comply
with and monitor compliance by having it as a regular item on the board agenda.
In the integrated report, the board should disclose how it has discharged its
responsibility regarding an effective compliance framework.
6.2 The board and each individual director should have a working
understanding of the effect of the applicable laws, rules, codes and
standards on the company and its business.
Induction programmes and ongoing training programmes for directors should
incorporate an overview of changes to laws and legislation.
6.3 Compliance risk should form an integral part of the company’s risk
management process.
Companies should consider establishing a compliance function.
The risk of non-compliance with laws and legislation should be identified, assessed
and responded to on an ongoing basis as part of the risk management process.

6.4 The board should delegate to management the implementation of
an effective compliance framework and processes.
The board should ensure that a legal compliance policy, approved by the board, has
been implemented by management and should also ensure that it receives regular
assurance regarding the controls around compliance.
Management should establish appropriate compliance structures, communicate and
measure key performance indicators with regards to compliance, and educate and
train staff in this regard.
Compliance should be incorporated into the code of conduct of the company.
The integrated report should contain details of non-compliance by the company or
its directors.
An independent and skilled compliance officer may be appointed.
The compliance officer should have regular access and interaction with the board,
or the designated committee, and executive management on compliance matters.
The structure and role of the compliance function will be a reflection of how the
company tries to achieve integration of compliance with ethics and risk
management.
The compliance function should have sufficient resources and capacity to fulfil its
function and role.
7 Internal audit
Background
The Institute of Internal Auditors defines internal auditing as “an independent, objective
assurance and consulting activity designed to add value and improve an organisation’s
operations. It helps an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk management,
control and governance processes.” It is clear from the definition that the internal audit
department of a company can play an integral role as part of an effective corporate
governance system. The Code makes several recommendations on the status, role and
scope of the internal audit department and stresses the importance of an integrated
approach to assurance.

7.1 The board should ensure that there is an effective risk-based
internal audit.
Companies should establish an internal audit function which should:
evaluate the company’s governance processes
perform an effective assessment of the effectiveness of risk management and
internal control
analyse and evaluate business processes and related controls, and
investigate fraud, corruption, ethical behaviour and irregularities.
An internal audit charter should be defined and approved by the board.
The internal audit function should adhere to the IIA standards and code of conduct.
7.2 Internal audit should follow a risk-based approach to its plan.

The internal audit plan and approach should be informed by the strategy and risks of
the company.
The internal audit should be independent from management.
The internal audit should provide independent assurance that all risks have been
identified, that controls are in place to mitigate the risks, and that all opportunities
are identified, assessed and effectively managed.
7.3 Internal audit should provide a written assessment of the

effectiveness of the company’s system of internal controls and risk
management.
The internal audit should form an integrated part of the combined assurance model
as the internal provider of assurance.
The internal audit should also focus on operational, compliance and sustainability
issues, and not only on financial matters.
The internal audit should provide a written assessment of the system of internal
control and risk management to the board.
The internal audit should provide a written assessment of internal financial controls
to the audit committee.
7.4 The audit committee should be responsible for overseeing the

internal audit.
The internal audit plan should be agreed upon and approved by the audit committee.
The audit committee should evaluate the performance of the internal audit function.
The audit committee should also ensure that the internal audit function is subjected
to an independent quality review.
The Chief Audit Executive (CAE) should report functionally to the chairman of the
audit committee.
The CAE should be appointed, assessed and dismissed by the audit committee.
The internal audit should report at all audit committee meetings.
The audit committee should ensure that the internal audit function is well resourced
with an appropriate budget allocated to it.
7.5 The internal audit should be strategically positioned to achieve its

objectives.
The internal audit should be objective and independent, and report to the audit
committee.
The CAE should also have a standing invitation to attend executive committee
meetings.
The internal audit function should have the necessary skills and experience in order
to deal with the complexity of risk and assurance.
The CAE should develop and maintain a quality assurance and related improvement
plan.
8 Governing stakeholder relationships

Background
Companies in South Africa are encouraged to adopt the inclusive approach to
governance based on which companies are required to act in the best interest of all
stakeholders. This section of the code provides guidance regarding the governance of
stakeholder relationships.
8.1 The board should appreciate that stakeholders’ perceptions affect a

company’s reputation.
The board should identify the stakeholders of the company and the company’s
linkage with stakeholders should be a regular item on the board agenda.
8.2 The board should delegate to management to proactively deal with

stakeholder relationships.
Management should develop a strategy and related policies to ensure proper
engagement with stakeholders.
The company’s engagement with stakeholders and the outcomes thereof should be
disclosed in the integrated report.
Shareholders should be encouraged to attend AGMs.
8.3 The board should strive to achieve the appropriate balance between
its various stakeholder groupings, in the best interests of the
company.
8.4 Companies should ensure the equitable treatment of shareholders.

The board should also ensure the protection of minority shareholders.
8.5 Transparent and effective communication with stakeholders is

essential for building and maintaining their trust and confidence.
Communication with stakeholders should be complete, relevant, honest, accurate, in
an understandable language, and should take place on a timely basis.
The board should consider disclosing the number of requests for information lodged
in terms of the Promotion of Access to Information Act in the integrated report, and
which were refused.
8.6 The board should ensure that disputes are resolved as effectively,
efficiently and expeditiously as possible.
9 Integrated reporting and disclosure

Background
Sustainability reporting has been the subject of the King II Report. Sustainability

reporting can be defined as reporting on those financial and non-financial matters that
influence the company’s ability to survive and prosper and sustain its business in future.
Where financial reporting tends to provide an historic account, sustainability
reporting and disclosures provide a balanced and integrated record of the economic,
social and environmental performance of the company. This is now generally referred to
as “triple bottom line” reporting. The economic aspect of “triple bottom line” involves
the financial aspects relevant to the business of the company, whilst the social aspect
focuses on the values of the company, ethics, and reporting on the company’s
engagement with stakeholders. The environmental aspect includes reporting on the effect
of the company’s products or services on the environment.
The King III Report on Corporate Governance advocates the publication of an
integrated report dealing with both financial and non-financial matters in an integrated
manner.
9.1 The board should ensure the integrity of the company’s integrated
report.
The board should delegate the responsibility to evaluate sustainability disclosures
to the audit committee.
The company should have controls in place to enable it to verify and safeguard the
integrity of the integrated report.
The integrated report should:
be prepared every year
convey adequate information regarding the company’s financial and
sustainability performance, and
focus on substance over form.
9.2 Sustainability reporting and disclosure should be integrated with the

company’s financial reporting.
The board should include commentary on the company’s financial results.
The board must disclose whether the company is a going concern.
The integrated report should describe how the company has made its money.
The board should ensure that the integrated report deals with the positive and
negative impacts of the company’s operations, as well as with plans to improve the
positive and eradicate the negatives.
9.3 Sustainability reporting and disclosure should be independently

assured.
General oversight and reporting of sustainability should be delegated to the audit
committee.
The audit committee should assist the board by reviewing the integrated report to
ensure that the information is reliable and not a contradiction of the financial
information.
The audit committee should oversee the provision of assurance over sustainability
issues.
6 The future of corporate governance

It is important that the international community has confidence in the level of good
corporate governance in South Africa, as this will attract much-needed foreign direct
investment into the country.
The King III Report should be seen as a living document and regularly updated to
reflect changes in international corporate governance practices.
7 Questions

Mary Poppins has recently been appointed as non-executive director of Fair Lady Ltd.
As an accountant you have advised Ms Poppins over the last four years on a number of
issues ranging from personal taxation to her fiduciary duties as a director of companies.
Ms Poppins is again seeking your help as she has been asked to report to the board of
directors of Fair Lady Ltd on the issue of corporate governance. She has provided you
with the following facts:
(a) Fair Lady Ltd, which is listed on the main board of the Johannesburg Stock
Exchange, is involved in the manufacturing and distribution of perfume. Fair Lady
Ltd has a 31 December year-end.
(b) Ms Poppins is the only non-executive director on the board of Fair Lady Ltd. Fair
Lady Ltd has a total of ten directors. The Chief Executive Officer, Mr Wiggens, is
also the Executive Chairman of the company. In return for her services as a non-
executive director Ms Poppins will receive R8 000 for attending each of the three
board meetings a year. She is contracted to serve for a three-year period which
began on 1 January 2010.
(c) Mr Wiggens, whose family owns 16% of Fair Lady Ltd, sets the annual
remuneration of all the directors including himself and is in charge of all
appointments to the board.
(d) All acquisitions and disposals of assets are approved by Mr Wiggens as are all
contracts in excess of R100 000. Despite these controls, the financial manager
entered into a futures contract with Great Bank Ltd in February 2009, which led to
a loss of R650 000 to the company.
(e) Mr Wiggens has expressed a keen desire to report on the corporate governance
process at Fair Lady Ltd.
(f) In January 2009 Mr Wiggens issued a code of ethics, which has been signed by all
directors and representatives of all employees. The code prescribes the moral and
ethical conduct to which Fair Lady Ltd and its employees are expected to adhere.
(g) In addition, at the beginning of the year Mr Wiggens appointed two internal
auditors who report directly to him and who carry out internal audits in accordance
with a laid-down charter.

Address each issue above and assess the need to and whether or not there is compliance
with the King III Report and, where appropriate, indicate any duties which the Code
may impose on Ms Poppins. (30)

You are a senior manager in the compliance department at New Horizons Advertising
(Pty) Ltd. New Horizons was founded 30 years ago by Paul Moroka, and is a leading
advertising agency in Johannesburg. Seven years ago, the company purchased and
became the sole owner of Ezweni Communications (Pty) Ltd, a medium-sized
communications company based in Johannesburg. New Horizons is currently looking to
list Ezweni shares on the JSE in an attempt to obtain funds to expand the business.
You have been assigned to assess Ezweni’s compliance with the King III Report on
Corporate Governance. This is after Kenneth Mashaba, a board member and CEO of
Ezweni’s biggest competitor, mentioned that it would be impossible for Ezweni to find
investors if they do not comply with King III.
The composition of the Ezweni Communications board of directors is as follows:

Other than the audit committee, Ezweni has no other sub-committees.
The committee only meets in January every year, so that there is adequate planning for
the responsibilities of the internal audit for the year ahead. The committee is
responsible only for the internal audit function.

(a) Define an independent director and conclude on whether all independent non-
executive directors on the Ezweni board can be classified as such. (8)
(b) With reference to the audit committee of Ezweni Communications, identify
instances of non-compliance with the King III Report evident from the above

scenario and make recommendations on how they can comply. Your answer should
be presented in tabular format (6)
(c) Fully discuss the role that the company secretary, Queen Moroka, has to play in the
effective functioning of the board of directors in terms of the King III Report. (4)
(d) Which companies would need to comply with the guidelines of the King III Report
on Corporate Governance? (4)
(e) Which board committees should the board of directors appoint to aid them in
fulfilling their duties? (2)

5
The audit process
Reference Title
ISA Glossary Glossary of terms
Framework International Framework for Assurance Engagements
ISA 220 Quality control for an audit of financial statements
ISA 300 Planning an audit of financial statements
Identifying and assessing the risks of material misstatement through
ISA 315
understanding the entity and its environment
ISA 330 The auditor’s responses to assessed risks
ISA 500 Audit evidence
Assurance engagements other than audits or reviews of historical
ISAE 3000
financial information
Quality control for firms that perform audits and reviews of
ISQC 1 financial statements, and other assurance and related services
engagements
SAAPS 1 Quality control
1 Introduction
The objective of an audit of financial statements is to enable an auditor to express an
opinion as to whether or not the financial statements fairly present, in all material
respects, the financial position of the entity at a specific date and the results of its
operations and cash flow information for the period ended on that date, in accordance
with an identified financial reporting framework and/or statutory requirements. A
similar objective applies to the audit of financial and other information prepared in
accordance with appropriate criteria.
To be in a position to express an opinion and provide assurance, an auditor needs to
consider certain issues and perform a series of procedures in order to obtain evidence
to substantiate the assurance given or to report findings.
The above considerations and procedures constitute the audit process, whether it
relates to the external audit function or other related services.
2 Framework of audit and related services
The International Standards on Auditing (ISAs) are to be applied in the audit of

financial statements. ISAs are also to be applied, adapted as necessary, to the audit of
other information and to related services.
3 Importance of the audit process and complying with the

ISAs
The auditor should plan and perform the audit in such a way as to provide a high level
of service to the client, comply with auditing standards and principles, and ultimately
limit the risk of legal liability and reputational damage to the auditor.
3.1 Complying with the ISAs and other professional pronouncements

The auditor should plan and perform the audit according to the ISAs, relevant
legislation and other professional pronouncements.
When the adequacy of an auditor’s work is assessed, whether in a court of law, by
quality control reviewers or in other circumstances, the auditor should be able to prove
compliance with the ISAs. This would provide evidence of a quality audit process and
would ultimately limit the auditor’s liability.
3.2 Adding value

The audit process is aimed at planning and performing the audit, and at obtaining audit
evidence to be able to express assurance on the evidence examined. During the
performance of his work the auditor gains a good insight into the client’s business and
processes to identify risks and weaknesses. This enables the auditor to make
recommendations to his client in order to address such risks or weaknesses, which
ultimately adds value to the client and the audit process.
4 Steps in the audit process

The audit process can be divided into the following phases:
engagement activities
planning activities
obtaining of audit evidence
evaluating, concluding and reporting.
It is important to understand the different phases of the audit process and the
steps/considerations involved in each of the different phases. Understanding the inter-
relationship between the different stages of the audit process is also of vital importance.
4.1 Engagement activities

This phase of the audit process is performed:
before accepting a new client, or
on a continuous basis for existing clients.
It entails:
a client investigation to consider independence, business and management risks
skills and competence requirements for the audit
establishing the terms of the engagement.
4.2 Planning activities

This relates to the planning of the audit as a whole and establishes the overall strategy
for the scope, emphasis, timing and conduct of the engagement.
It is important to realise that the steps in the planning process relate to the strategy
and approach of obtaining information. The knowledge gained during the planning phase
would enable the auditor to determine an approach for the obtaining of audit evidence
through the application of audit procedures.
4.2.1 Obtaining an understanding of the entity and its environment (knowledge of
the business)
This relates to obtaining information on the entity’s business, industry, management, etc.
Aspects on which to obtain knowledge:
External:
industry conditions
regulatory environment
economic factors.
Internal:
business operations
investments
financing
financial reporting.
Financial and related business risks:
objectives, strategies and business risk
financial condition and financial performance.
4.2.2 Obtaining an understanding of the accounting information system and
internal controls
This relates to the obtaining of information on the control environment and the
accounting information system (including business processes, financial reporting and
communication) and the internal controls.
4.2.3 Assessing the risk of material misstatements
This relates to the process of identifying and addressing the risks that exist for the
engagement and the audit as a whole. It entails:
identifying inherent and control risks
identifying business risks affecting the audit.
4.2.4 Setting materiality
This relates to the auditor’s quantifying planning materiality.
Definition of materiality (AC000 and Glossary of ISAs): “Information is material if
its omission or misstatement could influence the economic decisions of users taken on
the basis of the financial statements. Materiality depends on the size of the item or error
judged in the particular circumstances of its omission or misstatement. Thus, materiality
provides a threshold or cut-off point, rather than being a primary qualitative
characteristic which information must have if it is to be useful.”
4.2.5 Formulating an audit approach
The auditor should establish the strategy and approach to obtaining audit evidence.
This will mean deciding on the:
nature
timing
extent
of the audit procedures to be performed, namely the
tests of controls
substantive procedures.
4.2.6 Organising and managing the audit (co-ordination and control)
Consider issues such as:
client specifics
dates/timing
engagement team specifics
budgeting
areas requiring special attention
communication with the entity
going concern
previous audit findings and recommendations.
4.3 Obtaining of audit evidence

This entails the obtaining of audit evidence by means of:
a combination of tests of controls and substantive procedures or
substantive procedures alone.
4.4 Evaluating, concluding, reporting

This will entail a:
review of the financial information and audit evidence obtained
setting final materiality
reviewing the audit file and evidence obtained
evaluate audit differences
forming an audit opinion
considering the fair presentation of the financial information
reporting.
4.5 Summary of the audit process

Once the auditor has decided to accept the engagement, he needs to plan how he is going
to put himself in a position to be able to provide an opinion on the financial statements.
This means he must do the following:

5 Assurance engagements
5.1 Framework for assurance engagements (assurance framework)

The framework defines and describes the elements and objectives of the performing of
assurance engagements by professional accountants.
Introduction 1–6
Definition and objective of an assurance engagement 7–11
Scope of the framework 12–16
Engagement acceptance 17–19
Elements of an assurance engagement 20–60
Inappropriate use of the practitioner’s name 61
Appendix: Differences between reasonable assurance
engagements and limited assurance engagements
5.1.1 Definition
Assurance refers to the auditor’s satisfaction as to the

reliability of an assertion being made by one party for use
by another party. To provide such assurance, the auditor
assesses the evidence collected as a result of procedures
Assurance
conducted and expresses a conclusion. The degree of
satisfaction achieved, and therefore the level of assurance
which may be provided, is determined by the procedures
performed and their results.
Is an engagement in which a practitioner expresses a
conclusion designed to provide confidence for the intended
user about the subject matter. Two types of assurance
engagements exist, namely:
Reasonable assurance engagements:
Assurance engagements a positive form of opinion is expressed of the
practitioner’s conclusion
Limited assurance engagements:
a negative form of expression of the practitioner’s
conclusion.
5.1.2 Ethical principles

Professional accountants must always comply with the following ethical principles:
integrity
objectivity
professional competence and due care
confidentiality
professional behaviour.
The following requirements are embedded in the above but, because of their
importance, they are listed separately:

independence
technical standards.
Practitioners should also always comply with the Quality Control Standards when
performing assurance engagements.
5.1.3 Framework
5.1.4 Engagement acceptance

A practitioner accepts an assurance engagement only where the practitioner’s

preliminary knowledge of the engagement circumstances indicates that:
relevant ethical requirements such as independence and professional competence
will be satisfied
the engagement exhibits all of the following characteristics:
the subject matter is appropriate
the criteria to be used are suitable and are available to the intended users
the practitioner has access to sufficient appropriate evidence to support the
practitioner’s conclusion
the practitioner’s conclusion, in the form appropriate to either a reasonable
assurance engagement or a limited assurance engagement, which is to be
contained in a written report
the practitioner is satisfied that there is a rational purpose for the engagement,
and no significant scope limitation on the auditor’s work exists.
5.1.5 Elements of an assurance engagement
An engagement will be an assurance engagement only if all the following elements exist:
(a) Three-party relationship

Three-party relationships involve:
a practitioner: the professional accountant
a responsible party: the person/s responsible for the subject matter (i.e. information
reported on)
an intended user: the persons for whom the assurance report is intended.
(b) Subject matter

This is the information reported on:
financial information/conditions
non-financial information (e.g. performance conditions, physical characteristics,
etc.).
(c) Suitable criteria

These are the benchmarks used to evaluate or measure the subject matter (information).
For financial statements this will be the assertions (e.g. valuation and existence of
assets).
For reporting on internal controls, this will for example be an internal control
framework or control objectives.
(d) Suitable appropriate audit evidence

The professional accountant should obtain sufficient (quantity) and appropriate (quality)
audit evidence that is reliable (source and nature) to form the basis of the conclusion
reached.
(e) A written assurance report

The professional accountant should issue a report on the findings on the subject matter:
An opinion for the reasonable assurance engagements: “In our opinion all controls
are effective, in all material respects.”
Negative assurance in a limited assurance engagement: “Based on our work
described in this report, nothing has come to our attention that causes us to believe
that internal controls are not effective, in all material respects.”
5.2 Assurance engagements other than audits or reviews of historical

financial information (ISAE 3000)
This statement relates directly to assurance engagements on other information than
historical financial information (e.g. providing assurance on a profit forecast, or the
effectiveness of internal controls).
The principles and requirements as set out in the Framework for Assurance
Engagements apply equally; however, depending on the nature of the subject matter
(information to be reported on) and the criteria (against which the information is
measured), additional considerations may apply.
Introduction 1–3
Ethical requirements 4–5
Quality control 6
Engagement acceptance and continuance 7–9
Agreeing on the terms of the engagement 10–11
Planning and performing the engagement 12–25
Using the work of an expert 26–32
Obtaining evidence 33–40
Considering subsequent events 41
Documentation 42–44
Preparing the assurance report 45–53
Other reporting responsibilities 54–56
5.2.1 Quality control

Quality control procedures applicable to the individual engagement should be applied.
5.2.2 Engagement acceptance and continuance
A practitioner should accept an assurance engagement only if:
it is possible to report on the subject matter (information to report on)
the subject matter (information to report on) is identifiable
the users are identified
he possesses the necessary professional competencies/skills.
5.2.3 Agreeing on the terms of the agreement
The auditor should issue an engagement letter specifying the terms and conditions of the
engagement.
5.2.4 Planning the engagement
This will entail obtaining information on the subject matter and criteria and accordingly
planning how to address the issue.
5.2.5 Obtaining evidence
This will entail performing procedures to obtain evidence on which to base the
conclusion.
Evidence will be obtained through:
risk assessment procedures
test of controls
substantive procedures.
5.2.6 Evaluating, concluding and reporting
The auditor should:
consider subsequent events
document the evidence obtained and procedures performed
evaluate the evidence obtained and conclude
prepare the assurance report.
6 Quality control (ISA 220/ISQC 1/SAAPS 1)
6.1 Explanation of quality control

Quality control relates to the policies and procedures adopted by a firm to provide
reasonable assurance that the firm and its personnel comply with the professional
standards and regulatory and legal requirements and that reports issued are appropriate
in the circumstances.
Quality control will ensure that:
the firm operates appropriately in all given circumstances and in doing so limits its
risk of legal liability and reputational damage resulting from assurance and other
related service failures
a professional service is rendered to clients.
Quality control exists at basically two levels, namely:
for the firm as a whole (sec 6.2)
for individual audits of historical financial information (sec 6.3).
6.2 Quality control at firm level (ISQC 1)

Reference: Quality control for firms that perform audits and reviews of historical
financial information and other assurance and related service engagements.

Introduction 1–10
Objective 11
Definitions 12
Requirements
Applying and complying with relevant requirements 13–15
Elements of a system of quality control 16–17
Leadership responsibilities for quality within the firm 18–19
Acceptance and continuance of client relationships and
26–28
specific engagements
Human resources 29–31
Engagement performance 32–47
Monitoring 48–56
Documentation of the system of quality control 57–59
Application and other explanatory material A1–A75
The firm’s system of quality control should include policies and procedures that are to
be applied to all personal and professional engagements for each of the following
elements.
6.2.1 Leadership responsibilities for quality control within the firm
Policy
An internal culture of quality in performing engagements should be promoted. This is the
responsibility of the Chief Executive Officer or equivalent.
Quality means
Work should be performed in accordance with the professional standards and
regulatory and legal requirements, for example audits should be performed in
accordance with the ISAs and the Companies Act.
Reports issued should be appropriate in the circumstances; i.e. unqualified audit
reports should not be issued when the circumstances deem that it should be a
qualified report.
Procedures
The firm assigns its management responsibilities so that commercial considerations
do not override the quality of work performed. This would be the case where clients
threaten not to reappoint the auditor if they issued a qualified report. The auditor
should still issue the qualified report and rather risk losing the future income from
that client.
The firm’s policies and procedures addressing performance evaluation,
compensation, and promotion (including incentive systems) with regard to its
personnel are designed to demonstrate the firm’s overriding commitment to quality.
The firm devotes sufficient resources for the development, documentation and
support of its quality control policies and procedures.
6.2.2 Relevant ethical requirements
Policy
The firm should establish policies and procedures to ensure all its personnel comply
with the ethical requirements of:
independence
integrity
objectivity
confidentiality
Procedures
These are the procedures to be followed:
The firm should communicate independence requirements to its personnel.
Engagement teams must provide the firm with information about the client, in order
to enable the firm to evaluate independence requirements.
Personnel should notify the firm of circumstances or relationships that create a threat
to independence.
Personnel should annually provide written confirmation to the firm of compliance
with policies and procedures on independence and ethical requirements.
6.2.3 Acceptance and continuance of client relationships and specific
engagements
Policy
Acceptance and continuance of client relationships should take place only after the firm:
has considered the integrity of clients and does not have information that would lead
it to conclude that any clients lack integrity
has considered if it is competent to perform engagements and has the capabilities,
time and resources to do so
has considered whether it can comply with the ethical requirements.
Procedures
These are the procedures that must be followed:
communication with existing or previous providers of professional accounting
services
inquiry of firm personnel, or third parties such as bankers, legal advisors
background searches.
6.2.4 Human resources
Policy 1
The personnel of the firm should have the necessary capabilities, competence and
commitment to ethical principles.
Procedures 1
Capabilities and competence are developed through a variety of methods, including the
following:
professional education
continuing professional development, including training
work experience
coaching of less experienced members on engagement teams by more experienced
staff.
Policy 2
Assignment of staff to audits.
Procedures 2
The engagement partner and personnel assigned to audit engagements should have the
The engagement partner and personnel assigned to audit engagements should have the
capabilities, competence and time to perform their work properly.
(a) Direction, supervision, review
Policy and procedures
Engagements should be performed according to the professional guidelines.
The firm should provide:
guidance (direction) on performing audits through:
firm manuals
industry and subject matter specific guidance material.
supervision of work at all levels:
of progress of the engagement
work of individual members
significant findings and issues
matters for consideration.
review by more experienced engagement team members of the work and findings of
less experienced members.
(b) Consultation
Consultation should take place at all levels on continuous matters.
(c) Difference of opinion

Policies and procedures should exist to solve differences between engagement team
members, those consulted and the engagement partner.
(d) Engagement Quality Control Review
Policy
There should be a quality control review performed for all engagements of:
financial statements of listed entities
other significant audit and review engagements that fall within a firms review
criteria.
Procedures
Criteria should be set for when a quality review is required for non-listed entities.
The nature, timing and extent of a quality review should be defined.
The quality control reviewer should be a person at partner level, with the relevant
technical qualifications and experience.
No audit report should be issued before the required quality control review process
has been completed.
6.2.6 Monitoring
Policy
The firm should monitor compliance with the quality control policies and procedures.
Procedures
Quality control partner or partners with sufficient qualifications and experience to:
monitor quality control
perform quality reviews on engagements
identify deficiencies in quality control and ensure rectification.
Policies and procedures should exist to deal with complaints and allegations of non-
compliance with quality control.
New developments in professional standards and applicable regulatory requirements
should be reflected in a firm’s policies and procedures where appropriate.
6.2.7 Documentation of the system of quality control
Documentation should exist on quality control compliance and procedures.
6.3 Quality control at audit level (ISA 220)

Reference: Quality control for audits of historical financial information.
Introduction 1–5

Objective 6
Definitions 7
Requirements
Leadership responsibilities for quality on audits 8
Relevant ethical requirements 9–11
Acceptance and continuance of client relationships and
12–13
audit engagements
Assignment of engagement teams 14
Engagement performance 15–22
Monitoring 23
The engagement team should implement quality control policies and procedures
applicable for all individual audits for the following elements.
6.3.1 Leadership responsibilities for quality on audits
Policy
The engagement partner should take responsibility for the overall quality of the audit.
Procedures
The engagement partner should demonstrate through his actions and through appropriate
communication to the engagement team:
the importance of:
performing work that complies with professional standards and regulatory and
legal requirements
complying with the firm’s quality control policies and procedures as applicable
issuing auditor’s reports that are appropriate in the circumstances.
the fact that quality is essential in performing audit engagements.
6.3.2 Ethical requirements
Policy
The engagement partner should consider whether members of the engagement team have
complied with the ethical requirements of:

independence
integrity
objectivity
confidentiality
Procedures
The engagement partner should:
enquire and observe compliance with the ethical requirements of the engagement
team during the audit
identify and consider taking action to eliminate threats to independence concerning
the audit engagement.
6.3.3 Acceptance and continuance of audit engagements
Policy
The engagement partner should be satisfied that appropriate procedures regarding the
acceptance and continuance of client relationships and specific audit engagements have
been followed and that conclusions reached in this regard are appropriate and have
been documented.
Procedures
Acceptance and continuance of client relationships and specific audit engagements
include considering:
the integrity of the principal owners, key management and those charged with
governance of the entity
whether the engagement team is competent to perform the audit engagement and has
the necessary time and resources
whether the firm and the engagement team can comply with the ethical requirements.
6.3.4 Assignment of the engagement team
Policy
The engagement team should collectively have the capabilities, competence and time to
perform a professional audit.
Procedures
The engagement team as a whole should have:
an understanding of and practical experience with audit engagements of a similar
nature and complexity through appropriate training and participation
an understanding of professional standards and regulatory and legal requirements
appropriate technical knowledge, including knowledge of relevant information
technology
knowledge of relevant industries in which the client operates
ability to apply professional judgement
an understanding of the firm’s quality control policies and procedures.
Policy 1
Direction, supervision, review
The engagement partner should take responsibility for ensuring the direction,
supervision and review of the engagement team.
Procedures 1
Direction
The engagement partner directs the audit engagement by informing the members of the
engagement team of:
their responsibilities
the nature of the entity’s business
risk-related issues
problems that may arise
the detailed approach to the performance of the engagement.
Supervision
Supervision includes the following:
tracking the progress of the audit engagement
considering the capabilities and competence of individual members of the
engagement team, whether they have sufficient time to carry out their work, whether
they understand their instructions, and whether the work is being carried out in
accordance with the planned approach to the audit engagement
addressing significant issues arising during the audit engagement, considering their
significance and modifying the planned approach appropriately
identifying matters for consultation or consideration by more experienced
engagement team members during the audit engagement.
Review
Review responsibilities are determined on the basis that more experienced team
members, including the engagement partner, review work performed by less
experienced team members.
Reviewers consider whether:
the work has been performed in accordance with professional standards and
regulatory and legal requirements
significant matters have been raised for further consideration
appropriate consultations have taken place and the resulting conclusions have been
documented and implemented
there is a need to revise the nature, timing and extent of work performed
the work performed supports the conclusions reached and is appropriately
documented
the evidence obtained is sufficient and appropriate to support the auditor’s report
the objectives of the engagement procedures have been achieved.
Policy 2
Consultation: The engagement partner should ensure there is appropriate consultation
between the engagement team and others at appropriate levels within a firm on
contentious issues.
Procedure 2
Consultation should occur:
within the engagement team
with other professionals within the firm (technical partner) or outside the firm and
should be documented and implemented.
Policy 3
Difference of Opinion: The engagement partner should ensure all differences of
opinion are resolved.
Procedure 3
All matters of differences of opinion should be brought to the attention of the
engagement partner.
Policy 4
Engagement Quality Review: For all listed clients a quality control review shall take
place.
Procedure 4
The engagement partner is responsible for:
ensuring that an engagement quality reviewer has been appointed
discussing all significant findings with the reviewer
not issuing the auditor’s report until completion of the engagement quality control
review.
6.3.6 Monitoring
Policy and procedure
The engagement partner should ensure compliance with quality control on the audit
engagement.
Quality review should be performed on the individual engagement.
7 Questions

You are an audit manager at Pretorius, Watson & Khubeka (Pty) Ltd, a medium-sized
audit firm. The firm recently accepted the appointment as auditor of Pro-Con Limited, a
company that specialises in project managing the construction of large manufacturing
plants all over Africa. You are in the process of planning the audit for the year ended 30
November 20X9. You pride yourself on ensuring that the audit work performed is of a
high standard. You are especially diligent at ensuring that quality control procedures are
being implemented at audit level for audit engagements, namely assisting the audit
partner, Joseph Khubeka CA(SA), RA, in ensuring that proper direction, supervision
and review is in place for engagement performance.
Three students from the University of Johannesburg are currently spending a week at
the firm to obtain an understanding of how an audit is practically performed and have
been assigned to you. You have taken a keen interest in explaining various aspects of
auditing to them and they will be assisting you for the week that they are visiting.

