Professional Documents
Culture Documents
Fundamentals of Auditing
Fundamentals of Auditing
Fundamentals of Auditing
of
Auditing
Fifth Edition
B Marx
B Compt (Cum Laude) B Compt (Hons) M Compt (Cum Laude) D Com CA(SA)
RAA ACCA (UK) FCIS
Professor: Department of Accountancy, University of Johannesburg
N Schönfeldt
B Com (Acc) B Com (Acc) Hons M Com CA(SA)
Editor
V van Dyk
B Com (Acc) B Com (Acc) Hons M Com CA(SA)
Senior lecturer in Auditing: Department of Accountancy,
University of Johannesburg
D Maré
B Com (Acc) B Com (Acc) Hons CA(SA) CIMA (passed finalist)
Senior lecturer in Auditing: Department of Accountancy,
University of Johannesburg
T Ramuedzisi
B.Bus.Sc (Finance Hons) H.Dip.Acc CA(SA)
Senior lecturer in Auditing: Department of Accountancy,
University of Johannesburg
© 2011
ISBN 978 0 409 10703 6
Copyright subsists in this work. No part of this work may be reproduced in any form or by any means without the
publisher’s written permission. Any unauthorised reproduction of this work will constitute a copyright infringement and
render the doer liable under both civil and criminal law.
Whilst every effort has been made to ensure that the information published in this work is accurate, the editors,
publishers and printers take no responsibility for any loss or damage suffered by any person as a result of the reliance
upon the information contained therein.
B Marx
N Schönfeldt
A van der Watt
V van Dyk
D Maré
T Ramuedzisi
September 2011
Johannesburg
An introduction to auditing
Authoritative references
Reference Title
Preface to international standards on quality control, auditing,
Preface
review, other assurance and related services
Glossary Glossary of terms
1 Introduction
Certain companies, as stipulated in the Companies Act 71 of 2008, are required by law
to prepare annual financial statements. It is, however, the responsibility of the board of
directors to prepare these financial statements, and the framework in which the
reporting should be done is prescribed by law and the International Financial Reporting
Standards (IFRS). Shareholders and other interested parties, such as banks, the South
African Revenue Service (SARS), investors, etc., require an independent and objective
opinion as to whether the statements presented by the board of directors provide a fair
reflection of the financial position of the company and the results of its operations. This
is the principal task that the law requires the auditor to perform.
The statutory audit is not the only audit that is performed, however; entities not
required by law to have an audit may request an audit to enhance the credibility and
reliability of their results. An audit is also not necessarily restricted to the verification
of the financial results of an entity.
2 Definition of auditing
******ebook converter DEMO Watermarks*******
The Oxford Interactive Encyclopaedia defines “audit” as “an official examination and
verification of (originally orally presented) financial accounts, especially by an
independent body”. However, “audit” can be either a verb or a noun. The above
definition is of the noun. As a verb, “audit” would mean inspect, examine, scrutinise,
etc, as in “audit the books”.
Dickinson (Lubbe, 1983:1) defined an audit as “an investigation or examination by an
auditor into the evidence from which the financial statements of an organisation have
been prepared. This examination is carried out in order to ascertain that the financial
statements fairly present the summarised transactions for the period under review and of
the financial state of the organisation at the end date, thus enabling the auditor to report
on them”.
The objective of an audit of financial statements is defined in the glossary of terms as
“to enable the auditor to express an opinion whether the financial statements are
prepared, in all material respects, in accordance with an applicable financial reporting
framework”.
It would, however, be impossible to give a single definition of auditing due to the
terms “audit” and “auditing” being used in different disciplines and in different
situations. The above explanations would therefore be regarded as sufficient in this
context.
3 Development of auditing
3.1 Internationally
Although the earliest recorded use of the word “audit” was in the late Middle Ages
(1350–1469), evidence of accounting can be traced to Biblical times (Lubbe, 1983:2).
The English word “audit” stems from the Latin word “audire”, which means to hear.
According to Schandl (Lubbe, 1983:2), the Roman auditor was present at negotiations
without participating in the negotiations. The auditor was expected only to listen to the
negotiations and to identify any misappropriation of funds and unacceptable actions by
the parties.
Two significant developments in the accounting field that had far-reaching
implications for the accounting and auditing professions was the switch-over from
Roman to Arabic notation in the 14th century and later the development of double-entry
bookkeeping. An Italian, Frater Luca Pacioli, made a valuable contribution to the
development of double-entry bookkeeping through the publication of his work Summa
de Arithmetica, Geometria Proportioni et Proportionalita, published in 1494 (Lubbe,
1983:2).
******ebook converter DEMO Watermarks*******
The current practice of auditing of corporations developed over the last 170 years as
a result of the self-regulation of the accounting profession. A regulated auditing
profession was established in the United States in the late 1800s, and in the United
Kingdom only in the mid 1900s. It became a statutory requirement that corporate entities
be audited by an independent person, (Lee, 1988:xxi). This legislative requirement was
necessitated by the change in company structures. Prior to this, companies had been
managed mainly by the owner(s), with no separation between management and
ownership. The growth in the size of companies had resulted in a division between the
managers and the shareholders or owners of the company. The fact that the shareholders
had become less and less involved in the management of the company called for an
independent party to provide an objective view of the operations and results of a
company, leading to the establishment of the auditing profession.
5 Types of auditor
“Performing an audit” is no longer restricted to the accounting profession; it is an
activity found in a variety of disciplines and is not necessarily performed by a chartered
accountant. In that sense it merely refers to the investigation of data in order to verify the
accuracy of the data and to express an independent opinion (e.g. the verification of
election results by an independent party).
In terms of the auditing profession, two broad categories of auditor can be identified.
The external auditor is the person with final responsibility for the external audit
function, be it a statutory audit or a voluntarily requested audit. The external auditor is
7.1 IFAC
The International Federation of Accountants (IFAC) is the global organisation for the
accountancy profession. It works with its member organisations in a number of countries
to protect the public interest by encouraging high quality practices by the world’s
accountants (IFAC, 2004a:1).
IFAC’s main objective is defined as “to serve the public interest, strengthen the
worldwide accountancy profession, and contribute to the development of strong
international economies by establishing and promoting adherence to high-quality
professional standards, furthering the international convergence of such standards, and
speaking out on public interest issues where the profession’s expertise is most relevant”
(IFAC, 2004a:1).
The International Auditing and Assurance Standards Board (IAASB) is an
independent standard-setting body under the auspices of IFAC. The IAASB aims to
establish high-quality auditing, assurance, quality control and related services. Its
mission is further to improve the uniformity of practice by professional accountants
throughout the world, thereby strengthening public confidence in the global auditing
profession and serving the public interest (IFAC, 2004b:1).
The Public Interest Oversight Board (PIOB) oversees the public interest activities of
******ebook converter DEMO Watermarks*******
IFAC. The objective of the PIOB is to increase confidence of investors and others that
such activities, including the setting of standards by the IAASB, are properly responsive
to the public interest. PIOB members are nominated by international institutions and
regulatory bodies (IFAC, 2009).
7.2 SAICA
The leading professional body in governing the accountancy profession in South Africa
is the South African Institute of Chartered Accountants (SAICA). SAICA offers its
members a wide range of services, such as ongoing professional education, tax and
legal advisory services, technical advice and seminars and workshops.
SAICA was established in 1980 after the National Council of Chartered Accountants
(SA) was dissolved. SAICA has subsequently established itself as one of the leading
institutes on the global front through its involvement in international activities. SAICA
holds a seat on the Council of IFAC and on the board of the International Accounting
Standards Committee (IASC). It is also a member of the respected “Group of Ten”, a
group of the ten leading institutes worldwide, and the Chartered Accountants Group of
Executives (CAGE), which consists of the seven major Chartered Institutes (SAICA
2002b:3).
Members of SAICA can hold the designation of highly regarded Chartered
Accountant (South Africa), or “CA(SA)”. In order to do so, members must have
mastered certain skills through education and training, as explained in a later section of
this chapter.
7.3 ACCA
The Association of Chartered Certified Accountants (ACCA) is an international
accountancy body with statutory recognition in the UK and Ireland. Members of ACCA
are known as Chartered Certified Accountants and can work as registered auditors in
the abovementioned countries. The ACCA was established to provide more open access
globally to the accountancy profession and has developed into an authority on
professional accounting and associated public policy matters, as well as taxation of
corporate and non-corporate entities and law (ACCA, 2004:1). The ACCA was
launched in South Africa in 1994 and, although the ACCA qualification does not qualify
one to provide auditing services in South Africa, members to the ACCA in South Africa
are recognised as accounting officers for Closed Corporations.
7.4 CIMA
The Chartered Institute of Management Accountants (CIMA) is an internationally
******ebook converter DEMO Watermarks*******
recognised professional management accounting body. The CIMA qualification has a
focus towards accounting for business, as well as an excellent understanding of finance,
operations, change management, relationship and project management, marketing, as
well as applied management accounting techniques (CIMA, 2011:1). A member to
CIMA will hold the designation of Chartered Management Accountant.
7.5 SAIPA
The South African Institute of Professional Accountants (SAIPA) is the second-largest
accounting institute in South Africa and is also a member of IFAC. Professional
accountants are recognised as Independent Reviewers by the Companies Act 71 of 2008
and may also report on other business forms, such as Non-profit Organisations and
Closed Corporations (SAIPA, 2011:1).
7.6 IIA
Established in 1941, the Institute of Internal Auditors (IIA) is an international
professional association. The IIA is recognised as the leading professional body for
internal auditors and oversees the certification, education, research and technical
guidance of various internal audit-related qualifications of which Certified Internal
Auditors (CIA) is the most well-known qualification (IIA, 2011:1).
7.7 CFA
The members of the CFA Institute (a global association of investment professionals) are
known as Chartered Financial Analysts (CFA). The Institute has its origin in the
Financial Analysts Federation that dates back to 1947. It is the institute’s mission to
promote an investment profession of which the members adhere to the highest standard
of ethics, integrity, and excellence of practice (CFA Institute, 2011:1).
7.8 SAIT
The South African Institute of Tax Practitioners (SAIT) is yet another professional
organisation in the accountancy and taxation field. The SAIT stands for advancing the
knowledge and understanding of laws relating to taxation in South Africa. The various
fields of tax include income tax, value-added tax, employee tax, secondary tax on
companies, skills development levies, transfer duties, estate duties, customs and excise
duties, capital gains tax, tax planning, estate planning, taxation services and foreign
taxation laws, to name but a few (SAIT, 2011:1).
8 Auditing pronouncements
******ebook converter DEMO Watermarks*******
In the past, statements of generally accepted auditing standards in the South African
context were referred to as the South African Auditing Standards (SAASs). The
Auditing and Assurance Standards Board of IRBA adopted the entire set of international
pronouncements issued by the IAASB for use in South Africa. These pronouncements
replaced the SAAS statements.
The international pronouncements include:
the International Standards on Auditing (ISAs)
the International Standards on Review Engagements (ISREs)
the International Standards on Assurance Engagements (ISAEs)
the International Standards on Related Services (ISRSs)
the International Standards on Quality Control (ISQC).
Statements of ISA contain basic principles and essential procedures to be followed by
auditors in performing their work, together with further guidance in the form of
explanatory and other material. Auditing standards are binding on all registered auditors
and should be applied in the audit of financial statements and other information, and to
related services.
Practice statements are issued to provide practical assistance to auditors in
implementing particular statements of ISA and to promote good practice.
PART A
You are a registered auditor.
A friend of yours, Luscious Lucy, loves beauty contests. She asks you why the
announcers of the Miss World competitions made a special announcement that the
results of the competition were verified by external auditors.
PART B
You are an audit partner in a large auditing firm. One of the leading residential
universities invited your firm to present a guest lecture to the second-year auditing
students. This will be these students’ first encounter with the subject “Auditing” and you
are requested to give a presentation on the auditing profession.
Authoritative references
Auditing Profession Act, 26 of 2005
Companies Act, 71 of 2008 Companies Regulations, 2011
Closed Corporations Act, 69 of 1984
Public Finance Management Act, 1 of 1999
1 Introduction
The auditor operates in an environment where laws and regulations play an important
role. Accordingly there are numerous laws and regulations that the auditor has to
consider in the audit of financial statements. Some of these laws (e.g. the Companies
Act) apply to all companies, but there are laws that are applicable to specific
institutions only (e.g. the Banks Act, the Insurance Act).
