ITC Auditing - Notes - FINAL PDF

AUDITING AND
GOVERNANCE
Table of Contents
Table of Contents ......................................................................................................................... 2
Writing the exam ......................................................................................................................... 3
Potential mark allocation .................................................................................................................... 4
Analysis of past exams ........................................................................................................................ 4
Examination technique ....................................................................................................................... 6
Examinable pronouncements ..................................................................................................... 10
Study day breakdown and suggested approach .......................................................................... 25
Course Notes ............................................................................................................................. 27
Auditing: The big picture ............................................................................................................ 27
More detailed auditing notes ..................................................................................................... 40
A Comment on Audit Risk ................................................................................................................. 40
Never confuse Audit Risk with Business Risk! .................................................................................. 41
Identifying Audit Risks................................................................................................................... 42
Answering audit risk questions ..................................................................................................... 46
Audit Risks in the Computerised Environment ............................................................................. 47
Business risks in the Computerised Environment......................................................................... 48
Risk assessment procedures ......................................................................................................... 48
Stages of the audit process......................................................................................................... 49
Pre-engagement Activities ................................................................................................................ 49
ISAs related to this stage............................................................................................................... 50
Exam questions related to this stage ............................................................................................ 50
Prior to accepting the audit, we would have: ............................................................................... 51
Planning the Audit............................................................................................................................. 51
Calculating Planning Materiality ................................................................................................... 52
Audit Approach and Audit Plan..................................................................................................... 55
Systems of Internal Control in the Planning Stage ........................................................................... 59
Risk Response.................................................................................................................................... 76
Exam questions ............................................................................................................................. 77
Describing Possible Responses to Risk at the Overall Financial Statement Level......................... 77
Identifying Key Controls ................................................................................................................ 77
Identifying key controls: internal vs. external audit ..................................................................... 78
Exam technique............................................................................................................................. 78
Tests of Controls ........................................................................................................................... 79
Exam technique............................................................................................................................. 79
Substantive Audit Procedures....................................................................................................... 80
Evaluating and Concluding ................................................................................................................ 93
Overview ....................................................................................................................................... 93
Going Concern Issues .................................................................................................................... 94
Website | www.uctboardcourse.co.za
Email | info@uctboardcourse.co.za
Telephone | 021 650 2269 Page 2 of 167
Forming an Audit Opinion: ISA 700 (Revised) ............................................................................... 99
Evaluating the Effect of Misstatements ...................................................................................... 100
Determining whether misstatements are material .................................................................... 101
Determining whether misstatements or uncertainties are pervasive ........................................ 103
Types of audit opinion ................................................................................................................ 103
Audit Reporting ............................................................................................................................... 107
Specific Topics ......................................................................................................................... 111
Using the Work of Others ............................................................................................................... 111
Using the work of internal auditors (ISA 610 Revised) ................................................................... 111
Audits of Groups and Component Auditors (ISA 600) .................................................................... 113
Using the work of an audit expert (ISA 620) ................................................................................... 114
Subsequent Events (ISA 560) .......................................................................................................... 114
Other Issues .................................................................................................................................... 115
Difference between Audit and Review Engagements ................................................................ 115
Determining Whether a Company is required to be Audited ..................................................... 116
Code of Professional Conduct (CPC) .......................................................................................... 118
Fundamental principles section 100.1 of CPC: ............................................................................... 118
The Table of Contents: Code of professional conduct for chartered accountants ..................... 119
Addition notes: Section 290 of the SAICA CPC................................................................................ 121
Corporate Governance and King III ........................................................................................... 137
Transparency............................................................................................................................... 137
Accountability ............................................................................................................................. 137
Responsibility .............................................................................................................................. 137
Fairness ....................................................................................................................................... 137
The Code of Governance................................................................................................................. 137
Chapter 1: Ethical leadership and corporate citizenship ............................................................ 138
Chapter 2: Boards and directors ................................................................................................. 139
Chapter 3: Audit committees ...................................................................................................... 144
Chapter 4: The governance of risk .............................................................................................. 147
Chapter 5: The governance of information technology.............................................................. 148
Chapter 6: Compliance with laws, rules, codes and standards .................................................. 148
Chapter 7: Internal audit ............................................................................................................. 149
Chapter 8: Governing stakeholder relationships ........................................................................ 150
Chapter 9: Integrated reporting and disclosure ......................................................................... 151
The Companies Act (2008) .............................................................................................................. 151
The Auditing Profession Act (APA) .................................................................................................. 159
Business rescue and insolvency (A brief overview) .................................................................... 160
Insolvency law and practice: A brief summary ............................................................................... 161
Business Rescue (Understood through Question and Answer) ...................................................... 165
Writing the exam
This portion of the notes deals with the following information, which is vital to you when preparing
for and while you are writing the ITC:
• Potential mark allocation;
• Analysis of past exams; and
• Exam technique and style of testing.
Potential mark allocation

Past ITC/QE Papers have always included a significant number of marks allocated to Auditing and
Governance. If you consider SAICA’s table of potential mark allocation, you will notice the following
inclusions:
Strategy, Risk Management and Governance 40 to 60 marks
Audit and Assurance 60 to 80 marks
Management Decision Making and Control 40 to 60 marks
Ethics 0 to 20 marks
Therefore, it would be hypothetically possible for an Auditing Examiner to set a paper containing 220
marks (60+80+60+20) concerning aspects related to Auditing and Governance and still remain within
the SAICA Limits.
Whilst the above suggestion stretches the bounds of probability, it is most likely that Auditing and
Governance will represent as much as 30% of future papers. That is 120 to 130 marks. The total for
the January 2013 ITC was 130, although that includes 10 marks on Business Risk, which some
academics would regard as a MAF topic. The total for the January 2015 ITC was around 98 with June
2015 being about 127! Notwithstanding the fact that the specific topics examined are generally
relatively straightforward and represent an opportunity for candidates to gather “easy marks”, the
national average for auditing questions is low – usually around 40%. It therefore goes without saying
that candidates cannot afford to underperform to this extent in what are comparatively easy
questions.
Auditing is generally a very practical subject, based on principles with limited exceptions and practical
expedients. Governance, the Law and Ethical Conduct, on the other hand, have their roots in
theoretical knowledge but then require practical application. The best approach to take when
preparing for Auditing and Governance is to focus on principles and your understanding thereof
through practising tutorials.
Please note: The Auditing and Governance syllabus is vast and you will not be unable to cover it in its
entirety in detail during this programme – and you should not attempt to do so. You should rather
focus on your level of understanding of Auditing and Governance concepts and your examination
technique, as these are the common factors that lead candidates to be unsuccessful in the subject.
Analysis of past exams

An analysis of past auditing questions reveals that a substantial number of marks are allocated to
relatively straightforward issues and the mark plans are quite extensive. All that is required in order
to obtain these comparatively easy marks is sound conceptual knowledge and a disciplined
examination technique. Our best advice here is to work on the concepts and exam technique through
the tutorials provided in this pack.
The following topics have been examined over the past 10 years: (marks allocated are provided)
2007 Risk Overall F/S Level 10 2013 Jan Governance and Law 45
Controls incl. IT 25 Pre Engagement 11
Approach/Strategy 15 Risk and Materiality 10
Specific Audit Risks 10 Procedures 20
Business Risks 7 Reporting issues 28
Reporting decision 8 Reportable Irregularity 6
Ethics 9 Total 120
2013
Total 84 Risk 27
June
2008 Business Risks 20 Internal Controls
Controls (incl. IT) 10 and Testing of Controls 17
Audit Procedures 35 Audit Procedures: 33
Governance, Ethics Total 77
and Company Law 20 2014 Jan Risk 24
Total 85 Audit Approach 10
2009 Controls/Test controls 24 Company Law and Ethics 11
Audit procedures 10 Procedures 32
Control weaknesses 15 Control Risk 9
Internal audit 10 Business Risks 10
Risks 10 Total 96
2014 Corporate Governance and Ethics
Pre engagement 6
June 13
Procedures 10 Quality Control 11
Corporate Governance and Law
Plus Presentation 5
16
Total 80 Procedures 36
2010 Risks Response 22 Total 76
Key controls – revenue 12 2015 Jan Pre-engagement Activities 15
Procedures – revenue 11 Audit Risk 23
Irregularity/provision General Controls 10
Substantive Procedures
Reporting 10
(Inventory) 15
Governance and law 15 Reportable Irregularity 8
Plus Presentation 5 Business Risk and Response 27
Total 75 Total 98
2015 Corporate Governance and Ethics
2011 Risks 10
June 35
Governance and law 27 Audit Risk 20
Procedures 16 Business Risks 12
Reporting issues 15 Procedures 38
Total 68 Tests of Controls 9
2012 Risks 17 Reportable Irregularity 13
IT Controls 25 Total 127
Procedures 18 2016 Jan Tests of Controls 25
Other auditors 10 Substantive procedures 7
Corporate Governance and Ethics
Governance 12
23
Total 82 ISA 260/265 5
Auditor response to illegal
behaviour 20
Business Risk 14
Total 94
2016
Financial Statement level risks 14
June
Financial Statement level
responses 16
Design Key Controls 18
Substantive Procedures 18
Ethics 12
Total 78
As is apparent from the above table, whilst SAICA cannot examine all topics comprehensively in any
given year, SAICA has achieved broad and comprehensive coverage of the entire Syllabus over the
period. For this reason, none of the topics covered by this programme can be omitted.
Furthermore, an analysis of past auditing questions reveals that a substantial number of marks are
allocated to relatively straightforward issues. All that is required in order to obtain these
comparatively easy marks is sound knowledge and a disciplined examination technique.
Examination technique
The purpose of this section is to assist you to develop a disciplined and effective question answering
technique, thus enabling you to derive the maximum possible benefit from your knowledge of the
subject. As said before, poor examination technique, as with all of the subjects, is the primary cause
of underperformance. Completing tutorials properly will assist in this regard.
It must be emphasised (it cannot be over emphasised!) that technique is developed by practice –
tutorial practice.
Here are some key pointers to help you improve your time spent doing the tutorials. Please read these
points carefully and think where you may need improvement:
1. Unlike the other subjects, Auditing and Governance is a qualitative/ theory based subject in
its entirety. Therefore, since the solution is always discussion and theory in nature, rather than
worked out in the numbers, there is more of a risk that you do not understand exactly what
the REQUIRED is asking.
Put it this way – you need to properly interpret and understand the REQUIRED before starting
your answer – and this is particularly tricky in this subject. How many times have you written
a one page or longer solution and then received your script back after marking to see that
most of what you wrote did not receive any marks! This is usually because you did not
understand the question 100%. You wrote down valid audit theory, but it did not answer the
REQUIRED.
• What is the difference between the “completeness” and “occurrence” assertions?

• Is “audit strategy” the same as “audit approach”? What about the “audit plan”?
• The REQUIRED asked for “Risks of Material Misstatements” “at the assertion level”. Does
this mean that “control risks” can be included in my answer? What about “inherent risks”?
• The REQUIRED asked for “detailed substantive tests”. Can I include “analytical procedures”
in my answer? Can I provide “tests of controls”?
• The REQUIRED asked for “substantive procedures” that address “cut-off”. What exactly is
the “cut-off” assertion?
• In a “corporate governance concerns” REQUIRED, can I include ethical as well as Companies
Act concerns? i.e. is the Code of Professional Conduct in the scope of the question?
Hopefully the above examples prove the point. You must unpack and understand exactly what the
required is asking you. There can be subtlety in the REQUIRED. It can be easy to misunderstand
what you have been asked. You need to work on this as you do your tutorials.
2. Often, as much as half (or more) of the available marks in an Auditing or a Governance
question relate very specifically to issues highlighted in the scenario.
Therefore spend adequate time (approx. 0.3 minutes per mark) reading the scenario properly
and highlighting key information and making short notes as you read. Then, having analysed
the requirement very carefully, go back to your highlights and notations made during your
reading time and apply yourself to each highlighted issue that is relevant to the specific terms
of the requirement. This may slow you down – but it is time well spent.
I find this very helpful – the COD technique:
• “C” Core:
Pick up the Core aspects – the most important issues that relating to the question.
• “O” Options:
Only if the mark allocation allows, should you deal with the Options (or Specifics). What
options (specific stuff mentioned) were provided in the scenario that I must include in my
answer?
• “D” Detail:
Only add detail once you have already dealt with each Core Issue or Specific.
In other words, cover the broad issues first before you dive into the detail concerning specific
aspects – and always only add detail in accordance with the marks allocated: “this question is
for only 6 marks! Why are you writing that amount of detail on one point?”
Because you might add detail at a later stage once you have dealt briefly with each Core Issue,
always leave space between paragraphs of your solution.
3. In their commentaries on previous Auditing papers and questions, the examiners have always
indicated that candidates would do well to Read first, Think second, Plan third and then
Write.
You should read the requirement carefully and be able to identify the facts most relevant to the
requirement.
Ensure that you understand the precise focus of the question and that you do not allow your solution
to deviate from the required information.
Examiners generally find that candidates waste an enormous amount of time on issues not specified
in the requirement.
Plan your solution by identifying all important issues relevant to the requirement.
Do not add detail for any one issue until you have identified all of the issues.
Any question will require candidates to address a number of major issues.
Candidates often provide superfluous detail on a particular issue to the detriment of other, equally
important, issues.
Decide on the extent of detail required in respect of each issue identified. The extent of detail is
typically in inverse proportion to the number of important issues to be addressed.
You may need to make a decision regarding the relative importance of various issues. This decision
would normally be based on the audit risks involved.
Before you write, plan your layout. You can avoid duplication of your plan by setting up each
important issue as a heading and allowing considerable space between headings.
You may now add detail where applicable.
4. Write your answer in points or bullet points.
Writing, say, a 10 mark question in paragraph narrative often results in writing too much for
each mark. Write 10 points, each on a separate line, in order to get 10 marks. This is the most
efficient way of answering a question – and note that all the suggested solutions do the same.
Write a full and complete sentence. Use proper grammar. But be brief and to the point for
every point made.
5. Do not go over time on any required.
This is so easy to do. Going over time is usually an indication that you are writing unnecessary
detail or have misunderstood the restriction and exact meaning of the required. If you find
yourself going over time, then finish the question as quickly as possible – leave some space to
return to the question at the end of the paper – and move on! Do not prejudice yourself by
not completing the paper.
Remember: 5 minutes spent on another question will get more marks than 5 minutes over-time on
any question!
Examinable pronouncements
https://www.saica.co.za/LearnersStudents/Examinations/Informationonwhatwillbeexamined/ExaminablePronouncements
/tabid/488/language/en-ZA/Default.aspx
Study day breakdown and suggested approach
The Auditing and Governance syllabus has been broken down into five study days. The tutorials set for each day have been grouped based on broad similarities
in subject matter and the manner in which the content is typically integrated.
The approach has been to have approximately 200 marks per study day. However, this has not always been possible and some days may have slightly more
or slightly less than 200 marks. Overall there are roughly 1 000 marks of tutorial practice over the five days.
Tutorial Recorded Suggested reading prior to

Tutorial number Tutorial name Original source Rank Tutorial? Annotated? tutorials (if required)
Study day 1:
AUD 01 Mining Supplies UCT 2014 Postgrad (Adapted) C YES YES The “Big Picture” of Auditing
AUD 02 Ambition Apparel SAICA/ITC January 2016 C YES
Study day 2:
AUD 03 Plascorp Ltd UCT Exam 2015 B YES YES Auditing notes
AUD 04 Sage and Saai SAICA/ITC June 2014 C YES YES Review: ISA 300; 315
* Refer to the table of contents in the notes. Do the readings that you deem necessary or helpful. Remember: The tutorials are the priority. Read or refer
to the notes as you deem appropriate for your needs.
Tutorial Recorded Suggested reading prior to
Tutorial number Tutorial name Original source Rank Tutorial? Annotated? tutorials (if required)
Study day 3:
AUD 05 Mobile Creations SAICA/ITC B YES Auditing notes
AUD 06 Cement-for-Construction SAICA/ITC January 2014 C YES Review: ISA 320; 330
AUD 07 Hofstein SAICA/ITC C
AUD 08 Planning Materiality Simplified Tutorial A
Study day 4:
AUD 09 Starmedia Group/Magic SAICA/ITC June 2015 C Auditing notes
AUD 10 Home Affairs SAICA/ITC (Adapted) C YES YES Ethics notes
AUD 11 Aero Africa SAICA/ITC C King III notes
AUD 12 Audit or Independent Review Simplified Tutorial A YES Review select ISAs
AUD 13 Audit approach Simplified Tutorial A YES
Study day 5:
AUD 14 Stonecut Ltd SAICA/ITC June 2015 C YES Auditing notes
AUD 15 Sports Electronics/SET SAICA/ITC January 2015 C
AUD 16 Winterfell SAICA/ITC June 2016 B YES
* Refer to the table of contents in the notes. Do the readings that you deem necessary or helpful. Remember: The tutorials are the priority. Read or refer
to the notes as you deem appropriate for your needs.
Course Notes
Auditing: The big picture
Use these brief notes to help you work through your International Standards of Auditing (ISAs). You
must know your way around, and have highlighted and flagged your ISAs!
An audit conducted in terms of the International Standards of Auditing (ISAs) is first and foremost risk
driven. An audit is a “Risk-Based” exercise. Here is an overview of a “risk-based audit” as guided by
the ISAs:
What are the different types of engagements that an auditor could perform?
Type of engagement
Assurance Non-assurance
engagement engagement
Agreed-upon
Review Compilation
Audit (ISAs) procedures
(ISRE 2400) (ISRS 4410)
(ISRS 4400)
Reasonable
Limited assurance No assurance
assurance No assurance
(Negative Form of (Identification of
(Positive Form of (Factual findings)
expression) information)
expression)
Can you explain the purpose of each of the four engagements? Refer to the respective standards that
provide that explanation.
In particular, given the nature of the new Companies Act, 2008, and the existence of the Public Interest
Score (PIS) and review engagements available for some private companies, make sure you understand
how a review engagement would differ from a full statutory audit. Refer to ISRE 2400.
The notes below deal primarily with the ISAs, which of course govern statutory audit engagements:
Paragraph No. Some relevant Extracts from ISAs
200.11 In conducting an audit of financial statements, the overall objectives of