(a) Name and describe the three-party relationship that must exist for this engagement
to be an assurance engagement and indicate who the parties are in respect of the
above scenario. (6)
(b) List at least three other elements that must exist in order for this engagement to be
an assurance engagement. (3)
(c) Explain to the University of Johannesburg students the reason for and value of
obtaining an understanding of the entity and its environment. (8)
(d) Describe the aspects that will be considered in obtaining an understanding of the
entity and its environment. (8)
(e) Define the control environment and name at least three elements of the control
environment that you would expect to find at Pro-Con. (5)
(f) State who is responsible for the overall quality of the audit. (1)
(g) Describe to the vacation students what a reviewer should consider in terms of
quality control review procedures at audit level for engagement performance. (7)
(h) Name and describe other quality control policies that the engagement team can
implement for all individual audits to ensure a quality audit is performed. (8)
(i) Name another level at which quality control procedures can be implemented and
the benefits of quality control procedures (2)
Presentation (2)
QUESTION 5.2 (integrated question) 34 MARKS

You are a partner at the auditing firm of MVC (Incorporated). The firm is a medium-
sized auditing firm with various offices throughout the country. A variety of professional
services are provided which range from auditing work to management consultancy
services.
You were recently approached by the managing partner of Tickbirds and Partners,
another medium-sized auditing practice, to provide them with legal advice on a claim
which was instituted against the auditing firm (Tickbirds & Partners). The background
information to the claim is as follows:
For the past four years Tickbirds & Partner have been the auditors of Smart Jewellers
Limited, a retailer in expensive jewellery. A copy of the annual financial statements are
sent to Smart Jewellers' bankers, First Bankers, annually on the understanding that they
can contact the auditors directly if they wish to clear up any aspect of the annual
financial statements. First Bankers deal with all of Smart Jewellers' money matters and
have provided Smart Jewellers with a long-term loan of R8,5 million with which to
finance its operations.
In May 20X9 Jean Botha, an audit manager of Tickbirds & Partners, who has handled
the audit of Smart Jewellers for the past four years, began the audit for the year ended
31 March 20X9. As he was familiar with the operations of Smart Jewellers, Jean kept
fewer and fewer working papers of the audit procedures performed and the evidence
obtained each year. However, a week after beginning the current audit Jean died in a
motor vehicle accident. As a result of work pressures and a shortage of staff, the
partners of Tickbirds & Partners appointed Mr Duzi, a retired accountant of one of the
firm's clients, to complete the audit as soon as possible.
Mr Duzi studied Jean Botha's working papers of the previous year and reached the
conclusion that all that would be necessary to complete the audit would be to review
Smart Jewellers' schedules which the accountant prepared, together with the inventory
records for their accounting accuracy. He did this, and after he had failed to detect any
material errors, he informed Miss Ngweni, the partner in charge of the audit, that the
audit had been completed successfully. On the basis of this Miss Ngweni issued an
unqualified audit report on Smart Jewellers’ annual financial statements for 20X9.
Shortly after year-end large fraud in respect of the inventory was detected at the
organisation, which led to the company's liquidation. First Bankers lost their full
exposure of R8,5 million in Smart Jewellers and intend suing Tickbirds & Partners for
this amount.
The above facts gave rise to the request by the managing partner of Tickbirds &
Partners. You have been provided with all possible information and all working papers
have been made available to you.
From the working papers you concluded that no management representation letter had
been obtained from the management of Smart Jewellers. However, Mr Duzi had made a
note in the audit file that management had refused to provide this. No further work had
been performed in this respect.

(a) State the objective of an audit. (2)
(b) Name the four steps of the audit process. (4)
(c) Discuss and conclude whether Tickbirds & Partners complied with the ISAs with
respect to performing the audit (referring particularly to each of the four steps of
the audit process you identified above). (12)
(d) Discuss and conclude whether Tickbirds & Partners complied with the quality
control requirements as per ISA 220. (10)
(e) Discuss and conclude whether Tickbirds & Partners have a legal liability as per
the APA (use information from your answers above). (6)

6
Computers in the audit environment
1 Introduction
Computer Information Systems (CIS) are part of the modern business environment, and
exist when any type or size of computer is used to process financial information in a
business.
Computers are part of modern-day life, and it is vital that both management and the
auditor have a good understanding of the underlying fundamental issues of computer-
related risks, computer-related controls and computer auditing.
This chapter serves as an introduction to the basic issues of computers and controls in
the audit environment.
2 Types of computer system
2.1 On-line computer systems

2.1.1 Definition
A computer system where data is captured by means of a terminal as it occurs and the
data is immediately edited, processed and written to a computer file.
2.1.2 Characteristics of on-line systems
On-line systems have the following characteristics:
on-line (direct) entry of data
authorisation of input by the system through validation tests
on-line access to the system by users
absence of visible audit trails.
Terminals could be situated on the premises or in remote areas and:

local terminals are linked to the computer via cables
remote terminals are linked to the computer via telephone lines.
2.1.3 Advantages
An on-line computer system provides inter alia the following benefits:
Files are up to date.
Entries are accurate.
Risk of non-recording of transactions is small.
Data processing is fast.
2.1.4 Disadvantages
On-line systems have the following disadvantages:
absence of visible entry and audit trails
a high risk of unauthorised
access to the system and data
processing on the system
changes to data.
2.2 Batch processing systems

2.2.1 Definition and characteristics
This is a computer system where the source documents are collected in batches of
similar items (e.g. sales invoices of 100 each). Control totals (financial and non-
financial totals) are then calculated by the users (e.g. the number of items, monetary
value of invoices, etc.). This data is captured in batches together with the user’s control
totals. The computer calculates its own control totals and compares them with the user’s
control totals. Batches which do not balance are rejected and printed on an exception
report. An independent senior person checks it and sees that it is corrected and
recaptured.
2.2.2 Advantages
Batch processing systems have the following advantages:
Visible audit trails exist.
They are accurate.

2.2.3 Disadvantages
These systems have the following disadvantages
They are slow.
Files are not up to date.
2.3 Microcomputer systems

2.3.1 Microcomputer
Characteristics of a microcomputer:
A microcomputer is also referred to as personal computer or “PC”. It is a powerful
computer which comprises a processing unit, memory, screen, data storage unit, etc.
Programmes and data are stored on a removable or non-removable medium.
This computer is used to process accounting transactions and generate reports which
are necessary for the financial statements.
The computer could comprise the entire system or only a part thereof.
Microcomputers could be one of the following:
(a) Stand-alone workstations
A stand-alone workstation is for the use of a single user or a number of users at different
times. Data is entered via a keyboard and the user could be knowledgeable in
programming and may perform a variety of functions.
(b) Network of microcomputers (distributed processing)
Two or more microcomputers are linked by communication lines and software. One
computer serves as a file server which controls the network. Multiple users have access
to information, data and programmes.
(c) Linkage to a central computer
Used as an intelligent terminal (own processing and storage of data) or as a dumb
terminal (used only to capture data).
Microcomputers have the following characteristics:
They are small and easily transported/removable.
They are relatively cheap.
They are quick to install.
They are easy to use.
The operating system provided by the supplier is not as extensive and possibly
contains fewer security controls.
The application software is usually off-the-shelf packages without modifications.
Data is stored on easily removable/damageable media such as disks, etc.
2.4 Database systems

A database is a collection of data which is used and shared by a number of different
users for different purposes.
Individual users are familiar with only the data used by them and can see the data as a
file which is processed by their application systems.
2.4.1 Characteristics of a database
Two important characteristics distinguish databases, namely:
Data sharing: The data in a database is organised and stored in such a manner that
it can be used by different users in different application programmes.
Data independence from the application programmes: Data and databases are
independent from a specific application programme. A single data file exists, and
the data is read by different application programmes.
2.5 Networks
This comprises the processing of different applications of the systems on different
computers and the sharing of hardware (namely printers and processors), software
(namely application programmes and database management systems) and data.
Local Area Network (“LAN”): This is a data communication system which links a
number of independent computers within a geographic area (such as a building).
This occurs via cables.
Wide Area Network (“WAN”): This is a data communication system which links a
number of computers over a wide geographic area. This takes place via dedicated
telephone lines.
3 Characteristics and risk considerations of a general

computer environment
3.1 Organisational structure

Characteristics Risk considerations
No or limited division of duties/less
effective.
Concentration of functions within
the CIS environment. Persons with detailed knowledge of the
system can make unauthorised changes
without the changes being detected
Risk of unauthorised:
Concentration of programmes and access to data and programmes
data at a central point
changes to data and programmes.
3.2 Nature of processing

Authorisation of transactions is done on the
computer.
Absence of input documents.
Automatic processing of incorrect
transactions could occur.
Data is available for only a short time or

available only in computer format, resulting
Lack of visible transaction trails. in the data not being available at a future
date.
There is a lack of printed documentation,

which means that data must be examined in
Lack of visible output. computer format.
There is a possible lack of review.
There is a risk of unauthorised:

reading of data
Accessibility of data and processing of data
programmes.
changes to data by persons within/outside

the entity.
3.3 System design and processing aspects

Programming errors could lead to consequent
Consistency of processing. processing errors.
Programmed internal controls If the control is not functioning correctly, the

exercise automatic and consistent system is exposed to security risks of
control (e.g. passwords which unauthorised access.
control access).
Transactions automatically update An incorrect transaction which is captured

all files. could cause errors in various accounts.
Certain transactions are generated

System-generated transactions. automatically and authorised by the computer
without written documentary evidence.
Data and programmes are stored on disks,

Vulnerability of storage medium etc., which could easily be removed or
of data and programmes. damaged.
4 Risks specific to an on-line environment

Technology has transformed the Internet into an easily accessible and speedy super
highway, but unfortunately has brought with it more opportunities for criminals to
perpetrate fraud causing a significant cost to companies and their customers alike.
Examples of types of on-line threats that companies face nowadays are:
phishing
pharming
spyware, and
trojans and bots.

4.1 Phishing
One of the most common on-line scams is phishing. This is a scheme that uses a
seemingly legal e-mail to deceive a recipient into thinking that he is communicating with
a trusted company or government agency. The idea is to trick the victim into disclosing
sensitive financial information, like an identity number or bank account number, which
can be used to access his money. The strongest password can be stolen by phishing.
The goal of phishers (people who lure you into phoney financial sites on the Web in
order to steal passwords and account information) is simply theft, nothing more. They
succeed by primarily fooling their unsuspecting victims, rather than by exploiting flaws
in software.
4.2 Pharming
Pharming is a similar means of deception to phishing in which the user is lured into
making transactions on a phoney website that looks like the home of a legitimate
investment company. These sites typically ask for a lot more log-in information,
including identity numbers and credit card information, than a legitimate site to “verify”
the identity of the user
Pharmers rely on the same bogus websites as phishing and theft of confidential
information to perpetrate scams, but are more difficult to detect. The reason for this is
that pharming redirects victims to a bogus website even if they type the right web
address into their browser.
4.3 Spyware
Embedded sneakily on the hard drives of many computers, even those protected with
conventional antivirus software, are tiny unfriendly programmes variously called
spyware, malware or adware. Most are simply nuisances, triggering unwanted pop-up
advertisements or secretly changing your default web page so you will visit a specific
commercial site.
The most effective spyware programmes display no symptoms, so the computer user
is unaware of dirty tricks being secretly perpetrated while the machine is running. The
only sure way to discover if a machine is infected and to thoroughly cleanse it, is to run
an anti-spyware product. Spyware is technically a virus, but unlike most viruses its goal
is rather to steal data than destroy it. Spyware tracks the browsing of computer users or
triggers pop-up screens designed to make on-line sales. Spyware can enter a computer
in several ways; via freeware and shareware software, spam e-mail attachments or web
pages.

4.4 Trojan horses and bots
Typically a Trojan horse programme presents itself as useful software but is often the
first stage of an attack: the primary purpose is to stay hidden while downloading and
installing a stronger threat such as a bot.
Being short for robot, bots are some of the most sophisticated types of crime ware.
They are similar to Trojans, but earn their name by performing a wide variety of
automated tasks on behalf of cyber criminals in order to steal information from the
victim.
5 Controls in a computer information system environment
5.1 Introduction
Internal control in a computer information system (CIS) environment is achieved through
the implementation and maintenance of general controls and application controls (both
categories comprising user and programmed controls).
5.2 Framework of CIS controls

The controls in a CIS environment can be presented schematically as follows:
5.3 General controls

General controls comprise the controls over the development, implementation,
maintenance and operation of the overall computer system and computer environment.
The result of this is the maintenance of the integrity of the data and programmes and the
effective functioning of the computer system.
General controls have direct influence over the environment within which application
controls operate. A weak general control environment will most certainly be indicative
of various weak areas within application controls.
General controls, which are also referred to as computer environment controls, IT
controls or integrity and security controls, are listed below.
5.3.1 System development and implementation controls
Objective
System development refers to the development of a new computer system for the entity.
This could be a purchased package or a self-developed system (developed in-house or
by outside consultants). These controls are needed to ensure that systems are properly
and effectively developed and implemented.
5.3.1.1 Systems developed in-house

In-house controls are designed to ensure that a new system is authorised and designed in
an effective manner to meet the users’ needs and that the system is properly developed
and implemented.
Controls include:
(a) Project authorisation
The client should develop a system development plan which integrates with the
strategic business plan.
A steering committee should conduct a feasibility study and define the selection
criteria.
All new projects must result from requests by users or from management
requirements.
A feasibility study must be performed after considering:
whether to develop or purchase
recommendations
cost: benefit analysis in respect of
– hardware, software, operating costs, etc.

– benefits and income to be derived.
The project should be authorised after analysing users’ needs and performing proper
system analysis.
(b) Project management
Establish a team of management, users and computer staff to manage the project.
Implement stages of development of the program.
Assign responsibility of the definition of tasks:
definition of functions of programmers and system analysts
operations staff restrictions.
Prepare deadlines and milestones for each task and stage of the project.
Prepare a formal plan of action and development, including the scheduled time
scale, and details of site preparation and delivery testing.
Consult with auditors for specifications and audit trails that would be required.
Obtain written approval from management in respect of the stated requirements.
(c) Purchase of hardware and software
Obtain competitive quotes for hardware and support of the purchased hardware.
A “buy or develop”-decision must be based on evaluation of the ability of software
to run on the hardware configuration through testing of the software.
Financing considerations include whether to buy or lease, impact on cashflow,
whether the project has been correctly budgeted for, etc.
(d) Standards in respect of system development life cycle and
programming
Defining of proper standards will have to be applied in the development of each
phase of the project.
Compliance with standards will have to be monitored with deviations noted and
followed up.
(e) System specifications and programming
Predetermined standards in respect of system specifications and programming
should be complied with.
Programming and system development must be done on the programme library and
programmes must not have access to live data.
(f) Testing of the system
Every programme and system should be comprehensively tested before installation
and before any changes.
Programme coding of individual systems should take place through programme code
analysis, manual review and test data.
The entire system must be tested by system and programme analysts as well as the
users who will be working on the system to ensure that their specifications are also
incorporated into the system design.
Obtain management approval – testing by users and auditors before management
gives approval for implementation.
(g) Approval
Final approval only takes place after testing and correction of errors.
(h) Training
Train staff to use the new software package.
User manuals need to be prepared for staff.
(i) System documentation
Keep comprehensive documentation, including all changes that are made thereafter.
(j) Backups
Backups should be made of the system and stored off site.
(k) Conversion
See notes on controls during system conversion.
(l) Post-implementation review
A post-implementation review should be performed in order to assess the success of
implementation and to address any difficulties addressed.
(m) Long-term plans
Long-term plans should be drawn up to plan for future changes, upgrades, etc.
5.3.1.2 Packages

When purchasing a package, the user has little control over the specifications,
development and testing of the package. Emphasis is thus placed on determining
whether the package meets the users’ requirements. Control must also be exercised over
the implementation and testing of the package.
Controls include:
(a) Feasibility study
Perform a feasibility study to determine:
the users needs
specifications and requirements of available packages
costs (hardware, packages and documentation)
assistance and support by supplier
adaptability and expansion ability (scalability) of packages
the standing and reputation of the supplier.
Conclusions regarding the suitability of a package are supported by:
enquiry from other users of packages on aspects such as
facilities offered by the package
occurrence of errors
speed/effectiveness
ease of use
costs
testing of the package itself.
(b) Authorisation of the purchase of the package
The purchase should be approved by management, users and computer staff after the
results of the feasibility study have been studied and the recommendations have been
considered.
(c) Implementation
See the notes on controls during system conversion below.
Advantages of packaged programmes
immediate installation

pre-determined and relatively fixed cost, often cheaper
criteria reviewed at demonstration, before buying
lower risk
usually debugged and mostly error free
documentation sold with package
suppliers usually offer training
supplier support after installation
continual upgrading with new versions at reasonable cost.
Disadvantages
not tailor-made to organisation’s requirements
pre-written and thus not adaptable for changes
has to provide for all options and thus processing speed and storage not always
efficient
written to supplier’s standards
often written overseas, not catering for SA requirements, for example tax, VAT
manuals are often inadequate, and of low quality.
System conversion
Controls include:
(a) Planning the conversion
Prepare data and time schedules for conversion.
Determine cut-off points.
The conversion method must be defined (parallel, launch, direct).
(b) Preparation for conversion
Prepare files with standing data on the new system.
Balance files on the old system:
controls to ensure files/data are complete, accurate and valid
preparation of control totals for conversion.
Train staff in respect of the use of the new system.

Prepare the premises (uninterruptible power supply/air-conditioning, etc.)
Authorise data to be transferred.
(c) Controls over the conversion by the data control group
Competent senior management should supervise the conversion.
The auditors should also be involved during the conversion process.
(d) Testing of the system after conversion
Balance files on the new system with balances of files on the old system (control
totals).
Obtain a printout of converted data and compare this with source data/reports from
the old system.
Compare data run on the new system with information from the old system
(parallel/launch/modular).
Third parties are to confirm the validity and accuracy of data (e.g. debtors
circulations).
Follow up items on exception reports.
Users are to approve the new system.
(e) System documentation must be updated, namely system
flowcharts, system descriptions, operating manuals
(f) Backup of new system/files
(g) Post-implementation review to determine whether objectives have
been met by users, auditors and computer staff
System and programme documentation
Controls include
(a) Documentation must be fully maintained and updated after
changes to the system
(b) Documentation should comprise at least the following:
specification and approval thereof
application system documentation including specifications and logic diagrams/flow
charts

programme documentation including source codes
file documentation including file layouts
operations documentation
user documentation including operating instructions and manuals
documentation of testing
approval of the various phases.
(c) The purpose of the documentation is to:
record investigation, development and design of systems
provide a basis for communication between systems analysts and programmers
serve as a processing manual for users
serve as a source reference for systems analysts and programmers who were not
involved with the system at inception
assist with the review of and changes to the system
assist with training of staff
serve as a basis for evaluation of internal controls
5.3.2 System maintenance (system change controls)
Objective
System maintenance describes the changes to a system after implementation, with the
purpose of correcting errors or meeting the changing needs of users. Controls must exist
to ensure such changes take place in an authorised and effective manner.
Controls include
(a) Requests for changes to the system
Written requests are to be submitted on standard pre-numbered change request
forms.
Requests should be recorded in a register and regularly followed up.
(b) Only authorised changes should be made
Divide duties between systems analysts, programmers and users.
Change forms should be authorised in writing by the:
CIS manager in respect of changes to the operating system
CIS manager and user manager in respect of changes to application software.
Important/significant changes should be authorised by the computer steering
committee.
The CIS manager should check the logs of programme changes and reconcile this
information to authorised programme change forms.
(c) Compliance with standards for any changes that are made
Comply with predetermined standards for systems development and programming
(d) Controls over programme changes
The CIS manager should prioritise requests for changes according to importance.
Regular comparisons should take place between requests and completed changes to
identify outstanding requests.
(e) Testing and final approval
Testing of changes is done by the programmers and users, who all sign the change
request forms as proof of satisfaction.
Users are to review and authorise every phase of the development or change.
Management is to authorise every phase of the development or change.
(f) Changes are made to test versions of programmes and not the live
versions.
(g) Changes to the system should be fully documented and all systems
documentation should be modified accordingly.
(h) Changes to production programmes should be backed up and
stored in the programme library.
(i) Training of users in respect of the use of the updated
programmes.
(j) Post-implementation review must take place.
5.3.3 Organisational and management controls
Objective
These are controls to establish an organisational framework over the CIS activities and
to ensure that the basic principles such as division of duties, review and virus
protection are met.
Controls include:
(a) Levels of responsibility
Assign the reporting responsibility to the CIS manager to senior management.
(b) Division of duties
This must be done to ensure that the computer department does not have incompatible
functions.
(c) Management
The computer department must be represented on management.
(d) Supervision and review
This is to be undertaken by the CIS manager regularly.
(e) Staff practices
Employ quality staff members who are adequately trained and supervised.
5.3.4 Access controls to data and programmes
Objective
Programme security: These are controls to prevent unauthorised changes to
programmes which process data. Controls are necessary for programmes in use
(accessible through the system) or not in use (stored away from the computer).
Data file security: These are controls to prevent unauthorised changes to data
(standing as well as transaction data). Controls are needed for both data files in use,
as well as for those not in use.
Access controls are specifically designed to prevent and detect:
unauthorised access to on-line terminals, programmes and data
input of unauthorised transactions
unauthorised changes to data files
the use of company programmes by unauthorised persons, and
the use of unauthorised programmes.
5.3.5 Computer operating controls
Objective
These are procedures to control the operation of the system and to ensure that the
programmed procedures are applied correctly and consistently during the processing of
data. These comprise the functions performed by the operating system as well as the
users.
Controls include:
The definition of the duties of the data processors is to be defined.
Processing is regularly reviewed and exceptions are investigated and corrected.
The set-up and execution of programmes are done by competent people who are
adequately assisted and supervised.
Use the correct programmes.
Use the correct data files.
Operating procedures must be monitored and reviewed.
Sufficient recovery procedures must be in place.
5.3.6 System software controls
Objective
These are procedures to ensure control over programmes which do not process data
(e.g. the operating system, access control programmes, utilities, etc.) to ensure that they
are obtained or developed and maintained in an authorised and effective manner and
that access to system software is limited.
Controls include:
Acquisition, development of and changes to system software are controlled as
described under system development controls.
Adequate security has been implemented over the system software.
The database systems are supervised and reviewed.
Networks are supported and have adequate access controls.
5.3.7 Business continuity controls
Objective
These are controls to ensure the continuity of processing, by preventing system
interruption or keeping this to a minimum.
Controls include:
The physical environment is secure.
There is adequate protection from the elements.
An emergency plan and disaster recovery procedures are in place:
established procedures, that have been documented and tested, are in place in
the event of disasters
list of data and programme files to be recovered in the event of a disaster has
been prepared.
Backups of data files are done regularly.
5.4 Application controls

5.4.1 Definitions
This is a set of procedures and programmes

which is designed for performing specific
Application programme functions for the different applications (e.g.
wages, purchases and creditors, sales and
debtors, etc.).
These are controls over the input, processing and
output of financial information to ensure that it is
Application controls
valid, complete and accurate. They consist of
user controls and programmed controls.
These are controls which are manually
performed by users, (e.g. batch controls,
User controls reviewing of exception reports, performance of
reconciliations, authorisation of transactions,
etc.).
These are logical controls which are contained
in the application programme codes and
performed by the computer.
Examples of programmed controls include:
Programmed controls
edit and validation checks
run-to-run balancing
file balancing, etc.
Files which are used to store the information of
Transaction files
individual transactions (e.g. sales transactions).
Files used to store standing data and balances
(e.g. in respect of debtors):
Master files names, addresses, credit limits
outstanding balance, etc.
5.5 Objective of application controls

The objective is to ensure the validity, completeness and accuracy of transactions. The
control objectives are achieved through:
user or human controls (e.g. segregation of duties, supervision, review, etc.)
programmed controls (e.g. matching of data fields by the computer, passwords, etc.).
6 Computer-assisted audit techniques
6.1 Definition
Computer-assisted audit techniques (CAATs) are the computerised functions used by the
auditor in his performance of the audit procedures and collection of audit evidence.
6.2 Methods of computer-assisted audit techniques

6.2.1 Audit software
These are computer programmes used by auditors as part of their audit procedures in
order to obtain and analyse important client data.
They could comprise:
Off-the-shelf packages: These are general-usage programmes which read data files,
process data, select data, perform calculations, create files and print reports for use
by the auditor.
Purpose-written packages: These are programmes written for a specific purpose.
They can be written by the auditor, the entity or outside parties appointed by the
auditor.
6.2.2 Test data
This comprises the creation of fictitious data by the auditor, which includes valid and
invalid transactions and which is then captured on the client’s computer system for
processing. The result of the processed items is then checked by the auditor against his
results.
6.2.3 Control and reprocessing
This comprises the processing (or reprocessing) under the auditor’s supervision of
selected transactions. The programme is first checked by the auditor and the processing
is aimed at testing the functioning of the programmed controls.
6.2.4 Programme code analysis
This comprises the investigation of the programme coding of the production
programmes to ensure that the necessary programmed controls are present and that the
programme is coded correctly.
6.2.5 Simulation
This involves processing client data on the auditor’s simulated programme and
comparing his own results with the client’s results.
7 Questions

You are at the audit of one of your biggest clients. Below is the description of their
computer system.
The client uses Pastel accounting software for recording their transactions. The
system edits, processes and writes transactions to a computer file. The problem
however is that a single transaction affects various accounts. The holding company and
subsidiaries use a wide area network (WAN) to communicate, therefore it is possible
for an employee to obtain information regarding the inventory on hand, across the
country.

(a) Name and describe the different methods of computer-assisted audit techniques that
you could use to obtain audit evidence. (8)
(b) Define a WAN. (2)
(c) Identify the computer system described above and substantiate your answer by
describing the characteristics of such a system and discussing the advantages of
such a system. (8)

Ms Bells achieved her lifelong dream when she opened her own restaurant, Complex
49, in partnership with the love of her life, only known to most as “Jingles”.
The restaurant has been open for 22 months and has proved to be very popular.
Ms Bells has expressed interest in computerising her business. She has identified the
Pastel Point of Sale software package as being the most appropriate to the restaurant’s
needs. She has also indicated that she is planning to replace the current cash register
with a computer terminal linked to a cash drawer and to install a terminal in her office
which will be used for recording all other accounting activities. Initial enquiries about
the software have shown that it is a reliable package with adequate access control
features.
Ms Bells is not familiar with computerised information systems and is therefore not
quite sure what to expect. She was hoping that you could assist her. She also made the
following statement: “I have an understanding of access controls that affect me on a day-
to-day basis, like keeping my PIN number safe, but could you run through access
controls in a work environment and just remind me regarding password controls.”

(a) Discuss the controls that you would have expected to find during the development
and implementation of the new Pastel Point of Sale software system. (15)
(b) State what advice you would offer to Ms Bells regarding controls which should be
implemented so that the restaurant will be prepared in the event of any disasters
occurring in the future. (10)
(c) Provide Ms Bells with a list of common password controls. (8)
Presentation 2
Query 1 5 MARKS
You are a computer expert who advises people on computer-related queries in
commerce. You have recently received a query from one of your clients who suffered a
large financial loss due to her internet banking information being stolen. She wants to
know:
what kind of attack/s she was subject to
what the characteristics of this/these kinds of attack/s are, and
how to avoid falling prey to such an attack again in future.

Address each of the questions your client posed to you above. (5)
Query 2 10 MARKS
You are an auditor working in public practice. You are known to be the authority on
ensuring that unauthorised persons do not gain unauthorised access to a computerised
operating system. Your client operates various branches across the country and all
branches are linked to the central database. Your client has recently been subject to
unauthorised access to their system via the internet and wants to implement controls to
ensure that this event does not repeat itself in future.

(a) Advise your client as to what controls you would recommend to ensure that they
are not subject to unauthorised access to their system again. (6)
(b) Identify the type of network that your client is running, one characteristic that aided
you in identifying this system and a few risks that stem from having this type of
network. (4)
Query 3 20 MARKS
You are an auditor employed by Kush Padia Incorporated (hereafter KPI), a highly
successful audit firm with a multitude of large JSE-listed clients. Your boss, Kush
Padia, is a highly respected CA(SA) in public practice and his public talks and lectures
on auditing are known to be incredibly enjoyable and insightful. Mr Padia just secured a
client, BluBerry Ltd, who would like to engage with KPI in a non-audit capacity for the
period 01 August 20X11 to 27 September 20X11. BluBerry Ltd is currently the largest
provider of smartphones in South Africa.
BluBerry Ltd is in the process of deciding to develop a computer system themselves
as none of the systems currently available off the shelf meet their needs. The computer
system would need to handle sales made by BluBerry Ltd as their smartphone handsets
are proving to be very popular and their current system lacks the capacity to manage the
volumes of sales currently being made.
BluBerry Ltd would like KPI to oversee and suggest controls over this process of
developing the system to ensure that the process runs smoothly.
BluBerry Ltd would also like to ensure that should the system crash, they would be
able to continue operating as a going concern.

(a) List the general controls that you would expect BluBerry Ltd to have in place in
their computer information systems. (7)
(b) List the controls that you would have to ensure are in place at BluBerry Ltd during
the system design and implementation phase that you will be assisting them with.(13)

7
Engagement activities
Reference Title
ISA 210 Agreeing the terms of audit engagements
1 Introduction
Every audit firm should have policies and procedures in place for the acceptance of
new clients and the continuance as auditors for existing clients.
The reason an audit client should be carefully selected is to ensure that the audit firm
does not take on:
unnecessary risky clients, or
clients to whom it is not in a position to provide a professional service.
1.1 Risks to the audit firm of unacceptable clients

The audit firm should select its client carefully to limit the following risks and
exposures:
1.1.1 Legal liability
This will result from lawsuits against the audit firm as a result of company failures
which are somehow seen as audit failures.