In order to provide a proper service and to reduce the audit risk, the auditor has to
ensure that he has proper knowledge of the laws and regulations impacting on the
various audit assignments for which he is responsible. Similarly, directors and
managers of companies should have a good understanding of the legal and regulatory
environment in which the entity operates, as well as the accompanying responsibilities
placed on them. It is therefore essential that they have a proper understanding of the
relevant laws and regulations affecting their entities.
2 Corporate governance
Auditors, directors and managers should be aware of the regulatory environment which
governs companies on a broad basis. The broad regulatory environment is determined
by the respective laws and regulations governing corporate entities in South Africa.
******ebook converter DEMO Watermarks*******
They should, however, also be aware of the narrow governance of entities. The
narrow governance of entities refers to the regulation of internal aspects of entities by
different requirements. Although not an Act, the King Reports on Corporate Governance
provide an important framework for entities. For example, the Code of Corporate
Practices and Conduct of the King II Report placed responsibilities on the directors of a
company to ensure that proper systems exist by which a company can be directed and
controlled.
The King II Report adopted an inclusive approach to corporate governance.
Consequently, the directors are considered to not only be accountable to shareholders,
but to act responsibly in regard to all stakeholders of the company. The King III Report
goes further and revolves around leadership, sustainability and corporate citizenship.
King III was developed to align King II with the new Companies Act’s requirements.
It functions on an “apply or explain” basis and could be viewed by courts as the
benchmark for the required standard of best practice. The King III Report is widely
regarded as guidance for what good governance entails and for setting the benchmark
for directors’ conduct.
Auditors, directors and managers should further also understand the concepts and
principles relating to business ethics, and the risk management and internal control
processes of companies.
Contents Paragraph(s)
Definitions 1
Registration of individual auditors and firms 37–40
Conduct by and liability of registered auditors 41–46
Accountability of registered auditors 47–51
Reportable irregularities and false statements in connection 52
with audits
3.1 Introduction
After 1 April 2006, all persons registered with the Independent Regulatory Board for
Auditors (IRBA) have to comply with the regulations of the Auditing Profession Act, 26
of 2005.
3.2 Definitions (s 1)
4 Companies Act
Contents Sections
Important concepts 1, 2, 3, 48
Incorporation and types of companies 8, 15, 16
Directors and shareholders governance 60–78
Accountability and transparency 84–94
30, 90–93,
Auditing and review requirements Regulations,
2011
4.1 Introduction
The South African corporate law reform programme was initiated in 2005 by the
Department of Trade and Industry. This resulted in short-term amendments to the
Companies Act, 1973, which became effective on 14 December 2007, and a new
Companies Act (71 of 2008) signed by the President on 8 April 2009 and gazetted in the
Government Gazette (No 32121)). The new Companies Act and Companies
Regulations, 2011, came into effect on 1 May 2011.
******ebook converter DEMO Watermarks*******
Companies Regulations
In terms of section 223, and Item 14 of Schedule S of the Companies Act, 2008, the
Minister of Trade and Industry publishes regulations relating to the functions of the
Companies Commission, the Takeover Regulation Panel and the Companies Tribunal, as
well as other matters relating to the regulation of companies, to take effect at the same
time that the Companies Act, 2008 takes effect.
In section 30(2) the Act states that the annual financial statements of all public and
state-owned companies must be audited. In the case of any other type of company, the
annual financial statements must be:
audited if so required by the regulations issued by the Minister, or if decided at the
option of the company to be voluntarily audited, or
independently reviewed in a manner prescribed by the Minister in the regulation.
Private companies will be exempted from the above-mentioned requirements to be
audited or independently reviewed, if all the shareholders are directors and if it does
not meet the public interest score (PIS) that requires an audit.
A: NON-PROFIT COMPANIES
This is a company:
incorporated for public benefit, or whose objective is related to cultural or social
activities or communal or group interests
whose income and assets are applied to advance its objective as stated in the
memorandum, and
who may not, directly or indirectly, transfer any of its assets or pay any of its income
to its members or directors (except as reasonable remuneration for services
rendered).
All sections of the Act apply similarly to non-profit companies, except that they do not
need a company secretary or audit committee (unless so required by the MOI).
******ebook converter DEMO Watermarks*******
B: PROFIT COMPANIES
A profit company is a company incorporated for the purpose of financial gain for its
shareholders (section 1). It can consist of four types of companies, namely:
B1: State-owned companies
This is a company (section 1) that:
falls within the meaning of a state-owned enterprise in terms of the Public Finance
Management Act, or
is owned by a municipality.
B2: Private companies
A private company:
is not state-owned, and
through its memorandum of incorporation:
prohibits the offering of its securities to the public, and
restricts the transferability of its securities.
Note: No limitation is placed on the number of shareholders of a private company as
was the case under the old Companies Act (previously 50).
B3: Personal liability companies
This is a company that:
meets the criteria for a private company (its memorandum prohibits the offering of
its securities to the public and also restricts the transfer thereof), and
stipulates in the MOI that it is a personal liability company.
Note: In terms of section 19(3), the directors and past directors are liable for the
company’s debts.
This type of company is normally used by professionals, such as lawyers, doctors, and
registered auditors, as it is a prerequisite of their respective professional bodies to
incorporate under this format of company.
B4: Public companies
A public company is a profit company that is not a state-owned company, a private
company or a personal liability company.
4.3.2 Incorporation of companies (ss 13, 14)
One or more persons may incorporate a profit company, and three or more persons may
incorporate a non-profit company by:
******ebook converter DEMO Watermarks*******
completing and each signing, in person or by proxy, the MOI, and
filing a notice of incorporation (NOI).
The Commission may reject the NOI if it is incomplete, and will reject it if there is less
than the required number of directors (at least three for public and non-profit
companies, and at least one for private and personal liability companies).
The Commission will:
assign the company a registration number
endorse the NOI and the MOI, and
issue and deliver a registration certificate to the company. The registration
certificate is conclusive evidence that all requirements for incorporation have been
complied with and that the company is incorporated.
If the name of the company stated in the NOI is already in use, the Commission will
register the company under its registration number as the interim name.
4.3.3 Memorandum of incorporation (MOI) (ss 15, 16)
The statutory document that incorporates the company’s rights, duties and
responsibilities is called a Memorandum of Incorporation
The MOI may:
include provisions dealing with matters the Act does not address, or alter
provisions that may be altered
impose a higher standard or more onerous provisions than what the unalterable
provisions require
contain restrictive conditions for the amendment thereof
not include provisions that negate, limit or alter the effect of unalterable provisions.
(a) Rules relating to governance
The board of a company (except where the MOI provides otherwise) may make, amend
or repeal rules relating to the governance of the company not addressed in the Act by
publishing a copy of the rules as required by the MOI and filing a copy of the rules with
the Commission.
Such rules must be consistent with the Act and the MOI, and if not, are void. The
rules take effect 20 days after they are published, or as specified in the rules, and:
are binding on an interim basis until voted on at the next shareholders’ meeting
are permanently binding after the shareholders have ratified them.
******ebook converter DEMO Watermarks*******
Any failure to ratify a rule does not affect the validity of any actions in terms of those
rules during the period they had an interim effect.
The MOI, and any rules of the company, are binding between:
the company and its shareholders
the shareholders
the company and its directors
the company and members of the audit committee or other committee of the board.
(b) Amendment of the MOI (s 16)
The MOI can be amended by:
a court order
the board, regarding changes made to the company’s shares (changing the authorised
shares, their rights, preferences, classifications – section 36(3)).
a special resolution, if proposed by the board or by shareholders entitled to exercise
at least 10% of the voting rights on such a resolution
the MOI may specify other requirements for amendments.
An amendment may be in the form of a new MOI, or alterations thereto, and should be
submitted to the Commission together with a notice of amendment (NOA).
The amendment to the MOI takes effect from the date that the Commission accepts the
filing of the NOA, or the later date set in the NOA.
4.3.4 Legal status of companies (s 19)
After incorporation, the company is a juristic person, exists continuously and has all the
legal powers and capacity of an individual, except to the extent that the MOI provides
otherwise.
A person is not, solely by reason of being a shareholder or director, liable for any of
the company’s liabilities or obligations, except as otherwise provided in the Act, or the
MOI.
The directors and past directors of a personal liability company are jointly and
severally liable, together with the company, for any debts and liabilities incurred during
their respective terms of office.
One of:
IFRS, or
Profit companies, other than state-owned
or public companies, whose PIS for the IFRS for SMEs, provided that the
particular financial year is at least 350 company meets the scoping
requirements outlined in the IFRS
for SMEs.
******ebook converter DEMO Watermarks*******
Profit companies, other than state-owned One of:
or public companies:
(a) whose public interest score for the IFRS, or
particular financial year is at least 100 but IFRS for SMEs, provided that the
less than 350, or company meets the scoping
(b) whose public interest score for the requirements outlined in the IFRS
particular financial year is less than 100, for SMEs, or
and whose statements are independently SA GAAP.
compiled.
Profit companies, other than state-owned
The Financial Reporting Standard as
or public companies, whose PIS for the
determined by the company for as long as
particular financial year is less than 100,
no Financial Reporting Standard is
and whose statements are compiled
prescribed.
internally
(b) Exemption
This regulation applies to an entity (company or corporation), with respect to any
particular financial year, unless the company or corporation:
is exempt, in terms of section 30 (2A), from any requirement to have its annual
financial statements for that year audited or reviewed
is required by its own MOI, or required in terms of the Act or regulation 28, to have
its annual financial statements for that financial year audited, or
has voluntarily had its annual financial statements for that year audited.
(c) Standard to be followed
An entity to which this regulation applies must have its annual financial statements
independently reviewed in accordance with ISRE 2400.
******ebook converter DEMO Watermarks*******
(d) Requirements for independent review
The independent review of the annual financial statements must be carried out:
in the case where the PIS for the particular financial year was at least 100, by a
registered auditor, or a member in good standing of a professional body that has
been accredited in terms of section 33 of the Auditing Professions Act (currently
only CA(SA)s), or
in the case where the PIS for the particular financial year was less than 100, by:
a person contemplated above, or
a person who is qualified to be appointed as an accounting officer of a close
corporation in terms of sections 60 (1), (2) and (4) of the Close Corporations
Act, 1984 (Act 69 of 1984).
(e) Disqualification
An independent review of the annual financial statements must not be carried out by an
independent accounting professional who was involved in the preparation of the said
annual financial statements.
(f) Reportable Irregularities
An independent reviewer that is satisfied or has reason to believe that a reportable
irregularity has taken place or is taking place in respect of the entity must, without
delay, send a written report to the Commission.
Note: Where a reportable irregularity is identified during an independent review,
it is reported to the Commission, as opposed to a reportable irregularity that is
identified during a statutory audit, in which case it should be reported to the
IRBA.
The report must give particulars of the reportable irregularity and must include such
other information and detail as the independent reviewer considers appropriate.
The independent reviewer must, within three business days of sending the report to
the Commission, notify the members of the board/members of a close corporation of
the entity in writing of the sending of the report referred and the provisions of this
regulation, and attach a copy of the report sent to the Commission.
The independent reviewer must as soon as reasonably possible but not later than 20
business days from the date on which the report was sent to the Commission:
take all reasonable measures to discuss the report referred with the members of
the board of the entity (company or corporation)
Contents Paragraph
Appointment of accounting officers 59
Qualifications of accounting officers 60
Duties of accounting officers 62
5.1 Introduction
Smaller entities can obtain legal status by registering as close corporations. The
registration of new close corporations will however be terminated at the date that
section 13 of the Companies Act, 71 of 2008, which governs the registration of
companies, becomes effective. The registration of existing close corporations at such
date will remain, although the registration of new close corporations thereafter will not
be allowed.
Contents Paragraph(s)
Object of this Act 1
Institutions to which this Act applies 2
8, 19, 40, 55,
Audit requirements for affected institutions 58, 62
8 Questions
QUESTION 2.4
John and his friend Sipho are the two owners of an asset management company called
Invest-a-rand (Pty) Ltd. They are the only two shareholders and are both directors of the
company. During the year, the company had R26 million of third-party funds under their
management. The year-end of the company is drawing near, and Sipho and John are
unsure of whether Invest-a-rand needs to be audited or not. John seems to be of the
opinion that since they are the only two shareholders and directors, the company
qualifies for the exemption in the Companies’ Act.
QUESTION 2.5
Cowalicious Ltd is a dairy company whose shares are held by 65 individual farmers.
The company has six directors, three of them farmers and the other three some local
businessmen. The company sells milk collected from all the different farmer’s farms and
supplies it to a local retailer. All sales proceeds go to the company, which then declares
an annual dividend to the farmers.
During the year a new farmer wanted to buy some shares in the company, but did not
have enough money for the required amount. The directors then decided that the
company would give the new farmer a loan, which he would pay back through his
dividends.