the auditor are:
(a) To obtain reasonable assurance about whether the financial

statements as a whole are free from material misstatement, whether
due to fraud or error, thereby enabling the auditor to express an
opinion on whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial
reporting framework; and
(b) To report on the financial statements, and communicate as required

by the ISAs, in accordance with the auditor’s findings.
200.3 The purpose of an audit is to enhance the degree of confidence of

intended users in the financial statements. This is achieved by the
expression of an opinion by the auditor on whether the financial
statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework. In the case of most general
purpose frameworks, that opinion is on whether the financial
statements are presented fairly, in all material respects, or give a true
and fair view in accordance with the framework. An audit conducted in
accordance with ISAs and relevant ethical requirements enables the
auditor to form that opinion.
200.5 As the basis for the auditor’s opinion, ISAs require the auditor to obtain
reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or
error. Reasonable assurance is a high level of assurance. It is obtained
when the auditor has obtained sufficient appropriate audit evidence to
reduce audit risk (i.e., the risk that the auditor expresses an
inappropriate opinion when the financial statements are materially
misstated) to an acceptably low level. However, reasonable assurance
is not an absolute level of assurance, because there are inherent
limitations of an audit which result in most of the audit evidence on
which the auditor draws conclusions and bases the auditor’s opinion
being persuasive rather than conclusive.
200.A34 The risks of material misstatement may exist at two levels:
• The overall financial statement level; and
• The assertion level for classes of transactions, account balances,

and disclosures.
200.A40 The ISAs do not ordinarily refer to inherent risk and control risk
separately, but rather to a combined assessment of the “risks of
material misstatement.” However, the auditor may make separate or
combined assessments of inherent and control risk depending on
preferred audit techniques or methodologies and practical
considerations. The assessment of the risks of material misstatement
may be expressed in quantitative terms, such as in percentages, or in
non-quantitative terms. In any case, the need for the auditor to make
appropriate risk assessments is more important than the different
approaches by which they may be made.
200.A45 The auditor is not expected to, and cannot, reduce audit risk to zero and
cannot therefore obtain absolute assurance that the financial
statements are free from material misstatement due to fraud or error.
This is because there are inherent limitations of an audit, which result
in most of the audit evidence on which the auditor draws conclusions
and bases the auditor’s opinion being persuasive rather than conclusive.
The inherent limitations of an audit arise from:
• The nature of financial reporting;
• The nature of audit procedures; and
• The need for the audit to be conducted within a reasonable period

of time and at a reasonable cost.
Note that the overriding objectives of the auditor in a risk-based audit are:
• To obtain reasonable assurance about whether the financial statements as a whole are free
from material misstatement, whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are prepared, in all material respects,
in accordance with an applicable financial reporting framework; and
• To report on the financial statements, and communicate as required by the ISAs, in
accordance with the auditor’s findings.
The audit is risk-based in the sense that audit responses are responses to “audit risk”. Without
performing a sufficient and appropriate risk assessment, there can be no proper audit! Therefore
the ISAs are “risk-based” in their approach to audit.
Reasonable Assurance
The ISAs require the auditor to obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or error.
Reasonable assurance is a high but not absolute level of assurance. It is obtained when the auditor
has obtained sufficient appropriate audit evidence to reduce audit risk (that is, the risk that the auditor
expresses an inappropriate opinion when the financial statements are materially misstated) to an
acceptably low level. The auditor cannot provide absolute assurance due to the inherent limitations
in the work carried out. This results from the majority of audit evidence (on which the auditor draws
conclusions and bases the auditor’s opinion) being persuasive rather than conclusive.
Scope of an Audit
The scope of the auditor’s work and the opinion provided are usually confined to whether the financial
statements are prepared, in all material respects, in accordance with the applicable financial reporting
framework. As a result, an unmodified auditor’s report does not provide any assurance about the
future viability of the entity, nor the efficiency or effectiveness with which management has
conducted the affairs of the entity.
Any extension of this basic audit responsibility, such as that required by law or JSE regulations, would
require the auditor to undertake further work and to modify or expand the auditor’s report
accordingly.
Material Misstatements
A material misstatement (a difference, which is fundamental to a user’s understanding, between the
amount, classification, presentation or disclosure of a reported financial statement line item and the
amount, classification, presentation or disclosure that is required for the item to be in accordance
with the applicable financial reporting and regulatory (in South Africa, this would be the Companies
Act) framework)) has occurred when they could reasonably be expected to influence the economic
decisions of users made on the basis of the financial statements.
Assertions
Assertions are representations by management, explicit or otherwise, that are embodied in the
financial statements. They relate to the recognition, measurement, presentation, and disclosure of
the various elements (amounts and disclosures) in the financial statements. For example, the
completeness assertion relates to all transactions and events that should have been recorded having
been recorded. They are used by the auditor to consider the different types of potential
misstatements that may occur.
Paragraph No. Relevant Extracts from ISAs
315.4(a) Assertions
Assertions—Representations by management, explicit or otherwise,

that are embodied in the financial statements, as used by the auditor to
consider the different types of potential misstatements that may occur.
When management makes a representation to the auditors such as “the financial statements as a
whole are presented fairly in accordance with the applicable financial reporting framework,” it
actually contains a number of embedded assertions.
These embedded assertions (by management) relate to the recognition, measurement, presentation,
and disclosure of the various elements (amounts and disclosures) in the financial statements.
Examples of management’s assertions include:

• All the assets in the financial statements are correctly valued in terms of IFRS;
• All sales transactions have been recorded in the appropriate period;
• All inventories stated actually do exist;
• Liabilities and payables represent proper obligations of the entity;
• All recorded transactions occurred in the period under review; and
• All amounts are properly presented and disclosed in the financial statements.
These assertions are often summarized by a single word such as completeness, existence, occurrence,
accuracy, valuation, etc.
Make sure you are familiar with the assertions and are able to correctly apply them when discussing
the appropriateness of some aspect of a class of transactions, an account balance or a disclosure item.
The assertions in the table below can be found in ISA 315 Para A124 (a) –(c).
ASSERTION CLASS OF ACCOUNT PRESENTATION

TRANSACTIONS BALANCES AND DISCLOSURE
OCCURRENCE √ √
COMPLETENESS √ √ √
ACCURACY √ √
CUT OFF √
CLASSIFICATION √ √
EXISTENCE √ √
RIGHTS (ASSETS ONLY) AND

√ √
OBLIGATIONS (LIABILITIES ONLY)
VALUATION AND ALLOCATION √ √
Audit Risk
Audit risk is the risk of expressing an inappropriate audit opinion on financial statements that are
materially misstated. The objective of the audit is to reduce this audit risk to an acceptably low
level.
Audit risk has three key elements as follows:
Audit Risk = Inherent Risk x Control Risk x Detection Risk
Note: The ISAs define the risk of material misstatement at the assertion level as consisting of two
components: inherent risk and control risk. Consequently, the ISAs do not ordinarily refer to inherent
risk and control risk separately, but rather to a combined assessment of the “risks of material
misstatement.” However, the auditor may make separate or combined assessments of inherent and
control risk, depending on preferred audit techniques or methodologies and practical considerations.
Therefore, you could also say that audit risk has two key elements as follows:
Audit Risk = Risk of Material Misstatement (RoMM) x Detection Risk
To reduce audit risk to an acceptably low level, the auditor is required to:
• Assess the risks of material misstatement; and

• Limit detection risk. This may be achieved by performing procedures that respond to the
assessed risks of material misstatement, both at the financial statement level and at the
assertion level for classes of transactions, account balance, and disclosures.
Exercise:
The “Glossary of terms” contained in the SAICA Handbook is very useful! Go there now and find the
definitions of the following terms:
• Audit Risk
• Inherent Risk
• Control Risk
• Detection Risk
• Assertions
• Materiality
• Reasonable assurance engagement
• Limited assurance engagement
• Compilation engagement
• Agreed-upon procedures engagement
What other terms defined there will be helpful? Read them and highlight them for future reference.
Inherent Risk: Fraud vs. Error

Many inherent risks can result in both error and fraud risks. Where this occurs, list and assess the
fraud risk factors separately from the error risk factors. Otherwise it is possible that the audit response
will only address the error-risk element and not the fraud risk!
Separating the fraud risk element from a risk of error also enables the fraud to be assessed in relation
to all the other fraud risks identified. This may help to reveal an unusual pattern of events/transactions
for investigation, or an individual(s) with the motive, opportunity, and rationalization to commit fraud.
For example, a new accounting system may create potential for errors, but may also provide an
opportunity for someone to manipulate financial results or misappropriate funds (fraud risk).
Always assess the risk of fraud separately from the risk of error!
Materiality
320.8 The objective of the auditor is to apply the concept of materiality

appropriately in planning and performing the audit.
320.9 For purposes of the ISAs, performance materiality means the amount or
amounts set by the auditor at less than materiality for the financial
statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a
whole. If applicable, performance materiality also refers to the amount
or amounts set by the auditor at less than the materiality level or levels
for particular classes of transactions, account balances or disclosures.
320.10 When establishing the overall audit strategy, the auditor shall determine
materiality for the financial statements as a whole. If, in the specific
circumstances of the entity, there is one or more particular classes of
transactions, account balances or disclosures for which misstatements
of lesser amounts than materiality for the financial statements as a
whole could reasonably be expected to influence the economic
decisions of users taken on the basis of the financial statements, the
auditor shall also determine the materiality level or levels to be applied
to those particular classes of transactions, account balances or
disclosures.
320.11 The auditor shall determine performance materiality for purposes of

assessing the risks of material misstatement and determining the nature,
timing and extent of further audit procedures.
320.12 The auditor shall revise materiality for the financial statements as a
whole (and, if applicable, the materiality level or levels for particular
classes of transactions, account balances or disclosures) in the event of
becoming aware of information during the audit that would have caused
the auditor to have determined a different amount (or amounts) initially.
320.13 If the auditor concludes that a lower materiality for the financial
statements as a whole (and, if applicable, materiality level or levels for
particular classes of transactions, account balances or disclosures) than
that initially determined is appropriate, the auditor shall determine
whether it is necessary to revise performance materiality, and whether
the nature, timing and extent of the further audit procedures remain
appropriate.
320.14 The auditor shall include in the audit documentation the following
amounts and the factors considered in their determination:
(a) Materiality for the financial statements as a whole;
(b) If applicable, the materiality level or levels for particular classes of

transactions, account balances or disclosures;
(c) Performance materiality; and
(d) Any revision of (a)-(c) as the audit progressed.
Materiality addresses the significance of financial statement information to decisions made by the
users of the financial statements. Some matters, either individually or in the aggregate, are important
to people making an economic decision based on the financial statements, such as decisions whether
to invest in, purchase, do business with, or lend money to an entity.
When a misstatement (or the aggregate of all misstatements) is significant enough to change or
influence the decision of an informed person, a material misstatement has occurred. Below this
threshold, the misstatement is generally regarded as not material.
Overall Materiality
Overall materiality relates to the financial statements as a whole. It is based on what could reasonably
be expected to influence the economic decisions of the financial statement users, taken on the basis
of the financial statements. It would be changed during the audit if the auditor becomes aware of
information that would have caused him/her to have determined a different amount (or amounts)
initially.
Performance Materiality
Performance materiality is set at a lower amount than the overall materiality. Performance materiality
enables the auditor to respond to specific risk assessments (without changing the overall materiality),
and to reduce to an appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeding overall materiality. Performance materiality would be changed
based on audit findings (such as where a risk assessment was revised).
Typical ranges used in the calculation of overall materiality would be:
• 5- 10% of Net Income before Tax
• 0.5- 1% of Turnover
• 2% of Assets
• 5% of Equity
(Note – these are just a guidelines and are not prescriptive)
Performing the audit

200.15 The auditor shall plan and perform an audit with professional skepticism
recognizing that circumstances may exist that cause the financial
statements to be materially misstated.
200.16 The auditor shall exercise professional judgment in planning and

performing an audit of financial statements.
200.17 To obtain reasonable assurance, the auditor shall obtain sufficient

appropriate audit evidence to reduce audit risk to an acceptably low
level and thereby enable the auditor to draw reasonable conclusions on
which to base the auditor’s opinion.
200.21 To achieve the overall objectives of the auditor, the auditor shall use the
objectives stated in relevant ISAs in planning and performing the audit,
having regard to the interrelationships among the ISAs, to:
(a) Determine whether any audit procedures in addition to those

required by the ISAs are necessary in pursuance of the objectives
stated in the ISAs; and
(b) Evaluate whether sufficient appropriate audit evidence has been

obtained.
A risk-based audit has three key steps, as follows:
Risk Assessment Performing risk assessment procedures to identify and assess the risks of
material misstatement in the financial statements.
Risk Response Designing and performing further audit procedures that respond to identified
and assessed risks of material misstatement, at both the financial statement
and assertion levels.
Reporting This involves:
• Forming an opinion based on the audit evidence obtained; and

• Preparing and issuing a report that is appropriate to the conclusions
reached.
Risk Assessment (Read ISA 315)
Paragraph No. ISA Objective
315.3 The objective of the auditor is to identify and assess the risks of material
misstatement, whether due to fraud or error, at the financial statement
and assertion levels, through understanding the entity and its
environment, including the entity’s internal control, thereby providing a
basis for designing and implementing responses to the assessed risks of
material misstatement.
Risk Response (Read ISA 330)

330.3
The objective of the auditor is to obtain sufficient appropriate audit
evidence regarding the assessed risks of material misstatement, through
designing and implementing appropriate responses to those risks.
In this phase, the auditor considers the reasons (inherent and control risks) for the risk assessments
at the financial statement level and at the assertion level (for each class of transactions, account
balance, and disclosure), and develops responsive audit procedures.
The auditor’s response to the assessed risks of material misstatement is documented in an audit plan
that:
• Contains an overall response to the risks identified at the financial statement level;
• Addresses the material financial statement areas; and
• Contains the nature, extent, and timing of specific audit procedures tailored to respond to
the assessed risks of material misstatement at the assertion level.
Read ISA 300:9 and A12 for a further description of the audit plan.
The last point above, i.e. the nature, timing and extent of specific procedure, is referred to as the audit
approach. There will be an audit approach for every significant class of transactions, account balance,
and disclosure in the Annual Financial Statements.
The overall responses address assessed risks of material misstatement at the financial statement level
– see ISA 330 Para. A1, A2 and A3. Such responses would include the assignment and supervision of
appropriate personnel, need for professional scepticism, the extent of corroboration required for
management’s explanations/representations, consideration of the audit procedures to be performed,
and what documentation would be examined in support of material transactions.
Further audit procedures generally consist of:
• substantive procedures such as tests of details and analytical procedures, AND
• tests of controls (where there is an expectation that such controls have been operating
effectively during the period).
Again, see ISA 330.
Audit Strategy vs. Approach vs. Procedures (ISA 315 and ISA 330)
Audit procedures are the detailed responses i.e. the detailed substantive procedures and tests of
controls performed during the audit. Audit approach and audit strategy refer to more high level
planning of the audit and both involve (to different degrees) dealing with the broad nature, timing
and extent of audit procedures such as
• Risk Assessment;
• Understanding, evaluating, and testing controls (Nature);
• Planning substantive work, together with issues related to Expertise required and Timing
• Extent flows naturally because if an auditor tests controls extensively there would normally
be a reduction in the extent of substantive work
The distinction between “strategy”, “approach” and “procedures” is more semantic than real and
students should not be too concerned about the difference:
“Strategy” is essentially the “macro approach” as typically decided by the audit partner. “Strategy”
also generally deals with the audit as a whole.
Read ISA 300:8 and A8 for a description of audit strategy. (also look at the Appendix to ISA 300)
“Approach” deals with the same issues but tends to add more detail and would typically form the basis
of the audit plan as prepared by the audit manager. “Approach” generally deals with one balance or
flow of transactions.
“Procedures” is the Micro picture leading to specific detail – the detailed procedures themselves.
The audit approach involves the determination of the nature, timing and extent of audit procedures
designed to gather evidence concerning fair presentation of the financial statements. Ultimately the
audit approach deals with specific balances and classes of transaction at the assertion level and results
in the identification of specific audit procedures.
Some of the matters the auditor should consider when planning the appropriate mix of audit
procedures to respond to identified risks include the following:
• Use of tests of controls

o Identify relevant internal controls that, if tested, would reduce the need/scope for
detailed substantive procedures. As a general rule, the sample size for testing controls
is often significantly less than that of a substantive test of a transaction stream.
Assuming that the relevant controls operate consistently and control deviations are
unlikely, the use of tests of controls can often result in less work being performed.
However, there is no requirement that the operating effectiveness of internal controls
(direct or indirect) be tested.
o Identify any assertions that cannot be addressed by substantive procedures alone. For
example, this can often apply to completeness of sales in a small entity, and situations
where there is highly automated processing of transactions (such as Internet sales)
with little or no manual intervention.
• Substantive analytical procedures
These are procedures for which the total amount of a transaction stream can be reliably
predicted based on available evidence. This expectation is compared to the actual amount in
the accounting records, and the extent of any misstatement readily identified. In some cases,
if the assessed risk for a particular assertion is low (without considering related controls), the
auditor may determine that substantive analytical procedures alone would provide sufficient
appropriate audit evidence.
• Unpredictability
The need to incorporate an element of unpredictability in procedures performed. A typical

example would be procedures to address possible fraud.
• Management override
The need for specific audit procedures to address the potential for management override.
• Significant risks
The audit response to “significant risks” that have been identified.
Evaluation of misstatements
Once audit evidence has been obtained in terms of audit procedures performed, in compliance with
ISA 500 (Audit Evidence), the auditor’s responsibility is to evaluate the effect of identified
misstatements on the audit and of uncorrected misstatements, before forming an opinion.
An audit misstatement is a difference between the amount, classification, presentation, or disclosure

of a reported financial statement item and the amount, classification, presentation, or disclosure that
is required for the item to be in accordance with IFRS. Misstatements can arise from error or fraud.
The auditor needs to express an opinion on whether the financial statements are presented fairly, in
all material respects, or give a true and fair view. A material misstatement that remains uncorrected
by management will prevent fair presentation and therefore affect the audit opinion.
Reporting
700.6 The objectives of the auditor are:
(a) To form an opinion on the financial statements based on an

evaluation of the conclusions drawn from the audit evidence
obtained; and
(b) To express clearly that opinion through a written report that also
describes the basis for that opinion.
The final phase of the audit is to assess the audit evidence obtained and determine whether it is
sufficient and appropriate to reduce audit risk to an acceptably low level.
It is important during this phase of the audit to determine:
• Any change in the assessed level of risk;