1.1.2 Reputational damage
This stems from negative publicity and damage to the audit firm’s good name and
reputation by being associated with a specific client.
This might result from company failures, clients’ involvement in illegal and unlawful
activities, etc.
1.2 Regulatory and ethical considerations

The auditor should take on a client only if all the ethical and professional requirements
have been met. Failing to comply with the relevant Institutes’ and Professional and
Statutory Bodies’ (e.g. IFAC, SAICA, Independent Regulatory Board for Auditors, etc.)
Codes of Professional Conduct, and the ISAs might result in disciplinary action,
penalties and even suspension from public practice.
1.3 Providing a quality audit

Auditors should take on an engagement only if they have the skills, competence and
necessary staff to provide an effective and efficient audit.
2 Obtaining of engagement acceptance information
2.1 New clients

The auditor normally obtains information of a general nature from a wide range of
sources to evaluate and screen a new prospective client.
The sources available to the auditor include:
communication with previous or existing auditors
enquiry of client personnel (boards, audit committees, management), etc.
enquiry from third parties, for example bankers, lawyers
enquiry from other auditors with similar clients in the industry
press and media coverage of the client
background searches of relevant databases.
The above information will be used to screen a new client and to consider whether or
not to accept the engagement.
2.2 Existing clients

When considering continuing as auditors for existing clients, the auditor would normally
be in a good position to have access to all the information required. This will normally
be available from the current or previous years’ audit files.
The auditor should consider whether any changes occurred with regard to the client
that might affect his ability to continue as the auditor, for example:
take-overs and mergers, resulting in conflict of interest with other clients
factors affecting the auditor’s independence (e.g. family and friendships, which
apply to new appointments, etc.)
change in owners or shareholders, resulting in additional risks, etc.
3 Engagement activities
3.1 Performing a client investigation/client screening

3.1.1 Considering the independence of the auditor
The auditor will need to consider his independence with regard to the client.
The auditor will need to give consideration to aspects that are or could be seen as
threats to his independence. Such factors are prescribed in the Code of Professional
Conduct.
3.1.2 Considering the integrity of the client
This entails considerations to determine whether the risk attached to the appointment is
at such a level that one may accept the appointment or continue with it.
Matters that the firm considers include, for example:
the identity and business reputation of the client’s principal owners, key
management, related parties and those charged with its governance
the nature of the client’s operations including its business practices
information concerning the attitude of the client’s principal owners, key management
and those charged with its governance towards such matters such as aggressive
interpretation of accounting standards (to ensure maximum financial performance)
and the internal control environment
whether the client is aggressively concerned with keeping the audit firm’s fees as
low as possible
indications of an inappropriate limitation in the scope of work

indications that the client might be involved in money laundering or other criminal
activities
the reasons for the proposed appointment of the firm and non-reappointment of the
previous firm.
The extent of knowledge a firm will have regarding the integrity of a client will
generally grow within the context of an ongoing relationship with that client.
3.1.3 Considering changes in the entity for existing clients
Consider changes in circumstances with regard to clients which may influence the
auditor’s ability to continue with the engagement. This might result from such issues as
changes in owners or management, problems encountered during previous audits, etc.
3.1.4 Considering information from communication with the previous auditor
In terms of the Professional Code of Conduct the auditor should:
ask the client whether the existing auditors were informed of the intention to replace
them
ask whether the existing auditors were given permission to discuss the client’s
affairs with the new auditor
obtain the client’s permission to contact the existing auditors and make enquiries
regarding any professional reasons not to accept the engagement
not accept the engagement if the client refuses to give permission, unless there are
good reasons for the refusal.
3.2 Determining the skills and competence requirements for the

engagement
In considering whether the firm has the capabilities, competence, time and resources to
undertake an engagement for a new or an existing client, the firm reviews the specific
requirements for the engagement partner and staff profiles at all relevant levels. Matters
the firm considers include whether:
firm personnel have knowledge of relevant industries or subject matters
firm personnel have experience with relevant regulatory or reporting requirements
or the ability to gain the necessary skills and knowledge effectively
the firm has sufficient personnel with the necessary capabilities and competence
experts are available, if needed

whether the audit deadline can be met.
3.3 Establishing the terms of the engagement

All new engagements and changes in existing engagements (or additional work) have to
be confirmed in writing through an engagement letter. This establishes a contractual
relationship and should remove any misunderstanding that may exist.
4 Engagement letters (ISA 210: “Agreeing the terms of

audit engagements”)
Introduction 1–5
Preconditions for an audit 6–8
Agreement on audit engagement terms 9–12
Recurring audits 13
Acceptance of a change in terms of the audit engagement 14–17
Additional considerations in engagement acceptance 18–21
Appendix: Examples of an audit engagement letter A1–A37
4.1 Purpose of engagement letters

Engagement letters should be issued for both audit engagements and other services to
avoid any misunderstandings between the client and the auditor with respect to the
engagement. They document the auditor’s acceptance of the engagement, his
responsibilities to the client, the objective and scope of the audit and the format of any
reports. An engagement letter is therefore a contract between the client and the auditor,
detailing the services to be rendered by the auditor.
4.2 The issue of engagement letters

An engagement letter should be issued for each audit engagement or related services.
For recurring audits the letter need not be issued each year unless the auditor finds:
indications that the client does not understand the objective and scope of the audit
that special or significant changes occurred in the terms of the engagement
that changes in management or the board took place
that material changes took place regarding the nature and scope of the client’s
business activities
that changes in legislation occurred that may affect the audit
that changes might have occurred in the financial reporting framework as well as
changes to other reporting requirements.
4.3 Contents of engagement letters

Engagement letters must:
be written on a letterhead, be addressed, and contain an introductory paragraph
confirming the acceptance of the engagement
differentiate between audit, accounting and other services being rendered
contain the following required information
objective of the audit and the performance of work without restrictions
the management’s responsibility for the financial statements
the scope of the audit:
– reference to ISAs and the definition of an audit and audit tests
– the audit tests to be performed
format and contents of reports
management’s responsibility for internal controls
detection of misstatements (errors/fraud)
responsibility in terms of branches/divisions
contain the following additional information
reporting to management
representations by management
– arrangements in respect of documents to be issued with the financial
statements
fees
acknowledgement of receipt
contain the following additional information where applicable
arrangements in terms of the audit of subsidiaries (other auditors)
arrangements in terms of internal auditors
the first audit engagement – arrangements in respect of the previous auditor
a limitation of the auditor’s liability where applicable
other agreements/services rendered
arrangements in terms of planning the audit
be signed and dated.
5 Questions

There is a clear distinction between pre-engagement activities and planning. Prior to
accepting any new client, procedures need to be performed to evaluate the client.

(a) Briefly describe pre-engagement activities. (4)
(b) State the objective of conducting “pre-engagement activities”. (2)
(c) Explain why an auditor might decide not to accept a prospective client.
(6)

You are a member of your audit firm’s quality control committee. You have to address
third-year article clerks attending a management workshop with the aim of being
promoted to assistant manager on completion of their traineeship. You have to explain to
them the importance of engagement activities.

(a) Discuss the risks that unacceptable clients pose to an audit firm. (4)
(b) Discuss the purpose of engagement letters. (4)
(c) List the factors that would result in a new engagement letter being issued for
recurring audits. (4)
QUESTION 7.3
20 MARKS
You are the lead engagement partner of a small audit firm named Pen Inc. Your office is
situated in Glenvista, South Africa. You were recently contacted by a Mr Al Capone, the
MD of an unlisted conglomerate, MOB (Pty) Ltd. He requested you to be their new
auditors for the current year. During your conversation Mr Capone said the following:
“We believe you know how to keep your clients happy (you believe he referred to
your high degree of quality in your work), that’s why we want you to be the
familio’s (you understood this as Mr Capone’s affection to his company as if it
were his real family) new auditor. You scratch our back, we scratch yours. (He
offered you triple what you normally charge per audit.)
“We had … What can we call them …? Some problems with the previous
auditors. We disagreed … so we had them taken care of … Capish?
“The auditors resigned to go swim with the fishes … ” (You understood this as
the auditors are taking an extended holiday at the beach.)
Upon reading MOB’s previous year’s annual report and system documentation, you
came to understand the following:
MOB’s head office is in Sicily, Italy.
MOB consists of
three cash-only laundromats spread across Italian cities
an alcohol import company, importing from the USA, Russia and Cuba
two Italian restaurants where all MOB’s directors eat free of charge.
MOB is entangled in litigation regarding assault charges and bribery, but believe
this is not a concern as the judge has never found MOB guilty of any claim put
against it before.
MOB uses an extensively integrated computer system, including on-line
transactions, back-to-back trading and e-commerce links with the government,
attorney offices and the local police.
By analysing MOB’s prior-year financial results, your conclusion is that MOB is in a
financially strong position, with very little financial risk. You have also tried repeatedly
to contact the previous auditors but have as yet not been successful. It is as if they have
disappeared into thin air.

Discuss what your considerations should be before accepting the audit engagement of
MOB (Pty) Ltd.
List you answer under the following three main headings:
Perform client investigation
Determine skills and competence
Establish terms of the engagement (20)

8
Planning the audit
Reference Title
Overall objectives of the independent auditor and the conduct of an
ISA 200
audit in accordance with the International Standards on Auditing
Indentifying and assessing the risks of material misstatement
ISA 315
through understanding the entity and its environment
ISA 320 Materiality in planning and performing an audit
ISA 330 The auditor’s responses to assessed risk
ISA 450 Evaluation of misstatements identified during the audit
1 Introduction
Planning the audit is not a discrete phase of the audit, but rather a continuous process
that often begins after accepting the audit engagement for new clients, or shortly after
completing the current audit engagement for existing clients.
1.1 Extent of planning

The extent of planning will vary according to the size of the business, the complexity of
the audit and the auditor’s knowledge and experience of the entity.
1.2 Benefits of planning

The auditor has to plan the audit effectively so that:
appropriate attention is devoted to important areas of the business
potential problem and risk areas are identified on time
audit work is completed expeditiously
work is properly delegated to assistants
work performed by other auditors and experts is properly co-ordinated.
1.3 Person responsible for planning the audit

The audit should be planned and the audit strategy finalised by a person or persons with
the relevant knowledge, skills and experience. This would normally be
somebody at a senior level of the key engagement team members (e.g. an audit
senior or manager/partner)
the engagement partner, who should approve the overall audit plan.
1.4 Professional scepticism

The auditor should plan the audit with an attitude of professional scepticism.
At all times during planning the audit, the auditor should recognise that:
circumstances may arise that may cause the financial statements to be materially
misstated
circumstances may arise during the audit that might result in the need to change the
overall strategy for the scope and conduct of the audit and the approach to the
planned procedures.
1.5 Discussion of the audit plan with the client

The auditor may discuss elements of the audit plan with those charged with governance
and the entity’s management. This decision may be part of the overall communication or
may be made to improve the effectiveness and efficiency of the audit.
Aspects to discuss will include, but not be limited to:
the general approach to and the overall scope of the audit
any limitation to the audit
co-operation with and use of the client’s staff (e.g. internal audit staff)
administrative issues (e.g. timing of visits, etc.).
However, the audit plan remains the responsibility of the external auditors.
2 Steps in the planning process (ISA 300: “Planning an

audit of financial statements”)
Content Paragraph(s)
Introduction 1–4
Involvement of key engagement team members 5
Preliminary Engagement Activities 6
Planning Activities 7–11
Documentation 12
Additional considerations in initial audit engagements 13
2.1 Obtaining an understanding of the entity and its environment (ISA

315: “Identifying and assessing the risks of material misstatement
through understanding the entity and its environment”)
Introduction 1–4
Risk assessment procedures and related activities 5–10
The required understanding of the entity and its environment, 11–24
including the entity’s internal controls
Identifying and assessing the risks of material misstatement 25–31
Documentation 32
Application and other explanatory material A1–A 134
2.1.1 Objective with obtaining of knowledge on the entity and its environment
The auditor should obtain sufficient understanding of the entity and its environment,
including its internal controls, to enable him to identify and assess the risk of material
misstatement of the financial statements whether due to fraud or error, and to design and
perform further audit procedures. Although the assessment of the business risks within
an organisation is the responsibility of management, an auditor would definitely identify
and evaluate these risks as part of obtaining knowledge of the entity and its environment
(which is fully discussed in paragraph 2.1.3). As part of the risk assessment procedures
for an entity, the auditor must obtain an understanding of whether the entity has
processes in place for:
identifying business risks relevant to the financial reporting objectives
estimating the significance of risks
assessing the likelihood of their occurrence, and
deciding about actions to address those risks.
2.1.2 Reason for and value of obtaining an understanding of the entity and its
environment
The knowledge helps to:
plan the audit
exercise professional judgement when assessing the risk of material misstatement
respond to identified risks, for example, when:
setting materiality
considering the appropriateness of accounting policies
identifying special audit consideration areas, for example:
– related policy transactions
– the appropriateness of the going concern
– the business purposes of transactions
– developing expectations for analytical review purposes
– designing audit procedures (test of controls and substantive procedures)
– evaluating the sufficiency and appropriateness of audit evidence.
2.1.3 Procedures to obtain knowledge of the entity and its environment
The procedures performed by the auditor to obtain information on the entity and its
environment, including its accounting information system and internal controls, in order
to identify and assess the risks of material misstatement due to fraud or error at the
financial statement or the assertion level are called RISK ASSESSMENT
PROCEDURES.
Risk assessment procedures consist of:
enquiries of management and others within the entity
management and those charged with governance
those responsible for financial reporting
internal audit personnel
personnel involved in initiating, recording and processing complex transactions
internal legal council
marketing and sales personnel
analytical procedures
helpful in identifying the existence of unusual transactions or events, amounts,
ratios, trends, etc.
observation and inspection
observations of the entity’s activities and operations
inspection of documents (such as business plans and strategies), records and
internal control manuals
reading reports prepared by management (such as quarterly management reports,
minutes of meetings), etc.
visits to the entity’s premises
tracing transactions through the system (walk-through tests).
When using information of prior periods (e.g. prior year audit files) the auditor should
consider changes that took place that could affect the relevance and reliability of
evidence obtained.
2.1.4 Aspects about which to obtain an understanding
(a) External factors
Industry conditions
the market and competition, including demand, capacity and price competition
cyclical or seasonal activity
product technology relating to the entity’s products
energy supply and cost.
Regulatory environment

accounting principles and industry specific practices
regulatory framework for a regulated industry
legislation and regulation that significantly affect the entity’s operations
taxation
government policies currently affecting the conduct of the entity’s business:
– monetary, including foreign exchange controls
– fiscal
– financial incentives
– tariffs, trade restrictions
environmental requirements affecting the industry and the entity’s business.
Economic factors
general level of economic activity (e.g. recession, growth)
interest rates and availability of financing
inflation and exchange rates.
(b) Internal factors (entity)
Business operations
nature of revenue sources
products or services and markets (for example, major customers and contracts,
reputation of products, warranties, etc.)
alliances, joint ventures and outsourcing activities
involvement in electronic commerce, including Internet sales and marketing
activities
geographic dispersion and industry segmentation
location of production facilities, warehouses and offices
key customers
important suppliers of goods and services
employment (e.g. by location, supply, wage levels, union contracts, pension and
other post employment benefits).
Investments
acquisitions, mergers or disposal of business activities
investments and dispositions of securities and loans
capital investment activities
investments in non-consolidated entities, including partnerships, joint ventures
and special purpose entities.
Financing
group structure: major subsidiaries and associated entities
debt structure, including covenants, restrictions, guarantees and off-balance-
sheet financing arrangements
leasing of property, plant or equipment for use in the business
beneficial owners (local, foreign, business reputation and experience)
related parties
use of derivative financial instruments.
Financial reporting
accounting principles and industry specific practices
revenue recognition practices
accounting for fair values
inventories (locations, quantities)
foreign currency assets, liabilities and transactions
industry-specific significant categories (e.g. loans and investments for banks)
accounting for unusual or complex transactions (e.g. accounting for stock-based
compensation)
financial statement presentation and disclosure.
(c) Financial and related business risk
Objectives, strategies and related business risks
industry developments
new products and services
expansion of the business
new accounting requirements
regulatory requirements
current and prospective financing requirements
use of information technology (IT)
implementing new strategies that would lead to new accounting requirements
Financial conditions and financial performance
key ratios and operating statistics
key performance measures and incentive compensation policies
trends
use of forecasts, budgets and variance analysis
analyst reports and credit rating reports
competitor analysis
period-on-period financial performance (revenue growth, profitability,
leverage).
2.1.5 Identifying and assessing the risk of material misstatement
In the process of identifying and assessing the risk of material misstatement the auditor
must identify risks at:
the financial statement level, and
the assertion level for classes of transactions, account balances and disclosure
to provide a basis for designing and performing further audit procedures.
2.2 Obtaining an understanding of the accounting information and

internal control system (ISA 315)
2.2.1 Definitions
The functions by which the entity’s transactions are

Accounting system processed as a means of maintaining the accounting
records.
The policies and procedures adopted by the management
of an entity to assist in achieving of management’s
objectives ensuring the orderly and efficient conduct of
the business.
Specifically:
adherence to management policies
Internal control system
safeguarding of assets
prevention and detection of fraud and errors
accuracy and completeness of the accounting records
timely preparation of reliable financial information.
2.2.2 The extent of the internal control system

(a) The control environment
This comprises the overall attitude, awareness and actions of the directors and
management regarding the internal control system and the importance thereof for the
entity.
The elements of the control environment comprise:
the functions of the board and its committees
the management’s philosophy and operating style
the entity’s organisational structure and responsibility levels
management’s control systems, including internal audit, personnel practices and
segregation of duties.
(b) Internal control procedures
This consists of the policies and procedures instituted by management to achieve the
entity’s objectives. Specific procedures include the following:
reconciliations, reporting, reviewing and approving
checking of arithmetic accuracy of records
general and application controls of computerised systems
control accounts and trial balances
stationery control
comparing of internal data with external sources
comparing physical assets with recorded assets (stock counts, cash count, etc.)
limiting access to assets and records
budgetary control

etc.
2.2.3 Value to the auditor of understanding the accounting information and
internal control system
In the audit of financial statements the auditor is concerned with only those policies and
procedures within the accounting and internal control system that are relevant to the
financial statement assertions.
The understanding of the accounting and internal control systems will help the auditor
to understand the control risk and develop appropriate audit procedures accordingly.
2.2.4 Obtaining an understanding of the accounting information and internal
control system
The auditor should obtain an understanding of the:
accounting information system
control environment
control procedures.
The source of information for this can be:
a system walk-through test
enquiry of management
inspection of documents
observations
internal control questionnaires
prior year’s working papers
etc.
The auditor’s understanding of the accounting information and internal control system
and its effect on his audit approach can be illustrated as follows:

2.2.5 IT (computer) risks and internal controls
IT also poses specific risks to an entity’s internal controls and accounting system. This
includes the following (also refer to chapter 6):
Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
Unauthorised access to data that may result in the destruction of data or improper
changes to data, including the recording of transactions. Particular risks may arise
where multiple users access a common database.
The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties and thereby breaking down segregation of duties.
Unauthorised changes to data in master files.
Unauthorised changes to systems or programs.
Failure to make necessary changes to systems or programs.
Inappropriate manual intervention over programmed controls (e.g. overriding

system controls).
Potential loss of data or inability to access data as required.
2.3 Identifying and assessing audit risk (ISA 315)
Introduction 1–4
The required understanding of the entity and its environment, 11–24
including the entity’s internal controls
Identifying and assessing the risk of material misstatement 25–31
Documentation 32
2.3.1 Meaning and components of audit risk

“Audit risk” is the risk that the auditor expresses an inappropriate audit opinion on the
financial statements that are materially misstated. First of all, this relates to the risk of
misstatement. The risk of material misstatement consists of a combination of the
inherent risk that fraud and errors may occur, and the risk that the internal controls
would fail to prevent or detect the risk (control risk).
Inherent and control risks are independent of the auditor and are referred to as entity
risk.
The risk that the auditor will not detect such misstatements exists due to detection
risk. Detection risk relates directly to the auditor’s detail-testing or substantive
procedures.
(a) Inherent risk
“Inherent risk” is the susceptibility of an assertion to misstatement that could be
material, individual or when aggregated with other misstatements, assuming that there
are no related internal controls.
Inherent risk stands independent from the auditor and relates to the client’s
circumstances and operating activities.
Factors that affect the inherent risks that the auditor needs to consider:
At the financial statement level:

the integrity of management
management experience and knowledge, and changes in management during that
period
unusual pressure on management
the nature of the entity’s business
factors affecting the industry.
At the account balances and class of transactions level:
accounts susceptible to misstatement
complexity of transactions and the use of experts
the degree of judgement involved in determining account balances
susceptibility of assets to loss or misappropriation
the occurrence of unusual or complex transactions, particularly close to year-end
transactions not subjected to routine processing.
(b) Control risk
“Control risk” is the risk that a misstatement that occurs in an assertion and that could be
material, individual or when aggregated with other misstatements will not be prevented
or detected and corrected on a timely basis by the accounting and internal control
systems.
The control risk is directly dependent on the effectiveness of the client’s internal
control system. When there are weaknesses in the internal control system, a high risk of
material misstatement exists (that errors and fraud can occur) that will result in the
financial statements’ being materially misstated.
Method to assess control risk

The following apply to the methods used:
The auditor assesses the control risk by performing tests of controls to obtain audit
evidence about the effectiveness of:
the design of the accounting and internal control system (i.e. whether or not it is
suitably designed to prevent or detect material misstatements)
the operation of the internal controls through the period of reliance.
Tests of controls consist of inspection, observation, enquiry, recalculation and
performance.
(c) Detection risk
“Detection risk” is the risk that an auditor’s substantive procedures will not detect a
misstatement that exists in an assertion that could be material, individual or when
aggregated with other misstatements.
The auditor limits his detection risk by performing substantive procedures to limit the
risk of material misstatements. Substantive procedures consist of:
detail testing of transactions and balances
analytical procedures.
Detection risk is a function of the effectiveness of an auditor procedure and its
application by the auditor. Detection risk may arise because the auditor
selects an inappropriate audit procedure
misapplies an appropriate audit procedure
misinterprets the results of a test.
These possibilities must all be reduced to the minimum.
Detection risk, however, has an inverse relationship to the combined level of inherent
risk and control risk, for example when inherent and control risk are assessed as HIGH,
the acceptable level of detection risk must be LOW so as to reduce the overall audit risk
to an acceptable low level.
(d) Relationship between risks
Audit risk (AR) = Inherent risk (IR) × Control risk (CR) × Detection risk (DR)
The inherent and control risks stand independent from the audit, while the detection
risk is directly related to the auditor’s substantive procedures. Unlike inherent and
control risk that the auditor has no control over, detection risk is controllable by the
auditor.
The control risk and the inherent risk directly influence the nature, timing and extent
of the auditor’s substantive procedures. This means that the auditor can get the
nature, timing and extent of audit procedures right, thus reducing the risk of failing to
detect the misstatements which you expect.
Regardless of the levels of inherent and control risk, the auditor should always
perform some substantive procedures on material balances and classes or
transactions.
The higher the inherent and control risks, the more audit evidence the auditor should
obtain from the performance of substantive procedures to limit his audit risk. The
lower the inherent and the control risk is, the less substantive procedures the auditor
would have to perform and the more analytical procedures the auditor can perform.
Please note there is always some form of substantial procedures that have to be
performed.
Audit risk = Inherent risk (High) × Control risk (High) × Detection risk (Low)
Audit risk = Inherent risk (Low) × Control risk (Low) × Detection risk (High)
2.3.2 Factors that influence audit risk

When assessing audit risk at the financial statement level and at assertion level, it is
imperative for the auditor to keep in mind that there are various indicators and factors
that influence the audit risk either positively or negatively, and that all these factors
should be assessed in totality.
For example: A client that operates in a cash sales only environment, might have a
high inherent risk of theft that could increase the audit risk of the client at the overall
financial statement level as well as at the assertion level of sales.
Factors such as the integrity of management, staff appointment and screening
procedures, and the safekeeping and handling of the cash could all decrease the above-
mentioned inherent risk that would also lead to a reduction in the overall audit risk.
2.4 Setting of materiality (ISA 320: “Materiality in planning and

performing an audit”; ISA 330: “The auditor’s response to
assessed risks”; ISA 450: “Evaluation of misstatements identified
during the audit”)
Introduction 1–9
Determining materiality and performance materiality when 10–11
planning the audit
Revision as the audit progresses 12–13
Documentation 14
2.4.1 Definition of materiality (framework for the preparation and presentation

of financial statements)
Information is considered material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the omission or error in the given circumstances
and thus provides a threshold or cut-off point against which the usefulness of
information is measured.
2.4.2 Interrelationship between materiality and audit risk
The auditor should consider materiality and its relationship with the audit risk, namely:
the higher the audit risk, the smaller the amount of materiality will be set to
compensate for this
the lower the audit risk, the higher the amount of materiality could be set, because
the chances are few that material misstatements could occur and go undetected.
2.4.3 Planning materiality
Planning materiality is a provisional judgement of materiality and is normally quantified
to help the auditor in determining the nature, timing and extent of the audit procedures to
be performed. Planning materiality is set in the planning phase of the audit and
percentages are often applied to a chosen benchmark as a starting point for the
calculation.
The following indicators are generally used in practice to base materiality on:
Turnover ½ – 1%
Gross profit 1 – 2%
Net income 5 – 10%
Total assets 1 – 2%
Equity 2 – 5%
The auditor needs to base materiality upon the most appropriate criteria for the entity
that will provide a stable basis. It can be a single indicator or a combination of
indicators, but should best reflect the operations of the entity. When selecting an
indicator, the auditor should also consider the accuracy with which the items can be
calculated.
Because planning materiality gets determined before the final financial statements
have been compiled, the calculations are normally based on:
estimates or provisional information
budgets or forecasts
interim financial information
information from prior periods
current-year unaudited information.
When assessing planning materiality, the auditor should consider the following:
the amount (quantitative) and nature (qualitative) of misstatements
materiality at the overall financial statement level as well as in relation to the
individual account balances, classes of transactions and disclosure
misstatements individually and in aggregate.
Other qualitative factors that would also need to be considered include:
the control environment of the audit client
effectiveness of internal controls within the business
integrity of management
accounting policies applied by the audit client
statutory requirements and regulations applicable to the audit client
previous-year problems or errors that have been encountered
results of provisional analytical procedures that have been done during the planning
phases of the audit
possibility of occurrence of illegal transactions.
Example of a possible materiality calculation:
R‘000 The following calculations are required:

Turnover 10,000 Gross profit = Turnover – Sales cost
Sales costs 2,500 (10 000k – 2 500k = 7 500k)
General and 5,000 Net profit = Gross profit – General
administration costs
Total assets 6,548 and administrative costs
Equity 3,500 (7 500k – 5 000k = 2 500k)
Net income 2,500
Once all the data is in the correct format, using the materiality indicators as a guide, the
following calculations need to be done.
R % R R
Turnover 10,000,000 ½–1% 50,000 100,000
Gross profit 7,500,000 1–2% 75,000 150,000
Net income 2,500,000 5–10% 125,000 250,000
Total assets 6,548,000 1–2% 65,480 130,960
Equity 3,500,000 2–5% 70,000 175,000
After the calculations have been done, the auditor must consider the following:
Audit risk: Impact of audit risk on the materiality figure (the higher the audit risk, the
lower the materiality figure, and vice versa). This is thus an indication whether the
auditor will be settling on a materiality figure from the higher range or the lower
range of calculated figures.
Stability of indicators: If an indicator is not stable, the auditor would not consider
using that indicator.
Single or combination of indicators: The auditor can consider using both the
statement of financial position (balance sheet) and statement of comprehensive
income (income statement) as indicators, or only the statement of financial position,
or only the comprehensive income. Reasons would need to be provided for the
answers.
Actual/budgeted/prior-year audited amounts: The auditor would provide reasons
as to why he chose the specific set of figures.
Conclusion: The auditor would then conclude on the overall materiality figure that
will be used during the planning of the audit.
The planning materiality figure, as calculated above, has a dual purpose for the auditor
during the planning phase of the audit work. The planning materiality figure will not
only be used in determining the performance materiality levels of the entity (as will be
discussed below); it will also be used to identify individual significant accounts.
Significant accounts are accounts from the audit client’s trail balance that either
exceed the planning materiality figure or are identified by the auditor as being

significant due to the nature of the account.
For example: The planning materiality of an entity has been calculated as R100 000.
The following is an extract from this entity’s Profit and Loss statement:
Account Value (R‘000) Significant account

Sales R3 000 Yes, exceeds planning materiality figure
Cost of sales R2 000 Yes, exceeds planning materiality figure
Gross profit R1 000
Salaries R200 Yes, exceeds planning materiality figure
Wages R50 No
Yes, due to the nature of the account. This
R50 is an account where profit manipulation,
Bonuses
for example, is a big risk in order to
ensure maximum bonuses.
Operational expenses R50 No
Profit before taxation R650
R80 Yes, due to the nature of the account.

Taxation
Taxation is payable to SARS.
Nett profit R570
2.4.4 Performance materiality

During the performance of the audit, individually detected misstatements might not seem
material in terms of the planning materiality figure that was calculated during the
planning phase of the audit. If all these seemingly immaterial mistakes however were
aggregated, it might result in the financial statements being materially misstated.
Thus, performance materiality is calculated by the engagement partner by using his
professional judgement, based on his understanding of the entity, the nature and extent of
misstatements identified on previous audits, as well as his expectations in relation to
misstatements in the current period.
2.4.5 Identified misstatements as the audit progresses
If any misstatements are identified during the audit process, the auditor should ensure
that they:

identify the nature of the misstatement as well as the circumstances in which it
occurred
aggregate all the misstatements found during the accounting period.
The auditor must communicate all misstatements with management on timely to ensure
management has the opportunity to correct any misstatements before the completion of
the audit if they wish to do so. All documentation regarding the misstatements should be
documented in the audit file.
2.4.6 Final materiality
Final materiality is established at the end of the audit and is used to evaluate identified
misstatements against, in order to determine the effect on the financial statements.
The auditor will need to reassess the amount of planning materiality, given the
knowledge gained during the audit, and the audit evidence obtained. This will enable
the auditor to assess whether the amount of planning materiality is still appropriate, or
whether it needs to be adjusted to measure audit differences and other misstatements
against. The final materiality figures will most likely be calculated on the current year,
actual audited figures.
2.5 Formulating an audit approach (ISA 330: “The auditor’s

responses to assessed risks”)
Introduction 1–4
Overall responses 5
Audit procedures responsive to risks material misstatement at 6–23
the assertion level
Adequacy of presentation and disclosure 24
Evaluating the sufficiency and appropriateness of audit 25–27
Evidence obtained
Applications and other explanatory material A1–A63
2.5.1 Definition of an audit approach

This is the strategy or method to obtain audit evidence against which to measure the fair
presentation of the financial statements. It contains the nature, timing and extent of the
audit procedures, namely the tests of controls and substantive procedures.
The formulating of an overall audit approach during the planning phase of an audit, as
well as the audit approach for specifically identified significant accounts (classes of
transactions or account balances) will be influenced by the risk of material misstatement
at the overall financial statement level as well as the assertion level, the nature of the
accounting systems, general and application controls and the control environment of the
entity.
(a) Combined approach
Where the auditor intends to rely on internal controls for a class of transaction or
account balance, he will test the internal controls that exist for that class of transaction
or account balance. The result of the tests of controls will affect the nature, timing and
extent of the substantive procedures to be performed for the assertions of the class of
transaction or account balance.
Testing the controls will have the benefits of:
adding value to the client
enabling the auditor to limit the substantive procedures
enabling the auditor to perform early verification procedures.
(b) Substantive approach
Where the auditor decides not to test the internal controls with the view of placing
reliance thereon, the audit evidence and audit assurance for the assertions of a class of
transaction or account balance will be obtained entirely through substantive procedures.
This is called a substantive approach.
The above may be the case where:
no internal controls exist or it is not functioning effectively
it is not cost effective
the nature of the accounts is such that substantive procedures are more appropriate.
2.5.2 Impact of internal controls on the substantive procedures
SUBSTANTIVE
COMBINED APPROACH
APPROACH
Reliance on internal control Reliance on internal
is justified control is not justified
Nature More analytical More substantive
Extent Less More
Spread over the year/early Near/at year-end (no
Timing
verification is possible early verification)
2.5.3 Meaning of nature, timing, extent of audit procedures (test of controls and
substantive procedures)
(a) Nature
This relates to how the procedures will be performed, namely:
Test of controls:
inspection, observation, inquiry, reconciliation, re-performance.
Substantive tests:
detail testing consisting of inspection, observation, inquiry, recalculation, re-
performance, confirmation
analytical review.
Note: The auditor must always perform substantive procedures for each material class
of transaction or account balance (irrespective of reliance on controls).
(b) Timing
This relates to when the procedures are performed
Tests of controls
The tests of controls should be performed to cover the whole period of reliance.
The auditor should obtain audit evidence on the effective operation of the controls
for the entire period of reliance.
If the controls are tested at an interim stage, audit evidence must also be obtained on
the effectiveness of the controls for the remaining term/period of reliance.
Considerations regarding the length of time period that may elapse before
retesting a control:
– the effectiveness of other elements of internal controls including the control
environment, the entity’s monitoring of controls, and the entity’s risk
assessment process
– the risks arising from the characteristics of the control, including whether
controls are manual or automated

– the effectiveness of general IT controls
– whether the lack of a change in a particular control poses a risk due to
changing circumstances
– the risk of material misstatement and the extent of reliance on the control.
Factors that may decrease the timing for testing the controls since previous
testing thereof:
– a weak control environment
– weak monitoring of controls
– a significant manual element to the relevant control
– personnel changes that significantly affect the application of the control
– changing circumstances that indicate the need for changes in the control
– weak general IT controls.
Substantive procedures
Substantive procedures are performed to verify year-end balances. Thus substantive
procedures will be performed mainly at or after year-end.
When substantive procedures are performed at an interim date (early verification
date), the auditor must perform further substantive procedures combined with tests
of controls to cover to the remaining period.
(c) Extent
This relates to how many items should be tested, namely the size of the sample.
Normally the more reliance to be placed on the test performed, the bigger the sample
should be.
Test of controls
The test of controls should be such to obtain sufficient appropriate audit evidence
that the controls operated effectively throughout the period of reliance. The extent of
test of controls will rely on:
the frequency of the control procedure
the length of time of audit reliance on the control
the expected deviation of the control
the extent of intended reliance.
Substantive procedures
A sufficient number of substantive tests should be performed (big enough samples)
to substantiate the auditor’s opinion and to limit the detection risk.
2.6 Organising and managing the audit (co-ordination and control)

(ISA 330: “The auditor’s responses to assessed risks”)
This entails the co-ordination and control of the audit and should already be done during
the planning phase of the audit. It includes arrangements with regard to:
client specifics:
number of locations/areas to visit
staff availability
etc.
dates/timing:
client dates (e.g. inventory counts, reporting deadlines, etc.)
timing of audit visits, namely interim and final
reporting
etc.
engagement team specifics:
composition, experience
quality control requirements
etc.
budgeting:
audit time per section
audit fees, expenses
etc.
areas requiring special attention for example:
existence of related parties
using work of internal audit
reliance on experts
reliance on IT service organisations

etc.
communication with the entity:
attending management/board/committee meetings
written reports
communication with third parties
etc.
going concern
applicability of the going concern assumption
issues affecting the going concern assumption.
previous audit findings and recommendations.
3 Questions

You are the newly appointed audit manager in charge of the audit of an existing client,
Medinet (Pty) Ltd, a group of seven private medical clinics. Although this is the first
time that you are involved in Medinet’s audit, it is not your first exposure to a client in
the health industry. The reporting deadlines for the audit are fairly tight.
Some recent developments/events in the Medinet group include the following:
An internal audit division was established during the year, comprising well-
experienced and qualified staff members.
The group has established a group of clinics operational in the rural areas as part of
a black empowerment transaction. These clinics are audited by another audit firm.
Three new directors were appointed as a result of the black empowerment
transaction.
The government recently announced that they would intervene in increases
announced by private hospital groups in order to ensure affordable hospital care.
The legislation on the pricing of medicine resulted in a significant decrease in
profits earned on medicine.
The group was involved in the development of e-Claims, a system developed to
facilitate electronic switching of claims and payments between medical

practitioners and medical aid schemes. The system was, however, not completed
within the expected time frame, which led to significant losses to the group, putting
strain on their cash flow position.
The group is currently involved in two claims against them based on negligence by
their medical staff. The CEO has, however, indicated that they would be fighting the
claims.
The following information is a summary of the interim results of Medinet (Pty) Ltd:
R ‘000
Turnover 30 000
Gross profit 18 000
Total assets 54 000
Equity 31 000
Net income 3 000
You commenced your planning for the audit of Medinet (Pty) Ltd, three months before
year-end.