The company also needs some new bottling equipment in the coming year. One of the
directors, Jane Patrick, approached her brother (with whom she owns a bottling
equipment company) for a quote to supply Cowalicious Ltd with this equipment. The
matter is to be discussed at the next board meeting. The company also needs to hold an
AGM in the next two months.
QUESTION 2.6
Four friends who all graduated from the same university decided to establish their own
auditing firm. They all did their articles at one of the BIG 4 auditing firms in Gauteng
and realised that since they had all qualified as chartered accountants, the world was
their oyster and they wanted to harness the opportunity to do their own thing.
Authoritative references
Code of Professional Conduct for Chartered Accountants (SAICA Member’s
Handbook Volume 3)
Code of Professional Conduct for Registered Auditors (Independent Regulatory
Board for Auditors)
By-Laws of the South African Institute of Chartered Accountants Part B – Applicable
only to Chartered Accountants
Rules Regarding Improper Conduct for Registered Auditors (IRBA)
5 Questions
QUESTION 3.1
You are a chartered accountant and registered auditor working as the technical partner at
a large auditing firm. You are regularly consulted with on situations and queries that the
other partners have.
Query 1
Jaco Janse van Vuuren is working on a proposal to replace the existing auditors of
******ebook converter DEMO Watermarks*******
CranApple Limited. Jaco is confident that the firm will get the audit, as the audit fee
they are asking is at least 5% less than CranApple Limited’s existing auditor. Jaco
wants to know whether he can include the lower fee in the proposal. (7)
Query 2
Elbi Scholtz is the partner in charge of the Up-the-Creek (Pty) Ltd audit. The managing
director of the company (a most unpleasant person) phoned Elbi at 4:00 this morning to
threaten the firm with a lawsuit. Elbi would like to have information on the legal
liability of the auditor according to the Auditing Profession Act. (7)
Query 3
Marita Terblanche has decided to resign as partner and leave the bustling city life. A
client of the firm, Rooiland Limited, has offered her an appointment as financial
manager at their Kakamas branch office. Marita wants to know if she can accept the
appointment at Rooiland Limited. (3)
Query 4
Deon van der Walt was made partner at the beginning of August 2003. He has instructed
his personal assistant to have his new business cards printed, and reminds her that he is
also a member of the South African Institute of Chartered Accountants and the
Independent Regulatory Board for Auditors.
Deon’s personal assistant wants to know why Deon told her about his membership
with SAICA and the IRBA. (2)
Query 5
Jan Painting is the owner of Services (Pty) Limited. His company specialises in
providing support services to auditing firms. He has approached the partners at your
firm with the following proposal: (2)
(a) As Services (Pty) Limited has contacts at most other auditing firms, they are well
placed to identify staff at other firms and offer them positions at your firm. (4)
(b) Services (Pty) Limited can also assist the firm in expanding their base of audit
clients. They believe their success lies in using any and all forms of
communication: telephoning prospective clients; mailing, faxing and e-mailing
brochures to clients. They also have software available that makes the mass
sending of SMS messages possible. (8)
The other partners want your comment on Jan’s proposal.
QUESTION 3.2
Andrew Malcolm Inc. is a relatively new auditing firm owned by Andrew Malcolm.
Due to its recent entry to the market, the firm is quite small and is willing to accept
almost any client to ensure revenue. During the year, the firm obtained quite a big audit
client, Trendy Fashions (Pty) Ltd, which accounted for almost 40% of the firm’s
revenue. The financial director of Trendy Fashions has also proposed that Andrew
Malcolm Inc. do some consulting work for the company, as it’s easier if the consulting
and the auditing are done by the same person so that the financial director doesn’t face
“the usual stupid questions from the auditors” repeatedly.
If Andrew accepts the consulting engagement, the total fees from Trendy Fashions
will almost double, making the total fees from Trendy Fashions account for almost 70%
of Andrew Malcolm Inc.’s total revenue. This sounds very exciting, because if the fees
for this year are high enough, Andrew can declare himself a big bonus and finally get to
take his family on that overseas trip they have been waiting for.
QUESTION 3.3
Sipho Majali is a chartered accountant working as the financial director for a company
******ebook converter DEMO Watermarks*******
called Electronic Sounds (Pty) Ltd. The company has been making losses recently due
to stocking outdated sound equipment which has not been selling very well. The stock is
selling so badly that Sipho suggested that they write it down to net realisable value in
order to comply with fair presentation.
The CEO, Jack Malone, has refused that this be done as he says it will result in the
company having a net liability position, which will look really bad to the shareholders.
He is not willing to lose his bonus because of some “bogus” accounting requirements.
He tells Sipho that if he doesn’t keep his “silly accountant” mouth shut, he may be
reading the classifieds for a new job very soon.
QUESTION 3.4
You are an audit partner at City Inc., a small auditing firm based in Sandton. One of your
biggest clients is Joburg (Pty) Ltd (“Joburg”), for whom you have been doing
bookkeeping and compiling financial statements for the past five years. Joburg recently
got rid of their auditors for reasons that Jabulani (the managing director of Joburg) says
are “not really important”, so he has now approached you (City Inc.) to be the new
auditors of Joburg. Jabulani says that since he knows you so well, he feels he can trust
you with the audit of his company, and that it should be easy anyway since you know
everything that is going on. Jabulani promises that, should you take Joburg as an audit
client, he will pay you twice as much as he pays for the bookkeeping services. This
means that the total revenue from Joburg would make up more than half of City Inc.’s
annual revenue.
The only thing that Jabulani requires of you is that in the audited set of financial
statements, you adjust the assets so that Joburg can appear to have a higher net asset
value. “I know you won’t be as stubborn or stupid as that last auditor. At least you know
better than to jeopardise losing such a big fee – since we’re effectively two clients in
one”, he says to you with a chuckle (patting you on the back).
Corporate governance
Authoritative references
The King Report on Corporate Governance 1994
The King II Report on Corporate Governance in South Africa 2002
The King III Report on Corporate Governance in South Africa 2009
PricewaterhouseCoopers Corporate Governance Series September 2009
(a) Transparency
Transparency is the ease with which an outsider is able to make meaningful analysis of
a company’s actions and its economic fundamentals. Management must make the
necessary information available candidly, accurately and timeously. It should be
possible to obtain a clear and true picture of what is happening inside a company from
the information supplied by the company.
(b) Accountability
Individuals or groups in a company who make decisions and take actions on specific
issues need to be accountable for their decisions and actions. Mechanisms must exist
and be effective to allow for accountability, thus facilitating both transparency and
responsibility. This provides investors with the means to query and assess the actions of
the board and its committees.
(d) Fairness
The systems that exist within the company must be balanced in taking into account all
those who have an interest in the company and its future. The rights of various groups
have to be acknowledged and respected. Minority shareholder interests must receive
equal consideration to that of the dominant shareholder(s).
Affected companies
King III applies to all entities, regardless of the manner and form of incorporation or
establishment and whether in the public sector, private sector or non-profit sector.
1.2 The board should ensure that the company is and is seen to be a
responsible corporate citizen.
Responsible corporate citizenship equates to the adoption of an inclusive approach
to governance. The company should engage with stakeholders in order to protect,
enhance and invest in their well-being and to ensure an ethical relationship of
responsibility between the company and the society in which it operates.
The company must develop corporate citizenship policies and implement
measurable programmes in this regard.
1.3 The board should ensure that the company’s ethics are managed
effectively.
The board should ensure that:
An ethical corporate culture is built and sustained in the company;
It determines ethical standards which are clearly understood by the company and
that the company ensures adherence in all aspects of its business;
Adherence to the ethical standards is measured;
The ethical performance of external business partners is aligned around the ethical
standards of the company;
Types of directors
Directors of companies can serve in either an executive or non-executive capacity
Executive director
A member of the board who is:
– a salaried employee of the company or its subsidiaries, and/or
– involved in the day-to-day running of the company or its subsidiaries
For example, the managing director, chief executive officer, financial director
Non-executive director
A member of the board who is:
– not involved in the day-to-day running of the company or its subsidiaries, and
– not a full-time salaried employee of the company or its subsidiaries.
2.1 The board should act as the focal point for and custodian of
corporate governance.
A charter should set out the responsibilities and functions of the board and the board
should meet at least four times a year.
2.2 The board should appreciate that strategy, risk, performance and
sustainability are inseparable.
In achieving the above, the board should ensure that the strategy of the company
takes into account all potential risks and that it will ensure the sustainability of not
only of the company, but also of the planet.
2.4 The board should ensure that the company is and is seen to be a
responsible corporate citizen.
2.5 The board should ensure that the company’s ethics are managed
effectively.
2.6 The board should ensure that the company has an effective and
independent audit committee.
2.9 The board should ensure that the company complies with applicable
laws and considers adherence to non-binding rules, codes and
standards.
2.12 The board should ensure the integrity of the company’s integrated
report.
2.14 The board and its directors should act in the best interests of the
company.
The best interest of the company will be served should directors comply with all the
legal duties of a director, not deal in securities of the company whilst in possession
of price-sensitive information which is not available to the general public, and if
their judgment is not affected by conflicts of interest.
Directors should be allowed to obtain independent advice in connection with their
duties. An agreed-upon process should exist in this regard.
It is expected from directors to disclose real and perceived conflicts of interests to
the board.
All listed companies should have a policy regarding dealings in securities by
directors and selected employees.
2.17 The board should appoint the chief executive officer and establish
a framework for the delegation of authority.
The role and function of the CEO should be formalised and the board should
evaluate the performance of the CEO against these criteria.
A succession plan should exist for the role of the CEO and other senior executives
and officers.
The board should also provide input regarding the appointment of senior
management within the company.
2.22 The evaluation of the board, its committees and the individual
directors should be performed every year.
The annual evaluation of directors should be performed by the chairman or an
independent advisor.
The results of the performance evaluations should form the basis for the
determination of the development and training needs of directors.
The role, functions, duties and performance criteria of the board should serve as a
benchmark for the performance appraisal.
3 Audit committees
Background
The audit committee is currently viewed as one of the most important governance
structures within the modern company. The Companies Act also regulates the
appointment, role and composition of the audit committee and stipulates the institution
of an audit committee for all public companies and state-owned entities. The King Code
furthermore stipulates that the board should ensure that the company has an effective and
independent audit committee.
3.1 The board should ensure that the company has an effective and
independent audit committee.
The terms of reference of the audit committee should be approved by the board.
The audit committee should meet as often as is necessary to fulfil its mandate, but at
least twice a year.
The audit committee should meet with the external and internal auditors at least
annually without management being present.
3.6 The audit committee should satisfy itself of the expertise, resources
and experience of the company’s finance function.
The audit committee should perform an annual review of the finance function and the
results should be published in the integrated report.
3.10 The audit committee should report to the board and shareholders
on how it has discharged its duties.
The audit committee is required to report internally to the board and externally to
the shareholders.
Reporting to the board will include how the committee has discharged its statutory
duties as well as the duties assigned to it by the board.
Reporting to the shareholders will relate to how its statutory duties were discharged
and will include:
how its duties were carried out
whether the committee is satisfied with the independence of the external auditors
the committee’s view on the financial statements and the accounting practices,
and
whether the internal financial controls are effective.
The integrated report should contain a section which summarises the role of the
committee, its composition, number of meetings held, and details of other activities.
The audit committee should recommend to the board whether the integrated report
should be approved.
4 Risk management
Background
Regulators and financial markets are increasingly focusing on the need for companies to
introduce proper risk management systems to manage the risks they are faced with
******ebook converter DEMO Watermarks*******
effectively. Proper risk management will also allow companies to better fulfil their
objectives and is therefore also an important part of any corporate governance system.
The process of risk management can be described as the identification, evaluation
and measurement, management and monitoring of all major risks with which the
company is faced with.
4.3 The risk committee or audit committee should assist the board in
carrying out its risk responsibilities.
The board should appoint a committee which is responsible for risk, specifically to
consider the risk management policy and plan, and to monitor the risk management
process.
The committee should consist of a minimum of three members who could be
******ebook converter DEMO Watermarks*******
executive and non-executive directors, members of senior management, and
independent risk management experts as invitees.
The committee should meet at least twice a year and its performance should be
evaluated by the board at least once a year.
4.5 The board should ensure that risk assessments are performed
continually.
The company should perform a systematic and formal risk management assessment
at least once a year.
Risks should also be prioritised and ranked in order for the company to properly
focus risk strategies and interventions.
The assessment of risk should be in the form of a top-down approach.
The board should receive a risk register regularly highlighting the key risks which
the company is faced with.