• Whether conclusions drawn from the work performed are appropriate;
• If any suspicious circumstances have been encountered; and
• That additional risks (not previously identified) have been appropriately assessed and
further audit procedures performed as required.
A team debriefing meeting (towards or at the end of the fieldwork) is not a specific requirement of
the ISAs, but can be useful for staff to discuss the audit findings, identify any indications of fraud, and
determine the need (if any) to perform any further audit procedures.
When all procedures have been performed and conclusions reached:
• Audit findings should be reported to management and those charged with governance; and
• An audit opinion should be formed and a decision made on the appropriate wording for the
auditor’s report.
Note:
Please become familiar with the different reporting situations as required by ISA 700, 705 and 706,
together with the “Report on Other Legal and Regulatory Requirements” and “Other Matters”
paragraphs. It is recommended that in addition to reading these ISAs, students should practice the
examples provided therein and in their text book.
After all is said and done, what is the effect on the Audit Report? What will the management of the
company and the audit committee, i.e. those charged with governance, have to show to the
shareholders at the AGM? Are the financial statements that management have prepared credible?
Have they achieved “fair presentation”?
SAAPS 3 (Revised) Illustrative reports (Revised November 2013) is also very useful and provides many
illustrative examples of audit opinions and reports.
Stages of the Audit Process
There are four stages of the audit process:
• Pre-engagement Activities
• Planning the Audit
• Risk Response
• Evaluating and Concluding
We will address each of the above stages separately and explain how to answer the exam questions
related to each stage.
More detailed auditing notes
A Comment on Audit Risk

Audit risk is defined as the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. Audit risk is a function of the risks of material
misstatement (RoMM) and detection risk. In terms of the audit risk equation it is a function of RoMM
(inherent risk and control risk), and detection risk. Audit firms will set the audit risk they are willing
to accept prior to starting an engagement.
AR = RoMM x DR
Risk of material misstatement (RoMM) is the risk that the financial statements are materially
misstated prior to audit. This consists of two components, described as follows at the assertion level:
Inherent risk—The susceptibility of an assertion about a class of transaction, account

balance or disclosure to a misstatement that could be material, either individually or when
aggregated with other misstatements, before consideration of any related controls.
Control risk—The risk that a misstatement that could occur in an assertion about a class of
transaction, account balance or disclosure and that could be material, either individually or
when aggregated with other misstatements, will not be prevented, or detected and corrected,
on a timely basis by the entity’s internal control.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could be material,
either individually or when aggregated with other misstatements.
Remember that you can find these definitions and many others in the glossary to the ISA’s.
Students must understand the audit risk equation in order to understand the different stages of the
audit and the types of questions they could be asked with regards to each of these.
Never confuse Audit Risk with Business Risk!
Business risk refers to all risks which threaten the objectives of the business and ultimately
management’s objectives. Management’s objectives spread beyond the material misstatement of the
financial statements, and therefore business risks is a much broader concept.
When identifying business risks, the following thought process can be used:
1. Identify any threats to the operational internal control objectives apparent from the scenario.
This would require you to state what could go wrong to prevent the following objectives from
being achieved:
• Safeguarding of assets (avoiding theft, damage and loss)
• Economy of operations (minimizing costs)
• Efficiency of operations (minimizing use of resources, such as time)
• Effectiveness of operations (achieving the businesses’ long-term strategy)
• Availability (business resources are present and ready when needed during operating
hours) and continuity (operations are sustainable) of operations
• Compliance with legislation (be specific regarding the legislation which could be
breached).
• Confidentiality (sensitive information is protected from unauthorized users and use)
Integrity (Validity, Accuracy and Completeness) of financial information is not an operational

objective.
2. Identify any strategic threats to the business. In doing so it may be useful to think of the
following:
• PESTEL analysis (Political, Economic, Social, Technological, Environmental and Legal
analysis)
• SWOT analysis
• Porter’s Five Forces analysis
3. Identify any issues in the scenario that would suggest a risk of fraud and/or error in the financial
statements. All audit risks are also business risks but business risks which do not result in fraud
and/or error in the financial statements i.e. operational business risks are not also audit risks.
The diagram below may be useful in illustrating the point 3:
Operational
business risk (not
an audit risk)
BUSINESS RISK
Audit risk (Business risk
that affects the
integrity of financial
information)
You should always aim to make your solutions as specific as possible to the scenario and link risks to
possible financial loss or reduced profits. APPLY your risks to the scenario – leave out the generic risks.
Identifying Audit Risks

There are two levels at which audit risks occur:
• Risks at the overall financial statement level
• Risks at the assertion level
The auditor must identify and assess the Risks of Material Misstatement (RoMM) at both of these
levels. Why? Well, assessing the Risks of Material Misstatement (RoMM) at both of these levels
enables the auditor to provide a basis for designing and performing further audit procedures to
address these risks. Different approaches are required for identifying the two types of risk.
Risk at the overall financial statement level
Audit risks at the overall financial statement are those which could affect multiple account balances
or transactions. They relate pervasively to the financial statements as a whole and potentially affect
many assertions. Risks of this nature are not necessarily risks identifiable with specific assertions at
the class of transactions, account balance, or disclosure level. These can be summarized as follows:
• Inherent risks at the overall financial statement level :

- Risk of fraud (See ISA 240 Appendix 1 for examples)
- Risk of error (evidenced by incompetent accounting staff, reliance on technology, short-
staffing, having multiple locations etc.)
- Risk that the going concern assumption is not appropriate (See ISA 570: A2 for examples)
- Risk of non-compliance with legislation (dependent on the type of company involved –
identify the legislation that they would be expected to comply with)
- Risk of the going concern assumption not being appropriate
• Control risks at the overall financial statement level:

- Risk that the controls are not operating effectively (evidenced by management lack of
integrity, management override of controls, obvious control weaknesses, having multiple
locations, etc.)
• Detection risks at the overall financial statement level

- Risk that the auditor will not detect material misstatements (evidenced by tight audit
deadlines, engagement being with a new client, etc.
Students should read the scenario and identify any triggers (also caused risk factors) that suggest an
increase in any of the above risks. Students should also be comfortable with identifying triggers that
decrease RoMM if this is within the scope of the required (e.g. Competent accounting staff, effective
functioning internal audit). The use of the word “affects” would entail that students should deal with
triggers that increase and decrease RoMM. They should also identify which risks are within the scope
of the required – for example, if students are asked to identify the risks of material misstatement, they
would get no marks for listing detection risks.
Risk at the assertion level
Audit risks at the assertion level are those risks that affect a specific balance or transaction. These risks
are those that threaten the assertions that relate to that balance or transaction. Again, they could
include risks related to fraud and/or error.
Assertions are representations by management, explicit or otherwise, that are embodied in the
financial statements. They relate to the recognition, measurement, presentation, and disclosure of
the various elements (amounts and disclosures) in the financial statements. For example, the
completeness assertion relates to all transactions and events that should have been recorded having
been recorded. They are used by the auditor to consider the different types of potential
misstatements that may occur.
315.4(a) Assertions
Assertions—Representations by management, explicit or otherwise,

that are embodied in the financial statements, as used by the auditor to
consider the different types of potential misstatements that may occur.
When management makes a representation to the auditors such as “the financial statements as a
whole are presented fairly in accordance with the applicable financial reporting framework,” it
actually contains a number of embedded assertions.
These embedded assertions (by management) relate to the recognition, measurement, presentation,
and disclosure of the various elements (amounts and disclosures) in the financial statements.
Examples of management’s assertions include:
• All the assets in the financial statements are correctly valued in terms of IFRS;
• All sales transactions have been recorded in the appropriate period;
• All inventories stated actually do exist;
• Liabilities and payables represent proper obligations of the entity;
• All recorded transactions occurred in the period under review; and
• All amounts are properly presented and disclosed in the financial statements.
These assertions are often summarized by a single word such as completeness, existence, occurrence,
accuracy, valuation, etc.
Make sure you are familiar with the assertions and are able to correctly apply them when discussing
the appropriateness of some aspect of a class of transactions, an account balance or a disclosure item.
The assertions in the table below can be found in ISA 315 Para A124 (a) –(c).
ASSERTION CLASS OF ACCOUNT PRESENTATION
TRANSACTIONS BALANCES AND DISCLOSURE
OCCURRENCE √ √
COMPLETENESS √ √ √
ACCURACY √ √
CUT OFF √
CLASSIFICATION √ √
EXISTENCE √ √
RIGHTS (ASSETS ONLY) AND

OBLIGATIONS (LIABILITIES √ √
ONLY)
VALUATION AND
√ √
ALLOCATION
The assertions defined:
Transaction Assertions (Class of Transaction Balance Assertions (Account Balance
Accounts) Accounts)
Occurrence Existence
Risk that transactions included in the financial Risk that balances included in the financial
statements do not qualify for recognition in statements do not qualify for recognition in
terms of IFRS terms of IFRS
Completeness Completeness
Risk that not all the transactions which qualify Risk that not all the balances which qualify
for recognition in terms of IFRS are included for recognition in terms of IFRS are included
in the financial statements in the financial statements
Cut-off Rights and Obligations
Risk that transactions are recorded in the Risk that client does not have the risks and
incorrect period in terms of IFRS rewards of ownership for assets or
obligations for liabilities included in the
financial statements
Accuracy Valuation
Risk that transactions are recorded at the Risk that balances are not valued
incorrect amount as a result either of using appropriately in terms of IFRS, e.g.
incorrect inputs to calculations or making inventory not at the lower of cost and net
computational errors. realisable value.
Classification
Risk that transactions are incorrectly

classified in terms of IFRS, e.g. profit on
disposal as revenue
Presentation and Disclosure Presentation and Disclosure
Risk that transactions are incorrectly Risk that balances are incorrectly presented
classified in terms of IFRS, e.g. The sale of and disclosed in terms of IFRS, e.g. PPE
inventory is incorrectly disclosed as other incorrectly disclosed as investment
operating income. property.
Why do risks of material misstatement at the assertion level need to be considered? Well, because
such consideration directly assists in determining the nature, timing and extent of further audit
procedures at the assertion level necessary to obtain sufficient appropriate audit evidence. Assertion
level risks must be responded to by assertion level procedures.
Note that students need to be specific in stating assertion-level risks. This requires them to understand
the accounting treatment of the balance or transaction in question and to identify from the scenario
any threats to the correct implementation of this treatment (risk factors). Students must also be able
to recognize which accounting issues and risk factors impact which assertions.
In wording their risks, students should state both the risk factor from the scenario, why the risk factor
increases/decreases audit risk and the possible impact on the balance/transaction they are dealing
with. The level of detail and application required when identifying assertion-level risks is perhaps best
explained with an example from the revenue cycle:
- Stating that “there is a risk that revenue will be recorded at the incorrect amount” is not
sufficient;
- Instead, a student might state that ‘the price charged to customers is calculated using a
complex formula (risk factor) and there is therefore a risk that the incorrect price will be
recorded in the financial statements (why RoMM is affected), resulting in both the
possible overstatement and understatement of revenue (possible impact)”. This would be
sufficient.
In some cases risks at the overall financial statement level will have a direct impact on risks at the
assertion level. For example if there is a risk of fraudulent overstatement of profit or financial position
at the overall financial statement level then there will be an automatic risk of individual balances and
transactions being fraudulently overstated. Similarly if there is a risk of error at the overall financial
statement then this is likely to have an impact on the accuracy or valuation (for example) of individual
balances and transactions. Therefore, students should not forget to consider the possible impact of
overall financial statement level risks when identifying assertion-level risks.
Answering audit risk questions

In answering a question on audit risk, you should:
1. Read the required to determine whether you have been asked to identify audit risks at the
overall financial statement level, audit risks at the assertion level, or both.
2. If you have been asked to identify risks at the overall financial statement level, determine
whether you have been asked to address all elements of audit risk or a only part (e.g. inherent
risk, control risk, or detection risk).
3. If you have been asked to identify assertion-level risks, determine whether you are required
to identify risks related to all assertions or only some of them.
4. Read the scenario to identify any risk factors related to the type of risks you have been
required to address in terms of the above.
5. Lay out your solution in the most user-friendly way possible:

- For overall financial statement level risks break into risks of fraud, error, going concern,
non-compliance with legislation etc.
- For assertion-level risks break into risks per assertion
You should aim to cover a broader range of risks rather than giving too much detail about any specific
risks. You should also be aware that going concern risks are often capped at around 3 marks.
Audit Risks in the Computerised Environment

1. Risks related to access
• Uncontrolled access to data leading to duplication, corruption or manipulation of data
• Uncontrolled access to programmes leading to unauthorised changes of data
• Unauthorised changes to master files (standing data)
• Access through a third party such as a VANS or service provider
• Corruption of data by viruses
• Note that the risk of illegal access and abuse applies equally to external third parties
(“hackers”) and persons who do have authorised access but who might abuse that
access e.g. employees
2. Risks related to electronic transfer of data
• Unauthorised access through telephone lines, remote terminals, etc. - This may be
affected by weaknesses in network linkages, external service providers, data-
communications, etc, and could result in duplication, corruption or manipulation of
data on transfer from:
- Third parties; or
- Service providers
• Incomplete transfer of data (data could be destroyed or lost in transfer)
• Financial loss resulting from unauthorised or invalid electronic funds transfers
3. Staff-related risks
• Staff may have limited experience on computers
• Segregation of duties may be weaker
• Supervision is likely to be weaker in an on-line environment
4. Risks related to making changes to systems
• New systems do not always work properly on inception
• There may be issues related to staff training and experience
• Balances might be transferred incorrectly from one system to another.
5. Risks related to processing
• Multiple functions performed by single programmes
- Where systems are integrated, individual errors may affect different systems
• System generated transactions
- Uniform processing reduces the risk of clerical error; but may increase the risk of
consistent error
• Large volumes of transactions processed at high speeds:
- The number of transactions and the speed of processing increases the risk of
unidentified errors
- The inability of a system to cope with the volume of transactions could result in a
system’s “crash”, resulting in the loss or corruption of data
• Fraud risk related to electronic transfers and payment by credit card
6. Continuity risks
• Loss of data resulting in incomplete data
7. General risks
• Complexity of systems increases the risk of error
• Dependence on controls exercised by a third party (e.g. service provider) increases
the risk of fraud and errors
• Detailed knowledge of the computer system is often known only to a limited number
of people resulting in:
- Risk of undetected manipulation of data
- Going concern risk if key staff leave
Business risks in the Computerised Environment

1. Risks related to access
• Deliberate attacks by hackers ,resulting in system down-time and reputational
damage
• Unauthorised use of company data, resulting in reduced competitiveness or
reputational damage
• Breach of client confidentiality (through theft of credit card details etc.), resulting in
reputational damage
• Operations could be negatively affected by viruses resulting in lost profits
2. Operating risks
• The inability of the system to cope with volumes could result in poor customer service
• Non-compliance with software licence conditions may result in penalties and lost
profits
• Loss of control where third parties (service providers, bureaux) are involved
• Cost of complex systems may outweigh the benefits
Risk assessment procedures

So, how does the auditor actually DO the risk assessment? How does the auditor assess these risks of
material misstatement (RoMM) at both the financial statement and the assertion levels? Well, it is
done using procedures – called “Risk Assessment Procedures”.
These risk assessment procedures are audit procedures performed to obtain an understanding of the
entity and its environment, including the entity’s internal control, to identify and assess the risks of
material misstatement, whether due to fraud or error, at the financial statement and assertion levels.
Note that this means we can consider what the auditor does to assess audit risk as audit procedures.
We often mistakenly think that “audit procedures” relate to just tests of controls and substantive
procedures. This is not quite correct.
Audit procedures consist of:
• Risk Assessment Procedures: In order to assess IR and CR (RoMM)
• Tests of Controls for Operating Effectiveness (in response to RoMM assessed)
• Substantive procedures (in response to RoMM assessed)
So what do these Risk Assessment Procedures entail? How does the auditor assess RoMM during the
planning stage of the audit? The risk assessment procedures shall include the following:
1. Inquiries of management and of others within the entity that in the auditor’s judgment may
have information that is likely to assist in identifying risks of material misstatement due to
fraud or error.
2. Analytical procedures.
3. Observation and inspection.
These are the methods by which the auditor actually does the risk assessment.
Read ISA 315 Para 5 & 6.
Stages of the audit process

There are four stages of the audit process:
1. Pre-engagement activities
2. Planning the audit (Risk assemessment)
3. Risk-response
4. Evaluating, concluding and reporting
We will address each of the above stages separately and explain how to answer the exam questions
related to each stage.
Pre-engagement Activities
During the pre-engagement stage the “auditor” is not the “auditor” of the company – not yet at least.
The audit firm must determine whether or not to accept the new audit engagement or retain an
existing client (reappointment). After this decision is made, the audit firm must set the terms of
engagement in the engagement letter.
The following are some of the reasons why the auditor would not accept an engagement:
• There are threats to the fundamental principles in terms of the Code of Professional Conduct
so great that no safeguards could reduce them to an acceptable level.
• The auditor may not be independent of the company in terms of section 290 of the Code of
Professional Conduct.
• Accepting the engagement would contravene the Companies Act, such as section 90.
• The client appears to be so risky that no amount of audit testing could reduce audit risk to an
acceptable level.
ISAs related to this stage
• ISQC 1 - Quality control at firm level
• ISA 210 - Agreeing the terms of audit engagements
• ISA 220 - Quality control at audit level
Exam questions related to this stage

You would be expected to be able to list the considerations or procedures you would perform when
accepting an audit engagement as well as – and this is very important – APPLY the facts given in a
scenario to the pre-engagement considerations.
The following procedures and considerations should be performed before accepting an audit
engagement:
1. Perform a client investigation, considering the following:

- Whether the firm is independent of the client, and whether there are any threats to the
fundamental principles outlined in the Code of Professional Conduct
- The client’s business standing, the integrity of management and the apparent riskiness of
the client (this is a high level risk assessment. A more detailed assessment is performed
during planning).).
- Consider management’s commitment to corporate governance principles (this is also
performed at a high level. A more detailed assessment is performed during planning).
- Whether the client’s audit committee nominated the firm and approved any non-audit
services in terms of S94
- Where it is a new client, whether the previous auditors were legally dismissed in terms of
the Companies Act
- Whether there is any conflict of interest with the firm’s existing clients or other
engagements
- Whether the client is able to pay the audit firm on time
2. Consider whether the firm has the necessary knowledge, skills, time and staff to conduct the
audit and obtain reasonable assurance that the financial statements are fairly presented, as
required by the Code of Professional Conduct.
3. Where the firm is replacing an existing auditor:

- Request permission from the client to communicate with the existing auditor
- Once permission has been granted, enquire of the existing auditor whether there is any
reason not to accept the engagement, treating all information received in the strictest
confidence
- If the client refuses to give permission, decline to accept the engagement
(From section 210 of the Code of Professional Conduct)
4. If the audit is accepted, the auditor should confirm the engagement and conditions in an
engagement letter which:
- Outlines management and the auditor’s responsibilities with regards to the audit
- Specifies any non-audit services to be performed by the auditor
Prior to accepting the audit, we would have:

• Considered whether accepting the client meets the firm’s criteria for professional
relationships (e.g. integrity of management, etc.)
• Assessed our independence. (SAICA CPC S.290)
• Considered any conflict of interest with existing clients. (SAICA CPC S.220)
• Assessed whether we have the necessary competence, time and resources to perform the
audit. (SAICA CPC S.130/ISA 220R)
• Informed the client that we cannot accept appointment until the client has informed their
existing auditors of their intention to change and given them permission to discuss their affairs
with us. (SAICA CPC S.210)
• Obtained consent to communicate with the existing auditors. (SAICA CPC S.210)
• After the client had informed the existing auditors, we would have communicated with the
existing auditors and enquired whether there was any professional reason which would
prevent us from accepting appointment. (SAICA CPC S.210)
• Considered the terms of the engagement, discussed these with the client and, in due course,
prepared an engagement letter. (ISA 210 Para 9 – 10)
• Assessed whether the Companies Act requirements related to our appointment were met.
(Companies Act S.85(3) and S.90).
• We should not have taken any steps to secure appointment.
Planning the Audit

During the planning stage the auditor would do the following:
1. Obtain an understanding of the client’s business and industry.
2. Obtain an understanding of the client’s systems and control environment.
3. Assess the client’s risk of material misstatement, at the overall financial statement and
assertion level.
4. Set planning materiality.
5. Determine the audit strategy and approach, and document these in the audit plan and
programme.
In terms of ISA 300 (planning an audit of financial statements), the following constitutes planning:
1. Establish an overall audit strategy that sets the scope, timing and direction of the audit, and
that guides the development of the audit plan.
2. Develop an audit plan that shall include a description of:
a. The nature, timing and extent of planned risk assessment procedures, as determined
under ISA 315.
b. The nature, timing and extent of planned further audit procedures at the assertion
level, as determined under ISA 330
c. Other planned audit procedures that are required to be carried out so that the
engagement complies with ISAs.
Based on the above we see clearly that planning an audit requires (1) a risk assessment (RoMM), then
(2) establish the audit strategy, then (3) plan responses to those risks through appropriate audit
procedures (nature/timing/extent). That is audit planning in a nutshell.

• ISA 240 - Auditor’s responsibilities relating to fraud
• ISA 300 - Planning an audit of financial statements
• ISA 315 - Identifying and assessing the risks of material misstatement through understanding
the entity and its environment
• ISA 320 - Materiality in planning and performing an audit
• ISA 330 – The auditor’s responses to assessed risk
Calculating Planning Materiality

Materiality is a very important part of the audit process as it helps the auditor to judge what is and
what is not quantitatively and qualitatively material. The auditor often makes judgments about the
size of misstatements that will be considered material. These judgments provide a basis for:
• Determining the nature, timing and extent of risk assessment procedures;
• Identifying and assessing the risks of material misstatement; and
• Determining the nature, timing and extent of further audit procedures.
There is a difference between “materiality” and what is called “performance materiality”. Materiality
refers to the overall level of materiality set in the planning stage for the financial statements as a
whole. It is one number applied to the financial statements as a whole. However, performance
materiality means the amount or amounts set by the auditor at less than materiality.
Why would the auditor want to set a lower level of materiality than the planning materiality figure?
• To reduce to an appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds materiality for the financial statements as a whole;
and/or
• To set an amount lower than materiality for particular classes of transactions, account
balances or disclosures. This means “revenue” for example, could have a lower materiality
set (called performance materiality) compared to the overall materiality figure. Why? Well,
there could be one or more accounts that the auditor expects to influence the economic
decisions of users more so than other accounts. Therefore it makes sense to set a lower level
of materiality for that account(s).
When calculating materiality the auditor attempts to set a Rand value at which an amount will be
considered ‘quantitatively material’ to the financial statements. The auditor can use the following
ranges as indicators of materiality:
Statement of
Comprehensive Income
indicators
Turnover 0.5% - 1%
Gross profit 1% - 2%
Net profit before tax 5% - 10%
Statement of Financial
Position indicators
Total assets 1% - 2%
Equity 2% - 5%
You should use the following structure and rationale to assess materiality:
1. Eliminate any of the indicators which may be considered unstable (i.e. figures which tend to
fluctuate)
2. Determine whether to use the statement of financial position figures, the statement of
comprehensive income figures or both. This would require you to decide which figures are
most significant and which ones the users of the financial statements would find most useful.
- You may wish to use only the statement of financial position figures because they are
larger or because the bulk of the company’s value is in its assets rather than its revenues
(e.g. an investment company)
- You may wish to use only the statement of comprehensive income figures because they
are larger or because the bulk of the company’s value is in its revenue stream rather than
in its assets (e.g. a services company)
- In most cases, however, you will conclude that both are significant and useful to users
3. Determine whether you should use the actual figures, budgeted figures or prior-year figures.
- If it appears that the company will meet its budget use these figures for the statement of
comprehensive income indicators, however, budgeted figures may not be reliable
(especially if previous budgets have not been reliable).
- Prior year figures may be suitable because they have been audited and are therefore free
from material misstatement. However, prior year figures may not be representative of
the current performance experienced by the entity.
- The use of the actual figures may be more appropriate as the current performance of the
entity is considered, however, actual figures have not yet been audited and may contain
material misstatements.
Explain your reasoning for each of the above steps. All answers are considered as long as it is well
justified and reasonable.
4. Based on steps 1-3 calculate materiality ranges on the remaining indicators. This will give you
a range of possible materiality figures.
5. Conclude on a specific estimate of materiality and give reasons for your chosen figure
- Eliminate any obvious outliers
- Planning materiality is usually conservative and you would therefore usually choose a
figure on the lower end of your results
- Materiality would also be more conservative for a high-risk client. Therefore if you have
identified any risk indicators, set materiality at the lower end of your results
- Materiality should reflect the amount that is likely to affect a user’s judgment. This
requires some judgment.
For example:
If a possible range of materiality was between R500 000 and R1 000 000, one would be
inclined to assess materiality at R500 000 as the figure may well be large enough to affect
a user's judgment.
However, if a possible range of materiality was between R500 and R1 000, one would be
inclined to assess materiality at R1 000 as the figure so small that it is hard to believe that
any user's judgment would be affected.
Determining Audit Strategy and Audit Approach

ISA 300 requires auditors to plan the audit so that it will be performed in an effective manner. This
includes performing risk assessment procedures (covered earlier) and determining the audit
strategy and audit approach. The decisions made during the planning stage are documented in the
audit plan and the audit programme.
Audit strategy - ISA 300 Appendix (Considerations in Establishing the Overall Audit Strategy)
Please read through this very helpful appendix!
The audit strategy sets out a broad overview of how the audit will be performed at the overall financial
statement level. It sets out the scope, timing and direction of the audit and determines the resources
that will be required by the auditors.
Audit strategy consists of the following considerations:
The resources to deploy for specific audit areas, such as

• The use of appropriately experienced team members for high risk areas or the involvement of
experts on complex matters;
• The number of team members assigned to observe the inventory count at material locations,
the extent of review of other auditors’ work in the case of group audits,
• The audit budget in hours to allocate to high risk areas;
• When these resources are to be deployed, such as whether at an interim audit stage or at key
cutoff dates; and
• How such resources are managed, directed and supervised, such as when team briefing and
debriefing meetings are expected to be held,
• How engagement partner and manager reviews are expected to take place (for example, on-
site or off-site), and whether to complete engagement quality control reviews.
The Appendix lists examples of considerations in establishing the overall audit strategy. Once the
overall audit strategy has been established, an audit plan can be developed to address the various
matters identified in the overall audit strategy, taking into account the need to achieve the audit
objectives through the efficient use of the auditor’s resources. The establishment of the overall audit
strategy and the detailed audit plan are not necessarily discrete or sequential processes, but are
closely inter-related since changes in one may result in consequential changes to the other.
The scope of an audit is range of activities covered by that audit. Factors that will affect the scope of
an audit include:
• Whether the audit is statutory or voluntary audit
• Whether the client is listed
• The number of locations and components that need to be audited
• Whether other auditors will need to be involved (e.g. in a group environment where
subsidiaries and parents are audited by different parties)
• Whether the client has an internal audit function that can be relied upon
• Whether the client uses complex information technology systems
• Whether specialist knowledge is required
Factors that will affect the overall timing of the audit include:
• The company’s interim and year-end deadlines
• The client’s availability for meetings
• The size, complexity and number of locations of the client
• The extent and complexity of computerisation at the client
The direction of an audit is the focus of the audit, e.g. which issues, balances and transactions the
auditor will focus on. Factors that will affect the direction of the audit include:
• The significant risks identified during the risk assessment procedures
• The materiality of different issues, balances and transactions
• Evidence of management’s commitment to a sound system of internal control
• Significant business developments and affecting the entity
The above issues will determine the resources required for the audit, e.g. the number of staff, the
experience of staff, the need to use experts etc.
Audit Approach and Audit Plan

The audit approach and audit plan sets out how the audit will be performed at the assertion level.
The audit approach takes into account the nature of the audit procedures, whether a combined audit
approach or a substantive audit approach will be carried out.
The audit plan involves determining the nature (from the audit approach), the timing, and extent of
audit procedures to be carried out per balance or transaction.
Nature
The nature of the procedures to be carried out refers to how the auditor will obtain audit evidence to
reduce audit risk to an acceptable level. There are two types of audit evidence that can be used:
• Evidence from substantive procedures
• Evidence from tests of controls
The auditor must always do some substantive testing but may choose to place some reliance on a
client’s internal controls (by testing that these controls are effective). The auditor therefore has the
choice of using a fully substantive approach or a combined approach. Testing controls is quicker and
utilises fewer resources than substantive testing, and auditors will often prefer to use a combined
approach if possible.
When determining the nature of audit procedures the auditor must consider the necessity, possibility,
and desirability of placing reliance on a client’s internal controls and of testing controls.
Placing reliance on controls over a specific balance or transaction will be necessary if:
• There is a very large volume of transactions
• Transactions are highly complex
• There is no visible audit trail to audit (will need to test general IT controls)
• Transactions are computer-generated (will need to test general IT controls)
Placing reliance on controls will only be possible if:

• There are controls in place which, if effective, would ensure the integrity of financial
information
• The control environment of the client appears to be effective
• We have the necessary staff and resources to test controls
If it necessary but not possible to place reliance on controls it will not be possible for the auditor to
obtain sufficient appropriate audit evidence from test of controls.
Even if it is not necessary to place reliance on controls it will be desirable to do so if:

• Testing controls will provide a cost-benefit to the audit firm (usually the case)
• Testing controls will provide an opportunity to give value-added advice to clients
• Testing controls will provide an opportunity to train staff
• The client has specifically requested the auditor to test control or there is an expectation that
they will do so
• Specific control weaknesses were identified in the previous audit and the client has
undertaken to amend them
• The auditor needs to audit the corporate governance statement on the effectiveness of
internal controls
• The auditor can rely on previous years’ tests of control. This will be the case if:
o The control system and personnel have not changed since the last test
o The controls were last tested within the previous three years
o The controls are not over a significant risk
o Controls were found to be effective during the previous test
Timing
The auditor must determine when to perform audit testing on the given balance or transaction. The
following consideration will apply:
• If there are tight audit deadlines roll-forward may be necessary for transactional testing
• If the client is high-risk, procedures may be done close to the year-end
• If the client has outsourced its functions the availability of data will impact the timing of
procedures
Extent
The extent of testing will be influenced by the following factors:

• High-risk clients will require extended testing and larger sample sizes
• If the client’s systems change during the year the auditor may have to test both systems
• The use of CAATs may enable the auditor to test the whole population instead of a sample
The audit approach and audit strategy are documented in the audit plan. The plan is used to create a
detailed audit programme which lists the specific procedures that will be carried out during the audit.
Here is a good question to ask:
“What is the difference between Audit Strategy, Audit Plan and Audit Approach? These terms often
come up in questions!”
Here is a brief explanation of 3 commonly misunderstood terms (Audit Strategy, Audit Plan and Audit
Approach):
Audit Strategy:
• ISA 300:7 - The auditor shall establish an overall audit strategy that sets the scope, timing and
direction of the audit, and that guides the development of the audit plan.
• Overall level, not account by account - this means it only refers to overall/audit level
considerations - not considerations at an account level.
• Scope (Such as geographic locations of the client, or entities to be included in a consolidation),

Timing (Will there be an interim audit performed? How much audit work will be done at
interim vs final? When are the subsidiary year-ends so we can plan the inventory counts?) and
Direction (Does the client have sufficient general controls, IT controls, commitment to risk
management, integrity, etc. to allow us to rely on controls during the audit?). Notice that all
these considerations are high level.
• Resources (what staff and skills/experience will be needed for this audit?)
• Guides the making of the audit plan.
• ISA 300: Appendix “Considerations in Establishing the Overall Audit Strategy”
Audit Plan:
• This is all the procedures planned plus detail about when (timing) we will perform them and
the extent of them.
• The Nature, Timing and Extent of all planned procedures, contained in a document called
"the audit plan" - contains everything we plan to do in the audit. It is the blueprint for the
audit and contains all detailed procedures and decisions that guide the procedures.
Audit Approach:
• This is quite different. What approach will we take for each account? This is assertion level -
account level. Will we take a combined approach over revenue or a substantive approach over
revenue - and why?
• Audit approach is a decision about whether or not we will test controls over the account in
question. And once we have decided on this (i.e. the NATURE of our procedures over this
account), what procedures will we perform?
• It is not overall level - it is the NATURE of the account level procedures to be performed.
• ISA 330:A4 - The auditor’s assessment of the identified risks at the assertion level provides a
basis for considering the appropriate audit approach for designing and performing further
audit procedures. For example, the auditor may determine that:
(a) Only by performing tests of controls may the auditor achieve an effective response to the
assessed risk of material misstatement for a particular assertion;
(b) Performing only substantive procedures is appropriate for particular assertions and,
therefore, the auditor excludes the effect of controls from the relevant risk assessment. This
may be because the auditor’s risk assessment procedures have not identified any effective
controls relevant to the assertion, or because testing controls would be inefficient and
therefore the auditor does not intend to rely on the operating effectiveness of controls in
determining the nature, timing and extent of substantive procedures; or
(c) A combined approach using both tests of controls and substantive procedures is an
effective approach.
• However, as required by paragraph 18, irrespective of the approach selected, the auditor
designs and performs substantive procedures for each material class of transactions, account
balance, and disclosure.
Systems of Internal Control in the Planning Stage
During the planning stage the auditor is required to assess control risk and to determine whether or
not to place reliance over a client’s system of internal control (part of the audit approach). In order to
do this the auditor must have a thorough understanding of the internal control objectives and the
types of controls that should be in place at the client to achieve these objectives.
If there are control weaknesses in the client’s systems this will result in a higher control risk and is
likely to result in the auditor taking a fully-substantive audit approach.
Common Exam Questions

Students may be asked to:
• State the internal control objectives for a given system or function/stage within such a system
• Design a system of internal controls for a given business cycle, e.g. sales cycle;
• Identify risks in a system and make recommendations for improvement;
• Criticise an existing system of control;
• Assess the control risk for a given transaction;
• Describing the general IT controls that should be in place over a computerised system
Functions and Stages in Cycles

Routine transactions are generally processed through a number of stages or functions, each of which
is responsible for a specific task. A transaction is recorded on a series of documents as it progresses
through each of these functions.
Students are expected to know the functions and documents for the following types of transaction:
1. Revenue
2. Purchases
3. Payroll
Revenue cycle
Functions and documents in the revenue cycle - credit sales
Function Document
Credit authorization Credit application and approval form/ debtor’s

age analysis
The credit authorization function must
determine that a prospective customer is able to When a customer purchases goods on credit
pay for goods and services ordered. Failure to from the company for the first time, there
perform this function properly may result in should be a formal procedure for investigating
debt losses. In many companies, customers have the creditworthiness of the client. The results of
pre-set credit limits, based on their profile. this procedure should be documented on an
approval form, which is usually the same
document on which the prospective customer
applied for credit.
This function is also responsible for monitoring
customer payments. In many cases delinquent A debtor’s age analysis shows how long debts
debtors are handed to a debt collection agency. have been outstanding, and allows a company to
identify any non-paying customers and debts
that need to collected.
Ordering Sales order
This function is the entry of new sales orders This document includes the description,
into the system. It is important that sales or quantity and quality of the goods or services
services be consistent with management’s being ordered by the customer.
authorisation criteria before entry into the
revenue process.
Ordering may be done by telephone, over the

internet, or in person through a salesperson.
Delivery/dispatch and receipt Pending order note and dispatch/delivery

note/ goods returned note
The deliver/dispatch function must ensure that
customer orders are filled with the correct A pending order note is a list of all customer
product and quantities. This function is often orders for which processing has not been
completed within a specific department. completed. This report should be reviewed daily
or weekly by management, and old orders
investigated.
A delivery/dispatch note contains information

on the type of product shipped, the quantity
dispatched and other relevant information. A
copy is sent to the customer, while another copy
is used to initiate the invoicing process.
A goods returned note evidences the receipt of

returned goods from customers.
Invoice processing Sales invoice/ credit note
The main responsibility of this function is to A sales invoice is used to invoice the customer.
ensure that all goods dispatched and all services It is typically the source document that signals
provided are invoiced at authorised prices and the recognition of revenue.
terms.
A credit note evidences the reversal of a sale as
This function is also responsible for handling a result of a return of goods by a
goods returned for credit. A credit note should customer/errors made on the invoice.
not be issued unless goods have been returned
or the client has been charged incorrectly. A
receiving document/the original invoice
indicating the error should be issued by the
receiving/invoicing department to evidence this.
Cash receipts Remittance advice and deposit slip
This function must ensure that all cash receipts This documents the receipt of cash or credit-
are properly identified and deposited intact at card payments from credit customers.
the bank. Increasingly, customers pay with
credit cards as opposed to cash. Depositing of cash at the bank should be
performed by a separate person, and should be
documented on a deposit slip.
Accounting Sales journal, trade receivable subsidiary

ledger and cash book
The trade receivable department is responsible
for ensuring that all invoices, cash receipts and When goods are sold or services rendered,
credit notes are recorded in the trade either the trade receivables records or cash
receivables records. book is debited, and the sales journal is credited.
Functions in the revenue cycle - cash sales