(a) List the benefits of proper planning to the auditor. (4)
(b) Discuss, under suitable headings, any aspect that you will consider and procedures
that you will perform during the planning of the current-year audit of Medinet (Pty)
Ltd. (38)

Karna (Pty) Ltd was formed 15 years ago by the current managing director, Ben Smith.
Karna (Pty) Ltd has 15 members and Ben is the majority shareholder. Karna (Pty) Ltd is
in the waste disposal business and has long-term contracts with local government
bodies to remove and dispose of environmental waste. It operates from 30 branches
nationwide.
Sam Smith, Ben’s son, was appointed as financial director on 30 January 20X10.
Sam, who holds a Bachelor of Science degree, is 27 years old and joined the company
on 1 January 20X10. Sam has been a friend of yours since school days.
Finalisation of the audit for the year ended 28 February 20X10 has been delayed due

to a disagreement between the auditor, Jo Gonno, a sole practitioner, and management
on the accounting treatment of certain structured finance transactions entered into during
January 20X10. You are a partner in a medium-sized audit firm with offices in all major
cities. Sam approached you at the beginning of March 20X11 for your opinion regarding
the accounting issues. You agreed with the accounting treatment proposed by
management. Gonno thereafter reluctantly agreed to issue an unqualified audit report for
the year ended 28 February 20X10. Sam nevertheless asked Gonno to resign as auditor.
Gonno refused to issue his audit report and resign, unless he was paid.
Sam offered you the statutory audit appointment subject to your fee quote being
acceptable. Sam is of the opinion that the previous fee was too high. During the course
of several meetings with senior management to determine the scope of the audit as a
basis for your quote, the following information was obtained:
Pat Knox, who was Gonno’s audit manager on the 20X10 audit of Karna (Pty) Ltd,
was appointed by Karna (Pty) Ltd in July 20X10 to set up an internal audit department
which focuses on branch audits.
Karna (Pty) Ltd was very profitable until two years ago, but profitability has
declined since then. For the year ended 28 February 20X11 a small loss was
incurred as a result of cuts in local government spending.
Management responded to the declining profitability by re-engineering the budgetary
and target system and introducing an incentive bonus scheme for management based
on branch performance.
All branches of Karna (Pty) Ltd use common software packages.
Litigation has been instituted against Karna (Pty) Ltd by an environmental lobby
group alleging that the company has been discharging pollutants into certain rivers.
The directors are of the opinion that these claims cannot be proven.
Each branch controls its own sales and debtors whilst the purchases and creditors
functions are centralised.

State the matters you would consider in developing your overall audit plan for the year
ended 28 February 20X10, assuming you are appointed as auditor of Karna (Pty) Ltd.(15)

You have recently accepted the audit of a new client, Ost Rich Ltd, a company listed on
the JSE Securities Exchange, and are in the process of planning your audit. You have
obtained the following knowledge of the business through discussions with key staff

members and inspection of company documentation and media reports:
Ost Rich Ltd was founded three years ago and is operational in the ostrich industry.
Ost Rich is an export-orientated company and exports the majority of their meat to the
European Union, Namibia, Switzerland and Hong Kong, with only a small portion of the
business relating to the local market. Apart from the meat, they also export leather,
feather and egg shells to these countries. The prices for all the ostrich products are
dollar based.
The managing director, Mr Vol Struis, and three other directors were the founding
members of Ost Rich Ltd and they have a reputation in the business world of being
“cowboys”, i.e. shrewd and aggressive businessmen. All four are young and willing to
take on a lot of risk.
Salaries for senior management are mainly performance-based, with generous
bonuses being paid for their contributions to the company’s success. This sometimes
results in managers making quite risky business decisions.
A new financial manager was appointed during the year, replacing the previous
financial manager who resigned after sharp disagreements with the other directors. The
previous financial manager was meticulous in his work and the directors, being young
and vibrant entrepreneurs, regularly did not adhere to the controls he implemented. The
new financial manager is still fairly inexperienced in the industry.
Being such dynamic businessmen, the directors view any form of control as an
inhibition of their creative minds; therefore it is not strange that they view the statutory
audit function, corporate governance and JSE reporting requirements, as well as any
other regulatory requirements, as a waste of time and money. During a discussion with
Mr Vol Struis he made it quite clear that they expect the auditors to complete their work
in the shortest possible time without wasting time on unnecessary procedures.
Your research with regards to the ostrich industry identified the following important
matters and developments:
South Africa is the world’s biggest exporter of ostrich meat and products, with annual
exports of R1,8bn.
About 95% of SA’s ostrich meat is exported, and approximately 90% of that is
exported to the European Union.
The outbreak of the avian influenza virus (bird flu) under ostrich birds in the Eastern
Cape resulted in the European Union, Namibia, Switzerland and Hong Kong placing
bans on South African poultry products, including ostrich products. The ban
excludes leather, feathers and egg shells.
The avian influenza virus is highly dangerous to birds, but less threatening to humans
than the H5N1 virus, which killed 24 people in Asia earlier this year.
South African poultry and ostrich farmers stand to lose international market share if
the export ban on poultry and related products continues for a long period of time.
With the export ban currently in place, neighbouring countries might source their
products elsewhere.
If the bans were imposed for a month. It could cost farmers R100m and put 20 000
jobs at risk.
The European Union will review the ban only once the first 6 000 ostriches have
been culled and national zero-surveillance has confirmed no further infections.
To prevent the spread of the virus to other farms, the agriculture department began
culling ostriches in the Eastern Cape, with an estimated 30 000 birds expected to be
culled. In terms of the Animal Diseases Act farmers would be compensated for
birds culled during the operation.
November and December is the peak season for ostrich exports to Europe.
The outbreak of bird flu in the Eastern Cape has not slowed down domestic sales of
ostrich meat.
Recent management accounts showed an increase in turnover from previous months,
which is somewhat surprising in view of the export bans placed on ostrich meat and the
strengthening of the rand. The management accounts further showed a substantial
deterioration in the liquidity position of the company. Management indicated that they
have reached their credit limit at their bank and are currently negotiating an extension of
credit with them. The bank will use the audited financial statements as a basis for their
decision.

(a) Give the definition of audit risk and each of its components. (4)
(b) Discuss the relationship between the components of audit risk. (3)
(c) Explain the interrelationship between audit risk and materiality. (2)
(d) Discuss the effect the above-mentioned issues would have on the elements of audit
risk. Your answer should include an explanation of the specific risk (as identified
from the question), which component of audit risk will be affected, as well as
whether audit risk will be increased or decreased. (14)
Formulate you answer as follows:

Risk & explanation Component of audit risk Increase or decrease
(1) (½) (½)

9
Obtaining audit evidence
Reference Title
ISA 230 Audit documentation
ISA 500 Audit evidence
ISA 505 External confirmations
ISA 510 Initial engagements – opening balances
ISA 520 Analytical procedures
ISA 530 Audit sampling
Special considerations – audits of group financial
ISA 600
statements (including the work of component auditors)
ISA 610 Using the work of internal auditors
ISA 620 Using the work of an auditor’s expert
SAAPS 4 Enquiries regarding litigation and claims
1 Introduction
The auditor should obtain sufficient and reliable audit evidence on which to base his
opinion. Such evidence may be in various forms and formats and can come from various
sources. However, it should be sufficient to support the assurance expressed.
2 Audit statements
The audit statements as set out in the ISAs provide guidance on basic principles and
essential procedures to be performed by the auditor in the gathering of audit evidence
and the consideration thereof.
2.1 Audit evidence (ISA 500)
Introduction 1–3
Objective 4
Definitions 5
Requirements
Sufficient appropriate audit evidence 6
Information to be used as audit evidence 7–9
Selecting items for testing to obtain audit evidence 10
Inconsistency in, or doubts over reliability of, audit
11
evidence
2.1.1 Nature of audit evidence

Audit evidence represents the information obtained by the auditor in arriving at the
conclusions on which his audit opinion is based. It consists of source documents,
accounting records underlying the financial statements and corroborating information
from other sources.
2.1.2 Procedures for obtaining audit evidence
The auditor obtains audit evidence by means of one or more of the following
procedures:
inspection of:
records and documents
tangible assets
observation of a process or procedures
enquiry – that is seeking information from knowledgeable people who are:
financial and non-financial persons
from within the entity or outside
external confirmation from third parties
recalculation (of the arithmetic accuracy)
reperformance of procedures or controls
2.1.3 Sufficiency and appropriateness of audit evidence
The auditor should obtain audit evidence by means of tests of controls and substantive
procedures that are:
sufficient in terms of quantity of audit evidence
appropriate in terms of quality of audit evidence.
2.1.4 Source and nature of audit evidence
Audit evidence
is more reliable when it is obtained from independent sources outside the entity
that is generated internally is more reliable when the related controls imposed by
the entity are effective
obtained directly by the auditor (e.g. observation of the application of a control) is
more reliable than audit evidence obtained indirectly (e.g, enquiry about the
application of a control)
is more reliable when it exists in documentary form, whether paper, electronic, or
other medium (for example, a contemporaneously written record of a meeting is
more reliable than a subsequent oral representation of the matters discussed)
obtained from original documents is more reliable than audit evidence obtained
from photocopies or facsimiles.
2.1.5 Information produced by the entity
When information produced by the entity is used by the auditor to perform audit
procedures, the auditor should obtain evidence about the accuracy, reliability and
completeness of the information.
2.2 Audit documentation (ISA 230)
Introduction 1–4
Objective 5
Definitions 6
Requirements
Timely preparation of audit documentation 25–30
Documentation of the audit procedures performed and
8–13
audit evidence obtained
Assembly of the final audit file 14–16
2.2.1 Documentation requirement for audit work performed

The auditor should document matters that are important in providing evidence to support
the audit opinion and present proof that the audit was carried out in accordance with the
ISAs.
2.2.2 Contents of working papers
The auditor should prepare working papers that are sufficiently complete and detailed
to provide an overall understanding of the audit.
2.2.3 Information ordinarily included in working papers
Working papers ordinarily include information about the following:
the person who performed the work and when it was performed
legal/statutory and organisational aspects
excerpts from legal documents, agreements and minutes
information about the industry, environment and legal requirements
proof of planning of the audit (each phase)
consideration of work done by internal audit
analytical procedures in terms of transactions, balances and trends
nature, timing and extent of the audit procedures performed
proof of supervision and review of work done by assistants
work done in terms of components audited by other auditors
communication with other auditors, experts, external parties, etc.
documentation of matters discussed with management, personnel, etc.
a list of matters discussed with management, engagement conditions, and
weaknesses in internal controls reported to management
management’s representation letter
conclusions about the financial statements, method of resolving and treatment of
exceptions and differences
copies of the financial statements.
2.2.4 Types of audit file
These may be:
Permanent audit files: These contain information of a permanent nature applicable
to recurring audits. They should be updated annually.
Current audit files: These contain information pertaining to the current year’s audit.
2.2.5 Property and confidentiality of working papers
The following is relevant:
Working papers are the property of the auditor.
The auditor should adopt appropriate procedures for maintaining the confidentiality
and safe custody of the working papers.
It is appropriate that follow-up auditors gain access to the previous auditor’s
working papers. For this the client’s consent is required.
2.2.6 Requirements of working papers
If an auditor is asked to compile a working paper, it must:
have a heading
be dated
stipulate the compiler
stipulate the reviewer
stipulate the applicable information
be cross referenced
contain conclusions.
Working paper example
Below is an example of the format in which a working paper should be done. The
working paper contains all the requirements stipulated above.
In this working paper, the auditor is comparing the audit client’s depreciation
calculations to their own calculations to test if the client has performed the calculation
correctly (i.e. the accuracy of the depreciation).
2.3 Sampling (ISA 530)
Introduction 1–3
Objective 4
Definitions 5
Requirements
Sample design, size and selection of items for testing 6–8
Performing audit procedures 9–11
Nature and cause of deviations and misstatements 12–13
Projecting misstatements 14
Evaluating results of deviations and misstatements 15
Appendix I: Stratification and value-weighted selection
Appendix II: Examples of factors influencing sample size for
tests of controls

Appendix III: Examples of factors influencing sample size for
tests of details
Appendix IV: Sample selection methods
2.3.1 Definitions
The application of audit procedures to less than 100% of

items within a population of audit relevance such that all
Sampling sampling units have a chance of selection in order to
provide the auditor with a reasonable basis on which to
draw conclusions about the entire population.
The entire set of data from which a sample is selected
Population
and about which the auditor wishes to draw conclusions.
The risk that the auditor’s conclusion based on a sample
may be different from the conclusion if the entire
population were subjected to the same audit procedure.
Sampling risk can lead to two types of erroneous
conclusions:
In the case of a test of controls, that the controls are
more effective than they actually are, or in the case of
a test of detail, that a material misstatement does not
exist when in fact it does. The auditor is primarily
Sampling risk concerned with this type of erroneous conclusion
because it affects audit effectiveness and is more
likely to lead to an inappropriate audit opinion.
In the case of a test of controls, that controls are less
effective than they actually are, or in the case of a test
of detail, that a material misstatement exists when in
fact it does not. This type of erroneous conclusion
affects audit efficiency as it would usually lead to
additional work to establish that initial conclusions
were incorrect.
The risk that the auditor reaches an erroneous conclusion
Non-sampling risk
for any reason not related to sampling risk.
A misstatement or deviation that is demonstrably not
Anomaly representative of misstatements or deviations in a
population.
Sampling unit The individual items constituting a population.
An approach to sampling that has the following
characteristics:
random selection of the sample items, and
Statistical sampling the use of probability theory to evaluate sample
results, including measurement of sampling risk. A
sampling approach that does not have the above
characteristics is considered non-statistical sampling.
The process of dividing a population into sub-
populations, each of which is a group of sampling units
Stratification
which has similar characteristics (often monetary
amounts).
A monetary amount set by the auditor in respect of which
the auditor seeks to obtain an appropriate level of
Tolerable misstatement
assurance that the monetary amount set by the auditor is
not exceeded by the actual misstatement in the population.
A rate of deviation from prescribed internal control
procedures set by the auditor in respect of which the
Tolerable rate of
auditor seeks to obtain an appropriate level of assurance
deviation
that the rate of deviation set by the auditor is not
exceeded by the actual rate of deviation in the population.
2.3.2 Factors influencing sampling size
Tests of controls Substantive tests

auditor’s risk assessment
extent to which auditor’s risk
other procedures directed at same
assessment takes into account
assertion
relevant controls
level of assurance
the tolerable rate of deviation
the tolerable misstatement
the expected rate of deviation
the expected misstatement
number of items (no/small effect)
use of stratification
level of assurance
the number of items (little/no effect).

(a) Extent to which auditor’s risk assessment takes relevant controls
into account
The more assurance the auditor intends to obtain from the operating effectiveness of
controls, the lower the auditor’s assessment of the risk of material misstatement will be,
and the larger the sample size needs to be. The less assurance the auditor requires from
the test of controls, the smaller the sample size needs to be.
(b) Tolerable rate of deviation
The lower the tolerable rate of deviation, the larger the sample size needs to be. The
higher the tolerable rate of deviation, the smaller the sample size needs to be as the
auditor is willing to accept (tolerate) more error in the population.
(c) Expected rate of deviation
The higher the expected rate of deviation, the larger the sample size needs to be. This
allows the auditor to make a reasonable estimate of the actual rate of deviation.
The lower the expected rate of deviation, the smaller the sample size needs to be as
the auditor does not need as much evidence to prove that the population is not
erroneous.
(d) Number of sampling units
The more reliance an auditor wishes to place on a particular test of controls or
substantive test, the larger the sample size required to obtain sufficient appropriate audit
evidence from which to draw a conclusion on the entire population.
(e) Number of items
The number of items in the population does not have much effect on the sample size,
particularly for large populations.
(f) Level of assurance
The greater the level of assurance the auditor wants that the results of the sample are in
line with the actual incidence of deviation in the population; the larger the sample size
needs to be.
(g) Auditor’s risk assessment
The higher the auditor’s assessment of the risk of material misstatement, the larger the
sample size needs to be in order for him to reach a reasonable conclusion on the
population. The lower the auditor’s assessment of the risk of material misstatement, the
smaller the sample size needs to be as the auditor does not need to collect as much
evidence in order for him to reach a reasonable conclusion.
(h) Other substantive procedures aimed at the same assertion
The more the auditor is relying on other substantive procedures to reduce detection risk
regarding a particular population, the less assurance the auditor will require from
sampling, and therefore, the smaller the sample size needs to be.
(i) Tolerable misstatement
The higher the tolerable misstatement, the smaller the sample size needs to be as the
auditor is willing to accept (tolerate) more error. The lower the tolerable misstatement,
the larger the sample size needs to be.
(j) Expected misstatement
The greater the amount of misstatement the auditor expects to find in the population, the
larger the sample size needs to be for the auditor to make a reasonable estimate of the
actual amount of misstatement in the population.
(k) Use of stratification
The more sub-populations a population can be divided into, the smaller the sample size
of each of those sub-populations. This can result in a smaller sample overall yet still
achieve an acceptable level of detection risk.
2.3.3 Sample selection methods
The main categories of sample selection can be summarised as follows:
(a) Random
This is a statistical approach to sampling. Computer-selection programmes are used to
select items randomly from a specific population. The programmes have an automatic
random number generator function.
(b) Systematic sampling
A sampling interval is calculated by dividing the number of sampling units in the
population by the sample size. Items are then selected according to the sampling
interval. This method is also a statistical approach to sampling.
(c) Haphazard sampling judgement
No structured technique is followed by the auditor in the selection of items. It is
regarded as a non-statistical approach to sampling. The auditor should be cautious of
any bias or partiality when using this method.
(d) Block sampling methods
This method involves the selection of blocks of consecutive items from within the
population. The block of items can be selected following either a statistical or a non-
statistical approach. This technique is, however, not regarded as appropriate when the
auditor intends to draw valid inferences about the entire population, based on the
sample.
(e) Monetary unit sampling
This method is a type of value-weighted selection in which sample size, selection and
evaluation result in a conclusion in monetary amounts. The sampling unit is identified as
the individual monetary units that make up the population. This method is most efficient
when selecting items using the random sample selection method.
2.3.4 Steps in the process of sampling applications
These represent the approach to sampling, irrespective of which method of sampling is
used, and are as follows:
Define the population (for example sales – invoices or delivery notes).
Define the purpose of the test (test of controls/substantive).
Establish:
the number of items to be tested (statistically/judgemental)
what will constitute an error
the procedures to perform on the selected items.
Select the items of the sample from the population (judgement/random/systematic).
Perform audit procedures on the selected items.
Consider the results of the sample testing and calculate the possible
error/misstatement in the population by projecting the sample results over the
population.
Evaluate the results of the items tested and draw a conclusion thereon.
2.4 Analytical review (ISA 520)
Introduction 1–2
Objective 3
Definition 4
Requirements
Substantive analytical procedures 5
Analytical procedures that assist when forming an overall
6
conclusion
Investigating results of analytical procedures 7
2.4.1 Nature of analytical procedures

An analytical review consists of:
Comparisons:
with comparable information from prior periods
with anticipated results
with similar industry information.
Studies of relationships between:
elements of the financial information expected to conform to a predictable
pattern
financial and non-financial information.
Analytical procedures are based on the assumption that relationships between
information/data exist and would continue to exist in future in the absence of known
information to the contrary.
2.4.2 Stages when analytical procedures may be used
In the planning phase of the audit:
to understand the client’s business
to identify potential risk areas
to assist in determining the nature, timing and extent of other audit procedures.
During the course of the audit as a substantive procedure to limit detection risk.
During the overall review phase at the end of the audit:
to assist the auditor to draw reasonable conclusions on which to base his
opinion
to identify possible areas for which the auditor needs to modify the audit
procedures.
2.4.3 Factors that the auditor needs to consider when intending to rely on
analytical procedures as substantive procedures
These are:
the reliability of the information available
the nature and relevance of the information available (e.g. budgets have been
established as results to be expected, rather than goals to be achieved)
the source of information available (e.g. external data is more reliable than internal
data)
the comparability of information available (e.g. broad industry data needs to be
supplemented to be comparable to that of an entity that manufactures and sells
specialised products)
the controls over the preparation of the information that are designed to ensure its
completeness, accuracy and validity.
2.4.4 Factors that may influence the auditor’s evaluation of whether the
expectation is sufficiently precise
These are:
the degree to which information can be disaggregated
the accuracy with which expected results can be predicted
the availability of information, both financial and non-financial.
2.4.5 Investigation of unusual items and fluctuations
The auditor should investigate unusual items and fluctuations that may be identified by
the analytical procedures.
2.5 External confirmations (ISA 505)
Introduction 1–4
Objective 5
Definitions 6
Requirements
External confirmation procedures 7
Management’s refusal to allow the auditor to send a
8–9
confirmation request
Results of the external confirmation procedures 10–14
Negative confirmations 15
Evaluating the evidence obtained 16
2.5.1 Use of external confirmations

External confirmations are used mainly to verify account balances, but are also suitable
for confirmation of the terms of agreements and transactions with third parties.
Situations where external confirmations may be used include the following:
bank balances and other information
accounts receivable balances
share certificates held by third parties
title deeds held by third parties
investment certificates held by third parties
loan balances
accounts payable balances.
The reliability of external confirmations will depend on the procedures applied by the
auditor in respect of:
the design of the confirmation required
performance and control over the confirmation procedures
the evaluation of the results of the confirmation procedures.
2.5.2 Assertions addressed by external confirmations
External confirmation will provide evidence in respect of certain assertions of the
financial statements, while other audit procedures should be applied to address the
other assertions. For example, an accounts receivable confirmation will provide
evidence of the existence and ownership of the debtor, but not of the valuation thereof.
2.5.3 Risk and external confirmations
The higher the inherent and control risk, the more appropriate external confirmations
will be to limit the detection risk, and accordingly the audit risk.
2.5.4 Process of the design of the external confirmation request
The auditor should tailor external confirmation requests to the specific audit objective.
Factors to consider during the design of the request should include prior experience, the
nature of the information being confirmed and the intended response.
Confirmation requests should include management’s authorisation to the respondent to
disclose the information to the auditor.
(a) Positive versus negative confirmations
Positive confirmations
A positive confirmation request asks the respondent to reply in all cases and is
expected to provide reliable audit evidence.
However, the risk exists that a respondent may reply without verifying that the
information is correct.
Negative confirmations
A negative confirmation request asks the respondent to reply only in the event of
disagreement with the information provided in the request.
Negative confirmations may be appropriate to reduce audit risk when:
– the assessed level of inherent and control risk is low
– a large number of small balances exists
– a substantial number of errors is not expected
– no reason exists to believe that respondents will disregard these requests.
A combination of positive and negative confirmations
This might be appropriate where a small number of large (positive confirmation) and a
large number of small (negative confirmation) balances exist.
2.5.5 Management’s refusal for auditor to confirm balances
When management refuses to allow the auditor to confirm certain balances or
information, the auditor should:
consider the validity of management’s reasons for such refusal; and
apply alternative procedures to obtain evidence if he agrees to the request.
2.5.6 Steps in the confirmation process
These are the steps that should be followed:
The auditor should exercise control over the confirmation process by:
preparing the confirmation requests himself
sending the confirmation requests himself
ensuring the requests are properly addressed
requesting responses to be sent directly to the auditor.
The auditor should evaluate whether the results of the confirmation process, together
with the results of other procedures, provide sufficient appropriate audit evidence.
The auditor should perform alternative procedures where no response is received to
a positive request.
The auditor should consider the reliability of responses requested. This is affected
by the respondent’s independence, authority to respond, knowledge of the matter,
etc.
The auditor should consider the reason and frequency of exceptions to confirmation
requests, and if necessary perform additional procedures to obtain audit evidence.
The auditor should determine if such exceptions are not indicative of misstatements.
2.6 Enquiries regarding litigation and claims (SAAPS 4)
Introduction 1–3
Management responsibilities 4
Audit procedures 5–7
Requests for attorneys’ representation letters 8–12
Employee legal advisors 13–16
Attorney’s response 17–20
Attorney’s failure to respond comprehensively or limitations in 21–25
a response
Related procedures 26–28
Public sector perspective 29
Appendix: Example of a request for an attorney’s
representation letter regarding litigation and
claims
Note: SAAPS 4 is a South African practice statement for which no international

statement exists; therefore the reference SAAPS 4.

2.6.1 Objective with enquiries
The objective is to obtain the opinion of the client’s lawyers/legal advisors regarding
pending litigation concerning:
estimates of ultimate liabilities
the likelihood that liabilities will realise
costs associated with litigation.
2.6.2 Procedure for enquiry
The auditor should make the enquiry on a schedule prepared by the directors. The
attorney will then return the completed schedule directly to the auditor.
2.6.3 Advantage for the auditor
This assists the auditor in the evaluation of the reasonableness of the client’s provisions
and disclosure in respect of the related liabilities, and confirms that there is no pending
litigation which requires further provision or disclosure.
2.7 Opening balances (ISA 510)
Introduction 1–2
Objective 3
Definitions 4
Requirements
Audit procedures 5–9
Audit conclusions and reporting 10–13
Appendix: Illustrations of auditors’ reports with modified
opinions
2.7.1 Assurance required for opening balances

The auditor should obtain sufficient appropriate evidence that:
the opening balances do not contain misstatements that materially affect the current
period’s statements
the prior period’s closing balances were correctly brought forward as opening
balances or, where appropriate, have been correctly restated and disclosed
appropriate accounting policies are consistently applied or that changes therein are
properly accounted for and disclosed.
2.7.2 Factors that may influence the obtaining of audit evidence regarding
opening balances
The sufficiency and appropriateness of the audit evidence required will depend on:
the accounting policies followed by the entity
whether the financial statements for the prior period were audited and, if so,
whether the auditor’s report was modified
the nature of the accounts and the risk of misstatement in the current period’s
the significance of opening balances in relation to the current period’s financial
statements.
2.7.3 Audit procedures regarding opening balances
(a) Where the previous period was audited by another auditor
Procedures that the new auditor should perform are:
reviewing of the predecessor auditor’s working papers to obtain sufficient
appropriate audit evidence regarding opening balances
considering the predecessor’s professional competence and independence through
enquiries and own knowledge
paying particular attention in the current year to the issues resulting in the
qualification, if the previous period’s audit report was qualified.
The auditor should comply with the requirements of the Code of Professional Conduct
before contacting the predecessor auditor (obtain client’s permission).
(b) Where the previous period’s financial statements were not
audited, or where the predecessor’s work cannot be relied upon
The auditor should perform audit procedures to verify the opening balances. These may
entail:
confirmation of opening balances with third parties (e.g. loans, investments, etc.)
examination of the records underlying the opening balances (e.g. fixed asset register,
contracts, etc.)

obtaining audit evidence as part of the current year’s audit (e.g. debtors’ and
creditors’ accounts paid)
performing audit procedures directly to confirm opening balances (e.g. in terms of
inventory).
2.8 Reliance on other auditors (ISA 600)
Introduction 1–7
Objectives 8
Definitions 9–10
Requirements
Responsibility 11
Acceptance and continuance 12–14
Overall audit strategy and audit plan 15–16
Understanding the group, its components and their
17–18
environments
Understanding the component auditor 19–20
Materiality 21–23
Responding to assessed risks 24–31
Consolidation process 32–37
Subsequent events 38–39
Communication with the component auditor 40–41
Evaluating the sufficiency and appropriateness of audit
42–45
evidence obtained
Communication with group management and those charged
46–49
with governance of the group
Documentation 50
Appendix I: Example of a qualified opinion where the group
engagement team is not able to obtain sufficient appropriate
audit evidence on which to base the group audit opinion
Appendix II: Examples of matters about which the group
engagement team obtains an understanding

Appendix III: Examples of conditions or events that may
indicate risks of material misstatement of the group financial
statements
Appendix IV: Examples of a component auditor’s
confirmations
Appendix V: Required and additional matters included in the
group engagement team’s letter of instruction
2.8.1 Terminology
Division, branch, subsidiary, joint venture, etc., not

Component audited by the group engagement partner’s audit team, but
is included in the group financial statements.
The partner in the firm who is responsible for the group
Group engagement audit engagement and is relying on the work performed by
partner the component auditor on the financial information of the
component.
The auditor whose work is relied upon by the group
Component auditor engagement partner.
Management responsible for the preparation of the
Component management financial information of a component.
Group audit The audit of group financial statements.
Group financial Financial statements that include the financial information
statements of more than one component.
Partners, including the group engagement partner, and
Group engagement team staff who perform the audit on the group financial
statements and rely on the work of the component auditor.
2.8.2 Factors to consider in relation to the acceptance or continuance of the

engagement as group engagement partner
The auditor should evaluate whether the group engagement team will have sufficient
involvement in the work of the component auditor to allow them to obtain sufficient
appropriate audit evidence on which to base the audit opinion.
If the group engagement partner concludes that:
it will not be possible for the group engagement team to obtain sufficient
appropriate audit evidence due to restrictions imposed by management, and
the possible effect of this inability will result in a disclaimer of opinion on the
group financial statements,
the group engagement partner shall either not accept the new engagement or withdraw
from a continuing engagement.
2.8.3 Understanding the component auditor
When using the work of a component auditor, the group engagement team should obtain
an understanding of the following:
whether the component auditor is independent and understands and will comply with
the ethical requirements relevant to the group audit
the component auditor’s professional competence by considering whether the
component auditor:
possesses an understanding of auditing and other standards applicable to the
group audit that is sufficient to fulfil the component auditor’s responsibilities to
the group audit
possesses the special skills (e.g. industry-specific knowledge) necessary to
perform the work on the financial information of the particular component, and
possesses an understanding of the applicable financial reporting framework that
is sufficient to fulfil the component auditor’s responsibilities in the group audit.
whether the group engagement team will be able to be involved in the work of the
component auditor to the extent necessary to obtain sufficient appropriate audit
evidence
whether the component auditor operates in a regulatory environment that actively
oversees auditors.
2.8.4 Communicating with the component auditor
The group engagement team shall communicate its requirements to the component
auditor timely.
The communication shall set out the following:
the work to be performed
the use to be made of the work performed, and
the form and content of the component auditor’s communication with the group
engagement team.
2.8.5 Reporting considerations

The auditor’s report on the group financial statement should not refer to a component
auditor in an unqualified audit report. If the group engagement team was unable to obtain
sufficient appropriate audit evidence in relation to the financial information of the
component, the group engagement partner can issue a modified report without referring
to the component auditor.
2.9 Reliance on internal audit (ISA 610)
Introduction 1–5
Objectives 6
Definitions 7
Requirements
Determining whether and to what extent to use the work of
8–10
the internal auditors
Using specific work of the internal auditors 11–12
Documentation 13
2.9.1 Definitions and functions
An appraisal activity established within an entity as a

Internal audit function
service to the entity.
Those individuals who perform the activities of the internal
Internal auditors
audit function.
Internal audit activities include one or more of the
following:
monitoring of internal control
examination of financial and operating information
Objectives of the internal
audit function review of operating activities
risk management
reviewing compliance with laws and regulations.
governance.