The board should review the register and ensure that the key risks are quantified.
4.6 The board should ensure that frameworks and methodologies are
implemented to increase the probability of anticipating
unpredictable risks.
4.10 The board should ensure that there are processes in place enabling
complete, timely, relevant, accurate and accessible risk disclosure to
stakeholders.
The board’s view on the effectiveness of the risk management process should be
disclosed in the integrated report.
The integrated report should also deal with undue, unexpected or unusual risks.
5.3 The board should delegate the responsibility for the implementation
of an IT governance framework to management.
An IT steering committee may be appointed by the board to assist management with
its responsibility regarding the governance of IT.
The CEO should appoint a Chief Information Officer (CIO) responsible for the
management of IT.
The CIO should have regular access and interaction with the board or the designated
committee and executive management on strategic IT issues. The CIO should also be
suitably qualified and experienced.
5.6 The board should ensure that information assets are managed
effectively.
The board should ensure that an information security management system is
developed and implemented.
The information security strategy should be approved by the board and its
implementation should be delegated to management.
The board should ensure that personal information is treated as an important asset of
the company.
******ebook converter DEMO Watermarks*******
5.7 A risk committee and audit committee should assist the board in
carrying out its IT responsibilities.
The risk committee should ensure that IT risks are adequately addressed and
assurance should be obtained regarding controls in place.
IT should be considered by the audit committee in relation to financial reporting and
going concern. It should also be considered how the use of IT could improve audit
coverage and efficiency.
6.1 The board should ensure that the company complies with applicable
laws and considers adherence to non-binding rules, codes and
standards.
Compliance with laws and legislation should be an ethical imperative and
exceptions should be dealt with in an ethical manner.
The board should have an understanding of the laws the company should comply
with and monitor compliance by having it as a regular item on the board agenda.
In the integrated report, the board should disclose how it has discharged its
responsibility regarding an effective compliance framework.
6.2 The board and each individual director should have a working
understanding of the effect of the applicable laws, rules, codes and
standards on the company and its business.
Induction programmes and ongoing training programmes for directors should
incorporate an overview of changes to laws and legislation.
6.3 Compliance risk should form an integral part of the company’s risk
management process.
Companies should consider establishing a compliance function.
The risk of non-compliance with laws and legislation should be identified, assessed
and responded to on an ongoing basis as part of the risk management process.
7 Internal audit
Background
The Institute of Internal Auditors defines internal auditing as “an independent, objective
assurance and consulting activity designed to add value and improve an organisation’s
operations. It helps an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk management,
control and governance processes.” It is clear from the definition that the internal audit
department of a company can play an integral role as part of an effective corporate
governance system. The Code makes several recommendations on the status, role and
scope of the internal audit department and stresses the importance of an integrated
approach to assurance.
8.3 The board should strive to achieve the appropriate balance between
its various stakeholder groupings, in the best interests of the
company.
8.6 The board should ensure that disputes are resolved as effectively,
efficiently and expeditiously as possible.
9.1 The board should ensure the integrity of the company’s integrated
report.
The board should delegate the responsibility to evaluate sustainability disclosures
to the audit committee.
The company should have controls in place to enable it to verify and safeguard the
integrity of the integrated report.
The integrated report should:
be prepared every year
convey adequate information regarding the company’s financial and
sustainability performance, and
focus on substance over form.
7 Questions
Authoritative references
Reference Title
ISA Glossary Glossary of terms
Framework International Framework for Assurance Engagements
ISA 220 Quality control for an audit of financial statements
ISA 300 Planning an audit of financial statements
Identifying and assessing the risks of material misstatement through
ISA 315
understanding the entity and its environment
ISA 330 The auditor’s responses to assessed risks
ISA 500 Audit evidence
Assurance engagements other than audits or reviews of historical
ISAE 3000
financial information
Quality control for firms that perform audits and reviews of
ISQC 1 financial statements, and other assurance and related services
engagements
SAAPS 1 Quality control
1 Introduction
The objective of an audit of financial statements is to enable an auditor to express an
opinion as to whether or not the financial statements fairly present, in all material
respects, the financial position of the entity at a specific date and the results of its
******ebook converter DEMO Watermarks*******
operations and cash flow information for the period ended on that date, in accordance
with an identified financial reporting framework and/or statutory requirements. A
similar objective applies to the audit of financial and other information prepared in
accordance with appropriate criteria.
To be in a position to express an opinion and provide assurance, an auditor needs to
consider certain issues and perform a series of procedures in order to obtain evidence
to substantiate the assurance given or to report findings.
The above considerations and procedures constitute the audit process, whether it
relates to the external audit function or other related services.
Contents Paragraph(s)
Introduction 1–6
Definition and objective of an assurance engagement 7–11
Scope of the framework 12–16
Engagement acceptance 17–19
Elements of an assurance engagement 20–60
Inappropriate use of the practitioner’s name 61
******ebook converter DEMO Watermarks*******
Appendix: Differences between reasonable assurance
engagements and limited assurance engagements
5.1.1 Definition
Contents Paragraph(s)
Introduction 1–3
Ethical requirements 4–5
Quality control 6
Engagement acceptance and continuance 7–9
Agreeing on the terms of the engagement 10–11
Planning and performing the engagement 12–25
******ebook converter DEMO Watermarks*******
Using the work of an expert 26–32
Obtaining evidence 33–40
Considering subsequent events 41
Documentation 42–44
Preparing the assurance report 45–53
Other reporting responsibilities 54–56
Contents Paragraph(s)
The firm’s system of quality control should include policies and procedures that are to
be applied to all personal and professional engagements for each of the following
elements.
6.2.1 Leadership responsibilities for quality control within the firm
Policy
An internal culture of quality in performing engagements should be promoted. This is the
responsibility of the Chief Executive Officer or equivalent.
Quality means
Work should be performed in accordance with the professional standards and
regulatory and legal requirements, for example audits should be performed in
accordance with the ISAs and the Companies Act.
Reports issued should be appropriate in the circumstances; i.e. unqualified audit
reports should not be issued when the circumstances deem that it should be a
qualified report.
Procedures
The firm assigns its management responsibilities so that commercial considerations
do not override the quality of work performed. This would be the case where clients
******ebook converter DEMO Watermarks*******
threaten not to reappoint the auditor if they issued a qualified report. The auditor
should still issue the qualified report and rather risk losing the future income from
that client.
The firm’s policies and procedures addressing performance evaluation,
compensation, and promotion (including incentive systems) with regard to its
personnel are designed to demonstrate the firm’s overriding commitment to quality.
The firm devotes sufficient resources for the development, documentation and
support of its quality control policies and procedures.
6.2.2 Relevant ethical requirements
Policy
The firm should establish policies and procedures to ensure all its personnel comply
with the ethical requirements of:
independence
integrity
objectivity
professional competence and due care
confidentiality
professional behaviour.
Procedures
These are the procedures to be followed:
The firm should communicate independence requirements to its personnel.
Engagement teams must provide the firm with information about the client, in order
to enable the firm to evaluate independence requirements.
Personnel should notify the firm of circumstances or relationships that create a threat
to independence.
Personnel should annually provide written confirmation to the firm of compliance
with policies and procedures on independence and ethical requirements.
6.2.3 Acceptance and continuance of client relationships and specific
engagements
Policy
******ebook converter DEMO Watermarks*******
Acceptance and continuance of client relationships should take place only after the firm:
has considered the integrity of clients and does not have information that would lead
it to conclude that any clients lack integrity
has considered if it is competent to perform engagements and has the capabilities,
time and resources to do so
has considered whether it can comply with the ethical requirements.
Procedures
These are the procedures that must be followed:
communication with existing or previous providers of professional accounting
services
inquiry of firm personnel, or third parties such as bankers, legal advisors
background searches.
6.2.4 Human resources
Policy 1
The personnel of the firm should have the necessary capabilities, competence and
commitment to ethical principles.
Procedures 1
Capabilities and competence are developed through a variety of methods, including the
following:
professional education
continuing professional development, including training
work experience
coaching of less experienced members on engagement teams by more experienced
staff.
Policy 2
Assignment of staff to audits.
Procedures 2
The engagement partner and personnel assigned to audit engagements should have the
******ebook converter DEMO Watermarks*******
The engagement partner and personnel assigned to audit engagements should have the
capabilities, competence and time to perform their work properly.
6.2.5 Engagement performance
(a) Direction, supervision, review
Policy and procedures
Engagements should be performed according to the professional guidelines.
The firm should provide:
guidance (direction) on performing audits through:
firm manuals
industry and subject matter specific guidance material.
supervision of work at all levels:
of progress of the engagement
work of individual members
significant findings and issues
matters for consideration.
review by more experienced engagement team members of the work and findings of
less experienced members.
(b) Consultation
Policy and procedures
Consultation should take place at all levels on continuous matters.
Contents Paragraph(s)
Introduction 1–5
The engagement team should implement quality control policies and procedures
applicable for all individual audits for the following elements.
6.3.1 Leadership responsibilities for quality on audits
Policy
The engagement partner should take responsibility for the overall quality of the audit.
Procedures
The engagement partner should demonstrate through his actions and through appropriate
communication to the engagement team:
the importance of:
performing work that complies with professional standards and regulatory and
legal requirements
complying with the firm’s quality control policies and procedures as applicable
issuing auditor’s reports that are appropriate in the circumstances.
the fact that quality is essential in performing audit engagements.
6.3.2 Ethical requirements
Policy
The engagement partner should consider whether members of the engagement team have
complied with the ethical requirements of:
Procedures
Acceptance and continuance of client relationships and specific audit engagements
include considering:
the integrity of the principal owners, key management and those charged with
governance of the entity
whether the engagement team is competent to perform the audit engagement and has
the necessary time and resources
whether the firm and the engagement team can comply with the ethical requirements.
6.3.4 Assignment of the engagement team
Policy
The engagement team should collectively have the capabilities, competence and time to
perform a professional audit.
******ebook converter DEMO Watermarks*******
Procedures
The engagement team as a whole should have:
an understanding of and practical experience with audit engagements of a similar
nature and complexity through appropriate training and participation
an understanding of professional standards and regulatory and legal requirements
appropriate technical knowledge, including knowledge of relevant information
technology
knowledge of relevant industries in which the client operates
ability to apply professional judgement
an understanding of the firm’s quality control policies and procedures.
6.3.5 Engagement performance
Policy 1
Direction, supervision, review
The engagement partner should take responsibility for ensuring the direction,
supervision and review of the engagement team.
Procedures 1
Direction
The engagement partner directs the audit engagement by informing the members of the
engagement team of:
their responsibilities
the nature of the entity’s business
risk-related issues
problems that may arise
the detailed approach to the performance of the engagement.
Supervision
Supervision includes the following:
tracking the progress of the audit engagement
considering the capabilities and competence of individual members of the
engagement team, whether they have sufficient time to carry out their work, whether
******ebook converter DEMO Watermarks*******
they understand their instructions, and whether the work is being carried out in
accordance with the planned approach to the audit engagement
addressing significant issues arising during the audit engagement, considering their
significance and modifying the planned approach appropriately
identifying matters for consultation or consideration by more experienced
engagement team members during the audit engagement.
Review
Review responsibilities are determined on the basis that more experienced team
members, including the engagement partner, review work performed by less
experienced team members.
Reviewers consider whether:
the work has been performed in accordance with professional standards and
regulatory and legal requirements
significant matters have been raised for further consideration
appropriate consultations have taken place and the resulting conclusions have been
documented and implemented
there is a need to revise the nature, timing and extent of work performed
the work performed supports the conclusions reached and is appropriately
documented
the evidence obtained is sufficient and appropriate to support the auditor’s report
the objectives of the engagement procedures have been achieved.
Policy 2
Consultation: The engagement partner should ensure there is appropriate consultation
between the engagement team and others at appropriate levels within a firm on
contentious issues.
Procedure 2
Consultation should occur:
within the engagement team
with other professionals within the firm (technical partner) or outside the firm and
should be documented and implemented.
Policy 3
******ebook converter DEMO Watermarks*******
Difference of Opinion: The engagement partner should ensure all differences of
opinion are resolved.
Procedure 3
All matters of differences of opinion should be brought to the attention of the
engagement partner.
Policy 4
Engagement Quality Review: For all listed clients a quality control review shall take
place.
Procedure 4
The engagement partner is responsible for:
ensuring that an engagement quality reviewer has been appointed
discussing all significant findings with the reviewer
not issuing the auditor’s report until completion of the engagement quality control
review.
6.3.6 Monitoring
Policy and procedure
The engagement partner should ensure compliance with quality control on the audit
engagement.