• For cash sales, there are no ordering or delivery/dispatch functions. Instead, goods are taken
from the store when they are paid for.
• ‘Invoicing’ is instantaneous, and instead of using a customer invoice a sales docket or receipt
is used. The customer receives one copy and the entity keeps the other.
• When payment is received (cash or credit card) the till should automatically update a till roll,
which records all amounts of cash received.
• Returns are also instantaneous, and are usually recorded on a returns note. The till will record
the fact that cash has been removed (or a credit card payment made).
• Reconciliations are made between till rolls, cash and credit card slips, and sales receipts at the
end of every day.
Purchases cycle
Functions and document in the purchases cycle
Function Document
Requisitioning Purchase requisition
At this stage an authorised individual requests This document requests goods or services for an
goods and services. For example, the secretary authorised individual or department within the
may request to purchase a new printer. The entity. The requisition is sent to the purchasing
important issue at this stage is the request function.
meets the authorisation procedures
implemented by the company.
Purchasing Purchase order
The purchasing function executes properly This document includes the description,
authorised purchase orders from the purchase quantity and quality of the goods or services
requisitions received. The function is normally being purchased. The purchase order also
performed by a purchasing department. It indicates who approved the transaction and
ensures that goods are acquired in appropriate represents the authority to purchase goods or
quantities and at the lowest price consistent services. The order is sent to the supplier.
with quality standards and delivery schedules.
Receiving Goods received note
The receiving function is responsible for This document is used to control payment for
receiving, counting and inspecting goods goods and services. It serves as the basis for
received from suppliers. recording a supplier’s invoice and processing an
entry in the purchase journal.
Invoice processing Supplier invoice
The accounts payable department processed This document is the invoice from the supplier.
invoices from goods received notes to ensure The supplier invoice includes the description and
that all goods and services received are recorded quantity of the goods delivered or services
as assets or expenses and that the provided, the price, the terms of trade and the
corresponding liability is recognized. This date invoiced.
function involves matching purchase orders to
supplier invoices as to terms, quantities, prices
and extensions.
This function is also responsible for purchased

goods returned to suppliers. Appropriate
records and control activities must document
the return of goods and initiate any changes
back to the supplier.
Payments Cheque stub or cash deposit slip
This function is responsible for payment for

goods and services. Adequate supporting
documentation must verify that the payment is These documents record the sending of a
for a legitimate business purpose and that the cheque to the supplier or the deposit of cash
transaction was appropriately authorised. into the suppliers’ bank account.
NOTE: Students should also be aware that

payments can also be done electronically, via an
electronic funds transfer (EFT)
Accounting Purchase journal, trade payable subsidiary

The trade payable department is responsible for
ensuring that all supplier invoices, cash When goods or services are purchased, the
payments and adjustments are recorded in the purchases journal is debited, and either the
trade payable records. trade payable records or cash book are credited.
Payroll cycle
Functions and documents in the payroll cycle
Function Document
Human resources Employment contract
The human resource function is responsible for This document outlines the roles and
managing the personnel needs of the responsibilities of employees, their expected
organisation. This includes hiring and firing working hours and their wage or salary rates. If
employees, setting wages and salaries, and any of these change, the contract will need to be
establishing and monitoring employee benefit redrafted.
programmes.
Supervision and timekeeping Time cards / clock cards / time sheets
Supervisors within operating departments are These documents record the hours worked by
responsible for reviewing and approving the employee, including the time the employee
employees’ attendance and time information. has started and stopped work. In some cases the
This information is used to create documents employee fills in the time worked; in other cases
that record the hours worked by employees. the employee swipes an employee ID card into
an electronic keypad when they arrive and leave
work, in which case the computer computes the
time worked.
Payroll processing Payroll register (and masterfile amendment

form in a computerised environment)
This function is responsible for recording
payments to be made, and computing gross pay, This document summarizes all payroll payments
issued to employees. It normally indicates gross
deductions and net pay. pay, deductions, and net pay. In an IT
environment, the details for this document are
In many cases this function is outsourced to a maintained in the payroll master file.
third party, in which case the entity is reliant on
the controls in place at the outsourcer.
Payments Cheque stubs / cash received register/

uncollected wage register/ electronic payment
This function is responsible for paying confirmation
employees for services and benefits. Payments
may be done via cash/cheque, or electronically These documents evidence the amounts paid (or
via electronic funds transfer (EFT) not) by the entity. When payments are done by
cash, employees sign a cash received register. If
wages are not claimed, this is recorded in an
uncollected wage register. When payments are
made by cheque, the company additionally
keeps the cheque stubs. Finally, when payments
are made electronically, this is recorded in an
electronic confirmation received from the bank.
Accounting Payroll ledger, accounts payable subsidiary

The other payables department is responsible
for ensuring that all accruals, payments and When services are rendered, the payroll ledger
adjustments are recorded in the other payable is debited, and either the others payable is
record or the cash book. credited. When payment is made, the cash book
is credited and other payable is debited.
The Internal Control Objectives

Management has certain objectives when running their business. These can be divided into objectives
regarding the integrity of financial information and objectives regarding the operations of the
business.
The auditor is concerned only with controls that achieve the integrity objectives. These objectives
correspond to the auditing assertions for transactions as follows:
Internal control objective Related transactional Difference

assertion(s)
Validity Occurrence Occurrence does not take

into account management
- Transactions are - Transactions are policy. A transaction can
genuine genuine and meet be outside management
the IFRS recognition policy (i.e. not valid) but
- Transactions are in
terms of criteria still have occurred.
management policy
Accuracy Accuracy None
- Transactions are - Transactions are

recorded at the recorded at the
correct amount correct amount
- Transactions are Classification

recorded in the
correct account - Transactions are
recorded in the
- Transactions are correct account and
correctly classified, correct classified
summarized and
posted
Completeness Completeness The auditor is not

concerned with when
- All valid transactions - All transactions that transactions are recorded
are recorded meet the IFRS as long as those
recognition criteria transaction are all
- Transactions are are recorded recorded in the correct
recorded in the accounting period. i.e. if a
correct accounting Cut-off sale took place in June but
period is only recorded in
- Transactions are November, the auditor
- All transactions are recorded in the will not be concerned as
recorded timeously correct accounting long as the revenue for
period the year is all recorded
(assuming a year end of
December).
Exam technique
1. Students must express the objectives in a manner specifically applicable to the information
given in the question. For example, in a wages system the objectives would be:
General Objective Objective specific to wages

(Related assertion in
parenthesis)
Validity: Staff employment and termination is in terms of management policy.
Wage rates and time worked time worked (especially overtime) is in
In terms of management terms of management policy.
policy
Validity: Wages are paid to genuine employees for time actually worked for
the benefit of the company.
Genuine transaction
(Occurrence)
Accuracy Employees are paid for the correct hours,

(Accuracy) at the correct rates of pay,
after deducting accurate payroll deductions,
and payroll calculations are correct.
Recording Payroll costs are accurately recorded in the accounting records.

(Accuracy and Classification)
Classification Payroll costs are processed to the correct general ledger accounts.
(Classification)
Completeness All payroll related costs are recorded (Note that this applies
(Completeness) specifically to deductions and amounts payable to the authorities,
such as Employee’s tax and UIF).
Cut off Payroll related costs are recorded in the correct period (This applies
(Cut off) specifically to payroll related provisions such as leave pay, bonus
provisions etc.
Note how specific each objective is in terms of application to the system.
2. When stating the internal control objectives, students should read the required carefully to
determine whether they are expected to apply the objectives to the whole system or to a
specific function/stage within the system.
For example, if students were asked to state the internal control objectives related to the
timekeeping function of the payroll system they would refer directly to the number of hours
recorded rather than to payroll costs. Students are expected to know what information is
recorded by each function.
Relationship between RISKS, CONTROL and WEAKNESSES

In order to achieve their internal control objectives management must first identify any threats to
these objectives (i.e. risks). They must then design controls to mitigate the risks identified. Any risk
that is not mitigated by controls is called a weakness.
Because the internal control objectives are so similar to the transactional assertions, the same process
used to identify transactional audit risk can be used to identify threats to the internal control
objectives for a business cycle. However, students would also need to add risks related to transactions
not being in terms of management policy.
Designing a System of Controls

In order to design a system of controls, students should do the following:
1. Identify the functions/stages of the cycle for which are required to design controls, and the
person responsible for each;
- In a purchasing system for example the functions might be ordering, receipt, recording
the invoices, and accounting.
- In a hairdressing salon however they might be booking, styling (a.k.a. performing the
service), cash payment, and accounting.
2. Identify the documents used in each function/stage of the cycle
- In a purchasing system for example the documents would be an order form; goods
received note, a supplier invoice and the purchases journal.
- These documents could be either manual (hard-copy) or computerised.
3. Identify the type of information that would be recorded on each document. These would
usually fall into the following categories:
Person - The person with whom the business has transacted
Price - The price per unit of goods or services in the transaction

(remember VAT also forms part of the price)
Quantity - The quantity of goods, services, or hours in the transaction
Description - Description of the goods or services to which the transaction

relates.
Date - The timing of the transaction.
Total Value - Quantity X Price
All of the above would need to be checked for accuracy, either manually or by
computer.
4. For any manual (i.e. hard-copy) documents, the following controls should be in place:
- The document should be authorised by the person responsible for the stage/function and
evidenced by a signature (validity);
- The document should be ‘checked’ for authorisation by the person responsible for the
next stage (validity)
- The document should be ‘checked’ for accuracy by the person responsible for the next
stage (accuracy)
- The document should be sequentially numbered and regularly sequence-checked by the

person responsible for the next stage (completeness)
NOTE: for the above, you should state the name or the title of the person who should be
performing the control.
5. For any computerised systems, the following application controls should be in place:
- Access controls should be in place to prevent unauthorised staff from accessing the
system (validity);
- Edit-validation checks should be programmed into the system (all objectives);
- Controls that minimise human input (accuracy);
- Management computer controls (all objectives);
- Masterfile update controls should be in place over all masterfiles
Refer to the detailed notes at the end of this section for more detail on the above controls
6. The following overall (SCRUM) controls may also be relevant:
- Segregation of duties between the different functions/stages - if you see from the
scenario that the same person is responsible for multiple stages, you should re-allocate
the staff so that these duties are segregated (validity);
- Custody of assets (validity);
- Reconciliations (all objectives);
- Unused document controls (validity);
- Management general controls (all objectives)
Refer to the detailed notes at the end of this section for more detail on the above
controls
Exam technique
1. Students should read the required carefully to determine which functions/stages are within
the scope of the question. For example, if students are asked to design controls over the
ordering of goods then there would be no marks awarded for listing controls relating to
payment for goods etc.
2. Students should also read the required to determine whether they are required to design
controls over all objectives or whether they are only required to design controls over a specific
objective.
Identifying Internal Control Weaknesses and making Recommendations

When asked to identify control weaknesses students should:
1. Identify risks to the internal control objectives for the given system
2. Check to see if there are any controls in place to mitigate these risks
3. If there is no control to mitigate a specific risk then the risk is a weakness
When asked to make recommendations students should list controls that would achieve the internal
control objective to which the weakness relates. For example if the weakness related to fictitious
transactions being processed, a student would be expected to recommend controls over validity.
Exam technique
Students should never explain a control weakness by stating that certain controls are missing. Instead,
students should state what could go wrong as a result of ‘missing’ controls. If, for example, purchase
orders are not authorised, the weakness would be that orders may not be in terms of management
policy. The lack of authorisation is not a weakness in itself! Students may find it helpful to write all
weaknesses as follows: “the risk is that…”
Note that a similar approach would be used when criticising an existing system of controls. When
doing this, students would be expected to identify weaknesses in the current system of controls and
then list the controls required to overcome these weaknesses.
Assessing Control Risk

Control risk is the risk that a material misstatement that could occur in an assertion about a class of
transaction, account balance or disclosure to a misstatement that could be material, either
individually or in aggregate, will not be prevented, or detected and corrected, on a timely basis by the
entity’s internal control (see Glossary). Control risk is decreased by having strong controls in place. It
is increased by having obvious control weaknesses.
Exam technique
When assessing control risk for a specific balance or transaction, students should use the following
approach:
1. Identify controls that are already in place over the balance or transaction and state that these
controls reduce the control risk
2. Identify the control weaknesses in the system and state that these increase the control risk.
Describing IT General Controls (ITGC)

General IT controls are those in place over the entire computerized environment. These controls are
essential and if they are not implemented then the integrity of all computerized information will be
compromised. Thus the operational effectiveness of computerized application controls is completely
dependent on the functioning of the general IT controls.
The following general IT controls should be in place over all computerized systems:
1. Control environment and security

• Management should lead by example and behave in an ethical manner
• Management should be fully committed to risk management
• Management should communicate and enforce the importance of good controls to all IT
staff
• Management should implement a clear security policy over hardware and software, based
on the least privilege principle
2. Organizational structure and personnel practices
• There should be clear reporting lines and levels of authority established by management
• There should be segregation of duties:
- Between the IT department and user departments
- Within the IT department between the duties of database administration,
systems design, programming and processing
• Strict recruitment and training policies and procedures should be implemented by
management
• Staff should be forced to take compulsory leave on a regular basis (providing an
opportunity for fraud to be uncovered)
• Personnel practices should be documented in writing
3. Standardized operating procedures
• Standard operating procedures should be in place over:
- Scheduling of jobs
- Maintenance of hardware and software
- Machine servicing
4. Systems development and change controls
• Any development of new systems or change of existing systems should be:
- Authorised in writing by the IT manager if related to the operating system as a
whole
- Authorised in writing by the IT manager and the user manager if related to an
individual module within the system (e.g. the sales module)
- Documented on pre-numbered, pre-printed installation/change forms which can
then be sequenced checked
- Implemented using standardised procedures and techniques
- Planned by systems analysts
- Implemented by experienced programmers
- Tested extensively prior to finalisation
• Changes should be made only to test versions of programmes and not the live versions
• All changes to the system should be automatically logged, and the IT manager should
regularly review this log for unauthorised changes and investigate further
• Data should be backed up prior to installation or change
• Any conversion of data should be carefully planned
• Access controls should be used to prevent unauthorised changes being made to the
system. These would be similar to the application access controls
• Staff should be trained on the new system
• Post-implementation reviews should be carried out by management
5. Continuity of operations
• Adequate backup procedures should be introduced for programmes and data
• A disaster recovery plan should be introduced and the plan should be updated regularly
• There should be alternative processing facilities in the event of an emergency
• Adequate insurance should taken out to cover losses in case of an emergency
• The system should be protected against fire, water damage etc. through the use of fire
alarms, fire extinguishers, and the use of air-conditioning.
6. Access controls
• The following physical access controls should be implemented over the premises in which
computer facilities are housed:
- Security checks should be performed on all visitors before they are allowed to
enter
- All visitors are logged and given an identification tag
- All doors to buildings and rooms should be locked, with only authorised personnel
having keys
- CCTV should monitor all activity
• All systems should be protected the following logical access controls:
- Users are required to enter user ID and password before being granted access
- All sensitive data is encrypted
- Use of firewalls and anti-virus programmes (these should also be updated
regularly)
Exam guidance
1. The general IT controls listed above should be in place over all computerised system;
2. The ITC has regularly required students to describe the controls that should be in place over
the transfer of data from one system to another or the installation of a new system. This is
essentially a systems change and the controls in point 4 above would therefore apply.
3. Students should read the required carefully to determine whether they are being asked to
describe general IT controls or application controls. If they address the wrong type of controls
they will not get marks.
Don’t Forget – Overall SCRUM General Controls

Apply SCRUM as far as possible for easy marks when the required asks you to provide appropriate
controls - Segregation of Duties; Custody of assets; Reconciliations; Control over Unused stationery;
Management supervision
Control Related internal control

objective
Segregation of duties
The same person should not be responsible for multiple Validity
functions within a function
(Students must state exactly who should perform each
function in order to achieve this)
Custody of assets
- Assets should be kept behind locked doors. Only Validity/custody of assets
authorised personnel should be given keys.
- Security guards should monitor access to the premises
- Visitors should be required to show identification before
entering the premises and visitors should sign a log book
to document their visit
- CCTV cameras should be in place to monitor assets
(Students should state which assets the above controls
should be over – inventory, cash, etc.)
Reconciliations
- Subsidiary ledgers to be reconciled to control accounts Validity/accuracy/
(e.g. debtors ledger to accounts receivable control completeness
account)
- Between documents from subsequent stages (e.g.
reconcile amounts on invoices to amounts on delivery
notes and orders)
(Students clearly state what is being reconciled i.e. a
reconciliation of XXX to YYY).
See ‘Management Controls’ below for the review of the
reconcilaition
Controls over unused documents
Unused documents should be:
- Difficult to copy Validity
- Crossed/stamped when no longer in use/paid
- Kept in a safe with only management having keys
Documents should be issued to staff only when necessary
- This should be logged
- Both the staff member and management to sign as
evidence of issuance
Management controls
Management should set policies and communicate these with Validity

staff. Policies might include those over:
- limits (overtime hours, credit limits, wage rates etc.)
- authorised suppliers
- hiring and firing of staff
Management should give specific authorisation for any
Validity
override of policy (evidence by signature)
Management should review the following:
Validity/accuracy/
- Logs of documents issued
completeness
- Reconciliations carried out by employees
Validity/accuracy/
- Customer/employee complaints completeness
-
Management should train staff on the operation of controls Validity/accuracy/
completeness
Management should monitor the operation of controls by Validity/accuracy/
performing spot checks completeness
Computer Application Controls