2.9.2 Factors to consider when deciding whether to use the work of the internal
auditors
Objectivity:
the status of the internal audit function within the entity
whether internal audit reports to and has direct access to those charged with
governance
free of any conflicting responsibilities
those charged with governance oversee employment decisions related to the
internal audit function
any constraints or restrictions placed on the internal audit function by
management or those charged with governance
extent to which management acts on the recommendations of the internal audit
function, and evidence of such action.
Technical competence
members of relevant professional bodies
adequate technical training and proficiency
established policies for hiring and training internal auditors.
Communication:
free to communicate openly with external auditor
regular meetings throughout the period
external auditor has access to internal audit reports
exchange of information regarding any significant matters that may affect either
the work of the external auditor or the internal audit function.
Due professional care:
planning, supervision, review and documentation of work
audit manuals, work programmes, working papers, etc.
2.9.3 Effect of internal audit’s work on the external audit
If the external auditor plans to use the work of the internal auditors in determining the
nature, timing and extent of the external auditor’s procedures, the following matters
should be agreed with the internal auditors in advance:

timing of work
extent of work
materiality
methods of item selection
documentation of work performed
review and reporting procedures.
2.10 Reliance on experts/specialists (ISA 620)
Introduction 1–4
Objectives 5
Definitions 6
Requirements
Determining the need for an auditor’s expert 7
Nature, timing and extent of audit procedures 8
The competence, capabilities and objectivity of the
9
auditor’s expert
Obtaining an understanding of the field of expertise of the
10
auditor’s expert
Agreement with the auditor’s expert 11
Evaluating the adequacy of the auditor’s expert’s work 12–13
Reference to the auditor’s expert in the auditor’s report 14–15
2.10.1 Definitions
An individual or organisation possessing expertise in a

field other than accounting or auditing, whose work in
Auditor’s expert that field is used by the auditor to assist in obtaining
sufficient appropriate audit evidence. The expert can
either be internal (staff of the auditor’s firm) or external.
Expertise Skills, knowledge and experience in a particular field.

An individual or organisation possessing expertise in a
Management’s expert field other than accounting or auditing, whose work in
that field is used by the entity to assist the entity in
preparing the financial statements.
2.10.2 Considerations
The auditor is an expert in the field of accounting and auditing and business matters in
general, but it is not expected of the auditor to be an expert in other professions or
occupations such as engineering. It may thus be necessary for the auditor to rely on the
work of an expert in relation to aspects that might affect the financial statements on
which he has to express an audit opinion.
2.10.3 Appointment of an expert
The expert may be appointed by the client (management’s expert) or by the auditor
(auditor’s expert).
If the auditor’s expert is an employee of the auditor, he acts in his capacity as an
expert and not as an assistant. The auditor will still need to apply procedures on his
work and findings, but will not ordinarily need to assess his knowledge and skill for
each engagement.
2.10.4 Factors to consider in determining to what extent reliance can be placed
on the expert’s work
In considering the extent of such reliance, the auditor should do the following:
Assess the expert’s competence, capabilities and objectivity.
Information regarding the competence, capabilities and objectivity of the expert may
be obtained from sources such as:
personal experience with previous work of that expert
discussions with that expert
discussions with others who are familiar with that expert’s work
qualifications, membership of professional body or industry association, license
to practice, etc.
publications by expert, and
audit firm’s quality control policies and procedures.
2.10.5 Testing the work of the expert
The auditor should evaluate the adequacy of the expert’s work as audit evidence
regarding the financial statement assertions being considered by:
making enquiries of the expert
reviewing the expert’s working papers and reports
corroborative procedures, such as:
observing the expert’s work
confirming relevant matters with third parties
performing analytical procedures, and
reperforming calculations.
discussion with other expert when findings are not consistent with other audit
evidence
testing the source data used by the expert by way of:
verifying the origin of the data and the internal controls over the data, and
reviewing the data for completeness and internal consistency.
If the auditor is not satisfied with the adequacy of the expert’s work, he should:
agree on the nature and extent of the further work to be performed by that expert, or
perform additional procedures
engage another expert if necessary
modify his audit report, if necessary.
3 Methods to obtain audit evidence

The auditor should obtain sufficient and reliable audit evidence on which to base his
opinion. Audit evidence is obtained through various means, as discussed below.

These are procedures to obtain an understanding of the entity, its environment and
internal controls. The procedures performed and evidence obtained will then enable the
auditor to assess the risk that exists for the engagement.
3.2 Tests of control

These are procedures performed to test the functioning of the client’s accounting and
internal controls, namely whether the controls:
were properly designed
functioned effectively
functioned throughout the period of reliance.

These are procedures to test the assertions of the financial statements and concern the
testing of the amounts and disclosure in the financial statements.
4 Internal controls and tests of controls
4.1 Definition of an internal control system

An internal control system consists of all the policies and procedures adopted by the
management of an entity to help achieve their objective of ensuring the orderly and
efficient conduct of the business. Specifically, the system comprises the:
adherence to management policies
safeguarding of the assets
prevention and detection of fraud and error
accuracy and completeness of the accounting records
timely preparation of reliable financial information.
4.2 Inherent limitations of the internal control system

This consists of limitations that could lead to the controls not functioning effectively,
thus increasing the control risk. The following are regarded as inherent limitations:
Only cost-effective controls can be implemented.
Controls are usually directed at the routine transactions rather than the non-routine
transactions.
The potential exists for human error due to carelessness, distraction, mistakes of
judgement, etc.
The possibility exists for circumvention of controls through collusion with parties
outside the entity or between employees within the entity.

A person responsible for exercising a control could abuse that responsibility (e.g. a
member of management could override a control for his own benefit).
Procedures may become obsolete because of changing circumstances, or the
compliance with procedures may deteriorate.
4.3 Internal control objectives (also referred to as control objectives)

This represents the objectives that apply with regard to the different applications of the
accounting system. It includes the broader objectives of accuracy, completeness and
validity, but it is more detailed and specific.
The control objectives’ aims are to ensure that all transactions are carried out and
recorded timeously, accurately and efficiently.
An accounting system displays the following characteristics if the objectives have
been achieved:
Validity: All recorded transactions are valid (actually occurred) and are supported
by sufficient documentation and evidence.
Authorisation: All transactions are authorised according to the general and specific
policies of management.
Completeness: All valid transactions are recorded, and no transactions are left out.
Accuracy: All transactions and transaction documents are recorded at the correct
quantity and price and calculated correctly arithmetically.
Recording: All transactions are recorded in the correct account.
Classification: All transactions are classified correctly (according to the nature
thereof).
Cut-off: All transactions are recorded timeously in the correct financial period to
which they relate.
The above-mentioned objectives will apply to any application, whether of a
revenue/expense or asset/liability nature. Some of the objectives may be more or less
important, depending on the specific nature thereof.
4.4 Basic control procedures/internal control principles

These are the basic principles and control procedures that should always be present in
any system. They also represent the requirements for a good control environment.
4.4.1 Management control

Management should:
be control conscious and respect internal controls
institute a proper organisational structure
institute a code of conduct
set budgets and apply budgetary control
institute an internal audit function
institute an audit committee
ensure that the rest of the principles mentioned below are complied with.
4.4.2 Supervision
Supervision entails the:
authorisation of all transactions according to the general or specific authorisation of
management
supervision of day-to-day transactions by senior responsible persons
review of all work done by an independent person.
4.4.3 Segregation of duties
Such segregation involves segregation between:
the functions of the:
initiation of transactions
authorisation of transactions
recording of transactions
safeguarding of assets
reviewing of transactions/control over assets (e.g. the comparison of recorded
assets with the physical assets)
departments/sections and individuals.
The principle is that one individual should not be responsible for carrying out and
recording a complete transaction. Proper segregation of duties will limit the risk of
fraud and error and will increase the level of revision.
4.4.4 Physical safeguarding
Physical safeguarding comprises control over:

the safe custody of assets (against theft, elements, etc.)
access to assets to authorised persons only
stationery (see stationery control).
4.4.5 Personnel
Requirements which are applicable to the personnel:
competence, qualification, suitability, integrity (employment policy)
regular leave
rotation of duties (as far as practically possible)
the immediate dismissal of dishonest personnel.
4.4.6 Description of duties
The following should be put in writing:
the responsibilities of employees and their limits of authority
clear instructions/policy with regard to the transfer of duties in the absence of
personnel.
4.4.7 Document design
Documents should be:
simple and easy to understand
sequentially numbered.
4.4.8 Stationery control
Control over stationery includes:
the use of a stationery register (which should be signed when stationery is received
or issued)
the safeguarding and secure storage of stationery
numerically pre-numbering stationery
cancelling supporting documentation after it has been authorised (with a signature or
stamp).
4.4.9 Comparisons, reconciliations and control accounts
Issues surrounding these include:
maintaining control accounts for important general ledger accounts (e.g. debtors,
creditors, inventories)
reconciliations of general ledger accounts (balancing between supporting ledgers
and general ledgers)
A regular comparison between recorded and existing assets (e.g. cash counts and
stock counts)
the use of “clearing accounts” and regular the investigation of balances thereon.
4.4.10 Insurance
It is imperative that adequate insurance cover against theft and damage is in place.
5 Substantive/verification procedures
5.1 Assertions of the financial statements

Assertions are the representations of management embodied in the financial statements
they control.
Assertions about classes of transaction and events for the period under audit:
Occurrence: Transactions and events that have been recorded have occurred
and pertain to the entity.
Completeness: All transactions and events that should have been recorded have
been recorded.
Accuracy: Amounts and other data relating to recorded transactions and events
have been recorded appropriately.
Cut-off: Transactions and events have been recorded in the correct accounting
period.
Classification: Transactions and events have been recorded in the proper
accounts.
Assertions about account balances at the period end:
Existence: Assets, liabilities, and equity interests exist.
Rights and obligations: The entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
Completeness: All assets, liabilities and equity interests that should have been
recorded have been recorded.

Valuation and allocation: Assets, liabilities, and equity interests are included
in the financial statements at appropriate amounts, and any resulting valuation or
allocation adjustments are appropriately recorded.
Assertions about presentation and disclosure:
Occurrence and rights and obligations: Disclosed events, transactions, and
other matters have occurred and pertain to the entity.
Completeness: All disclosures that should have been included in the financial
statements have been included.
Classification and understandability: Financial information is appropriately
presented and described, and disclosures are clearly expressed.
Accuracy and valuation: Financial and other information is disclosed fairly
and at appropriate amounts.
5.2 Direction of testing

This comprises the designing and performance of audit procedures to concentrate on the
risk areas.
Overstatement: This comprises the testing of the recorded amounts against the
supporting documentation. Therefore the direction of testing is from the recorded
amounts to the source documentation.
The main assertion addressed through overstatement tests are:

occurrence (validity) (transactions)
existence and rights and obligations (assets and liabilities)
accuracy and valuation.
Understatement: These are procedures performed to test whether all the
transactions or assets and liabilities are recorded. The direction of testing is from
the source documentation to the recorded amounts.

The main assertions addressed are:
completeness
accuracy and valuation.
6 Examples of substantive procedures

Below is a table with examples of substantive procedures for sales, purchases and
accounts receivable per assertion. This is neither an exhaustive list nor a list of
compulsory procedures. An auditor must apply his judgement in deciding how many and
which of these procedures to do. If the audit risk is still high (as a result of no controls
or they were not tested), the auditor may have to perform all of these procedures and
some others in order to decrease detection risk. However, if the audit risk is low (as a
result of good controls), the auditor will perform fewer of these procedures.
Accounts
Sales Purchases
receivable
Select a sample of
Select a sample of goods received notes Select a sample of
invoices and trace (GRNs) and trace credit sales and
them to the sales them to the invoices trace them through to
Completeness
journal to ensure that from suppliers and the debtors’ ledger to
they were all the purchases journal ensure that they were
recorded. to ensure they were all recorded.
all recorded.
Obtain the list of
numerical invoices Agree the purchases
Trace the totals per
recorded and inspect amount per the
the debtors’ ledger
for missing numbers. purchases journal to
through to the
Obtain valid reasons the purchases amount
general ledger.
for any missing per general ledger.
invoice numbers.
Select a sample of
purchase
transactions from the
purchases journal
Select a sample of and trace them
sales recorded in the through to the
sales ledger and purchase invoices to
trace them through to ensure that purchases
the sales invoices. are valid. Not applicable for
Occurrence
an account balance.
Agree the total sales Match the purchase
per general ledger invoices with the
with the totals per GRN, delivery note
sales journal. from the supplier
and the purchase
order. Ensure that the
prices, quantities
and totals agree.
Trace the credit sale
Select a sample of
recorded in the
Select a sample of purchase invoices
debtors to the sales
invoices and and cast the totals on
invoice.
recalculate the split them.
between VAT and the The remainder of the
Recalculate the
sales amount. procedures for
amounts and totals
accuracy would have
Cast the invoices to on the invoice and
been done for the
Accuracy ensure that they are ensure the split for
sales.
totalled correctly. VAT was done
correctly. Select a sample of
Trace the entries
debtors from the
from the sales Agree the purchases
debtors listing and
journal to the general per the general
agree their
journal to ensure that ledger with the
individual balances
amounts correspond. purchases per the
to the debtors’
trial balance.
ledger.
Agree the sales per
the general ledger
with the sales per the
trial balance and the
financial statements.
Select a few
invoices from before
year-end and a few
invoices from after Select a sample of
year-end. Trace outstanding debts
these to the sales Select a sample of before and after
journal and ensure GRNs before and year-end and trace
that they were after year-end and them to the sales
recorded in the trace them through to invoices and
Cut-off
correct period. the purchases delivery notes.
Select delivery notes journal. Ensure that Inspect the date on
from before and after they were recorded the delivery notes to
year-end and trace in the correct period. ensure that the debt
them to the invoice was recorded in the
and sales journal to correct period.
ensure that the sale
was recorded as per
the date of delivery.
Inspect the financial
Inspect the financial Inspect the financial
statements to ensure
statements to ensure statements to ensure
that the purchases
that the sales have that the debtors have
have been
been appropriately been appropriately
Classification appropriately
classified and classified and
classified and
disclosed in disclosed in
disclosed in
accordance with accordance with
accordance with
IFRS. IFRS.
IFRS.
Select a sample of
debtors from the
ledger and inspect
for subsequent
Not applicable to a Not applicable to a payments of debts
Existence
class of transaction. class of transaction. after year-end.
Trace the payments
to the cashbook.
Perform a debtors’
circularisation.
Rights and Not applicable to a Not applicable to a Perform a debtors’
obligations class of transaction. class of transaction. circularisation
Obtain the debtors’
age analysis.
Select long-
outstanding debtors
from the list and
inspect for any
subsequent
payments.
Also enquire from
Not applicable to a Not applicable to a management whether
Valuation
class of transaction. class of transaction. any action has been
taken regarding these
debtors.
Inspect any
correspondence from
attorneys indicating
any legal action
being taken.
Consider the effect
on the provision for
doubtful debts.
7 Questions

You are the newly appointed internal auditor of Tile O' Mania Ltd, a company that
manufactures tiles and other ceramic products.
The board of directors of Tile O' Mania Ltd is very conscious of the importance of
controls, and committed to strong internal controls. This attitude ultimately manifested
in the establishment of the internal audit function and your appointment.
You presented your internal audit plan to the audit committee for their approval and
immediately thereafter started with your systems testing. The accounting system is fully
integrated and computerised.
The first system you selected for testing was the purchases and payment cycle of
materials. Your findings may be summarised as follows:
Ordering of materials
Inventory records are kept.
When a specific inventory item reaches re-order level, the system automatically
generates an order equal to the ‘standard’ order level for the specific item.
If the inventory level were to drop even further and reach ‘critical’ order levels, an
order equal to double the ‘standard’ order quantity is generated by the system.
The system uses the invoice price of the last goods received of the relevant item as
the cost price for the order.
Orders are made out to the creditor that supplied the last goods received.
All orders are system-authorised and stored electronically in a suspense file until
the goods have been received.
All orders are printed by the system daily and mailed to the suppliers by Ms Bazini,
the inventory clerk.
The system also generates a complete printout of all inventory items on hand daily.
This printout is filed by Ms Bazini.
Receipt and recording of materials
When ordered items are received, the storeman, Mr Adlam, prepares a goods
received note on the terminal in his office.
The system automatically matches the information on the goods received note with
the order in the suspense file.
To speed up the accounting process and to ensure that all accounting information is
up to date, an ‘internal purchases invoice’ is generated by the system if the goods
received note agrees with the information in the suspense file.
The prices on the order are used on this invoice and the invoices are then
automatically posted to the purchases journal and the creditor’s account.
The system generates a list of the invoices, as well as a creditor’s ledger, monthly.
These are sent to the credit manager, Ms Caluso.
The computer also posts the totals of the internal purchase journal to the creditors
control account in the general ledger on a monthly basis.
Issuing of raw materials
Raw materials required in the manufacturing processes are issued by Mr Adlam.
Mr Adlam issues a raw materials requisition on which the quantities, description,
code, etc., are recorded.

The inventory records are then automatically updated and a printout of inventory
issued is generated daily.
Ms Bazini reconciles the inventory records with the inventory control account in the
general ledger once a month.
Any differences are thoroughly investigated before Ms Bazini authorises any
adjustments which may be necessary to balance the inventory control account and
the inventory records.
Payments
At the end of the month the system generates the following for that month:
a payment advice and cheque for each creditor, and
a printout of all the cheques issued for the month.
These printed documents are sent to Ms Caluso.
She presents the cheques to Mr Dlamini, the accountant, for his signature.
Ms Caluso then mails the signed cheques and payment advices to the creditors.
The individual amounts of the cheques are automatically posted to the relevant
creditor’s account by the system.
Ms Caluso is also responsible for entering the cheques on the system for the
automatic updating of the cashbook.
Further procedures
Monthly statements and invoices received from creditors are filed immediately.
Ms Vusi, the creditor’s clerk, reconciles the statements and invoices from suppliers
with the amounts recorded by the system.
Because of work pressure in the creditors department, creditor’s accounts A to K
are reconciled the one month and creditors accounts L to Z the next month.
As a result of the system, small differences sometimes occur which are brought to
light by the reconciliations.
Ms Caluso authorises a journal entry to adjust for such differences between the
company’s records and those of the creditor.
Ms Vusi processes these adjustments to the creditor’s ledger.
The system prints supplementary cheques for the creditors where necessary.
After the above adjustments have been done, an adjusted list of creditors is
automatically printed and sent to Mr Dlamini.
Mr Dlamini reconciles the list with the control account in the general ledger. He is
also responsible for posting corrections to the general ledger.
YOU ARE REQUIRED TO

(a) List the weaknesses of internal and accounting controls over purchases and
payments of material. (14)
(b) List and briefly explain the criteria the external auditor would consider when
performing an assessment of the internal audit function. (4)

This question consists of THREE independent sections.
PART A 12 MARKS
Audit evidence represents the information obtained by the auditor in arriving at the
conclusions on which his audit opinion is based. The auditor should obtain audit
evidence that is sufficient and appropriate.
Audit evidence should be documented in the auditor’s working papers.
Attached is a working paper prepared by one of the bursars of your audit firm, Baker
Inc., on the work that she has performed on bank reconciliations for Red Jacket (Pty)
Ltd. Red Jacket (Pty) Ltd is one of your audit clients and you are the audit manager on
the assignment.

(a) Explain what is meant by the statement that audit evidence should be:
(i) sufficient, and
(ii) appropriate. (2)
(b) Explain how the source and nature of audit evidence influences the reliance that an
auditor can place on the evidence for audit purposes. (3)
(c) Discuss the ownership of working papers (i.e. who they belong to) and the
consequent responsibilities with regards to working papers. (2)
(d) Evaluate the above working paper in terms of the requirements of working papers
as stated in ISA 230, Documentation. (5)
PART B 13 MARKS
Gavin Finn is the engagement partner on the audit of Huckleberry (Pty) Ltd, a company
in the hospitality industry. This is the first time that his firm will be performing the audit
of Huckleberry (Pty) Ltd. His firm was appointed as the auditor at the last annual
general meeting of the company, after the previous auditor had retired.
The company has a well-established internal audit department. The previous auditor
placed a lot of reliance on the work performed by the internal audit department, and
from Gavin’s initial discussions with management it is clear that management expects
Gavin to also place reliance on the internal audit’s work in order to ensure an efficient
and cost-effective audit.

(a) List the procedures that Gavin should perform, in terms of ISA 510 Initial
Engagements: Opening Balances, regarding the opening balances. (3)
(b) Explain the difference between the internal and external audit function. (2)
(c) Discuss the aspects that Gavin needs to consider at the preliminary assessment of
the internal audit function. (8)
PART C 40 MARKS
As stated in the audit report, an audit includes, amongst others, examining, on a test
basis, evidence supporting the amounts and disclosures in the financial statements. This
implies that the auditor does not test each item within a population, but that he selects
items, either on a statistical or a non-statistical basis, to include in the sample to base
his audit procedures on.
The auditor obtains audit evidence through risk management procedures, tests of
controls and substantive procedures. Substantive procedures include detail testing of
transactions and analytical procedures. External confirmations are also an important
source of audit evidence.

(a) Explain the difference between tests of controls and substantive procedures. (4)
(b) Briefly explain the control objectives applicable to the different applications of the
accounting system. (10)
(c) Explain the different directions of testing when performing substantive procedures,
as well as the main assertions addressed in each direction. (6)
(d) Explain sampling risk. (5)
(e) Discuss how the following factors would influence the sample size for:
tests of controls:
(i) intended reliance on internal controls;
(ii) expected error, and for
substantive procedures:
(iii) estimate of the control risk
(iv) the importance of the account balance/class of transaction. (4)
Your answer should be presented in the following format:
Factor Effect on the sampling size

(i) Intended reliance on internal
controls ….
PRESENTATION (1)
(f) Discuss the stages of the audit when analytical procedures may be used, as well as
how they would be used. (8)
(g) Explain the differences between positive and negative confirmations with regard to
external confirmations. (2)

10
Final considerations, concluding and reporting
Reference Title
ISA 260 Communications with those charged with governance
ISA 560 Subsequent events
ISA 570 Going concern
ISA 580 Written representations
Forming an opinion and reporting on financial statements
ISA 700 ISA 705 Modifications to the opinion in the independent auditor’s
report
Comparative information – corresponding figures and
ISA 710
comparative financial statements
The auditor’s responsibilities relating to other information
ISA 720
in documents containing audited financial statements
SAAPS 3 Illustrative independent auditor’s reports
1 Introduction
The audit report is the means by which the auditor communicates with the members of
an organisation. The auditor expresses his audit opinion in the audit report. The
reporting phase represents the final stage of the audit process.
The auditor’s opinion should be based on the audit evidence obtained during the
performance of the audit. His final review and assessment should include a
consideration of whether
events that occurred after completion of the audit but before signing the auditor’s
report have an impact on his audit opinion
the organisation is still a going concern
the financial statements have been prepared in terms of a proper framework:
South African Statements of Generally Accepted Accounting Practice, or
International Financial Reporting Standards.
2 Subsequent events (ISA 560)
Introduction 1–3
Objectives 4
Definitions 5
Requirements
Events occurring between the date of the financial
6–9
statements and the date of the auditor’s report
Facts which become known to the auditor after the date of
the auditor’s report but before the date the financial 10–13
statements are issued
Facts which become known to the auditor after the
14–17
financial statements have been issued
The auditor has to consider the effect of subsequent events on the financial statements
and his report. Subsequent events refer to events:
after the end of the financial period but before the date of the auditor’s report
after the auditor’s report has been released to the organisation, but before the
financial statements are issued to users
after the financial statements have been issued to users.
2.1 Events after the end of the financial period but before the date of
the auditor’s report
The auditor has to perform appropriate audit procedures to ensure that all events up to
signing of the auditor’s report that have an impact on his report or the financial
statements have been identified.
Procedures to be followed by the auditor, apart from the normal cut-off testing, will
include:
obtaining an understanding of, and reviewing management’s procedures to identify
subsequent events and enquiring from management and those charged with
governance as to whether any subsequent events have occurred which might impact
reading minutes of the meetings of shareholders, the board of directors, and audit
and executive committees held after the financial year-end and inquiring about
matters discussed at any such meetings for which minutes are not yet available
reading other documents containing financial information (e.g. the organisation’s
latest interim financial statements and other related management reports)
asking the organisation’s lawyers about litigation and claims (with the client’s
permission)
consideration of relevant information that came to the auditor’s attention from
sources outside the organisation.
Where the auditor identifies events after the end of the financial period but before the
date of the auditor’s report that require adjustment of, or disclosure in, the financial
statements, the auditor must determine whether such events have been appropriately
reflected in the financial statements.
2.2 Events after the date of the auditor’s report but before the financial
statements are issued to users
After signing and issuing the audit report, the auditor does not have an obligation to
perform procedures to identify subsequent events. It is management’s responsibility to
inform the auditor of any such events.
However, if the auditor becomes aware of a subsequent event that, had it been known
to the auditor at the date of the auditor’s report, may have caused the auditor to amend
the auditor’s report, the auditor should:
consider whether the financial statements should be amended
discuss the matter with management and those charged with governance
enquire how management intends to address the matter in the financial statements
perform additional procedures to review the amendments made by management and
issue a new audit report.
If management does not amend the financial statements in circumstances where the
auditor is of the opinion that they need to be amended, and the auditor has not yet
provided the auditor’s report to the entity, he should modify his report to express a
qualified or adverse opinion.
Where the auditors’ report has already been provided to the entity, the auditor should
notify management and those charged with governance not to issue the financial
statements to third parties before the necessary amendments have been made. If the
financial statements are issued before the amendments, the auditor should take
appropriate action to seek to prevent reliance on the auditor’s report.
2.3 Events after the financial statements have been issued to users
After the financial statements have been issued, the auditor has no obligation to perform
any audit procedures relating to those financial statements. However, if, after the
financial statements have been issued to users, the auditor becomes aware of a fact that
existed at the date of the auditor’s report which would have influenced his opinion, he
should consider whether the financial statements should be adjusted and discuss the
matter with management.
If management amends the financial statements, the auditor should:
review the steps taken by management to inform everyone in receipt of the
previously issued financial statements of the situation
perform additional procedures to review the amendments made by management and
issue a new report.
If management does not inform those who received the previously issued financial
statements of the situation and does not amend the financial statements, the auditor
should inform management and those charged with governance that he will seek to
prevent reliance on the auditor’s report and take the necessary actions to prevent
reliance on the auditor’s report.

If the auditor issues a new auditor’s report because of a subsequent event, the new
auditor’s report should contain an “emphasis of matter” or “other matter” paragraph,
referring to a note to the financial statements that details the reason for the amended
The new audit report should not be signed or dated prior to the signing of the adjusted
3 Going concern (ISA 570)
Introduction 1–8
Objectives 9
Requirements
Evaluating management’s assessment 12–14
Period beyond management’s assessment 15
Additional audit procedures when events or conditions are
16
identified
Audit conclusions and reporting 17
Use of going concern assumption appropriate but material
18–20
uncertainty exists
Use of going concern assumption inappropriate 21
Management unwilling to make or extend its assessment 22
Communication with those charged with governance 23
Significant delay in the approval of financial statements 24
3.1 Definition
The going concern assumption refers to an organisation’s ability to continue in business
for the foreseeable future, with neither the intention nor the necessity to liquidate, cease
trading or seek protection from creditors. The assets and liabilities of an organisation
that is a going concern will be recorded on the basis that the organisation will be able to
realise its assets and discharge its liabilities in the normal course of business.
The going concern assumption is a fundamental principle in the preparation of
financial statements. It is management’s responsibility to consider the appropriateness
of a going concern assumption in the preparation of the financial statements.
3.2 The auditor’s responsibility

The auditor has to consider whether the use of the going concern concept by
management in the preparation of the financial statements is appropriate, and conclude
whether there is a material uncertainty about the entity’s ability to continue as a going
concern.
Throughout the planning and execution of the audit, the auditor has to be sensitive to
indications that the organisation might be experiencing going concern problems. If the
auditor identifies any events that raise significant doubt as to the organisation’s going
concern status, the auditor should:
review management’s plans for the future based on its going concern assessment
gather sufficient audit evidence to confirm or dispel whether or not a material
uncertainty exists
obtain written representation from management regarding its plans for future action.
The auditor should further perform procedures to verify management’s future plans. He
should be convinced that the future plans are feasible and that they will improve the
organisation’s going concern position. The auditor should:
review cash flow, profit and other relevant forecasts
analyse and discuss the latest available interim financial statements
review the terms of debentures and loan agreements and consider whether there
have been any breaches in the contracts
read minutes of meetings of shareholders, those charged with governance and
relevant committees for reference to financing difficulties
enquire of the organisation’s lawyer regarding the existence of litigation and claims
and the reasonableness of managements’ assessments of their outcome and the
estimate of their financial implications
confirm the existence, legality and enforceability of arrangements with related and
third parties to provide or maintain financial support and assess whether such
parties are able to provide the additional funds
consider the organisation’s plans to deal with unfilled customer orders
review subsequent events to identify those that affect the organisation’s ability to
continue as a going concern
confirm the existence, terms and adequacy of borrowing facilities
obtain and review reports of regulatory actions
determine the adequacy of support for any planned disposals of assets.
If the auditor is of the opinion that a material uncertainty regarding an organisation’s
going-concern position exists, but that it is still appropriate to prepare the financial
statements based on a going-concern assumption, the auditor should consider whether
the financial statements:
clearly state the fact that a material uncertainty exists
sufficiently describe the events or conditions that contribute to the material
uncertainty and management’s plans to deal with these events or conditions.
A material uncertainty exists if the potential impact of events or conditions are of such
magnitude that the auditor is of the opinion that clear disclosure of the nature and
implications of the uncertainty is necessary for the presentation of the financial
statements not to be misleading.