Quality review should be performed on the individual engagement.
7 Questions
1 Introduction
Computer Information Systems (CIS) are part of the modern business environment, and
exist when any type or size of computer is used to process financial information in a
business.
Computers are part of modern-day life, and it is vital that both management and the
auditor have a good understanding of the underlying fundamental issues of computer-
related risks, computer-related controls and computer auditing.
This chapter serves as an introduction to the basic issues of computers and controls in
the audit environment.
2.5 Networks
This comprises the processing of different applications of the systems on different
computers and the sharing of hardware (namely printers and processors), software
(namely application programmes and database management systems) and data.
Local Area Network (“LAN”): This is a data communication system which links a
number of independent computers within a geographic area (such as a building).
This occurs via cables.
Wide Area Network (“WAN”): This is a data communication system which links a
number of computers over a wide geographic area. This takes place via dedicated
telephone lines.
Risk of unauthorised:
Concentration of programmes and access to data and programmes
data at a central point
changes to data and programmes.
4.2 Pharming
Pharming is a similar means of deception to phishing in which the user is lured into
making transactions on a phoney website that looks like the home of a legitimate
investment company. These sites typically ask for a lot more log-in information,
including identity numbers and credit card information, than a legitimate site to “verify”
the identity of the user
Pharmers rely on the same bogus websites as phishing and theft of confidential
information to perpetrate scams, but are more difficult to detect. The reason for this is
that pharming redirects victims to a bogus website even if they type the right web
address into their browser.
4.3 Spyware
Embedded sneakily on the hard drives of many computers, even those protected with
conventional antivirus software, are tiny unfriendly programmes variously called
spyware, malware or adware. Most are simply nuisances, triggering unwanted pop-up
advertisements or secretly changing your default web page so you will visit a specific
commercial site.
The most effective spyware programmes display no symptoms, so the computer user
is unaware of dirty tricks being secretly perpetrated while the machine is running. The
only sure way to discover if a machine is infected and to thoroughly cleanse it, is to run
an anti-spyware product. Spyware is technically a virus, but unlike most viruses its goal
is rather to steal data than destroy it. Spyware tracks the browsing of computer users or
triggers pop-up screens designed to make on-line sales. Spyware can enter a computer
in several ways; via freeware and shareware software, spam e-mail attachments or web
pages.
5.1 Introduction
Internal control in a computer information system (CIS) environment is achieved through
the implementation and maintenance of general controls and application controls (both
categories comprising user and programmed controls).
5.3.1.2 Packages
6.1 Definition
Computer-assisted audit techniques (CAATs) are the computerised functions used by the
auditor in his performance of the audit procedures and collection of audit evidence.
7 Questions
Query 1 5 MARKS
You are a computer expert who advises people on computer-related queries in
commerce. You have recently received a query from one of your clients who suffered a
large financial loss due to her internet banking information being stolen. She wants to
know:
what kind of attack/s she was subject to
what the characteristics of this/these kinds of attack/s are, and
how to avoid falling prey to such an attack again in future.
Query 2 10 MARKS
You are an auditor working in public practice. You are known to be the authority on
ensuring that unauthorised persons do not gain unauthorised access to a computerised
operating system. Your client operates various branches across the country and all
branches are linked to the central database. Your client has recently been subject to
unauthorised access to their system via the internet and wants to implement controls to
ensure that this event does not repeat itself in future.
Query 3 20 MARKS
You are an auditor employed by Kush Padia Incorporated (hereafter KPI), a highly
successful audit firm with a multitude of large JSE-listed clients. Your boss, Kush
Padia, is a highly respected CA(SA) in public practice and his public talks and lectures
on auditing are known to be incredibly enjoyable and insightful. Mr Padia just secured a
client, BluBerry Ltd, who would like to engage with KPI in a non-audit capacity for the
period 01 August 20X11 to 27 September 20X11. BluBerry Ltd is currently the largest
provider of smartphones in South Africa.
BluBerry Ltd is in the process of deciding to develop a computer system themselves
as none of the systems currently available off the shelf meet their needs. The computer
system would need to handle sales made by BluBerry Ltd as their smartphone handsets
are proving to be very popular and their current system lacks the capacity to manage the
volumes of sales currently being made.
BluBerry Ltd would like KPI to oversee and suggest controls over this process of
developing the system to ensure that the process runs smoothly.
BluBerry Ltd would also like to ensure that should the system crash, they would be
able to continue operating as a going concern.
Engagement activities
Authoritative references
Reference Title
ISA 210 Agreeing the terms of audit engagements
ISA 220 Quality control for an audit of financial statements
ISA 300 Planning an audit of financial statements
1 Introduction
Every audit firm should have policies and procedures in place for the acceptance of
new clients and the continuance as auditors for existing clients.
The reason an audit client should be carefully selected is to ensure that the audit firm
does not take on:
unnecessary risky clients, or
clients to whom it is not in a position to provide a professional service.
3 Engagement activities
Contents Paragraph(s)
Introduction 1–5
Preconditions for an audit 6–8
Agreement on audit engagement terms 9–12
Recurring audits 13
Acceptance of a change in terms of the audit engagement 14–17
Additional considerations in engagement acceptance 18–21
Appendix: Examples of an audit engagement letter A1–A37
5 Questions
QUESTION 7.3
******ebook converter DEMO Watermarks*******
20 MARKS
You are the lead engagement partner of a small audit firm named Pen Inc. Your office is
situated in Glenvista, South Africa. You were recently contacted by a Mr Al Capone, the
MD of an unlisted conglomerate, MOB (Pty) Ltd. He requested you to be their new
auditors for the current year. During your conversation Mr Capone said the following:
“We believe you know how to keep your clients happy (you believe he referred to
your high degree of quality in your work), that’s why we want you to be the
familio’s (you understood this as Mr Capone’s affection to his company as if it
were his real family) new auditor. You scratch our back, we scratch yours. (He
offered you triple what you normally charge per audit.)
“We had … What can we call them …? Some problems with the previous
auditors. We disagreed … so we had them taken care of … Capish?
“The auditors resigned to go swim with the fishes … ” (You understood this as
the auditors are taking an extended holiday at the beach.)
Upon reading MOB’s previous year’s annual report and system documentation, you
came to understand the following:
MOB’s head office is in Sicily, Italy.
MOB consists of
three cash-only laundromats spread across Italian cities
an alcohol import company, importing from the USA, Russia and Cuba
two Italian restaurants where all MOB’s directors eat free of charge.
MOB is entangled in litigation regarding assault charges and bribery, but believe
this is not a concern as the judge has never found MOB guilty of any claim put
against it before.
MOB uses an extensively integrated computer system, including on-line
transactions, back-to-back trading and e-commerce links with the government,
attorney offices and the local police.
By analysing MOB’s prior-year financial results, your conclusion is that MOB is in a
financially strong position, with very little financial risk. You have also tried repeatedly
to contact the previous auditors but have as yet not been successful. It is as if they have
disappeared into thin air.
Authoritative references
Reference Title
Overall objectives of the independent auditor and the conduct of an
ISA 200
audit in accordance with the International Standards on Auditing
ISA 300 Planning an audit of financial statements
Indentifying and assessing the risks of material misstatement
ISA 315
through understanding the entity and its environment
ISA 320 Materiality in planning and performing an audit
ISA 330 The auditor’s responses to assessed risk
ISA 450 Evaluation of misstatements identified during the audit
1 Introduction
Planning the audit is not a discrete phase of the audit, but rather a continuous process
that often begins after accepting the audit engagement for new clients, or shortly after
completing the current audit engagement for existing clients.
Content Paragraph(s)
Introduction 1–4
Involvement of key engagement team members 5
Preliminary Engagement Activities 6
Planning Activities 7–11
Documentation 12
Additional considerations in initial audit engagements 13
Application and other explanatory material A1–A20
Content Paragraph(s)
Introduction 1–4
Risk assessment procedures and related activities 5–10
The required understanding of the entity and its environment, 11–24
including the entity’s internal controls
Identifying and assessing the risks of material misstatement 25–31
Documentation 32
Application and other explanatory material A1–A 134
2.1.1 Objective with obtaining of knowledge on the entity and its environment
The auditor should obtain sufficient understanding of the entity and its environment,
including its internal controls, to enable him to identify and assess the risk of material
misstatement of the financial statements whether due to fraud or error, and to design and
perform further audit procedures. Although the assessment of the business risks within
******ebook converter DEMO Watermarks*******
an organisation is the responsibility of management, an auditor would definitely identify
and evaluate these risks as part of obtaining knowledge of the entity and its environment
(which is fully discussed in paragraph 2.1.3). As part of the risk assessment procedures
for an entity, the auditor must obtain an understanding of whether the entity has
processes in place for:
identifying business risks relevant to the financial reporting objectives
estimating the significance of risks
assessing the likelihood of their occurrence, and
deciding about actions to address those risks.
2.1.2 Reason for and value of obtaining an understanding of the entity and its
environment
The knowledge helps to:
plan the audit
exercise professional judgement when assessing the risk of material misstatement
respond to identified risks, for example, when:
setting materiality
considering the appropriateness of accounting policies
identifying special audit consideration areas, for example:
– related policy transactions
– the appropriateness of the going concern
– the business purposes of transactions
– developing expectations for analytical review purposes
– designing audit procedures (test of controls and substantive procedures)
– evaluating the sufficiency and appropriateness of audit evidence.
2.1.3 Procedures to obtain knowledge of the entity and its environment
The procedures performed by the auditor to obtain information on the entity and its
environment, including its accounting information system and internal controls, in order
to identify and assess the risks of material misstatement due to fraud or error at the
financial statement or the assertion level are called RISK ASSESSMENT
PROCEDURES.
Risk assessment procedures consist of:
******ebook converter DEMO Watermarks*******
enquiries of management and others within the entity
management and those charged with governance
those responsible for financial reporting
internal audit personnel
personnel involved in initiating, recording and processing complex transactions
internal legal council
marketing and sales personnel
analytical procedures
helpful in identifying the existence of unusual transactions or events, amounts,
ratios, trends, etc.
observation and inspection
observations of the entity’s activities and operations
inspection of documents (such as business plans and strategies), records and
internal control manuals
reading reports prepared by management (such as quarterly management reports,
minutes of meetings), etc.
visits to the entity’s premises
tracing transactions through the system (walk-through tests).
When using information of prior periods (e.g. prior year audit files) the auditor should
consider changes that took place that could affect the relevance and reliability of
evidence obtained.
2.1.4 Aspects about which to obtain an understanding
(a) External factors
Industry conditions
the market and competition, including demand, capacity and price competition
cyclical or seasonal activity
product technology relating to the entity’s products
energy supply and cost.
Regulatory environment
Content Paragraph(s)
Introduction 1–4
Risk assessment procedures and related activities 5–10
The required understanding of the entity and its environment, 11–24
including the entity’s internal controls
Identifying and assessing the risk of material misstatement 25–31
Documentation 32
Application and other explanatory material A1–A134
The inherent and control risks stand independent from the audit, while the detection
risk is directly related to the auditor’s substantive procedures. Unlike inherent and
control risk that the auditor has no control over, detection risk is controllable by the
auditor.
The control risk and the inherent risk directly influence the nature, timing and extent
of the auditor’s substantive procedures. This means that the auditor can get the
nature, timing and extent of audit procedures right, thus reducing the risk of failing to
detect the misstatements which you expect.
Regardless of the levels of inherent and control risk, the auditor should always
perform some substantive procedures on material balances and classes or
transactions.
The higher the inherent and control risks, the more audit evidence the auditor should
******ebook converter DEMO Watermarks*******
obtain from the performance of substantive procedures to limit his audit risk. The
lower the inherent and the control risk is, the less substantive procedures the auditor
would have to perform and the more analytical procedures the auditor can perform.
Please note there is always some form of substantial procedures that have to be
performed.
Audit risk = Inherent risk (High) × Control risk (High) × Detection risk (Low)
Audit risk = Inherent risk (Low) × Control risk (Low) × Detection risk (High)
Content Paragraph(s)
Introduction 1–9
Determining materiality and performance materiality when 10–11
planning the audit
Revision as the audit progresses 12–13
Documentation 14
Application and other explanatory material A1–A13
Turnover ½ – 1%
Gross profit 1 – 2%
Net income 5 – 10%
Total assets 1 – 2%
Equity 2 – 5%
The auditor needs to base materiality upon the most appropriate criteria for the entity
that will provide a stable basis. It can be a single indicator or a combination of
indicators, but should best reflect the operations of the entity. When selecting an
indicator, the auditor should also consider the accuracy with which the items can be
calculated.