Remember – this excludes ITGC. ITGC exists over the application (as well as all other applications).
Application controls are application specific.
Control Related internal control
objective
Access controls
Physical access controls:
- Terminals should be kept in a secure office to which only Validity
authorised person has keys and door should be kept
locked when not in room
Logical access controls
- Access to be restricted in terms of access tables at both
system and application level based on least privileged Validity
basis
- All terminals and sensitive applications to require ID and
passwords to be entered
o Passwords must be unique
o Passwords to consist of mixture of numbers and
letters
o Password files to be encrypted
o Password required to be changed every 90 days
o Password should never be shown on screen
- Application or interface should automatically log out if left
idle for longer than 10 minutes
- Terminal should be automatically blocked if the incorrect
password is entered more than three times:
- Access violations to be logged automatically
- Firewalls should be in place to prevent unauthorised
access through internet
- All sensitive data should be encrypted
- Anti-virus software to be installed on all terminals
- Assurance logos to be shown on websites
NOTE: The amount of detail required should be driven by
the mark allocation.
Minimising human input
Human input should be minimised using the following: Accuracy
- Scanners
- Drop down menus
- Touch screens
Edit-validation checks Validity/accuracy/
completeness
The following could be programmed into the system:
• Missing sequence number checks (completeness)
• Limit and range checks (accuracy)
• Alpha-numeric checks (accuracy)
• Duplicate checks (validity)
• Sequence checks (completeness)
• Verification checks against masterfile data
(Validity/accuracy)
(Students must state exactly what data the above checks would
be applied to)
NOTE: The amount of detail required should be driven by the mark
allocation.
Management computer controls
Management to set policies over password confidentiality Validity
Management to grant access to modules/functions on least
privileged basis
Validity
Management to review the following and follow up on any
unusual
items:
Validity/accuracy/
• Audit trails completeness
• Exception reports (see below)
• Activity reports (all objectives)
• Access violation reports
Exception reports may include reports of:
o Duplicate entries
o Negative amounts Validity/accuracy/
completeness
o Zero amounts
o Missing sequence numbers
o Access outside normal hours
o Transactions outside established ranges
o Minimum<rates>maximum
o Minimum<quantity>maximum Validity/accuracy/
completeness
Management to train all staff on the use of computers
Validity/accuracy/
Management to provide staff with help manuals
completeness
Masterfile update controls
Management should authorise all amendments prior to Validity
implementation
All amendments should be automatically logged
o Management to review log on regular basis and follow up
on unauthorised changes Validity
Logical access controls should be in place to ensure that only
authorised persons can amend the masterfile (see detail under
‘access controls’)
Edit-validation checks should be programmed into the masterfile Validity/completeness
to prevent errors (see detail under ‘edit-validation’) Validity/accuracy/
completeness
Risk Response
During the risk-response stage the auditor performs audit procedures designed to reduce the risk of
material misstatement to an acceptable level. There are two types of procedure the auditor can
perform:
• Test of controls
• Substantive audit procedures which consists of test of detail and analytical review procedures
During the planning stage of the audit the auditor will have determined which procedures to use.

• ISA 240 Auditor’s responsibilities relating to fraud
• ISA330 The Auditor's Procedures in Response to Assessed Risks
• ISA 500 Audit Evidence
• ISA 501 Audit Evidence – Additional considerations for Specific Items
• ISA 505 External Confirmations
• ISA 520 Analytical Procedures
• ISA 530 Audit Sampling
• ISA 540 Auditing Accounting Estimates, including Fair Value Accounting Estimates,
and Related Disclosures
• ISA 600 Special Considerations – Audits of Group Financial Statements (Including the Work of
a Component Auditor)
• ISA 610 Using the Work of Internal Auditors
• ISA 620 Using the work of an Auditor’s Expert
Exam questions
• Describe possible responses to assessed risks of material misstatement at the overall financial
statement level
• Identify key controls already in place at the client;
• Design tests of control to determine whether reliance can be placed on key controls;
• Design substantive procedures to respond to the risk of material misstatements in the
financial statements at the assertion level
• Describe the considerations the auditor would take into account or procedures they would
perform when using the work of others
Describing Possible Responses to Risk at the Overall Financial Statement Level

Possible responses to the risks of material misstatement at the overall financial statement level are
described in ISA330.A1 –A2. These include:
• Emphasizing to the engagement team the need to maintain professional scepticism;
• Assigning more experienced staff, use staff with special skills, or use experts;
• Provide more supervision to the engagement team;
• Incorporating additional elements of unpredictability in the selection of audit procedures;
• Performing more procedures at year-end;
• Obtaining more extensive audit evidence from substantive procedures;
• Increasing the number of locations to be included in the audit scope
Students should highlight and flag these procedures so that they can easily turn to them in an exam.
Identifying Key Controls

A key control is a strong control, which when operating effectively, will provide reasonable assurance
that material misstatements resulting from fraud or error will be prevented or detected and corrected.
These are those upon which the auditor will place reliance when testing controls.
Key controls would generally be those related to:

• Authorizing documents with a signature;
• Reviewing documents for authorization or accuracy and signing as evidence of this;
• Agreeing documents to one another;
• Performing sequence checks on pre-numbered documents;
• Any of the overall (SCRUM) controls listed in the detailed controls section;
• Any of the computerized controls listed in the detailed controls section
The following are not key controls as they are examples of activities:
• Sending documents or information from one function/stage to another;
• Preparing documents;
• Sequentially numbering documents (unless this is performed by the system) – the actual
control is performing the sequence check
Identifying key controls: internal vs. external audit
Students should note that external auditors would be identifying key controls in order to place reliance
on them in verifying the audit assertions whereas internal auditors would be more concerned with
determining whether the internal control objectives were being met.
As a result of the significant overlap between the transactional assertions and the integrity objectives
we would expect the key controls identified by the internal and external auditors to be largely
identical. However, note the difference between occurrence assertion and the validity objective
(explained in the section on creating differences in focus.)
When identifying key controls an external auditor would focus on controls designed to ensure that all
recorded transactions were genuine. They would not, however, place reliance on controls designed
to ensure that all transactions were in accordance with management policy as this is irrelevant to
occurrence assertion. Therefore, the external auditor would regard controls related to the
authorisation of transactions as key controls. The internal auditor, however, would regard
authorisation controls as key controls because they meet the validity objective.
Exam technique
1. Students should read the required carefully to determine whether they have been asked to
identify all the key controls or only those related to a specified assertion (if the external
auditor)/control objective (if management or the internal auditor).
2. Students should also read the scenario to determine whether they are asked to identify they
key controls from the perspective of the internal auditor of from that of the external auditor.
Students should write out the key controls as fully as they are in the scenario. Simply writing
“authorisation for sales,” for example, would not be sufficient, whereas “management authorises
sales over the credit limit” would be.
Simply copy the control straight from the scenario ensuring that your answer includes the following:
• Who/what performs the control
• The control verb (e.g. Agrees, reviews, authorizes etc)
• On who/what is the control performed
• For what purpose is the control performed
E.g. The production manager (who performs the control) signs (control verb) all credit purchases
orders (what the control is performed on) as evidence of approval for goods to be purchased on
credit (for what purpose).
Tests of Controls
If the auditor wishes to place reliance on the internal control systems of the client then he or she must
obtain evidence that these controls were operating efficiently throughout the year. This evidence is
obtained by testing the key controls identified.
The following procedures can be used when testing controls:
1. Inspection of documents for authorisation, evidence of ‘checks’ and reconciliations, etc.;
2. Re-performance of client procedures, such as checks and reconciliations;
3. Enquiry of staff regarding the operation of controls (used to corroborate evidence obtained
from other test of controls;
4. Observation of client procedures taking place.
Enquiry is a weak test of control and must be used in conjunction with another test of control.
Observation only provides evidence at a point in time. Remember the auditor needs to
obtain evidence that controls have been operating for the entire period under review, not
just at a point in time.
Observation should therefore only be used in circumstances where there is an

undocumented control process or procedure (e.g. Goods received in one receiving bay) or
the control is only performed infrequently during the period under review that the auditor
will be able to observe the performance of the control (e.g. Annual stock count). Given that
the act of observed may affect how the control process or procedure is performed,
observation should be used in conjunction with enquiry to corroborate the evidence
obtained.
Computerised controls can also be tested using systems CAATs (dealt with in more detail later in this
section), or by attempting to hack the system.
Exam technique
1. Students should minimise their use of enquiry and observation when designing tests of
controls. This is because these are weak procedures. The bulk of the procedures suggested
should rather consist of inspection and re-performance procedures.
2. Students should relate each test specifically to the control being tested and state exactly what
is being inspected (and what for), what is being re-performed, or what is being observed.
3. Use the following framework to write out your answer:
• Applicable test of control (Inspect, Reperform, Enquire, Observe)
• Who/what?
• For what purpose?
E.g. Inspect (test of control) purchase orders for the production manager’s signature
(what) as evidence of approval (for what purpose)
Substantive Audit Procedures
The auditor performs substantive procedures in order to detect material misstatements in the
financial statements. The following procedures can be used when during substantive testing:
1. Inspection of documents and assets
2. Recalculation of amounts
3. Obtaining confirmations from third parties
4. Enquiry of management, staff or experts
5. Performing analytical review procedures (note this is not a test of detail)
6. Observation of client procedures taking place
7. Agreement of amounts on different documents
The procedures listed above are used to obtain evidence over the assertions. Procedures must be
designed to address the risks of material misstatement identified during the planning stage of the
audit.
The auditor will need to perform procedures over the following:
1. Transactions during the year

2. Year-end balances
Substantive Testing of Transactions

When testing transactions substantively, the auditor will need to obtain evidence over the following
assertions:
1. Occurrence: are all the transactions recorded in the financial statements genuine, and do
they meet the IFRS recognition criteria?
2. Completeness: are all genuine transactions that meet the IFRS recognition criteria recorded
in the financial statements?
3. Accuracy: are all transactions recorded at the correct amount? Are all inputs used in
calculations correct? Are calculations correctly computed?
4. Cut-off: are all transactions recorded in the correct accounting period?
5. Classification: are all transactions recorded in the correct accounts?
6. Presentation and disclosure: are all transactions appropriately presented and disclosed in
the financial statements?
Documents used in substantive procedures of transactions

All transactions should be recorded on documents. Routine transactions will be processed by a
number of sequential functions, and recorded on a different document in each of these. The functions
of the major classes of transactions are outlined in the ‘Internal Control Systems’ section of these
notes, along with their related documents. It is essential that students know these.
For non-routine transactions there will not usually be such a series of documents. However non-
routine transactions will still be recorded on an invoice or a contract, and the auditor can incorporate
these into substantive testing.
Directional testing
In order to test the occurrence and completeness of a transaction, the auditor traces the transaction
from one document to the other. However, the ‘direction’ in which he traces depends on which
assertion is being tested:
1. When testing occurrence of the transaction the auditor is seeking evidence that all items that
ended up in the financial statements actually occurred. A sample is therefore selected from
the accounting records and traced all the way back through the series of documents to the
first document.
2. When testing completeness, however, the auditor wishes to determine whether all the
transactions ended up in the financial statements. A sample is therefore selected from the
first document and traced to the financial statements.
Illustration of “Direction of Test”

Purchase Documents Direction Direction
Complete Occurrence
Order Select sample from Trace from Invoice to Order

Order or GRN
GRN Trace from Invoice to Goods
Received
Invoice Trace to Invoice Trace from Accounting Records

to Invoice
Purchase Trace to Accounting Records Select sample from

analysis Accounting Records
Distinction between tests of controls and substantive procedures for transactions
Because routine transactions are often subject to strict internal controls, the auditor will often decide
to place reliance on these controls and to perform tests of controls. The tests of controls and
substantive procedures performed on these routine transactions are very similar. However, the
difference between them is the intention the auditor has when performing them.
Tests of controls are performed with the intention of determining whether controls operated
effectively throughout the period upon which the auditor wishes to rely on them. The auditor
therefore compares what should be done according to management to what has been done. If controls
have not been operating (i.e. staff have not done what they should have done) then the auditor will
not be able to place reliance on these controls and will have to perform additional substantive
procedures.
Substantive procedures, on the other hand, are performed in order to identify any misstatements
(fraud or error) and quantify them in order to determine whether or not they are material. If material
misstatements are identified and not corrected by management then the auditor will need to modify
the audit report.
Exam technique
1. Read the scenario to determine what documents are used to record transactions. In case of
routine sales, purchases or payroll, students would be expected to know instinctively what
the documents would be.
2. Read the scenario to determine which accounts are affected by the transaction, e.g. revenue.
3. Read the required to determine whether you must design procedures over all assertions or
only a specified assertion(s).
4. Use the following framework when writing out your audit procedures:
• Audit verb (inspect, confirm etc)
• Who/what
• For what purpose
5. Address each assertion in turn as follows:
NOTE: These are only general procedures and should be tailored to the scenario. Provide
sufficient detail where necessary.
Occurrence:
• Select a sample from the accounting records and trace through to the first document
(e.g. select a sample from the sales journal and trace to the sales invoice, sales invoice,
delivery note and sales order) to verify that the entries recorded in the sales journal
are not fictitious
• For sampled documents, inspect for signature by a client representative to ensure the
validity of the document and sale.
• For sampled documents, inspect that it is made out in the client’s name and appears
on the company’s letterhead to ensure that the client and the company are both
parties to the sales transaction.
Completeness:
• Select a sample of first documents and trace to the accounting records (e.g. select a
sample of sales orders and trace to the delivery note, sales invoice and sales journal)
to ensure that all sales have been recorded.
• For sample of documents selected above, inspect for sequential numbering and
reperform sequence check to identify any missing documents.
Cut-off:
• For goods, obtain the last delivery note/goods received note of the year and note its
number.
o Select a sample from before and after year-end and inspect the accounts to verify
that they have been recorded in the correct accounting period.
Accuracy:
• For the sample of documents selected:
o Inspect for prices/rates used and agree these to contracts/authorised price lists
etc. to ensure that the prices/rates charged are in line with the prices/rates
approved by management
o Reperform calculations of VAT, deductions and totals for arithmetic accuracy (be
specific).
• For any transactions taking place beyond normal credit terms, reperform calculation
of present value at the date of the transaction for arithmetic accuracy.
Classification:
• When tracing sample of transactions to the accounts, inspect the general ledger
accounts (revenue, deferred revenue etc) to verify that these have been correctly
classified.
Presentation and disclosure

• Inspect the annual financial statements and assess whether the transaction has been
correctly presented and disclosed in terms of IFRS.
6. Suggest the following analytical review procedures:

• Calculate the gross profit percentage and compare to budget and prior year
• Compare total value of transactions for the year and compare to budget and actual
• Enquire of management regarding any significant or unexpected differences and
corroborate all explanations obtained by inspecting relevant supporting
documentations (e.g. Contracts, invoices etc.).
7. Suggest the following general procedures
• Review the audit work performed over the sales system in order to assess the
adequacy of the system for generating financial information
• Inspect minutes of meeting of board of directors and management for pertinent
information which may indicate potential unidentified material misstatements
• Enquire from management about any models and assumptions used (be specific
based on scenario) and consider the appropriateness thereof.
• Obtain a management representation letter regarding (state relevant assertions and
transaction) the occurrence, completeness, accuracy, cut-off and classification of
revenue.
Substantive Procedures over Year-End Balances

When testing balances substantively, the auditor will need to obtain evidence over the following
assertions:
1. Existence – Do the assets and liabilities recorded in the financial statements exist? Do they
meet the IFRS recognition criteria?
2. Rights and obligations – does the client have the rights to assets? Does the client have the
obligation for liabilities?
3. Completeness – are all the assets and liabilities that meet the IFRS recognition criteria
included in the financial statements?
4. Valuation – are assets and liabilities recorded at the correct amount in terms of IFRS?
5. Presentation and disclosure – are all assets and liabilities appropriately presented and
disclosed in the financial statements?
The following procedures can be used when performing substantive tests:
1. Inspection of documents and assets
2. Recalculation of amounts
3. Enquiry of management, staff and experts
4. Obtaining confirmations from third parties
5. Observation of client procedures taking place
6. Agreement of amounts on different documents
7. Analytical review procedures
Designing substantive procedures
The following process should be used when designing substantive procedures:
1. Read the required carefully to determine whether you are required to design procedures to
obtain evidence over all assertions or only over some of the assertions.
2. Read the required and the scenario to determine whether any of the procedures have been
scoped out/already done.
3. Consider the IFRS requirements applicable to the balance
4. Based on the IFRS requirements and the scenario, identify the significant risks to each of the
assertions you have been asked to address.
5. Design procedures to address the significant risks. The following may serve as a guideline of
the kinds of procedure that can be used (but remember that you will need to apply these to
the scenario and the required):
NOTE: These are only general procedures and should be tailored to the scenario. Provide sufficient
detail where necessary.
Existence
• Select a sample of assets and inspect them for physical existence

• With the client’s permission, obtain third-party confirmations, via written
representations, regarding the existence of intangible/financial assets
• With the client’s permission, obtain third-party confirmations, via written
representations, regarding the existence of liabilities
• Verify that intangible/financial assets meet the IFRS recognition criteria by inspecting
supporting documentation (e.g. contracts, technical feasibility studies, minutes of
meetings etc) or by enquiry of an expert
• Inspect documents that support the existence of liabilities (e.g. contracts)
• Inspect bank statements for subsequent receipt or payment of financial assets and
liabilities
• Enquire of a legal expert regarding the existence of obligation for liabilities
Rights and obligations