If adequate disclosure of the material uncertainty is made, the auditor should issue
an unqualified report, but reference should be made to the material uncertainty in an
emphasis of matter paragraph. Such paragraph should also draw attention to the note
in the financial statements that discloses the events or conditions that cast significant
doubt.
If however, the auditor is of the opinion that sufficient disclosure of the material
uncertainty was not made, he should qualify his opinion or express an adverse
opinion.
If the financial statements are prepared on the going-concern basis, but the auditor
disagrees with the assumption, he should issue an adverse audit opinion.
If the auditor cannot perform sufficient procedures to verify the appropriateness of
the going-concern assumption, it could represent a limitation in scope or material
disagreement with management, requiring a disclaimer of opinion by the auditor.
4 Written representations (ISA 580)
Introduction 1–5
Objectives 6
Definitions 7–8
Requirements
Management from whom written representations requested 9
Written representations about management’s
responsibilities
Other written representations 13
Date of and period(s) covered by written representations 14
Form of written representations 15
Doubts as to the reliability of written representations and
16–20
requested written representations not provided
Appendix I: List of ISAs containing requirements for written
representations
Appendix II: Illustrative representation letter
Before completion of the audit the auditor has to obtain written representations from
management and, where appropriate, from those charged with governance on their
responsibilities and on matters material to the financial statements.
4.1 Management’s responsibilities

Management is responsible for the financial statements of an organisation. They should:
ensure fair presentation in the financial statements in accordance with the relevant
financial reporting framework
approve the financial statements.
4.2 Material matters

The auditor needs to substantiate written representations by management (management
representations) regarding matters material to the financial statements through:
obtaining corroborative audit evidence from other sources
evaluating the reasonableness of the representation and consistency with other audit
evidence obtained
evaluating whether the person making the representations is fully informed on the
matter.
In some cases the only available audit evidence would be a representation by
management. However, management representations cannot be a substitute in cases
where the auditor should reasonably be expected to obtain other more corroborative
evidence.
Management representations must be in the form of a letter addressed to the auditor.
Management representations must be in the form of a letter addressed to the auditor.
4.3 Basic elements of a management representation letter

A management representation letter should:
be addressed to the auditor
contain specific information
be appropriately dated
as near as practicable to, but not after, the auditor’s report
signed by management primarily responsible for the organisation and its financial
affairs.
Refusal by management to provide representation will result in the auditor expressing a
disclaimer of opinion due to scope limitation.
5 The auditor’s report on financial statements (ISA 700,

SAAPS 3)
Introduction 1–5
Objectives 6
Definitions 7–9
Requirements
Forming an opinion on the financial statements 10–15
Form of opinion 16–19
Auditor’s report 20–45
Supplementary information presented with the financial 46–47
statements
Appendix: Illustrations of auditors’ reports on financial
statements
5.1 Basic elements of the auditor’s report

title
addressee
introductory paragraph
management’s responsibility for the financial statements
auditor’s responsibility
auditor’s opinion
other reporting responsibilities
auditor’s signature
date of the auditor’s report
auditor’s address.
5.1.1 Title
The auditor’s report normally distinguishes itself from other reports included in the
financial statements by including the words “Independent Auditor”.
5.1.2 Addressee
An ordinary audit report would normally be addressed to the members of the
organisation. The nature of the engagement will determine the addressee.
5.1.3 Introductory paragraph
The entity whose financial statements have been audited needs to be identified. The
following should also be included in the introductory paragraph:
A statement that the financial statements have been audited.
The title of each statement that comprises the financial statements.
A reference to the summary of significant accounting policies and other explanatory
information.
The specific date or period covered by each financial statement comprising the
5.1.4 Management’s responsibility for the financial statements
The auditor’s report should state that the financial statements are the responsibility of
the organisation’s management. There should be a description of management’s
responsibility for the preparation of the financial statements.
The auditor’s report should state that that the auditor is responsible for expressing an
opinion on the financial statements based on the results of the audit. The nature of the
audit should also be described, which includes:
Stating that the audit has been conducted in accordance with the ISAs.
Details of the work performed by the auditor. The audit should be described by
stating the following:
An audit involves performing procedures to obtain audit evidence about the
amounts and disclosures in the financial statements.
The procedures selected depend on the auditor’s judgement, including
assessment of risks of material misstatement of financial statements, whether
due to fraud or error.
The auditor considers internal controls when making those risk assessments, but
not for the purpose of expressing an opinion on the effectiveness of those
internal controls.
An audit also includes evaluating the appropriateness of the accounting polices
used, the reasonableness of accounting estimates made by management, as well
as the overall presentation of the financial statements.
The auditor’s report should also state that the auditor believes that the audit
evidence obtained is sufficient and appropriate to provide a basis for the auditor’s
opinion.
5.1.6 Auditor’s opinion
The financial reporting framework used to prepare the financial statements should be
clearly indicated in the opinion paragraph. The auditor should further state that the
present fairly, in all material respects:
the financial position of the organisation
the financial performance and cash flows of the organisation in accordance with
the applicable financial reporting framework
comply with statutory requirements, if applicable.
5.1.7 Auditor’s signature
The audit report has to be signed either on behalf of the audit firm or by the auditor
personally, depending on the situation.
The audit report has to be dated to reflect the completion date of the audit, and not a
date earlier than when the financial statements were signed or approved by management.
5.1.9 Auditor’s address
The location of the office responsible for the client needs to be included.
5.2 The auditor’s opinion (ISA 700, ISA 705, ISA 706)
5.2.1 Unqualified opinion
An unqualified opinion will be expressed by the auditor if he concludes that the
financial statements are presented fairly:
in all material matters
in terms of the financial reporting framework
in compliance with relevant statutory requirements (where appropriate).
5.2.2 Modified reports
Information is classified as material if the omission or misstatement of the information
in the financial statements would influence the decision making of a reasonable user of
the financial statements. If a matter is seen to be material relative to the financial
statements it could change the auditor’s opinion.
(a) Matters that do not affect the auditor’s opinion
If the auditor does not want to change his opinion but would like to highlight a matter
that is relevant to users’ understanding of the financial statements, auditor’s report or
auditor’s responsibilities, he would include an “emphasis of matter” or “other matter”
paragraph to his opinion. Examples would include:
material matters affecting the financial statements and which are included in a note
to the financial statements
additional statutory reporting responsibilities
going-concern problems.
The emphasis of matter or other matter paragraph needs to be appropriately headed.
An emphasis of matter paragraph refers to a matter that is appropriately disclosed
in the financial statements that is of such importance that it is fundamental to users’
understanding of the financial statements.
An other matter paragraph refers to a matter that is not disclosed in the financial
statements, but is still relevant to the users’ understating of the audit, the auditor’s
statements, but is still relevant to the users’ understating of the audit, the auditor’s
responsibilities or the auditor’s report.
(b) Matters that do affect the auditor’s opinion
The auditor will modify his opinion if there is a:
limitation in the scope of his work and as a result he is unable to obtain sufficient
appropriate audit evidence to conclude that the financial statements as a whole are
free from misstatement, or
disagreement with management regarding the financial statements, such that the
auditor concludes that, based on the audit evidence obtained, the financial
statements as whole are not free from material misstatement.
In these circumstances the auditor will issue:
a qualified opinion
a disclaimer of opinion, or
an adverse opinion.
Limitation on scope
These circumstances could lead to:
a qualified opinion or
a disclaimer of opinion.
A limitation on the auditor’s scope of work at the beginning phase of the audit would
normally result in the auditor not accepting the assignment.
Sometimes a scope limitation may result from certain circumstances. This would
cause the auditor to decide whether the effects are both material and pervasive, in
which case he would express a disclaimer of opinion. If the matter is material but not
pervasive, the auditor would qualify his opinion.
Full disclosure should be made in the auditor’s report regarding the limitation.
Disagreement with management

The auditor might disagree with management regarding:
accounting policies selected
application of accounting policies, or
the adequacy of disclosure in the financial statements.
a qualified opinion, or
an adverse opinion.
If a matter is material and pervasive, the auditor would express an adverse opinion. If
the matter is material but not pervasive, he would issue a qualified opinion.
Full disclosure regarding the disagreement should be made in the auditor’s report.
5.3 Examples of auditor’s reports

5.3.1 Unqualified report
INDEPENDENT AUDITOR’S REPORT

To the members of .............
We have audited the accompanying financial statements of ..........................................,
which comprise the statement of financial position as at 31 December 20X1, and the
statement of comprehensive income, statement of changes in equity and statement of
cash flows for the year then ended, and a summary of significant accounting policies
and other explanatory information.
Management’s responsibility for the financial statements
Management is responsible for the preparation and fair presentation of these financial
statements in accordance with International Financial Reporting Standards, and for
such internal control as management determines is necessary to enable the preparation
of financial statements that are free from material misstatement, whether due to fraud
or error.
Auditor’s responsibility
Our responsibility is to express an opinion on these financial statements based on our
audit. We conducted our audit in accordance with International Standards on Auditing.
Those standards require that we comply with ethical requirements and plan and
perform the audit to obtain reasonable assurance about whether the financial
statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts
and disclosures in the financial statements. The procedures selected depend on the
auditor’s judgment, including the assessment of the risks of material misstatement of
the financial statements, whether due to fraud or error. In making those risk
assessments, the auditor considers internal control relevant to the entity’s preparation
and fair presentation of the financial statements in order to design audit procedures
that are appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of the entity’s internal control. An audit also includes
evaluating the appropriateness of the accounting policies used and the reasonableness
of accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our audit opinion.
Opinion
In our opinion, the financial statements present fairly, in all material respects, the
financial position of as at 31 December 20X1, and its financial performance and its
cash flows for the year then ended in accordance with International Financial
Reporting Standards, and in the manner required by the Companies Act of South
Africa.
Name
Signature
Registered Auditors
Chartered Accountants (SA)
Date Address
5.3.2 Emphasis of matter

or error.

Opinion
In our opinion, the financial statements present fairly, in all material respects, the
financial position of as at 31 December 20X1, and its financial performance and its
cash flows for the year then ended in accordance with International Financial
Reporting Standards, and in the manner required by the Companies Act of South
Africa.
Emphasis of matter
Without qualifying our opinion above, we draw attention to Note X to the annual
financial statements which indicate that the previously issued financial statements for
the year ended 31 December 20X0, on which we issued an auditor’s report dated
XXX, have been revised and reissued. As explained in Note x, this is to reflect the
effects of the correction of the accounting treatment of deferred tax.
Name
Signature
Registered Auditors
Date Address
5.3.3 Qualified report

or error.
Basis for qualified opinion
The company has excluded from property, plant and equipment and liabilities in the
accompanying statement of financial position certain lease obligations that should be
capitalised in order to conform with International Financial Reporting Standards, IAS
would be increased by Rxxx, long-term liabilities would be increased by Rxxx, the
current portion of long-term liabilities would be increased by Rxxx as at 31
December 20X1. Additionally, net profits would be increased by Rxxx for the year
then ended.
Qualified opinion
In our opinion, except for the effects of the matter described in the Basis for qualified
opinion paragraph, the financial statements present fairly, in all material respects, the
financial position of ............................................... as at 31 December 20X1, and its
financial performance and its cash flows for the year then ended in accordance with
International Financial Reporting Standards, and in the manner required by the
Companies Act of South Africa.
Name
Signature
Registered Auditors
Date
Address
5.3.4 Adverse report

or error.
Basis for adverse opinion
The company incurred a net loss for the year ended 31 December 20X1 of Rxxx and,
as that date its total liabilities exceeded its total assets by R xxx. Subsequent to year-
end, the company has ceased trading and is in the process of realising its assets and
settling its liabilities. No arrangement has been made to settle the remaining liabilities
of the company in the event that the proceeds of realised assets are insufficient to
meet all liabilities. The financial statements are prepared on the going concern basis
which, in our judgment, is inappropriate in the circumstances.
Adverse opinion
In our opinion, because of the significance of the matter discussed in the Basis for
adverse opinion paragraph, the financial statements do not present fairly the financial
position of............................................... as at 31 December 20X1, and its financial
performance and its cash flows for the year then ended in accordance with
International Financial Reporting Standards, and in the manner required by the
Companies Act of South Africa.
Name
Signature
Registered Auditors

Address
5.3.5 Disclaimer report

or error.
Because of the matters described in the Basis for disclaimer of opinion paragraph,
however, we were not able to obtain sufficient appropriate audit evidence to provide
a basis for an audit opinion.
Basis for disclaimer of opinion
We were unable to obtain the representations considered necessary from management
with respect to the carrying amount of inventory. We could not determine the effect on
the disclosures contained in the financial statements.
Disclaimer of opinion
Because of the significance of the matter described in the Basis for disclaimer of
opinion paragraph, we have not been able to obtain sufficient appropriate audit
evidence to provide a basis for an audit opinion. Accordingly we do not express an
opinion on the financial statements.
Name
Signature
Registered Auditors

Registered Auditors
Date
Address
6 Comparatives (ISA 710)

Comparatives relate either to:
comparative financial statements
comparative information, or
corresponding figures.
The auditor should review the comparatives to determine whether they comply in all
material respects with the financial reporting framework applicable to the current
6.1 Comparative financial statements

Comparative financial statements refer to amounts and other disclosures of the previous
financial period which for comparison purposes are included in the current financial
statements.
6.2 Comparative information

Comparative information refers to amounts and disclosures of one or more previous
periods which are included in the current financial statements in accordance with the
applicable reporting framework.
6.3 Corresponding figures

Corresponding figures refer to amounts and other disclosures of the previous financial
period included as part of the current financial statements, the purpose being that they be
read in relation to the current period figures.
7 Other information in documents containing audited

financial statements (ISA 720)

the chairman’s or directors’ report
financial summaries
planned capital expenditure
financial ratios
information regarding the directors and officers.
The auditor should examine the other information included in the annual report to ensure
that no material inconsistencies with the audited financial statements exist.
If other information contained in the annual report contradicts the audited financial
statements, it results in a material inconsistency, which would raise doubt about the
basis of the auditor’s opinion.
8 Communications of audit matters with those charged

with governance (ISA 260)
The directors of a company are responsible for implementing a corporate governance
framework in the company. The auditor has to report to the directors any matters that are
important and relevant to the governance of the organisation and to their responsibility
to oversee the financial reporting process that have come to his attention through his
audit work.
9 Other types of reports

Apart from the normal statutory audit report, the auditor can be requested by a client to
report on specific matters. Examples of other reports include those pertaining to the
following:
assurance engagements other than audits or reviews (ISAE 3000)
engagements to review financial statements (ISRE 2400)
engagements to perform agreed-upon procedures regarding financial information
(ISRS 4400)
engagements to compile financial statements (ISRS 4410).
10 Questions
10 Questions

You are the senior partner of NoCharge Inc., a medium audit firm based in Paarl. You
are also the engagement partner for the audit of Purl Valli Golf Estate and Spa. The
fieldwork for the audit for the year ended 30 September 20X9 has been completed and
no material misstatements have been identified. All audit differences that existed at year
end have been satisfactorily resolved.
The only outstanding matters with regards to the audit, before the audit report can be
issued, are the procedures relating to subsequent events and going concern. Once these
procedures have been performed, the audit report can be issued, as management has
almost completed the financial statements as well.

(a) State the auditor’s responsibility with regards to subsequent events. (2)
(b) List the procedures that the auditor should perform with regards to subsequent
events found after the end of the financial period, but before signing the audit
report. (4)
(c) Define the going concern concept. (2)
(d) Explain the effect on the auditor’s report if the auditor is of the opinion that a
material uncertainty regarding an organisation’s going concern position exists. (3)
(e) Prepare the audit report to the members of Purl Valli Golf Estate and Spa, based on
the assumption that no subsequent events that impacted the audit opinion or
financial statements existed, and that it is appropriate to prepare the financial
statements on a going concern basis. (15)

You are a partner at the auditing firm Y&O and are responsible for the audit of Star
Projects (Pty) Limited, a construction company that builds office buildings. You are in
the final phase of the audit for the year ending 30 September 20X9.
The following factors were identified that cast doubts about the ability of Star
Projects (Pty) Limited to continue as a going concern:
Various adverse financial ratios, including the debt to equity and liquidity ratios.
No dividends have been paid in the past two financial years.
(a) Discuss the auditor’s responsibility regarding the going concern assumption. (4)
(b) List the audit procedures that would be performed if events or conditions, that cast
doubt about the ability of Star Projects (Pty) Limited to continue as a going
concern, are identified. (4)
(c) Discuss the effect on the auditor’s report if you determine that there is a material
uncertainty about the going concern assumption. (2)
QUESTION 10.3
Discuss the effect that each of the situations below would have on your audit opinion:
Part A
You are busy with the audit of your client. As part of your audit procedures, you have
requested that the directors give you written representation regarding certain material
matters. The directors have refused to do this as they say it may expose them to
litigation at a later stage if any of the written submissions are discovered to have been
made in error.
(4)
Part B
During your audit of Trendy Clothing (Pty) Ltd, you encounter difficulty in verifying the
accounts receivable balance. The balance is significant in the financial statements;
however, you are of the opinion that you have obtained sufficient appropriate audit
evidence about the rest of the financial statements.
(3)

11
Responsibilities of an auditor
Reference Title
The overall objective of the independent auditor and the conduct of
ISA 200
an audit in accordance with the International Standards on Auditing
ISA 210 Agreeing the terms of audit engagements
ISA 230 Audit documentation
The auditor’s responsibilities relating to fraud in an audit of
ISA 240
Consideration of laws and regulations in an audit of financial
ISA 250
statements
ISA 260 Communication with those charged with governance
1 Introduction
An auditor has certain responsibilities towards his clients, his practice and the
accounting and auditing professions. This chapter looks at some of the responsibilities
of an auditor according to the International Standards of Auditing. Apart from the
responsibilities discussed here, the auditor also incurs responsibilities from the
Auditing Profession Act, the Companies Act and other legislation and regulations.
A number of the ISAs referred to above were previously covered in the textbook. The
focus of the chapter will be on the ISAs not yet addressed.

ISA Chapter(s)
ISA 200 8
ISA 210 7
ISA 220 5&7
ISA 230 9
2 Fraud and error (ISA 240)
Introduction 1
Characteristics of fraud 2–3
Responsibility of the prevention and detection of fraud 4–8
Professional scepticism 12–14
Discussion among the engagement team 15
Identification and assessment of the risks of material 25–27
misstatement due to fraud
Responses to the assessed risks of material misstatement due to 28–33
fraud
Evaluation of audit evidence 34–37
Auditor unable to continue engagement 38
Written representations 39
Communications to management and with those charged with 40–42
governance
Communications to regulatory and enforcement authorities 43
Appendix 1: Examples of fraud risk factors
Appendix 2: Examples of possible audit procedures to
address the assessed risk of material
misstatement due to fraud

Appendix 3: Examples of circumstances that indicate the
possibility of fraud
2.1 Introduction
The auditor has a responsibility during the audit of financial statements to consider the
risk of material misstatements in financial statements due to fraud as well as maintain
professional scepticism during the audit.
A number of recent corporate scandals highlighted the reality of the risk of fraud and
error in organisations. Big international corporations failed subsequent to incidents of
fraud and error in their operations (e.g. Enron, World-Com and Leisurenet). Locally,
organisations such as Fidentia saw huge losses to debtors and shareholders as a result
of alleged management fraud and recklessness.
Good governance principles demand that an organisation’s board of directors, or
equivalent oversight body, ensures overall high ethical behaviour in the organisation,
regardless of its status as public, private, government, or not-for-profit, its relative size,
or its industry.
In addition to the board, personnel at all levels of the organisation – including every
level of management, staff, and internal auditors, as well as the organisation’s external
auditors – have responsibility for dealing with fraud risk. Particularly, they are expected
to explain:
how the organisation is responding to heightened regulations, as well as public and
stakeholder scrutiny
what form of fraud risk management program the organisation has in place
how it identifies fraud risks
what it is doing to better prevent fraud, or at least detect it sooner, and
what process is in place to investigate fraud and take corrective action.
2.2 Characteristics of fraud

Misstatements in the financial statements can be as a result of error or fraud. The
distinguishing feature between an error and fraud is the intention with which the act is
committed.
Error: An unintentional misstatement including omission of an amount or a
disclosure.
Fraud: An intentional act to deceive another party, which results in gain for the
deceiver and loss for the deceived.
Management fraud refers to fraud committed by management or the people
responsible for governing an organisation.
Employee fraud refers to fraud committed by employees.
Fraud can be committed by people inside an organisation or through collaboration with
third parties outside the organisation (e.g. suppliers, customers, etc.).
Fraudulent misstatements in the financial statements can be the result of fraudulent
financial reporting or misappropriation of assets.
Fraudulent financial reporting: This comprises the following:
Intentional omissions of amounts or disclosures in the financial statements with
the aim to deceive the users of the financial statements. Examples of how this
could be accomplished are:
– manipulation, falsification or alteration of accounting records or the
supporting documents used to prepare the financial statements
– misrepresentation in (or intentional omission of) events, transactions or other
important information of the financial statements
– intentional misapplication of accounting practices.
Overriding of controls by management. Techniques typically used by
management when overriding controls include:
– recording fictitious journal entries to manipulate operating results or achieve
other objectives
– adjusting assumptions inappropriately and changing judgments used to
estimate balances
– omitting, advancing or delaying the recognition of events and transactions in
the financial statements of the period that it relates to
– concealing or not disclosing facts that could affect the amounts recorded in
– engaging in complex transactions that are structured to misrepresent the
financial position or performance of the organisation
– altering records and terms related to significant and unusual transactions.
Managing earnings by management. The risk of management managing earnings
is increased when there is pressure on them to reach unrealistic targets. This
could lead to management’s misstating financial statements in order to deceive
the users of the financial statements by influencing their perceptions as to the
organisation’s profitability and performance.
Misappropriation of assets: This comprises the following:
Theft of an organisation’s assets, which can be perpetrated by employees
(usually in small, immaterial amounts) or by management. Typical examples of
misappropriation of assets include:
– embezzling receipts
– stealing physical assets or intellectual property
– paying for goods and services not received
– using an organisation’s assets for personal use.
Misappropriation of assets usually involves false or misleading records or
documents to conceal the theft or misuse of the assets.
There are three dimensions to fraud:
The motivation to commit fraud: The perpetrator has a reason to commit the fraud
(e.g. when an individual lives beyond his means or when there is unrealistic
pressure on management to reach certain targets).
The opportunity to commit fraud: The deceiver has to be in a position to be able to
commit fraud (e.g. he has to have knowledge of the control environment and its
weaknesses).
Rationalisation of the deed: The deceiver will attempt to justify his actions.
2.3 Responsibilities of those charged with governance and of

management (ISA 260)
Management and the individuals charged with governance of the organisation are
primarily responsible for the detection and prevention of fraud. The individuals charged
with governance are individuals entrusted with the supervision, control and direction of
an organisation. These individuals include management, the board of directors, the
company secretary, etc.
To simplify matters, future references in this text to “the individuals charged with
governance” will be made by referring to the directors, as the directors are primarily
responsible for establishing a corporate governance framework within an organisation.
These are the issues for those concerned:
Management should establish:
a culture where a strong emphasis is placed on
– fraud prevention – reducing the opportunities for fraud
– fraud deterrence – persuading individuals not to commit fraud
a culture of honesty and ethical behaviour based on strong values by
– setting an ethical tone
– establishing a positive working environment
– hiring, training and promoting appropriate individuals
– securing the confirmation of employees of their responsibilities in terms of
fraud
a controlled environment and the maintenance of policies and procedures to
establish an efficient and orderly organisation.
Directors should
establish and maintain a proper internal control system that provides reasonable
assurance with regard to
– the reliability of financial reporting
– the effectiveness and efficiency of operations
– compliance with laws and regulations
reinforce management’s actions through their own actions to establish an ethical
culture.
2.4 Inherent limitations of an audit in the context of fraud

With any audit there is the unavoidable risk of not detecting material misstatements in
the financial statements of an organisation. Where fraud is concerned, that risk is higher
because of deliberate actions to conceal the fraud.
Fraud committed through changing accounting estimates is harder to prove, as it is
difficult to make a clear distinction between fraud and error.
The risk of detecting management fraud is higher than with employee fraud. It is
easier for management to manipulate accounting records directly or indirectly and to
present fraudulent financial information. Management are also in a better position to
override control procedures to prevent fraud.
Intentional misstatements in the financial statements due to falsified documentation or
collusion between management, employees, the directors of the organisation and third
parties are more difficult to detect.
2.5 Responsibilities of the auditor in detecting material misstatement

due to fraud and in maintaining an attitude of professional
scepticism
An audit that is planned and executed properly provides reasonable assurance that the
financial statements as a whole are free from material misstatements, both intentional
and unintentional.
The auditor, however, won’t be able to get absolute assurance due to:
the use of judgment
the use of testing
the inherent limitations of internal control systems
the nature of audit evidence – being persuasive rather than conclusive.
The auditor should
maintain an attitude of professional scepticism throughout the audit
consider the potential for management to override controls (irrespective of his
experiences with the client in the past)
develop audit procedures that are effective for detecting error as well as fraud, as
the procedures for detecting error are normally insufficient for the purposes as
indicated above.
Maintaining an attitude of professional scepticism requires the auditor to display a
questioning mind and to critically assess audit evidence throughout the audit process.
2.6 Discussion among the engagement team

Members of the engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatement due to fraud. The discussion group should
include:
key members from the engagement team
experienced members who can share their views.
The engagement partner has to decide what needs to be shared with other members of
the engagement team not involved in the discussions. The discussion should take place
from the planning phase of the audit throughout the actual performance of the audit. The
discussions should include consideration of the following:
the items in the entity’s financial statements susceptible to material misstatement due
to fraud
how management could perpetrate and conceal fraudulent financial reporting
how assets of the entity could be misappropriated
circumstances that might be indicative of earnings management and the practices that
might be followed by management to manage earnings
known external and internal factors affecting the organisation that may
create an incentive or pressure for management or others to commit fraud
provide the opportunity for fraud to be committed
indicate a culture or environment that enables management or others to
rationalise committing fraud
management’s involvement in overseeing employees with access to cash and other
assets susceptible to misappropriation
unusual or unexplained changes in behaviour or lifestyle of management or
employees that have come to the attention of the engagement team
the importance of maintaining a proper state of mind throughout the audit regarding
the potential for material misstatement due to fraud
types of circumstance that, if encountered, might indicate the possibility of fraud
how an element of unpredictability can be incorporated into the nature, timing and
extent of the audit procedures to be performed
the audit procedures to be selected in response to the risk of fraud
allegations of fraud that came to the auditor’s attention
the risk of management’s overriding controls.

As part of the process of obtaining an understanding of the entity and its environment (as
referred to in Chapter 8), the auditor needs to perform the following risk assessment
procedures to obtain information in order to identify the risks of material misstatements
due to fraud:
Perform inquiries and obtain an understanding regarding the procedures performed
by the directors of the organisation to oversee management’s processes for managing
fraud risks within the organisation.

Consider whether fraud risk factors exist.
Consider any unusual or unexpected relationships identified when performing
Consider other information that may assist in identifying risks of material
misstatements due to fraud.
2.7.1 Inquiries and obtaining an understanding of oversight exercised by the
directors
The auditor should make enquiries to management regarding:
management’s assessment of the risk that the financial statements are materially
misstated due to fraud
the process for identifying and responding to the risks of fraud in the entity,
including specific fraud risks identified and account balances, classes of transaction
and disclosures for which a risk of fraud is likely to exist
communication with the directors regarding the processes for identifying and
responding to the risks of fraud in the organisation
communication to the employees regarding management’s views on business
practices and ethical behaviour.
(a) Management’s assessment of the risk that the financial
statements are materially misstated due to fraud
These are the issues to consider:
Management is responsible for implementing and maintaining the organisation’s
internal control and for the preparation of the financial statements.
During this process, management needs to consider the risks of fraud in order to
develop controls to prevent and detect fraud.
The nature, extent and frequency of management’s assessment are relevant to the
auditor’s understanding of the organisation’s control environment.
In a smaller owner-managed organisation, the owner may be able to exercise more
effective oversight, but the risk of the owner-manager overriding controls is greater.
(b) The process for identifying and responding to the risks of fraud in
the entity, including specific fraud risks identified and account
balances, classes of transactions and disclosures for which a risk of
fraud is likely to exist
The auditor should:
enquire from management and others within the organisation whether there was any
actual, suspected or alleged fraud affecting the organisation
speak to employees other than management, as this should highlight instances of
management fraud
direct enquiries about the existence or suspicion of fraud to:
operating personnel not directly involved in the financial reporting process
employees with different levels of authority
employees involved in initiating, processing or recording complex or unusual
transactions and those who supervise or monitor such employees
in-house legal counsel
the chief ethics officer
the person(s) responsible for dealing with allegations of fraud.
(c) Communication with the directors regarding the processes for
identifying and responding to the risks of fraud in the organisation
These are the issues to bear in mind:
The auditor should obtain an understanding of how the directors oversee
management’s processes for identifying and managing fraud risks. This should
provide insights regarding the organisation’s susceptibility to management fraud, the
adequacy of internal control and the competence and integrity of management.
Corporate governance frameworks place the responsibility on the directors of an
organisation to oversee the systems for monitoring risk, financial control and
compliance with the law.
The auditor can obtain this understanding through attending meetings where
discussions regarding fraud take place, reading the minutes of these meetings or
through direct enquiry from the directors.
2.7.2 Consideration of fraud risk factors
Fraud is usually concealed, making it hard to detect.
When obtaining knowledge of a client, the auditor should consider whether the
information obtained indicates that one or more fraud risk factors exist. These are issues
to consider:
The need to meet expectations of third parties to obtain additional equity financing
may create pressure to commit fraud.
The granting of significant bonuses if unrealistic profit targets are met may create an
incentive to commit fraud.
An ineffective control environment gives rise to risk.
2.7.3 Consideration of unusual or unexpected relationships
Analytical procedures may assist in identifying the existence of:
unusual transactions
unusual events
amounts
ratios
trends
that might indicate risk areas.
The auditor will consider any usual or unexpected results identified when comparing
his expectations (developed through analytical procedures) with the recorded amounts
for the possibility of material misstatements due to fraud.
2.7.4 Consideration of other information
The auditor should further consider the following as potential sources of information
that could indicate fraud risk areas:
information obtained from the client acceptance and retention processes
experience gained from other engagements performed for the entity.
2.8 Identification and assessment of the risks of material misstatement

due to fraud
As part of the auditor’s risk assessment procedures he has to consider the risk of
material misstatement due to fraud at:
financial statement level
assertion level for classes of transactions, account balances and disclosures.
The auditor should use his professional judgement to relate the identified risks of fraud
to the impact it might have on the assertion level. The auditor should further consider the
magnitude of the potential misstatement, as well as the possibility of the identified
risk(s) resulting in multiple misstatements.
The auditor has to obtain an understanding of the controls designed and implemented
by management to address the risk of fraud in the organisation, as this will give the
auditor insight into management’s view on the areas in which the organisation might be
exposed to fraud risk.
Fraudulent financial reporting resulting in material misstatement often occurs in the
revenue balance. The auditor will therefore always review the revenue line for risk of
misstatement of the following sort:
overstatement of revenue through recognising revenue early or recording fictitious
revenue
understatement of revenue through shifting revenues to a later period.
2.9 Responses to the risks of material misstatement due to fraud

The auditor should perform procedures that are specifically responsive to risks that are
assessed as being significant:
overall responses to address the risk of material misstatement due to fraud at
financial statement level
audit procedures addressing risks of material misstatement due to fraud at assertion
level
audit procedures responsive to management override of controls.
The auditor’s professional scepticism might be affected in the following ways, if he
assesses that risks of material misstatement due to fraud exist:
an increased sensitivity in the selection of the nature and extent of documentation as
audit evidence of material transactions
an increased awareness of the importance to corroborate management explanations
or representation on material matters.
2.9.1 Overall responses to address the risk of material misstatement due to fraud
at financial statement level
The auditor’s overall responses to fraud risk in an assignment should include the
following:
A consideration of the personnel assigned to the engagement and supervision of the
audit team during which:
the knowledge, skills and ability of audit personnel should be taken into
consideration

he might consider using individuals with specialised skills
he should evaluate the extent of supervision, which will also reflect the his
assessment of the risk of material misstatement due to fraud.
A consideration of the accounting policies used by the organisation, during which
he:
will consider whether the accounting policies selected by management are
appropriate, or whether they may indicate a risk of material misstatement due to
fraud
should give special consideration to those accounting policies relating to
subjective measurements and complex transactions.
The incorporation of an element of unpredictability in the selection of the nature,
timing and extent of audit procedures. These are the issues to consider:
Employees of the organisation who are familiar with the audit procedures might
be more able to conceal fraudulent financial reporting.
The auditor should therefore incorporate an element of unpredictability when
selecting audit procedures to be performed.
This could be achieved by:
– selecting accounts or balances normally not tested due to their materiality or
risk
– changing the timing of audit procedures
– using different sampling methods
– performing audit procedures at different locations
– performing audit procedures unannounced.
2.9.2 Audit procedures addressing risks of material misstatement due to fraud at
assertion level
The auditor might change the nature, timing and extent of audit procedures to address the
risk of material misstatement due to fraud at assertion level:
The nature might be changed to obtain audit that is more reliant and relevant or
corroborative. The type of audit procedures to be performed could include:
physical inspection of important assets
using CAATs to gather more information from electronic files
external confirmations to confirm sales terms if the risk of revenue inflation is
high.
The timing of substantive procedures can be changed to testing earlier in the period,
throughout the period or towards the end of the period.
The extent of the procedures can be increased if a risk of material misstatement due
to fraud exists by:
increasing sampling sizes
using more detailed analytical techniques
using CAATs for more extensive testing of electronic files
examining the organisation’s inventory records to identify locations or items that
require specific attention during the physical inventory counts.
2.9.3 Audit procedures responsive to management override of controls
Management is in the unique position that they can commit fraud by overriding controls
that are actually in place to prevent and detect fraud. The auditor should therefore pay
specific attention to the risk of fraud committed by management by overriding controls:
The auditor should test the appropriateness of journal entries recorded and other
adjustments made in the financial records.
The auditor should also review the reasonableness of accounting estimates, because
they are open to biases which could result in material misstatements.
The auditor should obtain an understanding of the appropriateness of and logic
behind significant and unusual business transactions.
(a) Journal entries and other adjustments
Fraudulent reporting is often accomplished by processing unauthorised and incorrect
journal entries or by making adjustments that are not recorded in the accounting records
(e.g. by consolidating entries).
Audit procedures to be performed by the auditor to test the appropriateness of journal
entries and other adjustments should include the following:
Obtaining an understanding of the accounting process and the controls over journal
entries and other adjustments.
Evaluation of the existence and effectiveness of controls over journal entries and
other adjustments.
Enquiries from individuals involved in the accounting process regarding
inappropriate or unusual recording of journals or adjustments made.