Because planning materiality gets determined before the final financial statements
have been compiled, the calculations are normally based on:
******ebook converter DEMO Watermarks*******
estimates or provisional information
budgets or forecasts
interim financial information
information from prior periods
current-year unaudited information.
When assessing planning materiality, the auditor should consider the following:
the amount (quantitative) and nature (qualitative) of misstatements
materiality at the overall financial statement level as well as in relation to the
individual account balances, classes of transactions and disclosure
misstatements individually and in aggregate.
Other qualitative factors that would also need to be considered include:
the control environment of the audit client
effectiveness of internal controls within the business
integrity of management
accounting policies applied by the audit client
statutory requirements and regulations applicable to the audit client
previous-year problems or errors that have been encountered
results of provisional analytical procedures that have been done during the planning
phases of the audit
possibility of occurrence of illegal transactions.
Once all the data is in the correct format, using the materiality indicators as a guide, the
following calculations need to be done.
R % R R
Turnover 10,000,000 ½–1% 50,000 100,000
Gross profit 7,500,000 1–2% 75,000 150,000
Net income 2,500,000 5–10% 125,000 250,000
Total assets 6,548,000 1–2% 65,480 130,960
Equity 3,500,000 2–5% 70,000 175,000
After the calculations have been done, the auditor must consider the following:
Audit risk: Impact of audit risk on the materiality figure (the higher the audit risk, the
lower the materiality figure, and vice versa). This is thus an indication whether the
auditor will be settling on a materiality figure from the higher range or the lower
range of calculated figures.
Stability of indicators: If an indicator is not stable, the auditor would not consider
using that indicator.
Single or combination of indicators: The auditor can consider using both the
statement of financial position (balance sheet) and statement of comprehensive
income (income statement) as indicators, or only the statement of financial position,
or only the comprehensive income. Reasons would need to be provided for the
answers.
Actual/budgeted/prior-year audited amounts: The auditor would provide reasons
as to why he chose the specific set of figures.
Conclusion: The auditor would then conclude on the overall materiality figure that
will be used during the planning of the audit.
The planning materiality figure, as calculated above, has a dual purpose for the auditor
during the planning phase of the audit work. The planning materiality figure will not
only be used in determining the performance materiality levels of the entity (as will be
discussed below); it will also be used to identify individual significant accounts.
Significant accounts are accounts from the audit client’s trail balance that either
exceed the planning materiality figure or are identified by the auditor as being
Content Paragraph(s)
Introduction 1–4
Overall responses 5
Audit procedures responsive to risks material misstatement at 6–23
the assertion level
Adequacy of presentation and disclosure 24
Evaluating the sufficiency and appropriateness of audit 25–27
Evidence obtained
Documentation 28–30
Applications and other explanatory material A1–A63
SUBSTANTIVE
COMBINED APPROACH
APPROACH
Reliance on internal control Reliance on internal
is justified control is not justified
Nature More analytical More substantive
******ebook converter DEMO Watermarks*******
Extent Less More
Spread over the year/early Near/at year-end (no
Timing
verification is possible early verification)
2.5.3 Meaning of nature, timing, extent of audit procedures (test of controls and
substantive procedures)
(a) Nature
This relates to how the procedures will be performed, namely:
Test of controls:
inspection, observation, inquiry, reconciliation, re-performance.
Substantive tests:
detail testing consisting of inspection, observation, inquiry, recalculation, re-
performance, confirmation
analytical review.
Note: The auditor must always perform substantive procedures for each material class
of transaction or account balance (irrespective of reliance on controls).
(b) Timing
This relates to when the procedures are performed
Tests of controls
The tests of controls should be performed to cover the whole period of reliance.
The auditor should obtain audit evidence on the effective operation of the controls
for the entire period of reliance.
If the controls are tested at an interim stage, audit evidence must also be obtained on
the effectiveness of the controls for the remaining term/period of reliance.
Considerations regarding the length of time period that may elapse before
retesting a control:
– the effectiveness of other elements of internal controls including the control
environment, the entity’s monitoring of controls, and the entity’s risk
assessment process
– the risks arising from the characteristics of the control, including whether
controls are manual or automated
3 Questions
R ‘000
Turnover 30 000
Gross profit 18 000
Total assets 54 000
Equity 31 000
Net income 3 000
You commenced your planning for the audit of Medinet (Pty) Ltd, three months before
year-end.
Authoritative references
Reference Title
ISA 230 Audit documentation
ISA 500 Audit evidence
ISA 505 External confirmations
ISA 510 Initial engagements – opening balances
ISA 520 Analytical procedures
ISA 530 Audit sampling
Special considerations – audits of group financial
ISA 600
statements (including the work of component auditors)
ISA 610 Using the work of internal auditors
ISA 620 Using the work of an auditor’s expert
SAAPS 4 Enquiries regarding litigation and claims
1 Introduction
The auditor should obtain sufficient and reliable audit evidence on which to base his
opinion. Such evidence may be in various forms and formats and can come from various
sources. However, it should be sufficient to support the assurance expressed.
2 Audit statements
******ebook converter DEMO Watermarks*******
The audit statements as set out in the ISAs provide guidance on basic principles and
essential procedures to be performed by the auditor in the gathering of audit evidence
and the consideration thereof.
Content Paragraph(s)
Introduction 1–3
Objective 4
Definitions 5
Requirements
Sufficient appropriate audit evidence 6
Information to be used as audit evidence 7–9
Selecting items for testing to obtain audit evidence 10
Inconsistency in, or doubts over reliability of, audit
11
evidence
Application and other explanatory material A1–A57
Content Paragraph(s)
Introduction 1–4
Objective 5
******ebook converter DEMO Watermarks*******
Definitions 6
Requirements
Timely preparation of audit documentation 25–30
Documentation of the audit procedures performed and
8–13
audit evidence obtained
Assembly of the final audit file 14–16
Application and other explanatory material A1–A24
Content Paragraph(s)
Introduction 1–3
Objective 4
Definitions 5
Requirements
Sample design, size and selection of items for testing 6–8
Performing audit procedures 9–11
Nature and cause of deviations and misstatements 12–13
Projecting misstatements 14
Evaluating results of deviations and misstatements 15
Application and other explanatory material A1–A23
Appendix I: Stratification and value-weighted selection
Appendix II: Examples of factors influencing sample size for
tests of controls
2.3.1 Definitions
Content Paragraph(s)
Introduction 1–2
Objective 3
Definition 4
Requirements
******ebook converter DEMO Watermarks*******
Substantive analytical procedures 5
Analytical procedures that assist when forming an overall
6
conclusion
Investigating results of analytical procedures 7
Application and other explanatory material A1–A21
Content Paragraph(s)
Introduction 1–4
Objective 5
Definitions 6
Requirements
External confirmation procedures 7
Management’s refusal to allow the auditor to send a
8–9
confirmation request
******ebook converter DEMO Watermarks*******
Results of the external confirmation procedures 10–14
Negative confirmations 15
Evaluating the evidence obtained 16
Application and other explanatory material A1–A25
Content Paragraph(s)
Introduction 1–3
Management responsibilities 4
Audit procedures 5–7
Requests for attorneys’ representation letters 8–12
Employee legal advisors 13–16
Attorney’s response 17–20
Attorney’s failure to respond comprehensively or limitations in 21–25
a response
Related procedures 26–28
Public sector perspective 29
Appendix: Example of a request for an attorney’s
representation letter regarding litigation and
claims
Content Paragraph(s)
Introduction 1–2
Objective 3
Definitions 4
Requirements
Audit procedures 5–9
Audit conclusions and reporting 10–13
Application and other explanatory material A1–A9
Appendix: Illustrations of auditors’ reports with modified
opinions
Content Paragraph(s)
Introduction 1–7
Objectives 8
Definitions 9–10
Requirements
Responsibility 11
Acceptance and continuance 12–14
Overall audit strategy and audit plan 15–16
Understanding the group, its components and their
17–18
environments
Understanding the component auditor 19–20
Materiality 21–23
Responding to assessed risks 24–31
Consolidation process 32–37
Subsequent events 38–39
Communication with the component auditor 40–41
Evaluating the sufficiency and appropriateness of audit
42–45
evidence obtained
Communication with group management and those charged
46–49
with governance of the group
Documentation 50
Application and other explanatory material A1–A66
Appendix I: Example of a qualified opinion where the group
engagement team is not able to obtain sufficient appropriate
audit evidence on which to base the group audit opinion
Appendix II: Examples of matters about which the group
engagement team obtains an understanding
2.8.1 Terminology
Content Paragraph(s)
Introduction 1–5
Objectives 6
Definitions 7
Requirements
Determining whether and to what extent to use the work of
8–10
the internal auditors
Using specific work of the internal auditors 11–12
Documentation 13
Application and other explanatory material A1–A6
Content Paragraph(s)
Introduction 1–4
Objectives 5
Definitions 6
Requirements
Determining the need for an auditor’s expert 7
Nature, timing and extent of audit procedures 8
The competence, capabilities and objectivity of the
9
auditor’s expert
Obtaining an understanding of the field of expertise of the
10
auditor’s expert
Agreement with the auditor’s expert 11
Evaluating the adequacy of the auditor’s expert’s work 12–13
Reference to the auditor’s expert in the auditor’s report 14–15
Application and other explanatory material A1–A40
2.10.1 Definitions
2.10.2 Considerations
The auditor is an expert in the field of accounting and auditing and business matters in
general, but it is not expected of the auditor to be an expert in other professions or
occupations such as engineering. It may thus be necessary for the auditor to rely on the
work of an expert in relation to aspects that might affect the financial statements on
which he has to express an audit opinion.
2.10.3 Appointment of an expert
The expert may be appointed by the client (management’s expert) or by the auditor
(auditor’s expert).
If the auditor’s expert is an employee of the auditor, he acts in his capacity as an
expert and not as an assistant. The auditor will still need to apply procedures on his
work and findings, but will not ordinarily need to assess his knowledge and skill for
each engagement.
2.10.4 Factors to consider in determining to what extent reliance can be placed
on the expert’s work
In considering the extent of such reliance, the auditor should do the following:
Assess the expert’s competence, capabilities and objectivity.
Information regarding the competence, capabilities and objectivity of the expert may
be obtained from sources such as:
personal experience with previous work of that expert
discussions with that expert
discussions with others who are familiar with that expert’s work
qualifications, membership of professional body or industry association, license
to practice, etc.
publications by expert, and
audit firm’s quality control policies and procedures.
2.10.5 Testing the work of the expert
The auditor should evaluate the adequacy of the expert’s work as audit evidence
******ebook converter DEMO Watermarks*******
regarding the financial statement assertions being considered by:
making enquiries of the expert
reviewing the expert’s working papers and reports
corroborative procedures, such as:
observing the expert’s work
confirming relevant matters with third parties
performing analytical procedures, and
reperforming calculations.
discussion with other expert when findings are not consistent with other audit
evidence
testing the source data used by the expert by way of:
verifying the origin of the data and the internal controls over the data, and
reviewing the data for completeness and internal consistency.
If the auditor is not satisfied with the adequacy of the expert’s work, he should:
agree on the nature and extent of the further work to be performed by that expert, or
perform additional procedures
engage another expert if necessary
modify his audit report, if necessary.
5 Substantive/verification procedures
Accounts
Sales Purchases
receivable
Select a sample of
Select a sample of goods received notes Select a sample of
invoices and trace (GRNs) and trace credit sales and
them to the sales them to the invoices trace them through to
Completeness
journal to ensure that from suppliers and the debtors’ ledger to
they were all the purchases journal ensure that they were
recorded. to ensure they were all recorded.
all recorded.
Obtain the list of
numerical invoices Agree the purchases
Trace the totals per
recorded and inspect amount per the
the debtors’ ledger
for missing numbers. purchases journal to
through to the
Obtain valid reasons the purchases amount
general ledger.
for any missing per general ledger.
invoice numbers.
Select a sample of
******ebook converter DEMO Watermarks*******
purchase
transactions from the
purchases journal
Select a sample of and trace them
sales recorded in the through to the
sales ledger and purchase invoices to
trace them through to ensure that purchases
the sales invoices. are valid. Not applicable for
Occurrence
an account balance.
Agree the total sales Match the purchase
per general ledger invoices with the
with the totals per GRN, delivery note
sales journal. from the supplier
and the purchase
order. Ensure that the
prices, quantities
and totals agree.
Trace the credit sale
Select a sample of
recorded in the
Select a sample of purchase invoices
debtors to the sales
invoices and and cast the totals on
invoice.
recalculate the split them.
between VAT and the The remainder of the
Recalculate the
sales amount. procedures for
amounts and totals
accuracy would have
Cast the invoices to on the invoice and
been done for the
Accuracy ensure that they are ensure the split for
sales.
totalled correctly. VAT was done
correctly. Select a sample of
Trace the entries
debtors from the
from the sales Agree the purchases
debtors listing and
journal to the general per the general
agree their
journal to ensure that ledger with the
individual balances
amounts correspond. purchases per the
to the debtors’
trial balance.
ledger.
Agree the sales per
the general ledger
with the sales per the
trial balance and the
financial statements.
Select a few
******ebook converter DEMO Watermarks*******
invoices from before
year-end and a few
invoices from after Select a sample of
year-end. Trace outstanding debts
these to the sales Select a sample of before and after
journal and ensure GRNs before and year-end and trace
that they were after year-end and them to the sales
recorded in the trace them through to invoices and
Cut-off
correct period. the purchases delivery notes.
Select delivery notes journal. Ensure that Inspect the date on
from before and after they were recorded the delivery notes to
year-end and trace in the correct period. ensure that the debt
them to the invoice was recorded in the
and sales journal to correct period.
ensure that the sale
was recorded as per
the date of delivery.
Inspect the financial
Inspect the financial Inspect the financial
statements to ensure
statements to ensure statements to ensure
that the purchases
that the sales have that the debtors have
have been
been appropriately been appropriately
Classification appropriately
classified and classified and
classified and
disclosed in disclosed in
disclosed in
accordance with accordance with
accordance with
IFRS. IFRS.
IFRS.
Select a sample of
debtors from the
ledger and inspect
for subsequent
Not applicable to a Not applicable to a payments of debts
Existence
class of transaction. class of transaction. after year-end.
Trace the payments
to the cashbook.
Perform a debtors’
circularisation.
Rights and Not applicable to a Not applicable to a Perform a debtors’
obligations class of transaction. class of transaction. circularisation
******ebook converter DEMO Watermarks*******
Obtain the debtors’
age analysis.
Select long-
outstanding debtors
from the list and
inspect for any
subsequent
payments.
Also enquire from
Not applicable to a Not applicable to a management whether
Valuation
class of transaction. class of transaction. any action has been
taken regarding these
debtors.
Inspect any
correspondence from
attorneys indicating
any legal action
being taken.
Consider the effect
on the provision for
doubtful debts.
7 Questions
PART A 12 MARKS
Audit evidence represents the information obtained by the auditor in arriving at the
conclusions on which his audit opinion is based. The auditor should obtain audit
evidence that is sufficient and appropriate.
Audit evidence should be documented in the auditor’s working papers.
Attached is a working paper prepared by one of the bursars of your audit firm, Baker
Inc., on the work that she has performed on bank reconciliations for Red Jacket (Pty)
Ltd. Red Jacket (Pty) Ltd is one of your audit clients and you are the audit manager on
the assignment.
PART B 13 MARKS
Gavin Finn is the engagement partner on the audit of Huckleberry (Pty) Ltd, a company
in the hospitality industry. This is the first time that his firm will be performing the audit
of Huckleberry (Pty) Ltd. His firm was appointed as the auditor at the last annual
general meeting of the company, after the previous auditor had retired.
The company has a well-established internal audit department. The previous auditor
placed a lot of reliance on the work performed by the internal audit department, and
from Gavin’s initial discussions with management it is clear that management expects
Gavin to also place reliance on the internal audit’s work in order to ensure an efficient
and cost-effective audit.
PART C 40 MARKS
As stated in the audit report, an audit includes, amongst others, examining, on a test
basis, evidence supporting the amounts and disclosures in the financial statements. This
implies that the auditor does not test each item within a population, but that he selects
items, either on a statistical or a non-statistical basis, to include in the sample to base
his audit procedures on.
The auditor obtains audit evidence through risk management procedures, tests of
controls and substantive procedures. Substantive procedures include detail testing of
transactions and analytical procedures. External confirmations are also an important
source of audit evidence.
PRESENTATION (1)
(f) Discuss the stages of the audit when analytical procedures may be used, as well as
how they would be used. (8)
(g) Explain the differences between positive and negative confirmations with regard to
external confirmations. (2)
Authoritative references
Reference Title
ISA 260 Communications with those charged with governance
ISA 560 Subsequent events
ISA 570 Going concern
ISA 580 Written representations
Forming an opinion and reporting on financial statements
ISA 700 ISA 705 Modifications to the opinion in the independent auditor’s
report
Comparative information – corresponding figures and
ISA 710
comparative financial statements
The auditor’s responsibilities relating to other information
ISA 720
in documents containing audited financial statements
SAAPS 3 Illustrative independent auditor’s reports
1 Introduction
The audit report is the means by which the auditor communicates with the members of
an organisation. The auditor expresses his audit opinion in the audit report. The
reporting phase represents the final stage of the audit process.
The auditor’s opinion should be based on the audit evidence obtained during the
performance of the audit. His final review and assessment should include a
consideration of whether
events that occurred after completion of the audit but before signing the auditor’s
******ebook converter DEMO Watermarks*******
report have an impact on his audit opinion
the organisation is still a going concern
the financial statements have been prepared in terms of a proper framework:
South African Statements of Generally Accepted Accounting Practice, or
International Financial Reporting Standards.
Contents Paragraph(s)
Introduction 1–3
Objectives 4
Definitions 5
Requirements
Events occurring between the date of the financial
6–9
statements and the date of the auditor’s report
Facts which become known to the auditor after the date of
the auditor’s report but before the date the financial 10–13
statements are issued
Facts which become known to the auditor after the
14–17
financial statements have been issued
Application and other explanatory material A1–A18
The auditor has to consider the effect of subsequent events on the financial statements
and his report. Subsequent events refer to events:
after the end of the financial period but before the date of the auditor’s report
after the auditor’s report has been released to the organisation, but before the
financial statements are issued to users
after the financial statements have been issued to users.
2.1 Events after the end of the financial period but before the date of
the auditor’s report
The auditor has to perform appropriate audit procedures to ensure that all events up to
******ebook converter DEMO Watermarks*******
signing of the auditor’s report that have an impact on his report or the financial
statements have been identified.
Procedures to be followed by the auditor, apart from the normal cut-off testing, will
include:
obtaining an understanding of, and reviewing management’s procedures to identify
subsequent events and enquiring from management and those charged with
governance as to whether any subsequent events have occurred which might impact
the financial statements
reading minutes of the meetings of shareholders, the board of directors, and audit
and executive committees held after the financial year-end and inquiring about
matters discussed at any such meetings for which minutes are not yet available
reading other documents containing financial information (e.g. the organisation’s
latest interim financial statements and other related management reports)
asking the organisation’s lawyers about litigation and claims (with the client’s
permission)
consideration of relevant information that came to the auditor’s attention from
sources outside the organisation.
Where the auditor identifies events after the end of the financial period but before the
date of the auditor’s report that require adjustment of, or disclosure in, the financial
statements, the auditor must determine whether such events have been appropriately
reflected in the financial statements.
2.2 Events after the date of the auditor’s report but before the financial
statements are issued to users
After signing and issuing the audit report, the auditor does not have an obligation to
perform procedures to identify subsequent events. It is management’s responsibility to
inform the auditor of any such events.
However, if the auditor becomes aware of a subsequent event that, had it been known
to the auditor at the date of the auditor’s report, may have caused the auditor to amend
the auditor’s report, the auditor should:
consider whether the financial statements should be amended
discuss the matter with management and those charged with governance
enquire how management intends to address the matter in the financial statements
perform additional procedures to review the amendments made by management and
******ebook converter DEMO Watermarks*******
issue a new audit report.
If management does not amend the financial statements in circumstances where the
auditor is of the opinion that they need to be amended, and the auditor has not yet
provided the auditor’s report to the entity, he should modify his report to express a
qualified or adverse opinion.
Where the auditors’ report has already been provided to the entity, the auditor should
notify management and those charged with governance not to issue the financial
statements to third parties before the necessary amendments have been made. If the
financial statements are issued before the amendments, the auditor should take
appropriate action to seek to prevent reliance on the auditor’s report.
2.3 Events after the financial statements have been issued to users
After the financial statements have been issued, the auditor has no obligation to perform
any audit procedures relating to those financial statements. However, if, after the
financial statements have been issued to users, the auditor becomes aware of a fact that
existed at the date of the auditor’s report which would have influenced his opinion, he
should consider whether the financial statements should be adjusted and discuss the
matter with management.
If management amends the financial statements, the auditor should:
review the steps taken by management to inform everyone in receipt of the
previously issued financial statements of the situation
perform additional procedures to review the amendments made by management and
issue a new report.
If management does not inform those who received the previously issued financial
statements of the situation and does not amend the financial statements, the auditor
should inform management and those charged with governance that he will seek to
prevent reliance on the auditor’s report and take the necessary actions to prevent
reliance on the auditor’s report.
Contents Paragraph(s)
Introduction 1–8
Objectives 9
Requirements
Risk assessment procedures and related activities 10–11
Evaluating management’s assessment 12–14
Period beyond management’s assessment 15
Additional audit procedures when events or conditions are
16
identified
Audit conclusions and reporting 17
Use of going concern assumption appropriate but material
18–20
uncertainty exists
Use of going concern assumption inappropriate 21
Management unwilling to make or extend its assessment 22
Communication with those charged with governance 23
Significant delay in the approval of financial statements 24
Application and other explanatory material A1–A27
3.1 Definition
The going concern assumption refers to an organisation’s ability to continue in business
for the foreseeable future, with neither the intention nor the necessity to liquidate, cease
trading or seek protection from creditors. The assets and liabilities of an organisation
that is a going concern will be recorded on the basis that the organisation will be able to
realise its assets and discharge its liabilities in the normal course of business.
The going concern assumption is a fundamental principle in the preparation of
financial statements. It is management’s responsibility to consider the appropriateness
of a going concern assumption in the preparation of the financial statements.
Contents Paragraph(s)
Introduction 1–5
Objectives 6
Definitions 7–8
Requirements
Management from whom written representations requested 9
Written representations about management’s
******ebook converter DEMO Watermarks*******
responsibilities
Other written representations 13
Date of and period(s) covered by written representations 14
Form of written representations 15
Doubts as to the reliability of written representations and
16–20
requested written representations not provided
Application and other explanatory material A1–A27
Appendix I: List of ISAs containing requirements for written
representations
Appendix II: Illustrative representation letter
Before completion of the audit the auditor has to obtain written representations from
management and, where appropriate, from those charged with governance on their
responsibilities and on matters material to the financial statements.
Contents Paragraph(s)
Introduction 1–5
Objectives 6
Definitions 7–9
Requirements
Forming an opinion on the financial statements 10–15
Form of opinion 16–19
Auditor’s report 20–45
Supplementary information presented with the financial 46–47
statements
Application and other explanatory material A1–A51
Appendix: Illustrations of auditors’ reports on financial
statements
5.2 The auditor’s opinion (ISA 700, ISA 705, ISA 706)
5.2.1 Unqualified opinion
An unqualified opinion will be expressed by the auditor if he concludes that the
financial statements are presented fairly:
in all material matters
in terms of the financial reporting framework
in compliance with relevant statutory requirements (where appropriate).
5.2.2 Modified reports
Information is classified as material if the omission or misstatement of the information
in the financial statements would influence the decision making of a reasonable user of
the financial statements. If a matter is seen to be material relative to the financial
statements it could change the auditor’s opinion.
(a) Matters that do not affect the auditor’s opinion
If the auditor does not want to change his opinion but would like to highlight a matter
that is relevant to users’ understanding of the financial statements, auditor’s report or
auditor’s responsibilities, he would include an “emphasis of matter” or “other matter”
paragraph to his opinion. Examples would include:
material matters affecting the financial statements and which are included in a note
to the financial statements
additional statutory reporting responsibilities
going-concern problems.
The emphasis of matter or other matter paragraph needs to be appropriately headed.
An emphasis of matter paragraph refers to a matter that is appropriately disclosed
in the financial statements that is of such importance that it is fundamental to users’
understanding of the financial statements.
An other matter paragraph refers to a matter that is not disclosed in the financial
statements, but is still relevant to the users’ understating of the audit, the auditor’s
******ebook converter DEMO Watermarks*******
statements, but is still relevant to the users’ understating of the audit, the auditor’s
responsibilities or the auditor’s report.
(b) Matters that do affect the auditor’s opinion
The auditor will modify his opinion if there is a:
limitation in the scope of his work and as a result he is unable to obtain sufficient
appropriate audit evidence to conclude that the financial statements as a whole are
free from misstatement, or
disagreement with management regarding the financial statements, such that the
auditor concludes that, based on the audit evidence obtained, the financial
statements as whole are not free from material misstatement.