Adjusting the timing of testing, by increasing the period of testing.
Identifying and selecting journal entries for detailed testing. The auditor should
consider the following in terms of the identification and selection of journal entries
and adjustments for testing:
the presence of fraud risk factors
controls over journal entries and other adjustments
the financial reporting process and the nature of evidence obtained
the characteristics of fraudulent journal entries or other adjustments
the nature and complexity of the accounts
non-standard journals or adjustments.
(b) Accounting estimates
When evaluating accounting estimates for biases that could result in material
misstatement due to fraud, the auditor should consider the following:
differences between the estimates (as supported by audit evidence) and the amount
included in the financial records
whether estimates made in the past by management proved to be accurate, given
subsequent results.
If the auditor has identified a possible bias by management in making accounting
estimates, the auditor should consider whether it impacts the reliability of all estimates
made by management. This would be the case if it appears that management is over- or
understating all reserves and provisions in order to smooth earnings over different
accounting periods.
(c) Significant transactions
The auditor should consider the following when evaluating unusual transactions:
the form of the unusual transactions and whether they are overly complex
whether management discussed unusual transactions with the directors, with
adequate documentation
whether management is placing more emphasis on the accounting treatment of the
transaction than on the underlying economics of the transaction
the fact that transactions involving non-consolidated related parties should have
been reviewed and approved by the directors of the organisation

whether transactions exist involving previously unidentified related parties that do
not have the substance or financial strength to support the transaction without
assistance from the audit client.
2.10 Evaluation of audit evidence

The auditor should evaluate audit evidence obtained in order to decide whether the risk
assessments at assertion level are still appropriate. The auditor should consider the
following:
whether the communication with the audit team members during the assignment was
sufficient to address the risk of material misstatement due to fraud
whether the analytical procedures performed at the end of the audit indicate a risk of
material misstatement due to fraud that was not identified earlier, which might
include:
large amounts of revenue recorded at the end of the financial period
unusual transactions
income that is inconsistent with the cash flows from operating activities.
The auditor has to consider whether misstatements identified are due to fraud. If this is
the case, the impact on other aspects of the audit needs to be considered, particularly the
reliability of management representations. Considerations include the following:
An instance of fraud cannot be assumed to be an isolated case.
The auditor has to consider whether the misstatement is material or not.
Fraud committed by management will be material, even though the amount involved
is insignificant.
The auditor has to consider his responsibilities in terms of Section 45 of the Auditing
Profession Act if he is convinced that a reportable irregularity due to fraud exists.
2.11 Management representations

The auditor should obtain written representation from management regarding the risk of
material misstatements due to fraud. These are as follows:
Management has to acknowledge its responsibility for the design and
implementation of controls to prevent and detect fraud.
Management should state that they have disclosed to the auditor:
the results of their assessment of the risk of material misstatements in the
financial statements due to fraud
any instances of fraud or suspected fraud involving management, employees or
third parties
any instances of alleged fraud affecting the organisation’s financial statements.
2.12 Communications with management and the directors

If the auditor has identified fraud or suspected fraud, he has to report it to an
appropriate level within the organisation as soon as possible. Reporting should be to
the directors of the organisation if:
fraud was committed by employees with significant roles in the internal control
system
management was involved in the fraud, or
the fraudulent activity results in a material misstatement of the financial
statements
the appropriate level of management in all other cases.
The auditor should also report any material weaknesses in the internal control system
that would fail to prevent or detect fraud.
If the auditor doubts the integrity and honesty of management and the directors, he
should obtain legal advice on the matter and consider reporting a reportable irregularity
in terms of s 45 of the Auditing Profession Act to the Regulatory Board.
The auditor should further consider whether any of the following matters exist, which
need to be discussed with the directors of the organisation:
concerns about the nature, extent and frequency of management’s assessment of the
controls in place to prevent or detect fraud and of the risk of misstatement of the
failure by management to address material weaknesses in the control system that
have been identified
failure by management to respond to identified fraud
questions regarding the competence and integrity of management
instances that might indicate fraud committed by management
concerns regarding the approval of unusual business transactions.

2.13 Unable to continue with the engagement
If the auditor cannot continue with an audit engagement due to misstatements as a result
of fraud the auditor should:
consider his professional and legal responsibilities in the circumstances, including
his reporting responsibilities
consider the possibility of withdrawing from the engagements, and if he decides to
withdraw
discuss with an appropriate level of management and the directors his
withdrawal and the reasons for it
discuss his subsequent reporting responsibilities should he withdraw.
Circumstances that could lead to the withdrawal of the auditor would be that:
management does not take appropriate action regarding fraud, even if the fraud is
immaterial to the financial statements
the auditor concludes, based on his assessments and audit tests, that a significant
risk of material and pervasive fraud exists, or
he is concerned about the competence or integrity of management or the directors of
the organisation.
2.14 Documentation
During the planning phase of the audit the auditor has to document:
significant decisions reached during discussions by key team members regarding the
susceptibility of the organisation to material misstatement due to fraud
the risk of material misstatement due to fraud at financial statement and assertion
levels.
The auditor further has to document his responses to the identified fraud risk areas.
These comprise the following:
the overall response to the assessed risks of material misstatement due to fraud and
the impact on the nature, timing and extent of audit procedures
the results of the audit procedures.
The auditor should also document any communications with management and the
directors of the organisation regarding fraud.

3 Laws and regulations (ISA 250)
Introduction 1–11
The auditor’s consideration of compliance with laws and 12–17
regulations
Audit procedures when non-compliance is identified or 18–21
suspected
Reporting of identified or suspected non-compliance 22–28
Documentation 29
3.1 Introduction
In order to provide a proper service and to reduce the audit risk to themselves, the
auditor has to ensure that he has proper knowledge of the laws and regulations
impacting the various audit assignments for which he is responsible.
The respective laws and regulations differ in their relationship to an organisation.
They can:
prescribe the framework for an organisation’s financial statements
determine the amount to be recorded or disclosures to be made in the financial
statements
set the conditions under which an organisation is allowed to conduct its business
(e.g. a regulated industry)
set conditions regarding the operating aspects of a business.
3.2 Non-compliance
Non-compliance by an audit client with laws and regulations may have a material effect
on the financial statements (e.g. in the form of fines or litigation).
“Non-compliance” refers to
intentional or unintentional acts of
commission or omission by the organisation which are

contrary to the prevailing laws and regulations including
transactions entered into by, or in the name of, the entity or on its behalf by
management and employees.
It does not include personal misconduct by management or employees.
Whether an act constitutes non-compliance normally requires the advice of an
informed specialist qualified to practise law, but ultimately can be determined only by a
court of law.
3.3 Responsibility of management for compliance with laws and

regulations
Management is ultimately responsible for ensuring that an organisation adheres to the
relevant laws and regulations affecting that organisation and for implementing controls
to prevent and detect non-compliance.
Management can implement the following policies and procedures:
identifying and monitoring legal requirements applicable to the organisation and
ensuring that operational procedures are in line with the requirements
establishing and maintaining a system of internal control
developing and implementing a Code of Conduct, including training of all
employees on its content
monitoring compliance with the Code of Conduct and acting on non-compliance of
its requirements
engaging legal advisors to assist with the identification and monitoring of legal
requirements
maintaining a register of significant laws to which the organisation has to adhere and
keeping record of instances of non-compliance.
In larger organisations the internal audit committee and the audit committee can assist
management in implementing the policies and procedures to ensure compliance with
laws and regulations.
3.4 The auditor’s consideration of compliance with laws and

regulations
The auditor cannot be expected to prevent or detect non-compliance with laws and
regulations, but during the conduct of the audit he has to be sensitive to any indications
of non-compliance.
As part of the planning process, the auditor also needs to obtain an understanding of
the relevant laws and regulations applicable to the specific organisation. The auditor
would:
use his existing knowledge and experience with the client and its industry
ask management about the
implemented policies and procedures to prevent and detect non-compliance
laws and regulations that have a significant impact on the organisation and its
operations
discuss the legal and regulatory framework of foreign subsidiaries with the relevant
auditors.
The risk of the failure to detect material misstatement due to non-compliance with laws
and regulations is higher for the following reasons:
Many laws and regulations relate more to the operating aspects of an organisation
than to the financial statements and would therefore not be covered in detail during a
review of the accounting and internal control systems.
Audit procedures are affected by the inherent limitations of the accounting and
internal control systems.
The audit evidence obtained by the auditor is normally persuasive rather than
conclusive.
Non-compliance will often include attempts to conceal the actions.
The auditor might be required, in terms of statutory requirements, to report on
compliance by an organisation, in which case the auditor should include procedures to
test specifically for compliance.
In some cases, amounts and disclosures in the financial statements are influenced by
laws and regulations. In such circumstances the auditor should obtain sufficient
evidence about compliance with those laws and regulations.
If the auditor detects any non-compliance with laws and regulations affecting the
organisation, he has to consider the impact on
management’s and employees’ integrity
other aspects of the audit.
3.4.1 Procedures when non-compliance is discovered
If the auditor identifies potential non-compliance with laws and regulations, he should
obtain sufficient understanding of the nature of and circumstances around the act of non-
compliance. The auditor should document his findings and report these to management.
A lack of sufficient audit evidence on the matter will also affect the auditor’s report.
The impact of the non-compliance on the financial statements has to be considered:
financial consequences (e.g. fines, penalties, litigation, discontinuation of
operations)
whether the financial consequences require disclosure
whether the extent of the financial consequences is so severe that it influences the
fair presentation of the financial statements.
3.5 Reporting of non-compliance

3.5.1 Reporting to management
The auditor has to report as soon as possible on any circumstances of non-compliance
to laws and regulations to the:
audit committee
board of directors, and
senior management.
If the non-compliance appears to be intentional, the auditor has to inform the
appropriate person without delay. Non-compliance by management should be reported
to the next level of authority (e.g. the board of directors or the audit committee. If no
higher level of authority exists, the auditor should obtain legal advice.
3.5.2 Reporting to users of the financial statements
Non-compliance that has a material effect on the financial statements and which has not
been properly disclosed will result in the auditor expressing a qualified opinion in his
audit report.
The auditor should express a qualified opinion or a disclaimer of opinion if the
organisation prevented the auditor from obtaining sufficient evidence of compliance to
laws and regulations, based on a limitation on the scope of the audit.
3.5.3 Reporting to regulatory and enforcement authorities
The auditor has a duty of confidentiality with regard to client affairs. Non-compliance to
laws and regulations in certain circumstances overrides the auditor’s confidentiality
duty.
Non-compliance to laws and regulations might also require the auditor to act in terms
of his responsibilities under section 45 of the Auditing Profession Act.
3.6 Withdrawal from the engagement
The auditor should seek legal advice if he is considering withdrawing from an
engagement due to non-compliance to laws and regulations. The auditor could consider
withdrawing even if the non-compliance is not material to the financial statements
because of:
the implications if senior management was involved
the effect on the reliability of management representations
the risk to the auditor of being associated with the client.
4 Questions

For the last year you have been acting as the audit manager on the audit of Finweb (Pty)
Ltd, a company that develops internet sites for a variety of clients.
The managing director, Charles de Jongh, is 28 years old and known for his high
standard of living. He is the owner of a few residential properties and likes to be seen
in only the latest 4X4 off-road vehicles. His wife also insists that they go overseas on
vacation at least once a month.
Charles founded the company three years ago after he was suspended by the
disciplinary committee of the South African Institute of Chartered Accountants as a
member of the Institute. The fact that he was found guilty of tax evasion received wide
coverage in the newspapers.
Only five of the ten posts are currently filled in the accounting department.
The financial manager is known for the fact that he does not like auditors. He
therefore sometimes avoids answering questions on some of the complex transactions of
the company. The year-end date of the company is 30 June, and the audited financial
statements must be finalised within two weeks.
The partner in charge of the audit is worried about the possible involvement of the
company in tax evasion, as well as possible misrepresentation in the financial
statements. He has therefore asked you to maintain an attitude of professional scepticism
during the performance of the audit. He has also asked you to brief him on the reporting
requirements of ISA 240 in respect of fraud and error, as well as the duties of an
auditor, should he become aware of a reportable irregularity.

Prepare a memorandum to the partner. The memorandum must indicate the following:
(a) To whom fraud and errors must be reported in accordance with ISA 240, if we as
auditors become aware thereof. Also deal with any factors that will influence your
reporting and the manner in which reporting to the interested parties will take
place. (10)
(b) The duties of an auditor in terms of Section 45 of the Auditing Profession Act when
he discovers that a reportable irregularity has taken place in a business to which he
is auditor. (7)
Presentation (1)

During the audit of a company’s financial statements, the auditor has a responsibility to
consider the risk of material misstatements due to fraud. A number of recent corporate
scandals highlighted the reality of the risk of fraud and error in organisations. Big
international corporations failed subsequent to incidents of fraud and error in their
operations.

(a) Explain the difference between an error and fraud. (2)
(b) Give five examples of items that should be considered when the engagement team
discusses the risk of material misstatement due to fraud. (5)
(c) Give examples of audit procedures to be performed by the auditor on the following
items to address the risk of material misstatement due to fraud:
Journal entries and other adjustments (3)
Accounting estimates, and (2)
Significant transactions (3)

Appendix 1
The purpose of a case study is to place the student in the position of a decision maker
that has to solve a problem. Included in this section of the textbook are a few case
studies on planning of the audit. These case studies should only be attempted after
studying chapters 5 to 9.
Case study 1
QUESTION 70 MARKS
You are the Auditor in Charge (AIC) on the audit of Sapphire Sensation Ltd., a company
listed on the JSE Ltd, for the year ending 31 July 20X11. You are currently busy with the
planning of the audit and have documented some of the planning steps that you and your
team have completed thus far on your Auditing Firm’s standard planning document
format.
Please refer to the planning document below:
Sapphire
Client: Prepared by T.M Date 15/06/20X11
Sensation Ltd.
Year end: 31 July 20X11 Reviewed by D.M Date 30/06/20X11 D2
Section: PLANNING DOCUMENT
Planning steps Status

1. Obtain an understanding of the entity and its environment
As part of the risk assessment procedures performed, the audit team
held discussions with various managers of Sapphire Sensation Ltd.
To obtain an understanding of the entity and the environment they
operate in.
The following discussions were documented in detail and placed on
file:
• Meeting with Mr Neil Diamond (ethics and compliance officer) on Completed
the 12 June 20X11.
• Meeting with the financial director Mrs Tina Tanzanite held on the
Completed
12 June 20X11.
• Meeting with the internal auditor Ms Judy Garnet held on the 14
Completed
June 20X11.
Planning analytical procedures are still outstanding Outstanding
The client’s business plans and the board of directors’ internal
control manuals have been inspected and copies of the documents
have been placed on file.
The following information has been obtained about factors
Completed
influencing the client:
External factors:
Sapphire Sensation Ltd is one of the largest suppliers of gemstones in
the southern hemisphere and has a few small scale competitors, but Completed
Sapphire Sensation Ltd continues to dominate the market share in SA.
The demand for gemstones in the jeweller industry has proven to be
consistently high over the past few years, but the decrease in demand
in early 20X11, is mainly contributable to the current economic
recession in SA and decrease in consumer spending.
The regulatory environment of Sapphire Sensation Ltd is sound and
the client reports according to:
• IFRS
• Companies Act 71 of 2008
• King III Code on Corporate Governance
• JSE-listing requirements.
The latest tax returns are up to date and have been submitted and
assessed by SARS.
All government policies pertaining to the mining and minerals
industry have been adhered to.
There is, however, an environmental Greenpeace group that is
threatening a law suit against Sapphire Sensation, claiming that the
open pit mining methods are destructive to the environment and that
the client is not taking the necessary measures in restoring the
environment.
Internal factors:
Still outstanding Outstanding
Financial and related business risks:

Risks relating to Sapphire Sensation Ltd have been listed as the
following:
• New laboratory created sapphires have entered the market from
China and this could result in a decrease of sales due to customers Completed
purchasing the cheaper laboratory created sapphires.
• Many gemstones have to be imported from abroad and the constant
weakening of the SA Rand could influence the cost price of stock
negatively.
• Theft in the store rooms has increased significantly, due to the high
value of the gemstones and this could adversely affect future
profitability of the company.
• Sapphire Sensation Ltd is listed on the JSE and the risk exists that
they would want to overstate profits to reflect positively on their
share price.
1. Obtain an understanding of the accounting and internal
control system
An understanding of the accounting system has been obtained through
discussions with client personnel, walk through tests that have been
performed by the audit team and various internal control tests. We are Completed
satisfied that the control environment at Sapphire Sensation Ltd is
sound and can be relied upon.
The accounting system used by the client is SAP and has been
developed specifically for Sapphire Sensation Ltd. Processing of
Completed
transactions happen online, in real time and is saved on the
mainframe computer as well as an off-site backup server.
We have tested the general as well as the application controls with
regards to the accounting system and have found that all the controls
are functioning as designed.
2. Identify and assess audit risk
The audit risk of Sapphire Sensation Ltd has been assessed as low,
due to the:
• inherent risk being assessed as low (based on our knowledge
Completed
obtained of the business) and
• control risk being assessed as low (based on the control tests that
Completed
have been performed by the audit team)
• The detection risk has not been assessed Outstanding

3. Setting of materiality
The following data has been obtained from the client to calculate
the materiality figure, but the calculation has not yet been Outstanding
performed.
Please note that all figures are stated in R’000
4. Formulating an audit approach

We have decided that a combined audit approach will be followed,
as it was established during the planning phase and preliminary Completed
testing that the control environment is sound and can be relied upon.
As part of the combined audit approach that will be followed, some
substantive procedures would still need to be performed.
The impact of internal controls on the nature, timing and extent of
Outstanding
the audit procedures has however not yet been established
5. Organising and managing the audit
Procedures with regards to the organising and managing of the
Outstanding
audit are still outstanding

(a) List all the elements a working paper should consist of when compiled by an
auditor and conclude whether the above working paper is correct.
(5)
(b) Why is it important to perform planning analytical procedures as part of the
planning of the audit?
(2)
(c) List and explain the internal factors that should be considered by the auditor as part
of the planning process. (15)
(d) List and explain the general controls that would be tested by the auditor whilst
assessing the client’s accounting and internal control system. (14)
(e) Describe the definition of audit risk. (2)
(f) At what level would the auditor’s detection risk be assessed if the inherent risk is
assessed as low and the control risk is assessed as low? (1)
(g) Calculate the planning materiality for Sapphire Sensation for the year-end audit.(15)
(h) What are the benefits in performing a combined audit approach? (3)
(i) If reliance is placed on internal controls, how would that influence the nature,
timing and extent of substantive audit procedures to be performed by the audit
team? (3)
(j) Name and discuss the aspects that should be considered and addressed by the audit
team as part of organising and managing the audit. (8)
Presentation (2)
Case study 2
QUESTION 75 MARKS
You have just been appointed as the auditor of Jenny Chew (Pty) Ltd, a shoe shop
located at the Nelson Mandela Square in Sandton. Jenny Chew shoes are high fashion
and very expensive. The owner and CEO of Jenny Chew, Dennis Maree, has only just
converted the entity to a company (previously a CC), therefore this is the first time the
company is being audited. The year-end of the company is 30 November 20X11.
After discussions held with Dennis, you find out the following:
The company is on an expansion plan. As part of the expansion, they are opening
two new branches, one at Clearwater Mall in Roodepoort, and the other at Maponya
Mall in Soweto. Dennis says that currently they are working on a batch processing
system in the Sandton store, but he would like to be able to move to a system
whereby transactions are processed and all files updated immediately. This is to
ensure that customers looking for a shoe in one branch can be referred to another
branch if the shoe is available there. He also wants to be able to link the three
branches via some type of network.
Dennis does not see the need to wait for the engagement letter, and wants you to start
with the audit immediately, seeing his bankers are in a hurry for the audited financial
statements before they lend him more money for the expansion.
During your planning procedures, you assess audit risk to be low. The controls are
reliable and have been operating effectively, and inherent risk is also low. Your main
concern is that your planning analytical procedures indicate that sales are lower than
you expected. This could be an indication of understatement of sales.
As part of your audit procedures, you asked your first-year clerk to document the
controls in place for addressing the control objectives of validity, completeness,
accuracy and cut-off for the purchases system of Jenny Chew (this documentation will
assist you in deciding which procedures you will perform). Refer to the attached
working paper J3 for the documentation of these controls.
For the procedures on debtors, your first-year audit clerk suggests that negative
confirmations would be the best audit evidence for existence and valuation of debtors.
EQ AUDITORS
Client: Jenny Chew (Pty) Ltd J3
Year end: 30 November 20X11 Prepared by: SM
Section: Purchases system Date: 6/12/11
The purpose of this working paper is to document the controls that are in place in the
purchases system of Jenny Chew (Pty) Ltd and that address the control objectives of
validity, completeness, accuracy and cut-off.
Purchases
Jenny Chew orders stock on a monthly basis. When the shoes arrive, two people
inspect them for quantity and quality and prepare a goods received note (GRN). The
GRN is matched with the delivery note received from the supplier. Short deliveries are
indicated on the delivery note and a credit request is made out.
The GRN is matched with the invoice from the supplier and is thereafter recorded in
the purchase journal. A register is kept of unmatched invoices and is regularly
followed up by the senior buyer.
All requisitions, orders and GRNs are recorded numerically, and missing numbers are
followed up.
When a purchase invoice is received from a supplier, it is checked independently
before it is recorded in the purchase journal, and the following is done:
1. Prices are compared with the orders/price list.
2. The quantity is recorded in the GRN.
3. The accounting accuracy is checked.
The updates in the purchase journal are done as per the date of delivery.
Provision is made at year-end in respect of purchases not yet invoiced.

(a) Give a brief description of a batch processing system, and list the advantages and
disadvantages of such a system. (6)
(b) Name and describe the new system that Dennis wants to implement. Also state the
advantages and disadvantages of such a system. (8)
(c) Name the type of network that Dennis would have to use to link the three branches.
(1)
(d) State what the purpose of an engagement letter is, and when it should be issued. (4)
(e) Describe the elements that should make up the content of an engagement letter (5)
(f) Describe what the impact of your assessed audit risk is on the following:
(i) your materiality calculation (1)
(ii) your detection risk, and (1)
(iii) the nature, timing and extent of your substantive audit procedures. (3)
(g) Define what an audit approach is, and select a suitable approach for the audit of
Jenny Chew. Also state the benefits of your chosen audit approach. (6)
(h) Discuss the inherent risks of internal control systems. (4)
(i) Describe the control objectives of validity, accuracy, completeness and cut-off for
purchases. For each of the control objectives, describe tests of controls you would
perform. (12)
Your answer should be in table format as follows:
Control objective Tests of controls
(j) Identify and define the assertions that are addressed when testing for understatement
of sales. (4)
(k) Describe the audit procedures you would perform for the assertions identified in
(j) above. (6)
(l) Describe what procedures you would perform with regard to the opening balances
of Jenny Chew. (4)
(m) Describe negative confirmations and discuss when they are appropriate to use. (4)
(n) State, with reasons, whether your first-year audit clerk is correct in saying that the
assertions of existence and valuation of debtors will be verified by a debtor’s
confirmation. (3)
Presentation (3)
Case study 3
QUESTION 50 MARKS
You have been appointed as the new auditors of Mac KFC (Pty) Ltd during June of this
year. Mac KFC (Pty) Ltd is one of South Africa’s leading fast food suppliers. The
company’s year-end is 31 October 20X11 and you are busy with the planning of the
audit as well as determining what audit evidence should be obtained during the audit.
Because this is a new client for your firm, you are paying special attention during the
initial planning stage of the audit and during the planning process, and the following has
come to your attention:
Because you are the newly appointed auditor of Mac KFC (Pty) Ltd you cannot
place reliance on the opening balances of the financial records. The opening
balances therefore need to be verified with the previous auditor.
The management of Mac KFC (Pty) Ltd has informed you that they are currently
involved in a legal dispute with one of their clients. The client argues that a
consignment of chicken burgers was supplied to them for one of their social
functions after they had specifically requested beef burgers. A chicken burger is
approximately R5 more expensive than a beef burger. The order consisted of 1 500
burgers.
Mac KFC (Pty) Ltd has numerous fast food outlets in South Africa. They group their
stores according to location and classify these as business hubs. Their major
business hubs and turnover per hub are as follows:
Business hub Turnover Stock on hand No. of employees

Johannesburg R1 450 788 R5 600 000 125
Cape Town R5 780 621 R8 999 300 80
Polokwane R889 332 R1 200 500 14
Pretoria R1 223 870 R3 530 500 122
You have agreed with the audit partner that the operation in Polokwane is not
significant and will not be audited this year. Your auditing firm will be able to
service the Johannesburg and Pretoria business hubs, but another audit firm will
need to audit the Cape Town hub. You have identified Izzy & Lyndsay Inc. as a
suitable firm to render this service and have already contacted one of the managers
at Izzy & Lyndsay Inc. They are eager to help with the audit.
You have also already sent out the bank confirmations to the respective banks where
Mac KFC (Pty) Ltd holds accounts. This is to confirm the year-end bank balances as
at 31 October 20X11. You believe that a bank confirmation is the best type of audit
evidence to obtain in this regard.
As part of the planning process you have performed analytical procedures in order
to obtain a clear understanding of the client’s business, identify risk areas that the
audit team can focus on and assist in determining the nature, timing and extent of the
audit procedures that need to be performed. The results of your analytical
procedures were as follows:
Analytical review procedure 20X10 20X11

Current ratio Current assets/Current liabilities 1 : 1,24 1 : 1,07
Quick ratio (Current assets – stock)/Current
1:1 1 : 0,87
liabilities
Gearing ratio Total debt/Total equity 32% 41%
Debtors payment days Trade debtors/Sales X 365 34 days 39 days
Stock turnover Stock/(Cost of sales/365) 3 days 4 days
Mac KFC (Pty) Ltd has a very good internal audit division and you are considering
relying on some of the procedures that the internal auditors have already performed.
You and your team have now completed the planning process and are ready to start with
the audit. You are however aware of the fact that there are a few more things that you
still need to consider.