In these circumstances the auditor will issue:
a qualified opinion
a disclaimer of opinion, or
an adverse opinion.
Limitation on scope
These circumstances could lead to:
a qualified opinion or
a disclaimer of opinion.
A limitation on the auditor’s scope of work at the beginning phase of the audit would
normally result in the auditor not accepting the assignment.
Sometimes a scope limitation may result from certain circumstances. This would
cause the auditor to decide whether the effects are both material and pervasive, in
which case he would express a disclaimer of opinion. If the matter is material but not
pervasive, the auditor would qualify his opinion.
Full disclosure should be made in the auditor’s report regarding the limitation.
10 Questions
******ebook converter DEMO Watermarks*******
10 Questions
QUESTION 10.3
Discuss the effect that each of the situations below would have on your audit opinion:
Part A
You are busy with the audit of your client. As part of your audit procedures, you have
requested that the directors give you written representation regarding certain material
matters. The directors have refused to do this as they say it may expose them to
litigation at a later stage if any of the written submissions are discovered to have been
made in error.
(4)
Part B
During your audit of Trendy Clothing (Pty) Ltd, you encounter difficulty in verifying the
accounts receivable balance. The balance is significant in the financial statements;
however, you are of the opinion that you have obtained sufficient appropriate audit
evidence about the rest of the financial statements.
(3)
Responsibilities of an auditor
Authoritative references
Reference Title
The overall objective of the independent auditor and the conduct of
ISA 200
an audit in accordance with the International Standards on Auditing
ISA 210 Agreeing the terms of audit engagements
ISA 220 Quality control for an audit of financial statements
ISA 230 Audit documentation
The auditor’s responsibilities relating to fraud in an audit of
ISA 240
financial statements
Consideration of laws and regulations in an audit of financial
ISA 250
statements
ISA 260 Communication with those charged with governance
1 Introduction
An auditor has certain responsibilities towards his clients, his practice and the
accounting and auditing professions. This chapter looks at some of the responsibilities
of an auditor according to the International Standards of Auditing. Apart from the
responsibilities discussed here, the auditor also incurs responsibilities from the
Auditing Profession Act, the Companies Act and other legislation and regulations.
A number of the ISAs referred to above were previously covered in the textbook. The
focus of the chapter will be on the ISAs not yet addressed.
Contents Paragraph(s)
Introduction 1
Characteristics of fraud 2–3
Responsibility of the prevention and detection of fraud 4–8
Professional scepticism 12–14
Discussion among the engagement team 15
Risk assessment procedures and related activities 16–24
Identification and assessment of the risks of material 25–27
misstatement due to fraud
Responses to the assessed risks of material misstatement due to 28–33
fraud
Evaluation of audit evidence 34–37
Auditor unable to continue engagement 38
Written representations 39
Communications to management and with those charged with 40–42
governance
Communications to regulatory and enforcement authorities 43
Documentation 44–47
Application and other explanatory material A1–A67
Appendix 1: Examples of fraud risk factors
Appendix 2: Examples of possible audit procedures to
address the assessed risk of material
misstatement due to fraud
2.1 Introduction
The auditor has a responsibility during the audit of financial statements to consider the
risk of material misstatements in financial statements due to fraud as well as maintain
professional scepticism during the audit.
A number of recent corporate scandals highlighted the reality of the risk of fraud and
error in organisations. Big international corporations failed subsequent to incidents of
fraud and error in their operations (e.g. Enron, World-Com and Leisurenet). Locally,
organisations such as Fidentia saw huge losses to debtors and shareholders as a result
of alleged management fraud and recklessness.
Good governance principles demand that an organisation’s board of directors, or
equivalent oversight body, ensures overall high ethical behaviour in the organisation,
regardless of its status as public, private, government, or not-for-profit, its relative size,
or its industry.
In addition to the board, personnel at all levels of the organisation – including every
level of management, staff, and internal auditors, as well as the organisation’s external
auditors – have responsibility for dealing with fraud risk. Particularly, they are expected
to explain:
how the organisation is responding to heightened regulations, as well as public and
stakeholder scrutiny
what form of fraud risk management program the organisation has in place
how it identifies fraud risks
what it is doing to better prevent fraud, or at least detect it sooner, and
what process is in place to investigate fraud and take corrective action.
2.14 Documentation
During the planning phase of the audit the auditor has to document:
significant decisions reached during discussions by key team members regarding the
susceptibility of the organisation to material misstatement due to fraud
the risk of material misstatement due to fraud at financial statement and assertion
levels.
The auditor further has to document his responses to the identified fraud risk areas.
These comprise the following:
the overall response to the assessed risks of material misstatement due to fraud and
the impact on the nature, timing and extent of audit procedures
the results of the audit procedures.
The auditor should also document any communications with management and the
directors of the organisation regarding fraud.
Contents Paragraph(s)
Introduction 1–11
The auditor’s consideration of compliance with laws and 12–17
regulations
Audit procedures when non-compliance is identified or 18–21
suspected
Reporting of identified or suspected non-compliance 22–28
Documentation 29
Application and other explanatory material A1–A21
3.1 Introduction
In order to provide a proper service and to reduce the audit risk to themselves, the
auditor has to ensure that he has proper knowledge of the laws and regulations
impacting the various audit assignments for which he is responsible.
The respective laws and regulations differ in their relationship to an organisation.
They can:
prescribe the framework for an organisation’s financial statements
determine the amount to be recorded or disclosures to be made in the financial
statements
set the conditions under which an organisation is allowed to conduct its business
(e.g. a regulated industry)
set conditions regarding the operating aspects of a business.
3.2 Non-compliance
Non-compliance by an audit client with laws and regulations may have a material effect
on the financial statements (e.g. in the form of fines or litigation).
“Non-compliance” refers to
intentional or unintentional acts of
commission or omission by the organisation which are
4 Questions
The purpose of a case study is to place the student in the position of a decision maker
that has to solve a problem. Included in this section of the textbook are a few case
studies on planning of the audit. These case studies should only be attempted after
studying chapters 5 to 9.
Case study 1
QUESTION 70 MARKS
You are the Auditor in Charge (AIC) on the audit of Sapphire Sensation Ltd., a company
listed on the JSE Ltd, for the year ending 31 July 20X11. You are currently busy with the
planning of the audit and have documented some of the planning steps that you and your
team have completed thus far on your Auditing Firm’s standard planning document
format.
Please refer to the planning document below:
Sapphire
Client: Prepared by T.M Date 15/06/20X11
Sensation Ltd.
Year end: 31 July 20X11 Reviewed by D.M Date 30/06/20X11 D2
Case study 2
QUESTION 75 MARKS
You have just been appointed as the auditor of Jenny Chew (Pty) Ltd, a shoe shop
located at the Nelson Mandela Square in Sandton. Jenny Chew shoes are high fashion
and very expensive. The owner and CEO of Jenny Chew, Dennis Maree, has only just
converted the entity to a company (previously a CC), therefore this is the first time the
company is being audited. The year-end of the company is 30 November 20X11.
After discussions held with Dennis, you find out the following:
The company is on an expansion plan. As part of the expansion, they are opening
two new branches, one at Clearwater Mall in Roodepoort, and the other at Maponya
Mall in Soweto. Dennis says that currently they are working on a batch processing
system in the Sandton store, but he would like to be able to move to a system
whereby transactions are processed and all files updated immediately. This is to
ensure that customers looking for a shoe in one branch can be referred to another
branch if the shoe is available there. He also wants to be able to link the three
branches via some type of network.
******ebook converter DEMO Watermarks*******
Dennis does not see the need to wait for the engagement letter, and wants you to start
with the audit immediately, seeing his bankers are in a hurry for the audited financial
statements before they lend him more money for the expansion.
During your planning procedures, you assess audit risk to be low. The controls are
reliable and have been operating effectively, and inherent risk is also low. Your main
concern is that your planning analytical procedures indicate that sales are lower than
you expected. This could be an indication of understatement of sales.
As part of your audit procedures, you asked your first-year clerk to document the
controls in place for addressing the control objectives of validity, completeness,
accuracy and cut-off for the purchases system of Jenny Chew (this documentation will
assist you in deciding which procedures you will perform). Refer to the attached
working paper J3 for the documentation of these controls.
For the procedures on debtors, your first-year audit clerk suggests that negative
confirmations would be the best audit evidence for existence and valuation of debtors.
EQ AUDITORS
Client: Jenny Chew (Pty) Ltd J3
Year end: 30 November 20X11 Prepared by: SM
Section: Purchases system Date: 6/12/11
The purpose of this working paper is to document the controls that are in place in the
purchases system of Jenny Chew (Pty) Ltd and that address the control objectives of
validity, completeness, accuracy and cut-off.
Purchases
Jenny Chew orders stock on a monthly basis. When the shoes arrive, two people
inspect them for quantity and quality and prepare a goods received note (GRN). The
GRN is matched with the delivery note received from the supplier. Short deliveries are
indicated on the delivery note and a credit request is made out.
The GRN is matched with the invoice from the supplier and is thereafter recorded in
the purchase journal. A register is kept of unmatched invoices and is regularly
followed up by the senior buyer.
All requisitions, orders and GRNs are recorded numerically, and missing numbers are
followed up.
When a purchase invoice is received from a supplier, it is checked independently
******ebook converter DEMO Watermarks*******
before it is recorded in the purchase journal, and the following is done:
1. Prices are compared with the orders/price list.
2. The quantity is recorded in the GRN.
3. The accounting accuracy is checked.
The updates in the purchase journal are done as per the date of delivery.
Provision is made at year-end in respect of purchases not yet invoiced.
(j) Identify and define the assertions that are addressed when testing for understatement
******ebook converter DEMO Watermarks*******
of sales. (4)
(k) Describe the audit procedures you would perform for the assertions identified in
(j) above. (6)
(l) Describe what procedures you would perform with regard to the opening balances
of Jenny Chew. (4)
(m) Describe negative confirmations and discuss when they are appropriate to use. (4)
(n) State, with reasons, whether your first-year audit clerk is correct in saying that the
assertions of existence and valuation of debtors will be verified by a debtor’s
confirmation. (3)
Presentation (3)
Case study 3
QUESTION 50 MARKS
You have been appointed as the new auditors of Mac KFC (Pty) Ltd during June of this
year. Mac KFC (Pty) Ltd is one of South Africa’s leading fast food suppliers. The
company’s year-end is 31 October 20X11 and you are busy with the planning of the
audit as well as determining what audit evidence should be obtained during the audit.
Because this is a new client for your firm, you are paying special attention during the
initial planning stage of the audit and during the planning process, and the following has
come to your attention:
Because you are the newly appointed auditor of Mac KFC (Pty) Ltd you cannot
place reliance on the opening balances of the financial records. The opening
balances therefore need to be verified with the previous auditor.
The management of Mac KFC (Pty) Ltd has informed you that they are currently
involved in a legal dispute with one of their clients. The client argues that a
consignment of chicken burgers was supplied to them for one of their social
functions after they had specifically requested beef burgers. A chicken burger is
approximately R5 more expensive than a beef burger. The order consisted of 1 500
burgers.
Mac KFC (Pty) Ltd has numerous fast food outlets in South Africa. They group their
stores according to location and classify these as business hubs. Their major
business hubs and turnover per hub are as follows:
You have agreed with the audit partner that the operation in Polokwane is not
significant and will not be audited this year. Your auditing firm will be able to
service the Johannesburg and Pretoria business hubs, but another audit firm will
need to audit the Cape Town hub. You have identified Izzy & Lyndsay Inc. as a
suitable firm to render this service and have already contacted one of the managers
at Izzy & Lyndsay Inc. They are eager to help with the audit.
You have also already sent out the bank confirmations to the respective banks where
Mac KFC (Pty) Ltd holds accounts. This is to confirm the year-end bank balances as
at 31 October 20X11. You believe that a bank confirmation is the best type of audit
evidence to obtain in this regard.
As part of the planning process you have performed analytical procedures in order
to obtain a clear understanding of the client’s business, identify risk areas that the
audit team can focus on and assist in determining the nature, timing and extent of the
audit procedures that need to be performed. The results of your analytical
procedures were as follows:
Mac KFC (Pty) Ltd has a very good internal audit division and you are considering
relying on some of the procedures that the internal auditors have already performed.
You and your team have now completed the planning process and are ready to start with
the audit. You are however aware of the fact that there are a few more things that you
still need to consider.
1.1.2 Purchases