(a) List the issues that you should consider with regard to auditing the company’s
opening balances. (4)
(b) List the issues that you should consider and procedures for enquiry, when auditing
the litigation and claims against Mac KFC (Pty) Ltd. (4)
(c) List the factors to consider in relation to acceptance of the engagement as principle
auditor and list the principle auditor’s procedures in relation to the other auditors.
(10)
(d) With regards to the bank confirmation that will be used as audit evidence:
(i) Explain what audit evidence is. (3)
(ii) Discuss the source and nature of good audit evidence. (5)
(e) Discuss the factors you need to consider when you intend to apply analytical
procedures as substantive procedures. (6)
(f) By interpreting the analytical procedures that have already been performed, what is
your assessment of the current financial position of Mac KFC (Pty) Ltd? (2)
(g) Discuss the aspects that you need to consider at the preliminary assessment of the
internal audit function. (6)
(h) Discuss all the elements a working paper should consist of, if compiled by an
auditor. (5)
(i) Explain the difference between test of controls and substantive procedures. (4)
Presentation (1)

Appendix 2
Standard audit procedures
These are examples of how the procedures of inspection, observation, enquiry,

confirmation, etc., are to be applied to obtain information when performing tests of
controls and/or substantive procedures.
1.1 Tests of controls

1.1.1 Sales
Control objective Control procedure Tests of controls

Select sales from the sales
journal and follow it through
to the sales invoice.
Match the invoice with the
delivery note and internal
sales order and agree the
following:
client’s name, date
Validity amount and VAT
All recorded sales are All entries in the sales
valid (actually occurred) journal are supported by an quantity and
and are supported by internal sales order, delivery description of goods
appropriate note and invoice. selling price
documentation. authorisation
(signature, etc.)
signature of client as
proof of acceptance of
goods.
Follow the sale through to the
inventory records and ensure
that the quantity, description
and date agree.
Ask the credit manager for
details of procedures
Credit limits are determined followed for granting of
Authorisation for all credit clients after credit and the authorisation of
All credit sales are checking their sales.
authorised according to creditworthiness.
Ask the sales manager for
company policy (as No credit is granted for non- details of sales procedures.
creditworthy). credit-worthy clients or
guarantees are required. Inspect the record of bad
debts for excessive write-
offs.
Select internal sales orders
An internal sales order is and:
made out on receipt of the agree it with the
client’s order which: client’s order in
is numerical respect of the quantity
(validity)
specifies the quantity
ordered agree price with the
official price list
contains the prices of
goods per official test calculations
price list check the signature as
is authorised by the proof of authorisation.
credit manager. Investigate duplicate sales
The sales manager authorises invoices for signature of
credit sales on a daily basis sales manager.
and signs a duplicate invoice
as authorisation. Match the sales order with
the delivery note:
After the sale has been
authorised, a delivery note is agree details in respect
prepared, which: of. client name,
description, quantities.
is numerically
numbered inspect the signature of
the client.
is signed by the client the client.
as acknowledgement of
receipt of the goods.
Gate control: The guard
counts goods and agrees it Observe procedures with
with the delivery note. regard to gate control.
Inspect delivery notes for
the signature, stamp of the
guard.
All delivery notes are: Select delivery notes, match

sequentially numbered these with the invoice and
agree the particulars thereof
recorded in a register (name, date, quantity).
for matching with the Agree the amount per the
invoice. invoice with the authorised
On receipt of a signed internal sales order (price
delivery note a numerical list).
Completeness invoice is made out and Test calculations on all
All valid sales are marked off in the register. mentioned documents.
recorded, and nothing is
left out. All unmatched delivery notes Follow the invoice through to
(in the register) are frequently the entry in the sales journal
followed up. and agree the particulars
A numerical list of delivery thereon (client’s name,
notes and invoices is amount, date).
frequently produced, and Inspect the numerical list of
missing numbers are delivery notes and invoices
frequently followed up by a and follow up missing
senior person. numbers.
Select invoices from invoice
books (or in respect of
invoices selected under
validity) and:
The quantities on the invoices agree the quantities
are obtained from the with the delivery note
Accuracy delivery note. agree prices with the
All sales are recorded on The price on the invoice is
price list
arithmetically correct. Calculations are checked by (reperform)
an independent person (edit inspect for evidence of
checks). checking by client
personnel
test the castings and
calculations in all
accounts (CAATs).
The sales journal is recorded

from the sales invoices.
Follow sales invoices tested
through to the sales journal
Sales journal sales are and agree the amount and
posted as follows: particulars thereon.
the individual debtor’s Test the postings from the
Recording account in the debtors sales ledger to the general
All sales invoices are ledger ledger and debtors ledger
correctly recorded. accounts.
the total sales in the
debtors control account
and the sales account in Recalculate the debtor’s
the general ledger. reconciliation and agree it
with the supporting
The debtors control account documentation.
is reconciled with the
debtors’ ledger monthly.
External and internal sales
(inter company) are Select internal purchase
classified as such orders in respect of both
Classification external and internal sales
All sales are correctly clearly distinguished and follow them through to
classified according to by a code number the sales journal and postings
the nature thereof. recorded on separate to the general ledger. Ensure
documentation and that these are correctly
classified and accounted for.
recorded separately.
Select sales invoices in

respect of dates before/after
month/year end:
respect of dates before/after
month/year end:
match them with the
delivery note and agree
the date thereon
Cut-off follow through to
All sales transactions Invoices are made out from accounting records and
(invoices) are accounted the delivery notes in respect ensure recorded in the
for in the correct of the date of delivery. correct accounting
accounting period. period.
Select recorded invoices
from the sales journal before
and after year end and follow
these through to the delivery
notes – ensure that they are
accounted for in the correct
period.
1.1.2 Purchases
Control objective Control procedure Tests of controls

Enquire of client’s personnel
about the procedures for
purchases.
Select purchases from the
purchases journal, follow it
through to the invoice and
agree the details (e.g. name,
All entries in the purchases amount, date).
journal (and in the cash book Match the invoice with the
Validity in respect of cash purchases) GRN, delivery note and order
All recorded purchases are supported by requisitions, and:
are valid and supported orders, delivery note, Goods
by proper documentation. Received Notes (GRNs), agree the quantity per
invoices, creditor’s the invoice with the
statement. GRN and the delivery
note
agree the price with the
test the accounting
accuracy on the source
documents.
Enquire of the storeman and

If stock decreases to re-order buyers, and observe the
level, a requisition is made procedures with regard to
out (computer/storeman). requesting, ordering and
No goods delivered are receiving of goods.
accepted if a valid order for Investigate selected orders,
Authorisation it doesn’t exist. and:
All purchases are Separate goods receiving match them with the
authorised according to section exists, where goods requisition
company policy. are received.
compare them with the
Orders are authorised by the quotation
purchase manager, and
supporting documentation is investigate the
cancelled (or authorised by signature of the
means of computer). purchase manager as
authorisation (CAATs).
Two persons inspect goods

on receipt for quantity and
quality and prepare a GRN.
The GRN is matched with the Enquire and observe
delivery note, short procedures in respect of the
deliveries are indicated on a receiving of goods.
delivery note and a credit Select GRN and follow it
request is made out. through to the invoice and the
Completeness A register is kept of entry in the purchase journal.
All valid purchase unmatched invoices and is
transactions are Enquire about procedures for
regularly followed up by the follow-up of outstanding
recorded, and nothing is senior buyer.
left out. orders.
The GRN is matched with the Investigate the list of GRNs
invoice and is thereafter and follow up receipts which
recorded in the purchase are not matched with an
journal. invoice. Follow through to
All requisitions, orders and the list of provisions.
GRNs are recorded
GRNs are recorded
numerically, and missing
numbers are followed up.
See tests under authorisation. Match the orders with the
The purchase invoice is requisitions and agree
checked independently before details.
Accuracy it is recorded it in the Investigate selected purchase
All orders are carried purchase journal, and the invoices as follows:
out accurately. All following is done:
purchase transactions are Agree quantity with
accurately recorded at prices compared with GRN.
the correct quantity, at the orders/price list
Agree price with
correct amount and are quantity recorded in order/price list.
arithmetically correct. GRN Check calculations.
accounting accuracy Test castings and calculations
checked. on all ledger accounts.
Test postings from the
The purchase journal is purchase journal to the
updated from the purchase purchase and creditors
invoices. control account in the general
ledger.
From the purchase journal
purchases are posted to:
creditor’s accounts in
the creditors ledger
Recording
All purchase transactions purchase and creditors
control account in the Select GRNs and agree to
are correctly recorded. the entries in the stock
general ledger.
records. Perform the
Stock records are updated creditors reconciliation
from the GRN. again and
The creditors control account
is kept up to date and agree to supporting
regularly reconciled with the documents and records
list of creditors. inspect evidence of
revision by client.
Follow selected purchases

are correctly classified distinguished by a code ensure these are correctly
according to the nature number and recorded classified and recorded as
thereof. separately. inter-group or external
purchases.
Select purchases before and
after year end from GRN,
Purchase journal updated match these with invoices and
Cut-off from invoices in respect of follow them through to the
All purchase transactions the date of delivery. purchase journal and
are recorded in the creditors or provision
correct accounting A provision is made at year account. Select items from the
end in respect of purchases
period. purchase journal and repeat
not yet invoiced. the test and ensure that they
are recorded in the correct
accounting period.

The following is a list of procedures to be carried out with regard to various aspects of
the business.
1.2.1 Sales
1. Perform preliminary analytical procedures of sales per month:
Identify risk areas of audit interest (e.g. periods on which to concentrate audit
procedures).
Obtain explanations (supported by valid evidence) for extraordinary
fluctuations.
2. Evaluate the effectiveness of the internal controls and the effect thereof on the
nature, extent and timing of the substantive procedures.
3. To address risk of understatement of sales, from source documents, begin by
selecting (statistically or judgementally) a number of delivery notes from the
delivery note books for the period for detail testing (or alternatively select one or
two months for complete (100%) testing, which is primarily a completeness and
accuracy test).
Use each of the delivery notes to:
inspect signature/stamp of gate guard as evidence of checking goods
leaving the premises
inspect signature/stamp of gate guard as evidence of checking goods
leaving the premises
inspect the signature of the client as evidence of acknowledgement of
receipt of the goods
follow the delivery note through to the entry in the stock records, where
perpetual stock records are kept, and agree the quantity and details
thereof.
Follow the delivery note through to the invoice and:
agree the name of the client, date and details of the goods
agree the quantity of goods and description per delivery note with the
invoice
compare the prices on the sales invoice with official price lists to ensure
that these are correct
inspect the credit terms to ensure that the client does not exceed his credit
limits (by inspection of credit limits and enquiry from the credit manager)
inspect the authorisation for the sale and examine the signature of the sales
manager on the internal sales order
ensure the calculations on the invoice are correct by testing the castings
and calculations
test the calculation of the VAT on the invoice.
Follow the sale per the sales invoice through to the sales journal (or cash sales
summary for the day) and ensure that:
the amounts agree (for sales value and VAT)
the date and other details agree
only the selling price, excluding VAT, is posted to the sale column in the
sales journal
the VAT on the invoice has been posted correctly to the VAT column in the
sales journal.
Examine the list of numerical sales invoices for missing numbers and follow
up on this in terms of completeness:
Follow missing numbers through to the physical invoice per invoice book
and investigate reasons for omissions (or valid cancellation of an
invoice).
4. Proceed from the general ledger to the source documentation and address the risk of
overstatement of sales (predominantly occurrence and accuracy):
Agree the total sales per general ledger with the totals per sales journal.
Select sales from the sales journal and follow them through to the sales
invoice and the delivery note.
Agree details thereon (name, date, amounts).
Examine the signature of the purchaser/client as acknowledgement of the
receipt of the goods to ensure that it is a valid delivery note.
5. Select credit notes from the general ledger account (or sales journal) and follow
them through to the physical credit note to assess the validity of a credit note.
Examine the credit note in terms of the following:
Authorisation: signature of senior official.
Quantity: match it with the original invoice and delivery note.
Price: match it with the original invoice and official price list.
VAT: examine the credit note and ensure VAT is dealt with correctly.
Castings and calculations: Reperform these.
Review the list of numerical credit notes and follow up on missing numbers to
check for completeness.
6. Test for accuracy as follows:
Reperform the castings and calculations of the sales journal (or in respect of
cash sales, the sales column in the cash book) and general ledger accounts.
Reperform the postings from the sales journal (or in respect of cash sales from
the cash book) to the general ledger account for both the sales and VAT
columns.
Agree the sales for the year per the general ledger with the total sales per trial
balance and financial statements.
7. Test for cut-off as follows:
Select sales invoices before and after year-end and ensure that these are
accounted for in the correct accounting period.
Select credit notes before and after year-end and ensure that these are
accounted for in the correct accounting period.

Select delivery notes before and after year-end and follow these through to the
invoice and entry in the sales journal:
Ensure that the sale has been accounted for in accordance with the date of
the delivery and that provision was made as accumulated income in
respect of goods delivered before year-end but not yet invoiced.
8. Perform final analytical procedures, for example:
Sales: Current year with previous years and budgets (R amounts).
Credit sales: Debtors (%).
Sales: Cost of sales (current year, previous year, budgets (R amounts and %).
9. Compare with budget and previous year’s amounts. Investigate reasons for
deviations and/or fluctuations.
10. Review the sales journal and general ledger accounts for extraordinary items and
follow up on these.
11. Examine the client’s calculations and pro-forma journals and confirm that all inter-
group/branch sales have been eliminated.
12. With regard to presentation and disclosure, ensure through examination of the
financial statements that sales have been:
classified
disclosed
in accordance with IFRS and the relevant statutory requirements.
13. Obtain a written representation (management representation) letter.
1.2.2 Other income (interest, dividends, rental received, etc.)
1. Perform analytical procedures on sundry income and obtain explanations
(supported by valid evidence) for extraordinary fluctuations.
2. If the amounts for line items are not material (in terms of the amount involved as
well as the nature of the item) and the analytical procedure provides satisfactory
evidence, reliance can be placed on the analytical procedures as substantive tests.
It is, however, important that the analytical procedures are carefully performed
and that all procedures and explanations are properly documented.
3. Perform audit tests (if material)
From the transaction files, select supporting evidence (e.g. interest/dividend
receipts) and follow it through to the general ledger account
(understatement).
Ensure that dates, details, amounts, etc., agree.
Inspect the source documents for validity (name, date, etc.).
Ensure correct treatment of VAT in accordance with the Act.
Test the casting and calculations in the general ledger account.
Review the general ledger accounts for abnormal items and follow up on
these.
4. Select income items from the general ledger accounts and follow these through to
the supporting documents to test for overstatement.
Agree details such a date, name, amounts.
Ensure that VAT is dealt with correctly and is not included in sales.
5. Select from the cash book sundry income-items, agree with the source documents
and follow the income through to the entry in the general ledger account:
Review the general ledger accounts for sundry income and select debits (if
any) and audit in detail. (Follow through to journal and supporting
documentation.)
Review the bank statements for deposits not accounted for and follow up on
these.
6. Test cut-off:
Select from the cash book sundry income before and after year-end and follow
through to the general ledger.
Ensure that these are accounted for in the correct period.
7. Follow the balance per the general ledger through to the trial balance and financial
statements.
8. Compare income to the budget and previous year’s amounts. Examine reasons for
deviations and/or fluctuations.
9. Inspect the classification of the income and ensure that it is correct in terms of its
nature and that it complies with IFRS.
10. Inspect the presentation and disclosure in the financial statements and ensure that it
is:
disclosed

classified
in accordance with IFRS and the statutory requirements.
1.2.3 Purchases
1. Perform analytical procedures of purchases per month:
Identify risk areas and areas of audit interest (e.g. periods on which to
concentrate audit tests).
Obtain explanations (supported by valid evidence) for unusual fluctuations.
2. Assess the effectiveness of the internal controls and their effect on the nature, extent
and timing of the substantive tests.
3. To test for overstatement, from the accounting records, select statistically (or
based on judgement) from the purchases journal (or purchases column in the cash
book in respect of cash purchases) a number of purchase transactions for the period
under review for detail testing (or alternatively select one or 2 months for 100%
testing) and perform the following:
Follow the purchases transactions through to the purchases invoices and do
the following:
Test the castings and calculations on the invoice.
Agree the amount with the invoice.
Examine the invoice for evidence of approval (e.g. stamp/signature of
senior independent person).
Match the purchase invoice with the GRN, delivery note and order and do the
following:
Details: Agree details such as name, supplier, date, description of goods
with supporting documentation.
Quantity per invoice: Agree quantity and description with GRN,
delivery note and order.
Price per invoice: Agree with the price per order/official price list.
Foreign purchases: Follow through to exchange contract/exchange rate
and recalculate the amounts.
Inspect the order for evidence of authorisation (signature of purchases
manager, etc.).

in the stock records.
Follow purchases through to the individual creditor’s reconciliation/payment
advice and do the following:
Test the accounting accuracy.
Agree it with the cancelled cheque, then:
– test details such as name, dates, etc.
– agree amounts
– agree signatures with authorised signatories
– examine endorsements.
4. From the source documents:
Test for understatement by selecting a number of GRNs and:
matching them with the delivery notes and invoices
following them through to the entry in the purchases journal.
5. For the purchases journal (or purchases column in cash book for cash purchases):
Test the castings, cross-castings and calculations.
Review the purchases journal for unusual entries and follow up on these.
Confirm through review that the amounts in the purchases column do not
include VAT.
Test the posting of the totals to the general ledger accounts for creditors,
purchases and VAT.
6. For the general ledger account for purchases and VAT:
Test the castings and calculations.
Review the account for unusual entries and follow up on these.
Test the postings from the general ledger accounts to the purchases journal and
cash book (for cash purchases).
Agree the total of the balances per general ledger with the trial balance and
financial statements (for accuracy).
7. Purchases returns
Select purchases returns from the purchases journal and follow these through
to the credit note, then in terms of the credit note:
Select purchases returns from the purchases journal and follow these through
to the credit note, then in terms of the credit note:
agree quantity, details, etc. with the GRN, price lists, etc.
ensure that the note is valid (on official stationery of suppliers and
signed).
Select credit requests from the credit request book or from the correspondence
file with suppliers, and:
follow these through to the credit note
follow these through to the entry in the purchase journal.
8. Test for cut-off by selecting GRNs and credit notes before and after year-end and
follow it through to the accounting records. Ensure that it is accounted for in the
correct period.
9. Perform final analytical procedures, for example:
purchases in current year: previous years purchases and budgets
purchases to sales (gross profit %) in current and previous year.
10. Compare with budgets and previous year’s amounts. Examine the reasons for the
fluctuations.
11. Inspect the presentation and disclosure in the financial statements and ensure they
are correctly:
classified
disclosed in accordance with IFRS and the statutory requirements.
13. For cash purchases, inspect the clearing account and ensure the balance is nil, or
inspect the validity of the balance (reconciliation).
14. For accuracy, postings, castings and calculations are tested together with the other
objectives.
1.2.4 Other expenses (interest, rental, admin costs, etc.)
1. Perform analytical procedures on sundry expenses and obtain explanations
(supported by valid evidence) for unusual fluctuations.
2. If the amounts for line items of expenses are not material (in amount and nature) and
the analytical procedures provide satisfactory evidence, the analytical procedures
can be relied upon as substantive tests.
Test the castings and calculations in the general ledger accounts.
Agree the totals of the general ledger accounts with the trail balance and
Review the general ledger accounts for unusual items and investigate.
Select expense items from the general ledger accounts and verify these against
the source documents (invoices, contracts, etc.).
Agree details such as supplier, date, amounts, etc.
Ensure correct treatment of VAT.
Test the accounting accuracy of source documents.
Verify these against the paid cheque by:
– agreeing the amount, date, etc.
– examining signatures against authorised cheque signatories
– examining endorsements.
Select expenses from the cash book and follow them through to the entries in
the general ledger accounts (to test for understatement).
Select expenses from the transactions files and follow it through to the
invoices and entries in the general ledger accounts (to check for
understatement).
Test cut-off by selecting expenses from the cash book/purchases journal
before and after year-end and follow them through to the general ledger
accounts. Ensure that these are recorded in the correct period.
5. Perform analytical procedures (specify), and verify material fluctuations against
supporting documentation.
6. Examine the financial statements and ensure that the amounts are correctly:
disclosed
classified
in accordance with IFRS and the statutory requirements.
1.2.5 Accounts receivable (debtors)
1. Evaluate the effectiveness of the internal controls over debtors and the effect
thereof on the nature, scope and timing of the substantive procedures.
1. Evaluate the effectiveness of the internal controls over debtors and the effect
thereof on the nature, scope and timing of the substantive procedures.
2. Perform provisional analytical procedures on debtors to identify risk areas, for
example
debtors days outstanding : previous year : budgets;
outstanding debtors per category : previous year : budgets.
3. Obtain a list of debtors from the debtors’ ledger and do the following:
Test the castings and calculation of the list.
Compare the total of the list with the control account in the general ledger.
Compare the total of the list with the debtors’ balance in the trail balance and
Review the list for unusual items and investigate.
4. Audit the debtors’ reconciliation of the control account in the general ledger in
detail:
Agree credit sales with the sales journal.
Agree payments with the cash book.
Audit reconciling items against supporting evidence.
Test the castings and calculations.
5. Select debtors from the list and do the following (normally the same debtors as
selected for circularisation):
Agree the balance with the amount of the debtor in the debtors’ ledger.
Test the casting and calculation of the debtors account.
Compare the total of the debtor with the debtor’s monthly statement.
Agree the details of the debtor with the information in the permanent records
(name, credit authorisation, etc.).
Select from the individual debtors’ accounts:
Sales: Compare with invoice and signed delivery note and agree details
such as amounts, dates, client’s name.
Payments: Compare with the receipt and entry in the cash book and agree
details such as amounts, dates, client’s name.

Interests: Recalculate, compare with policy of the entity.
Discount: Recalculate, compare with policy of the entity.
Credit notes: Compare with credit note and ensure these are valid
(properly authorised).
Also:
Test the casting and calculation on the account.
Inspect the collectability of the debtor by:
– discussing this with the credit manager
– inspecting the correspondence with attorneys in respect of debtors
handed over for collections
– inspecting insolvency reports.
Inspect correspondence file of client in respect of disputes and follow up
on these.
6. Perform a debtors’ circularisation as follows:
Select debtors from the list (age analysis) for circularisation through
stratification:
Large debtors: Positive
Small debtors: Negative
According to judgement: Long-outstanding disputes, credit balances, etc.
Procedure in respect of preparation by the auditor:
Agree the balances of the debtors selected with the balance of the debtors
account in the debtors’ ledger.
Prepare letters of confirmation.
Place letters in envelopes.
Confirm addresses (telephone book, etc.).
Mail the letters yourself.
Use the auditor’s address as the return address.
Follow up the results of the circularisation:
Compare the balance confirmed with the total of the list.
Inspect all differences and comments on letters:
– Determine reasons and support with valid evidence.
– Recirculate positive confirmations if no reply received after about three
weeks.
For unconfirmed items, perform alternative procedures:
Confirm per fax/telephone.
Support balance against subsequent payment of the debt by:
– testing payments by examining receipts, payment advice, deposit slips
– agreeing to the entry in the cash book and debtors’ account.
If not yet paid, verify sales against delivery notes (signed) and invoices.
7. For early confirmations, perform the following for the interim period (“roll
forward”):
Evaluate the effectiveness of the internal control in the interim period.
Compare the debtors’ balances confirmed in 5 and 6 with the balance at year-
end and investigate reasons for significant differences.
Compare year-end balance with later payments after year-end if possible
(already settled).
Do a roll forward of debtors’ balances since confirmation up to year-end:
Agree total sales/payments with the cash book and sales journal.
Audit any reconciling items in detail.
Perform analytical procedures for the interim period. (Compare with
previous months, budgets.)
8. Test for cut-off by:
selecting payments, sales and credit balances from the debtors’ accounts in the
debtors’ ledger before and after year-end and following it through to the
supporting documentation.
selecting delivery notes and receipts from the source documents before and
after year-end, and follow these through to the debtors’ account in the debtors’
ledger:
Ensure for both the above that the items are accounted for in the correct period.
9. Perform detailed analytical procedures on debtors for completeness, for example:

Debtors to previous year : Budgets
Debtors : Sales to previous year/budgets.
Obtain reasons for material fluctuations.
10. Test valuation. See the program in respect of provision for bad debts.
11. Examine the classification of debtors in the financial statements by ensuring that:
debtors with credit balances are reclassified as creditors and vice versa
inter-group debtors/staff debtors, etc., are shown separately
debtors not collectable within 12 months are classified as long-term assets.
12. Ensure the disclosure and classification of debtors in the financial statements meet
the requirements of IFRS and the Companies Act.
1.2.6 Bank and cash
(a) Audit programme
1. Obtain a list of bank and cash balances at year end and:
test the castings and calculations on the list
agree the total with the trial balance and financial statements.
(b) Bank
2. Test the casting and calculations in the cash book.
3. Ensure through inspection that the balance in the cash book was carried forward
correctly
opening balance = previous month’s closing balance, etc.

4. Select payments from the cash book and:
follow these through to the source documents and ensure the validity of the
payment
follow these through to the cancelled cheque and examine/confirm:
the name of client
the amount of cheque, date, etc.
the authorised cheque signatories

any endorsements
follow these through to entry on the bank statement or list of outstanding
cheques.
5. Select deposits from the cash book and follow these through to the daily cash
summary and deposit slip. Agree:
date
amount
etc.
6. Review the cash book and inspect unusual items.
7. Review the bank statement and inspect unusual entries (e.g. RD cheques, etc), then:
follow through to cash book and ensure these are dealt with correctly
ensure bank statement is genuine/authentic.
8. Request a bank confirmation letter directly from the bank at year-end in respect of
year-end balances and other information and:
agree the balance with the bank reconciliation
examine guarantees provided, etc., and ensure that these are correctly
disclosed in the financial statements
examine who the authorised cheque signatories are (see 4).
9. Request cut-off bank statements directly from the bank and use these for steps 10,
11.
10. Audit the bank reconciliation (at year end):
Agree the cash book balance with cash book.
Agree the balance per bank statement with the bank confirmation letter and cut-
off bank statements.
Follow outstanding cheques and deposits on the reconciliation through to the
cash book before year-end, and agree the amount and dates.
Follow the outstanding deposits through to the next month’s bank statements.
Ensure that these are the first deposits in the new year.
Follow the outstanding cheques through to the following month’s bank
statements, or valid supporting documents if the cheques are not yet drawn.
Compare the outstanding cheques with the mail register, ensure that they are
Agree the balance per the cash book with the list (1), trial balance and
Test castings and calculations.
11. Test outstanding cheques on the reconciliation for understatement at year end:
Select cheques through the bank after year-end (from cut-off bank statements)
and compare these with the list of outstanding cheques, or entry in cash book
after year end.
12. In respect of foreign bank accounts, ensure that these are correctly converted to a
Rand amount at year-end through:
confirmation of the exchange rate with external indexes (e.g. Rheuter)
performing recalculations of the conversion
ensuring profits/losses are correctly dealt with in terms of AC 112
considering the transferability of funds through enquiry from the Reserve Bank.
13. Inspect whether all bank accounts are fully accounted for by:
comparing them with previous year’s working papers and examining them for
accounts omitted
comparing them with the bank confirmation letter in respect of accounts which
exist but which are not shown in the financial statements
performing analytical procedures by comparing bank balances with previous
year and budgets.
14. If it is suspected that cheques are written out before year end, but issued only after
year end:
Enquire from client’s staff about the delay.
Examine mail register to establish whether they were mailed before year-end.
Examine bank reconciliation for long-outstanding cheques.
Advise client to write back as creditors.
(c) Cash
15. Perform surprise cash counts at year end:
Do this in the presence of the cashier.
The cashier must sign for the receipt back of the money.

Do this in the presence of the cashier.
The cashier must sign for the receipt back of the money.
16. Compare the cash counted with:
supporting documentation/amounts received per receipts/cash invoices/cash
summaries.
17. Compare the float with the balance in the general ledger (control account).
18. Ensure through enquiry and observation that:
only one person is responsible for the cash float
money is regularly balanced independently
cash is properly safeguarded
adequate insurance is taken out (against theft and fraud)
different funds are kept separate
management/internal audit regularly performs cash counts on a surprise basis.
1.2.7 Stock (inventory)
(a) Before the count (control over the count)
1. Obtain a copy of the stock count instructions to familiarise yourself with it and
determine whether:
the stock count will be performed by competent, independent staff
there will be proper control over stationery
the count will be done in teams of two
the count will be recorded in ink
the procedures in respect of cut-off are adequate
stock is properly marked/packed
the accuracy of weighing equipment (scales, weighbridge) was checked.
2. Visit the premises and note whether stock is packed properly, whether slow-
moving/damaged stock is packed separately and that it is properly identified.
3. Discuss problems with management.
(b) During the stock count (confirmation of quantities)
4. Attend the stock count and observe if:
counts are done in teams of two (one counts, one writes)
tests are performed independently on the counts by senior staff members
supervision and control is exercised by senior staff
the count is recorded in ink
a senior staff member signs corrections/changes
there is control of stationery during breaks.
5. Determine whether the business is closed during stock counts; if not, observe
control of moving goods. Determine whether there is a separate area for receipt and
shipping of goods during the count.
6. Observe whether there is proper cut-off in respect of goods received/shipped
during the count.
7. Inspect stationery for cut-off and document cut-off numbers. Photocopy these
documents: GRNs, delivery notes, issue notes.
8. Through examination of stationery, determine whether all staff signed for duties
performed.
9. Inspect the stationery register and ensure all stationery (counting cards) is
accounted for.
10. Perform test counts by:
counting from client’s counted stock sheets to the floor (high value items) to
check for overstatement (existence)
counting from the floor to the client’s count sheets to check for
understatement (completeness)
observing the stage of completion of work in process (by self or expert)
comparing results with client’s counts and bringing differences to the attention
of management.
11. Compare test counts with perpetual stock records. Follow up on differences.
12. During stock count, observe:
damaged or obsolete stock
damage, dust, rust, old dates
consignment stock on premises.
13. Walk through the warehouse and ensure everything was counted (marked with
consignment stock on premises.
13. Walk through the warehouse and ensure everything was counted (marked with
chalk, stickers, etc.).
14. Photocopy a number (or if few, all) of client’s stock lists for later follow up.
(c) After the stock count (calculations, valuation, presentation)
15. Final stock lists: Quantities:
Examine lists (review) for unusual/abnormal items included (e.g. equipment)
and follow up.
Agree own test counts with final stock lists.
Ensure no consignment stock is included on the list.
Agree with stock lists obtained during the count.
16. Final stock lists: Unit prices:
Examine the accounting policy in respect of the determination of the cost price
and agree with previous year’s working papers.
Follow the unit prices through to invoices and production records as well as
suppliers’ price lists.
Test the cost of work in progress against production records, etc.
17. Final stock lists: Calculations:
Test castings and calculations (quantity × cost price; casting).
18. Valuation:
Damaged/obsolete stock:
Inspect lists for damaged/obsolete stock. Ensure that such stock identified
by the auditor during the count is included on the list as
damaged/obsolete.
Examine the client’s policy in respect of provisions for obsolete stock.
Compare it with the previous year’s working papers.
Consider applicability using industry norms and recalculate the provisions
according to the client’s policy.
NRV
Determine the selling prices with reference to price lists and sales
invoices.
Determine sales expenses through enquiry from management/examination
of expense records.
For work in progress, determine costs to complete and sales expenses and
work back to NRV.
Recalculate NRV and compare it with the cost price. If cost price is
lower, test the client’s write-down of stock to NRV.
19. Test cut-off:
Follow last cut-off numbers through to the stock lists and ensure subsequent
receipts/issues accounted for in the records after the stock count.
Select receipts (GRNs) and issue before and after year end. Ensure that these
are recorded in the correct period.
20. Stock held by third parties:
Confirm directly from the third party (with client’s permission).
Perform physical count if necessary.
21. Stock in transit:
Confirm receipt after year-end through physical inspection of goods and stock
records.
22. Where the internal auditor attends the stock count at certain premises on your
behalf:
Discuss in advance the programme to be followed.
Review their working papers and findings.
23. Perform analytical procedures on stock:
gross profit/stock/turnover rate, etc., in comparison with previous years and
budgets.
24. Agree closing balance in respect of stock with the trial balance and financial
statements.
25. Compare with insurance contracts (value).
26. Audit the stock reconciliation in the general ledger in detail. Agree these with
stock-take lists and perpetual stock records and investigate differences.
27. Obtain a stock certificate.

Fundamentals of Auditing

Uploaded by

Copyright:

Available Formats

You might also like

Fundamentals of Auditing

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fundamentals of Auditing

Uploaded by

Copyright:

Available Formats

Fundamentals

******ebook converter DEMO Watermarks*******

A van der Watt

******ebook converter DEMO Watermarks*******

Editor: Mandy Jonck

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******

Auditing is a discipline with embedded principles required for all professional

******ebook converter DEMO Watermarks*******

Chapter 1 An introduction to auditing

Chapter 2 The auditor’s regulatory environment

******ebook converter DEMO Watermarks*******

Chapter 3 The ethical environment

Chapter 5 The audit process

Chapter 6 Computers in the audit environment

Chapter 7 Engagement activities

******ebook converter DEMO Watermarks*******

Chapter 9 Obtaining audit evidence

Chapter 10 Final considerations, concluding and reporting

******ebook converter DEMO Watermarks*******

Chapter 11 Responsibilities of an auditor

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******

3.2 In South Africa

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******

6 Independent Regulatory Board for Auditors

7 Professional bodies governing the accountancy

8.1 Committee for Auditing Standards (CFAS)

******ebook converter DEMO Watermarks*******

8.2 Practice statements

9 Fundamental principles of the theory of auditing

10 The career path of a prospective auditor

Career path of a prospective auditor

******ebook converter DEMO Watermarks*******

******ebook converter DEMO Watermarks*******

QUESTION 1.1 22 MARKS

YOU ARE REQUIRED TO:

QUESTION 1.2 12 MARKS

YOU ARE REQUIRED TO:

YOU ARE REQUIRED TO:

******ebook converter DEMO Watermarks*******

The auditor’s regulatory environment

3 Auditing Profession Act

******ebook converter DEMO Watermarks*******

The examination of, in accordance with prescribed or

3.3 Registration of individual auditors and firms (ss 37–39)

******ebook converter DEMO Watermarks*******

3.4 Prohibition against practising in public practice by unregistered

3.5 Information to be furnished by registered auditors (s 43)

3.6 Duties in relation to audit (s 44)

******ebook converter DEMO Watermarks*******

3.8 Liability incurred by auditor (s 46)

3.9 Practice reviews (s 47)

3.10 Investigation into improper conduct by registered auditors (s 48)

3.11 Offences and penalties (s 41)

******ebook converter DEMO Watermarks*******

4.2 Important concepts (ss 1, 2, 3, 4)

Information in writing or electronic format concerning the

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*

ebook converter DEMO Watermarks*