• Enquire of management whether any assets are leased/pledged as security/held on
behalf of others.
• With the client’s permission, obtain written confirmation from the bank that no assets
are pledged as security
• Enquire of management whether debtors have been factored
• Inspect contracts for terms and conditions to identify whether the company has the
rights to the asset
• Inspect registration documents (e.g. title deeds, share certificates etc.) to verify that
they are in the client’s name
• Inspect board minutes to identify whether any assets have been pledged as security
or ceded to a third party.
Valuation
• Inspect documents (invoices, contracts, etc.) to verify the cost of assets
• Inspect costing schedule to verify that transport costs, import duties, installation costs
etc. have been included in the cost of assets
- Inspect supporting documents to verify that these costs have been included at
the correct amounts
• For imported assets, obtain bank confirmation of spot rates on date of acquisition
• For self-constructed and imported assets, re-perform calculations of cost in Rands for
arithmetic accuracy.
• Enquire of management regarding any models and assumptions used in determining
allowances or in valuing assets/liabilities
- Inspect any documents that support these assumptions (e.g. market data)
• Inspect documents that support the market value or net realisable value of assets
• Re-perform calculations of allowances (such as depreciation and allowance for
doubtful debts) using management assumptions for arithmetic accuracy
• Enquire of an expert regarding the valuation of assets and liabilities
• Inspect physical condition of assets for signs of damage, dust and excessive rust
• Re-perform the calculation of the present-value of any assets or liabilities, where
relevant, for arithmetic accuracy
• Re-perform calculation of fair value/net realisable value/recoverable amount for
arithmetic accuracy and reasonability
• Re-perform calculation of impairment for arithmetic accuracy
- Inspect general ledger to verify that impairments have been correctly accounted
for
Completeness
• Inspect the general ledger to identify any items that meet the asset recognition criteria
but that have been erroneously expensed (e.g. import duties)
• Inspect the bank statement for any unexplained payments and enquire of management
of whether these amounts are for items that should be recognised as assets.
Corroborate the explanations obtained by inspecting relevant supporting
documentation (e.g. Invoice), noting the description of the item on the invoice and
consider whether the items satisfy the criteria to be capitalized in terms of IFRS.
• Select a sample of tangible assets from the factory or warehouse floor and inspect the
accounting records to verify that they are included
Presentation and disclosure

• Inspect the financial statements to verify that assets or liabilities are correctly disclosed
as…
6. Having tested the assertions, consider which analytical review procedures can be used. The
following may be useful:
• Balances can be compared to prior year
• Ratios can be calculated and compared to prior-year and industry norms
• Enquire of management regarding any significant or unexpected differences and
corroborate all explanations obtained by inspecting relevant supporting
documentations (e.g. Contracts, invoices etc)
Students should consider exactly which ratios would be relevant to any given balance
7. Describe the general procedures that apply to all balances:

• Obtain a schedule of movements in the balance and:
o Agree the opening balance to prior-year financial statements (where an
opening balance existed)
o Agree the closing balance to the general ledger, trial balance and draft
o Reperform the arithmetic accuracy of the schedule
o Inspect the schedule for any abnormalities (duplicate entries, blanks etc)
• Obtain a management representation letter confirming (state relevant assertions and
account balance) e.g. the existence, completeness, valuation and rights of inventory.
• Reperform all tax and deferred tax computations related to the balance for arithmetic
accuracy and reasonability.
8. Consider whether you have included all the common student omissions (see detail later in this
section).
Integration with Accounting

In answering questions concerning audit procedures, always consider whether any specific procedures
should be performed to ensure compliance with a particular accounting statement: Examples include:
NOTE: These are only general procedures and should be tailored to the scenario. Provide sufficient
detail where necessary.
• For intangible assets (development costs) and borrowing costs:

- IAS36 and IAS23 set strict criteria as to the capitalisation of these costs
- Procedures should be designed to verify that these criteria have been met
(existence)
• For goodwill, you would need to assess the fair value of the client's share of assets at
date of acquisition and re-perform the computation of goodwill by reference to the
difference between the cost of the investment and 'fair value'.
• For imported assets you would need to:
- inspect the shipping documents and terms of agreement to ascertain the transaction
date
- inspect the overseas invoice to ascertain the foreign currency amount;
- inspect bank documentation to ascertain the rate
- compute the Rand amount.
• For financial Instruments, the following would apply:
- Confirmation and Inspection of the Contract and related supporting documents will
provide evidence concerning initial recognition at cost.
- Where an Instrument (and/or the underlying asset or liability being hedged) is liquid
(I.e. Not traded regularly), Fair Value may be determined by Marking to Market and
confirmation, inspection of documents from financial institutions and re-
performance of computations will provide evidence concerning subsequent
measurement at Fair Value.
- Where the item is not liquid, a valuation model will probably be used. In this case
you would.
o Review the valuation model and the assumptions used in the model.
o Re-perform the Fair Value Computations.
- The services of an expert may be required, in which case you would make brief
reference to ISA 620.
- Reperform the Present Value Computations for arithmetic accuracy and assess the
related discount rate for reasonability.
- In either case, you would reperform the fair value adjustment, noting specifically
whether or not the adjustment is taken to equity or income. This would require you
to consider the hedging criteria per IFRS 9 by;
- Inspection of relevant hedging documentation e.g. contracts.
• The audit of Investment Property also requires considerable application of accounting
principles.
- You would apply your knowledge of the business to determine which properties are
investment properties and which are owner occupied.
- Where the Fair Value model or Revaluation applies, you would need an expert to
determine the value.
Common student omission
Candidates often tend to leave out the following issues. Useful memory aids are the 3 S's, the 4 A's,
EAT and CRAP
• The 3 S's:
- Schedule - Obtaining a schedule from the client (Typically for year end balances).
- Sample - Selecting a sample and how the sample is to be selected (Typical samples
would be; (i) a random sample for a test of controls; (ii) a sample biased towards high
Rand Values for verifying assets; and (iii) a sample including all known major suppliers
for accounts payable.
- System - Considering the system (General observations concerning the system are
unlikely to be relevant for transactions work as your solution should include details of
tests of controls. This issue is, however, very relevant for 1 mark when doing year
end work -
e.g., When auditing accounts receivable, one would, as a minimum, "review audit
working papers for tests of controls to provide evidence for the completeness
assertion on sales and accounts receivable". One might also review tests of controls
directed at the other assertions and reduce year end substantive work accordingly.
• The 4 A's:
- Accounting issues (see notes above).
- Analytical review procedures (Pertinent to both transactions and balances).
- Arithmetical accuracy (Also pertinent to both transactions and balances).
- Allowances – Such as allowances for obsolete inventory, doubtful debts etc. A year end
test, but also relevant to transactions work in that reversing entries such as credit notes
apply).
• EAT:
- Experts – Do you need an Expert to assist with the audit work? What kind of Expert?
Refer to ISA 620.
- Adjustment – Have you ‘checked’ any Adjusting Entries?
Consider the possibility that an adjusting entry has not been passed – This
then becomes an Audit Difference and the audit procedure is to discuss any
unadjusted audit differences with management and consider the effect on
materiality.
- Tax - Often you can also gather one or two additional marks by auditing the Tax aspects
of the item under audit. Refer to Illustrations section of these notes for examples.
• CRAP:
- Cut off (A year end test, but the corresponding transactions procedure is to check that
an entry is recorded in the correct period).
- Representation letters.
- Agree the total of individual balances to the control account and to the financial
statements. (This would be for year-end work. In regard to transactions work, check an
entry all the way to the posting to the general ledger.)
- Present value- Did you re-perform any necessary present value computations and did
you review the reasonability of the discount rate used?
Common pitfalls
1. When asked to 'describe audit procedures', candidates tend to use terms such as 'ensure that',
'look at', 'ascertain'. Note that none of these terms describes a procedure. You should notice
the frequency with which the authors use more descriptive terms such as ‘confirm’, 'inspect'
and 're-perform'. As far as possible, your sentences should commence with an 'action word'
such as 'inspect',’re-perform' and 'enquire'.
2. When faced with auditing an accounting issue, candidates tend to list the requirements of the
applicable IFRS / IAS Statement. As is illustrated above, you should rather describe a
procedure which gathers evidence concerning compliance with the Accounting Statement.
3. Candidates often use too many generic phrases such as 'inspect the supporting documents”
or “perform analytical reviews”. You should note how the authors refer to specific documents
such as Invoices, Reconciliations, Title Deeds etc. In regard to analytical reviews, you should
note in the Tutorials how the authors give examples describing specific review procedures.
4. Students use ‘confirm by inspection’, which is inappropriate as it implies a mix of two

procedures – ‘Confirmation, implying written confirmation from a third party’, and
‘Inspection’ implying inspection of the related document.
5. Concerning provisions/allowances, candidates often fail to cover all of the issues. Students
should consider all the models, assumptions, inputs and calculations used to determine these
amounts. They should then design procedures to test all of these. They should also perform
analytical review procedures on the allowances.
6. The procedures referred to under "common student omissions" are frequently lacking.
The use of CAATs in Audit Procedures

There are two types of Computer Aided Audit Technique (CAAT) available to the auditor. These can
be used when performing audit procedures in a computerised environment:
1. Systems oriented CAATs (used mainly for testing controls)
2. Data oriented CAATS (used mainly in performing substantive procedures)
Systems CAATs
Overview
Two types of systems CAAT can be used: test data and embedded techniques.
Test data can be used to process a set of data through the computer system and evaluate the output
at a given point in time. It is used to test automated computer controls. The auditor inputs valid and
invalid data into the system and verifies that the system has correctly dealt with it by, for example,
blocking invalid data. Test data is easy to use but can only be used to verify that controls were
operating on the date of testing, not the whole year.
Embedded techniques are audit software routines embedded into the client’s software. They are
similar to data CAATs, but instead of taking place at a specific date they feed data through the client’s
system on a continual basis. This has the benefit of testing the entire accounting period.
Using systems CAATs to test controls

When designing systems CAATs to test automated controls, students should follow the following
procedure:
1. Identify the inputs that will be entered into the system, e.g. overtime hours
2. Identify what input data would be valid and what data would be invalid. For example,
overtime hours greater than the maximum overtime allowed would be invalid data.
3. State that you would run both valid and invalid data through the client’s system and compare
the output to the expected output. You would expect valid data to be processed properly and
invalid data to be rejected or to appear on an exception report.
Note that students should be specific when describing valid and invalid detail, and should state exactly
what would constitute ‘invalid data’.
Data CAATs (‘Audit retrieval software’)

Overview
Data CAATs are computer programmes which manipulate the computerised data on a client’s system.
Data CAATS can be used to do the following:
1. Compute or recalculate amounts
2. Generate exception reports (I.e. identify data that meets certain ‘error’ criteria)
3. Compare data in different files
4. Calculate ratios for use in analytical review procedures
5. Select random samples of items to be audited
6. Select exceptional or material items
7. Reconstruct audit trails for inspection
Using data CAATs to perform substantive testing

When students are asked how they would use CAATs in performing audit procedures, they should do
the following:
1. Consider what procedures they would normally do for the given balance or transaction
2. Consider whether CAATs can be used to do these procedures instead
3. If so, state what the CAAT will do and how you will use the output.
4. Consider whether you have used all the basic CAAT functions listed in the overview above. If
not, design a procedure using these.
5. If the question includes a list of data fields stored on the system, ensure that the CAAT has
retrieved data from all relevant fields.
An example of how you would apply this thought process for inventory is shown below:
Assertion Outline of ‘Normal’ Audit Use of CAAT

Procedure
Existence Attend inventory count and Sort the data into high and low
perform test counts. value items and select samples for
test counts.
Select a sample of transactions

processed to the inventory
records for inspection of
documentation.
Rights Enquiry/ Inspection of board CAAT cannot help
minutes/ Confirmation from
bankers
Accuracy Inspect cost to invoices Select a sample of purchase

measurement transactions for inspection of
(included in the invoices
Valuation
assertion)
Reperform calculation of cost and CAAT can do this.

casts of inventory records.
Valuation Select slow moving items and Select items with no movement
investigate for xx months.
Compare cost to selling price and Print out details of all items where
check NRV cost exceeds selling price.
Completeness Inspect sequence of transactions CAAT can do this.

and identify any missing
documentation.
Presentation Reperform
Perform test counts from the floor. Calculate totalsdoofthis.
CAAT cannot inventories in
and disclosure disclosure categories – viz. Raw
materials, finished goods etc.
Other “C” Cut-off Select sample of transactions

“standard” around the year end.
procedures:
“R” Obtain representations CAAT cannot do this.
“A” Agree to general ledger Calculate total of inventories
“A” Check arithmetic CAAT did this already
“A” Analytical review Compare balances to prior

periods.
Review inventory records for

abnormal items such as negative
prices, negative quantities,
missing fields etc.
Exam technique
Students often make the following errors:
• Describing both systems and data CAATs when asked how they would use ‘audit retrieval
software’ (a form of data CAAT)
• Not giving enough detail with regards to exception reports. Students must state exactly what
error criteria they would identify, e.g. duplicate invoice numbers. (Refer to section of internal
control systems for examples of exception reports)
Evaluating and Concluding
Overview
During this stage of the audit process the auditor:
• Considers whether they can rely on the work of others

• Evaluates whether the going concern assumption is appropriate
• Evaluates audit differences and concludes whether the financial statements are materially
misstated
• Forms an audit opinion and documents this in the audit report
ISAs relevant to this stage:
• ISA 320
• ISA 450: Evaluation of Misstatements
• ISA 500
• ISA 570 (Revised): Going Concern
• ISA 700 (Revised): Standard Unmodified opinion
• ISA 701: Key Audit Matters
• ISA 705 (Revised): Modified opinion
• ISA 706 (Revised): Unmodified opinion but including “Emphasis of matter” or “other matters”
paragraphs
• SAAPS 3
Exam questions related to this stage - you may be required to:
• Discuss the factors you would consider when using the work of others (see notes on ‘using the
work of others’)
• Discuss the matters to be considered when determining whether the going concern
assumption is appropriate (see ‘special topics’ notes)
• Describe the further action they would take with regards to a client who appears to have a
going concern problem (see ‘special topics’ notes)
• Evaluate audit differences and conclude whether the financial statements are materially
misstated
• Describe the modifications they would make to the audit report, based on information in a
scenario
• Draft a section of the audit report
Going Concern Issues

ISA 570 (REVISED) addresses the auditor’s responsibilities in the audit of financial statements relating
to going concern and the implications for the auditor’s report. Going concern considerations are often
a feature in a scenario as it is common for a company to experience liquidity and solvency problems
in the course of its life. The auditor needs to respond accordingly to the possibility of financial distress
as defined in the Companies Act, section 128 (Business Rescue):
• ‘financially distressed’’, in reference to a particular company at any particular time, means

that –
o it appears to be reasonably unlikely that the company will be able to pay all of its
debts as they become due and payable within the immediately ensuing six months;
or
o it appears to be reasonably likely that the company will become insolvent within the
immediately ensuing six months;
(Please make sure you are familiar with the concept of Business Rescue from Chapter 6 of the
Companies Act, 2008 as this has wider applicability than just auditing questions.)
The Companies Act, 2008 also defines the solvency and liquidity test for use by a company in section
4, as follows:
• In performing a solvency and liquidity test, a directors need to satisfy themselves that,
considering all reasonably foreseeable financial circumstances of the company at the time,
that after the transaction:
o The assets (fairly valued) of the company must exceed liabilities (this would include
all reasonably foreseeable contingent assets and liabilities)
o The company will be able to pay its debts as they become due in the ordinary course
of business for a period of 12 months.
ISA 570 (REVISED) paragraph 2 explains the going concern basis of accounting (as do the IFRS):
Under the going concern basis of accounting, the financial statements are prepared on the assumption
that the entity is a going concern and will continue its operations for the foreseeable future. General
purpose financial statements are prepared using the going concern basis of accounting, unless
management either intends to liquidate the entity or to cease operations, or has no realistic alternative
but to do so. Special purpose financial statements may or may not be prepared in accordance with a
financial reporting framework for which the going concern basis of accounting is relevant (e.g., the
going concern basis of accounting is not relevant for some financial statements prepared on a tax basis
in particular jurisdictions). When the use of the going concern basis of accounting is appropriate, assets
and liabilities are recorded on the basis that the entity will be able to realize its assets and discharge
its liabilities in the normal course of business.
From an IFRS perspective, IAS 1 requires management to make an assessment of an entity’s ability to
continue as a going concern.
Under the going concern assumption, an entity is ordinarily viewed as continuing in business for the
foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading, or
seeking protection from creditors pursuant to laws or regulations. Accordingly, assets and liabilities
are recorded on the basis that the entity will be able to realize its assets and discharge its liabilities in
the normal course of business.
So how does going concern and uncertainties around going concern, impact the auditor?
ISA 570 (REVISED) states it nice and clearly:
Paragraph 6 - The auditor’s responsibilities are to obtain sufficient appropriate audit evidence
regarding, and conclude on, the appropriateness of management’s use of the going concern basis of
accounting in the preparation of the financial statements, and to conclude, based on the audit
evidence obtained, whether a material uncertainty exists about the entity’s ability to continue as a
going concern.
Paragraph 9 - The objectives of the auditor are:

(a) To obtain sufficient appropriate audit evidence regarding, and conclude on, the
appropriateness of management’s use of the going concern basis of accounting in the
preparation of the financial statements;
(b) To conclude, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern; and
(c) To report in accordance with this ISA.
Paragraph 10 - When performing risk assessment procedures as required by ISA 315 (Revised), the
auditor shall consider whether events or conditions exist that may cast significant doubt on the
entity’s ability to continue as a going concern. In so doing, the auditor shall determine whether
management has already performed a preliminary assessment of the entity’s ability to continue as a
going concern, and:
(a) If such an assessment has been performed, the auditor shall discuss the assessment with
management and determine whether management has identified events or conditions that,
individually or collectively, may cast significant doubt on the entity’s ability to continue as a
going concern and, if so, management’s plans to address them; or
(b) If such an assessment has not yet been performed, the auditor shall discuss with
management the basis for the intended use of the going concern basis of accounting, and
inquire of management whether events or conditions exist that, individually or collectively,
may cast significant doubt on the entity’s ability to continue as a going concern.
Paragraph 11 - The auditor shall remain alert throughout the audit for audit evidence of events or
conditions that may cast significant doubt on the entity’s ability to continue as a going concern.
Here is a helpful diagram produced by IFAC in explaining ISA 570 (REVISED):
So, what factors must you consider, that may be in a scenario, that would indicate events or conditions
that, individually or collectively, may cast significant doubt about the going concern assumption?
ISA 570 (REVISED) paragraph A3 provides examples of these events and conditions – please go and
read them! They are quite helpful.
So, what audit procedures must you perform if such events and conditions are identified? Again ISA
570 (REVISED) paragraph 16 provides examples of important procedures, namely:
(a) Where management has not yet performed an assessment of the entity’s ability to
continue as a going concern, requesting management to make its assessment.
(b) Evaluating management’s plans for future actions in relation to its going concern
assessment, whether the outcome of these plans is likely to improve the situation and
whether management’s plans are feasible in the circumstances.
(c) Where the entity has prepared a cash flow forecast, and analysis of the forecast is a
significant factor in considering the future outcome of events or conditions in the evaluation
of management’s plans for future actions:
(i) Evaluating the reliability of the underlying data generated to prepare the forecast;
and
(ii) Determining whether there is adequate support for the assumptions underlying
the forecast.
(d) Considering whether any additional facts or information have become available since the
date on which management made its assessment.
(e) Requesting written representations from management and, where appropriate, those
charged with governance, regarding their plans for future actions and the feasibility of these
plans.
Going concern can impact the auditor’s conclusions and the audit report itself!
Firstly (para. 17), the auditor must decide if management’s use of the going concern
basis of accounting in the preparation of the financial statements is appropriate? If the answer is no,
then IFRS as an accounting framework is not appropriate, because IAS 1 assumes that the company is
a going concern! If management decide to prepare the financial statements using IFRS in this
circumstance, then the auditor has no choice but to raise an Adverse Opinion (see notes below).
If the going concern basis is deemed appropriate by the auditor, based on the audit evidence obtained,
then (paragraph 18):
the auditor shall conclude whether, in the auditor’s judgment, a material uncertainty exists
related to events or conditions that, individually or collectively, may cast significant doubt on
the entity’s ability to continue as a going concern. A material uncertainty exists when the
magnitude of its potential impact and likelihood of occurrence is such that, in the auditor’s
judgment, appropriate disclosure of the nature and implications of the uncertainty is necessary
Therefore if a “material uncertainty” exists (but the going concern basis is appropriate), then
management must disclose this appropriately in the AFS. What must management disclose
specifically? (para. 19)
(a) Adequately disclose the principal events or conditions that may cast significant doubt on the
entity’s ability to continue as a going concern and management’s plans to deal with these
events or conditions; and
(b) Disclose clearly that there is a material uncertainty related to events or conditions that may
cast significant doubt on the entity’s ability to continue as a going concern and, therefore, that
it may be unable to realize its assets and discharge its liabilities in the normal course of
business.
If management do the above disclosures appropriately (to the auditor’s satisfaction) then the auditor
must not modify the audit opinion, but rather (para. 22) include a separate section (in the audit report)
under the heading “Material Uncertainty Related to Going Concern” to:
(a) Draw attention to the note in the financial statements that discloses the matters; and
(b) State that these events or conditions indicate that a material uncertainty exists that may cast
significant doubt on the entity’s ability to continue as a going concern and that the auditor’s
opinion is not modified in respect of the matter.
Therefore the audit report is affected if there is “material uncertainty” – even though management
included proper disclosure of the uncertainty in the AFS. Why? Because it is material to the users
understanding of the financial statements, to the degree that the auditor needs to raise it additionally
in the audit report – but there is no need to modify the audit opinion as there is no material
misstatement!
But, what if there is “material uncertainty” but management do not include proper disclosure of the
uncertainty in the AFS, as required? Maybe they do not disclose the going concern uncertainty at all,
or they do not do it according to para. 22 requirements and the auditor’s satisfaction. If this is the
case, then there is a material misstatement in the AFS because the disclosure is materially misstated.
According to paragraph 23: If adequate disclosure about the material uncertainty is not made in the
financial statements, the auditor shall: (Ref: Para. A32–A34)
(a) Express a qualified opinion or adverse opinion, as appropriate, in accordance with ISA 705
(Revised); and
(b) In the Basis for Qualified (Adverse) Opinion section of the auditor’s report, state that a
material uncertainty exists that may cast significant doubt on the entity’s ability to continue
as a going concern and that the financial statements do not adequately disclose this matter.
Going concern issues can affect the audit opinion itself!
Here is a useful guide from IFAC summarizing the requirements as discussed above:
Note: ISA 570 (REVISED) now calls this paragraph “Material Uncertainty Related to Going Concern”,
rather than “Emphasis of Matter” as per ISA 706 (REVISED). However, the point of the paragraph is
still the same i.e. not to modify the audit opinion but raise the matter to the users of the AFS by
including a paragraph explaining the issue in the audit report itself, under the opinion paragraph.
Important Note:
Please be aware of Circular 03/02 (Letters of Support) and Circular 02/02 (Subordination
agreements), which are in your SAICA handbooks (they are very short so please read them!). What
are these two important documents and how may they become relevant in a scenario where there is
a going concern uncertainty?
Not in the SAICA handbooks but very important, especially relating to auditing a subordination
agreement: SAICA Guide – Trading Whilst Factually Insolvent
From the perspective of the auditor, please be aware of:

• How going concern uncertainties affect the planning of the audit (i.e. before the year-end
– when determining the audit plan)? Refer to ISA 570 (Revised) and your auditing notes
for how significant issues can affect the audit plan.
• ISA 570 (Revised) Going Concern, as the auditor needs to assess the ability of the client to
continue as a going concern. Many of the procedures are performed at year-end.
• Circular 03/02 (Letters of Support) and Circular 02/02 (Subordination agreements), which
are in your SAICA handbooks (they are very short so please read them!). What are these
two important documents and how may they become relevant in a scenario where there
is a going concern uncertainty?
o Letter of support – A parent company showing its support towards a subsidiary.
o Subordination agreement – A legal agreement whereby a creditor agrees to have

their claim to the assets of the company lower than other creditors.
• Trading whilst Factually Insolvent (updated June 2009). This document is included in your
handbooks but please note that it is out of date and SAICA has not updated it to be
compliant with the “new” Companies Act. However, it is still very useful in explaining
concepts such as factual and commercial insolvency, as well as has these situations impact
the auditor. The document also provides procedures relevant to understanding and
assessing a subordination agreement for the purposes of the audit.
Forming an Audit Opinion: ISA 700 (Revised)

The auditor must consider the following before deciding on an appropriate audit opinion:
Materiality. Conclude whether:

• Materiality remains appropriate in the context of the entity’s actual financial results.
• Uncorrected misstatements (including uncorrected misstatements related to prior periods),
either individually or in aggregate, could result in a material misstatement.
Audit Evidence.
• Has sufficient appropriate audit evidence been obtained?
• Are the accounting estimates made by management reasonable?
• Did the analytical procedures performed at or near the end of the audit corroborate
conclusions formed during the audit?
Accounting Policies.
• Do the financial statements adequately disclose the significant accounting policies selected
and applied?
• Are the accounting policies consistent with the financial reporting framework, and
appropriate in the circumstances?
Financial Statement Disclosures.

• Do the financial statements refer to or describe the applicable reporting framework?
• Have all financial statement disclosures been made as required by the applicable financial
reporting framework?
• Is the terminology used in the financial statements, including the title of each financial
statement, appropriate?
• Are there adequate disclosures to enable intended users to understand the effect of material
transactions and events on the information conveyed in the financial statements?
• Is the information presented relevant, reliable, comparable, understandable, and sufficient?
• Do the financial statements provide adequate disclosures to enable the intended users to
understand the effect of material transactions and events on the information conveyed in the
financial statements?
Fair Presentation Frameworks.

• Do the overall presentation, structure, and content (including the note disclosures) faithfully
represent the underlying transactions and events in accordance with the applicable financial
reporting framework? If not, is there a need to provide disclosures beyond those specifically
required by the framework to ensure fair presentation?
• Simply put: Is “fair presentation” achieved? Or, do the financial statements achieve “fair
presentation”?
Evaluating the Effect of Misstatements

(Note the definition of a “misstatement” in terms of ISA 450)
Misstatement – A difference between the amount, classification, presentation, or disclosure of a reported
financial statement item and the amount, classification, presentation, or disclosure that is required for the item
to be in accordance with the applicable financial reporting framework. Misstatements can arise from error or
fraud.
While performing substantive testing the auditor compiles a schedule of unadjusted audit
differences. These are misstatements identified by the auditor that management has not adjusted for.
Note that these are all misstatements, not just those that are above materiality. But, obviously, they
are only misstatements that management has not made adjustment for. The auditor shall
communicate on a timely basis all misstatements accumulated during the audit with the appropriate
level of management and the auditor shall request management to correct those misstatements. If
no adjustment is made then these comprise the schedule of unadjusted audit differences.
Before one forms the audit opinion, there needs to be a clear evaluation of the audit evidence
obtained – including any misstatements identified during the audit work. This evaluation would
require the auditor to do the following:
Consider reassessing materiality:

ISA 450:10 - Prior to evaluating the effect of uncorrected misstatements, the auditor shall reassess
materiality determined in accordance with ISA 320 to confirm whether it remains appropriate in the
context of the entity’s actual financial results.
Are the amounts established for overall and performance materiality still appropriate in the context
of the entity’s actual financial results?
If a lower overall materiality (for the financial statements as a whole) than that initially
determined is appropriate, the auditor is required to determine:
• Whether it is necessary to revise performance materiality; and
• Whether the nature timing and extent of the further audit procedures remain appropriate.
Consider the need to reassess RoMM:
ISA 330:25 - Based on the audit procedures performed and the audit evidence obtained, the auditor
shall evaluate before the conclusion of the audit whether the assessments of the risks of material
misstatement at the assertion level remain appropriate.
In light of the audit findings, are assessments of risks of material misstatement at the
assertion level still appropriate? If not, the risk assessments would be revised and
further planned audit procedures modified.
Now, evaluate the misstatements in terms of ISA 450:

ISA 450: 5 - The auditor shall accumulate misstatements identified during the audit, other than those
that are clearly trivial.
ISA 450: 6 - The auditor shall determine whether the overall audit strategy and audit plan need to be
revised if:
(a) The nature of identified misstatements and the circumstances of their occurrence
indicate that other misstatements may exist that, when aggregated with misstatements
accumulated during the audit, could be material; or
(b) The aggregate of misstatements accumulated during the audit approaches materiality
determined in accordance with ISA 320.
The audit strategy may need to be revised and additional audit work required when:
• The nature or circumstances of identified misstatements indicate that other misstatement(s)
may exist that, when aggregated with known misstatements, could exceed performance
materiality; or
• The aggregate of identified and uncorrected misstatements comes close to or exceeds
performance materiality.
Determining whether misstatements are material

ISA 450: paragraph 11
The auditor shall determine whether uncorrected misstatements are material, individually or in aggregate. In
making this determination, the auditor shall consider:
(a) The size and nature of the misstatements, both in relation to particular classes of transactions, account
balances or disclosures and the financial statements as a whole, and the particular circumstances of
their occurrence; and (Ref: Para. A13–A17, A19–A20)
(b) The effect of uncorrected misstatements related to prior periods on the relevant classes of transactions,
account balances or disclosures, and the financial statements as a whole. (Ref: Para. A18)
The following approach should be used when determining whether audit differences are material:
1. State the given materiality.
2. Discuss whether each of the individual audit differences is quantitatively material by

comparing them to the materiality figure.
3. Discuss whether the audit differences are quantitatively material in aggregate. This will
require students to draw a table showing the aggregate effect on the misstatements and to
compare these misstatements to the materiality figure.
To enable the aggregate effect of uncorrected misstatements to be evaluated, they can be
documented on a centrally maintained working paper. This will provide a summary of all non-
trivial uncorrected misstatements that have been identified.
The following should be in the table:

- Current and non-current assets
- Current and non-current liabilities
- Net profit before tax
4. Discuss whether the misstatements are qualitatively material.

- The following would be material:
o Non-compliance with legislation
o Non-compliance with IFRS (as this is a contravention of section 29 of the Companies
Act)
o Misstatements that undermine key ratios
- The following would also be considered:
o Management’s unjustified refusal to adjust misstatement.
o Management’s apparent bias to overstate profit or financial performance.
o Misstatement that would ensure that the requirements for bonuses or other
compensation incentives is satisfied.
o Whether misstatements are ‘hard’ or ‘soft’ (i.e. how much judgment is involved)
o Incorrect selection or application of an accounting policy that has an immaterial effect
on the current period’s financial statements, but is likely to have a material effect on
future periods’ financial statements.
o A relatively small amount could be highly material to the entity if it resulted in the
breach of a banking or loan covenant.
See ISA 450 Para A16 for additional circumstances that may cause misstatements to be
qualitatively material.
5. Obtain written representations from management:

Management’s responsibility is to be evidenced by obtaining a written representation from
management. This representation will state that any uncorrected misstatements (attach or
include a list) are, in management’s opinion, immaterial both individually and in the
aggregate. If management disagrees with the assessment of misstatements, it may add to its
written representation words such as:
“We do not agree that items...and...constitute misstatements because [description of

reasons].”
If management refuses to correct some or all of the misstatements:

• Obtain an understanding of management’s reasons for not making the
corrections, and take this understanding into account when evaluating whether the
financial statements are materially misstated;
• Communicate uncorrected misstatements with those charged with governance,
including their effect on the opinion in the auditor’s report (unless prohibited by law
or regulation); and
• Request that those charged with governance correct the misstatements that remain
uncorrected by management.
Note: When the auditor communicates findings with those charged with governance, there is
a requirement to identify material uncorrected misstatements individually.
6. Perform Final Analytical Procedures

ISA 520:6 - The auditor shall design and perform analytical procedures near the end of the
audit that assist the auditor when forming an overall conclusion as to whether the financial
statements are consistent with the auditor’s understanding of the entity.
The objectives for carrying out these final analytical procedures are to:
• Identify a previously unrecognized risk of material misstatement;
• Ensure that the conclusions formed during the audit on individual components or
elements of the financial statements can be corroborated; and
• Assist in arriving at the overall conclusion as to the reasonableness of the financial
statements.
The auditor’s responsibility is now to issue an appropriate report in terms of ISA 700 (Revised) and
the requirements of:
• ISA 701: Key Audit Matters
• ISA 705 (Revised): Modified opinions
• ISA 706 (Revised): Unmodified opinion but including “Emphasis of matter” or “other matters”
paragraphs
• ISA 570 (Revised): Going Concern
Determining whether misstatements or uncertainties are pervasive

Misstatements and uncertainties will be pervasive if they:
1. Are not confined to specific elements, accounts or items of the financial statements; (Ref: ISA
705 (Revised) Para 5(a)(i))
2. If so confined, represent a substantial portion part of the financial statements (Ref: ISA 705
(Revised) Para 5(a)(ii))
3. In relation to disclosures, are so significant that they are fundamental to a user’s

interpretation of financial statements (Ref: ISA 705 (Revised) Para 5(a)(iii))
Types of audit opinion

ISA 705 (Revised) Para 5(b) and 7-10
Unadjusted audit differences represent a disagreement between the auditor and management. These
occur when the auditor is able to obtain sufficient audit evidence regarding all balances and
transactions. If the auditor is unable to obtain sufficient audit evidence for certain balances or
transactions, this results in there being uncertainty (also known as a limitation of scope). The auditor
expresses an opinion based on the nature and existence of any disagreements or uncertainties.
So, when is a Modified Report Necessary (Qualified, Adverse, or Disclaimer of Opinion)?

1. Financial Statements Are Materially Misstated
Based on the audit evidence obtained, the financial statements as a whole are not free from
material misstatement. This would include uncorrected misstatements that are material, the
appropriateness or application of accounting principles, and the failure to disclose information
that results in a material misstatement.
OR
2. Inability To Obtain Sufficient Appropriate Audit Evidence
Unable to obtain sufficient appropriate audit evidence to conclude that the financial statements
as a whole are free from material misstatement. This could include:
• Circumstances beyond the control of the entity, such as a fire that damaged
accounting records;
• Circumstances relating to the nature or timing of the auditor’s work, such as an
inability to attend an inventory count; or
• Limitations imposed by management, such as management not allowing the
auditor to obtain an external confirmation of certain receivables.
There are 3 types of modified opinion:
Qualified Opinion
Adverse Opinion
“financial statements
“financial statements
present fairly except
do not present fairly…”
for…”
Disclaimer of Opinion
“we do not express an
opinion on the financial
statements…”
Therefore, there are four types of audit opinion:
1. Unqualified opinion
- The auditors are satisfied that the financial statements are fairly represented
- Given when there are no disagreements or uncertainties
2. Qualified opinion
When the effect is not material and pervasive enough to require an adverse or
disclaimer of opinion. This applies where:
- Sufficient appropriate audit evidence was obtained, but the auditor concludes
that misstatements exist, individually or in the aggregate, that are material but
not pervasive to the financial statements; or
- The auditor is unable to obtain sufficient appropriate audit evidence on which
to base the opinion. The auditor concludes that the possible effects on the
financial statements of undetected misstatements, if any, could be material but
not pervasive.
3. Adverse opinion
- When the effects of misstatements are both material and pervasive. This applies
where sufficient appropriate audit evidence was obtained, but the auditor concludes that
misstatements, individually or in the aggregate, are both material and pervasive to the
financial statements.
4. Disclaimer of opinion
- When the possible effect of undetected misstatements, if any, could be both material and
pervasive. This applies where the auditor is unable to obtain sufficient appropriate audit
evidence on which to base the opinion, and concludes that the possible effects of
undetected misstatements, if any, could be both material and pervasive.
- This also applies to extremely rare circumstances where it is not possible to form an
opinion due to the potential interaction of multiple uncertainties and their possible
cumulative effect on the financial statements. This applies even where the auditor has
obtained sufficient audit evidence regarding each of the individual uncertainties.
Types of Modified Opinions as per ISA 705 (Revised) A1:
Emphasis of matter paragraphs

ISA 706 (Revised): paragraph 6
The objective of the auditor, having formed an opinion on the financial statements, is to
draw users’ attention, when in the auditor’s judgment it is necessary to do so, by way of clear
additional communication in the auditor’s report, to:
(a) A matter, although appropriately presented or disclosed in the financial statements, that
is of such importance that it is fundamental to users’ understanding of the financial
statements; or
(b) As appropriate, any other matter that is relevant to users’ understanding of the audit, the
auditor’s responsibilities or the auditor’s report.
Therefore an EoM refers to a matter already appropriately presented or disclosed in the AFS BUT In
the auditor’s judgement the matter is of such importance that it is fundamental to the user’s
understanding of the AFS.
Please note:
o The matter must be adequately presented or disclosed already!

o This is not a disagreement with management
o This is not a limitation of scope
o Emphasis of matter is NOT a substitute for any type of modification of opinion
o If there is refusal to present or disclose appropriately then this would require a modification
Emphasis of matter paragraphs are used to draw the users attention to significant matters in the
financial statements. Such paragraphs are necessary in the following circumstances:
1. There is a material uncertainty about the client’s ability to continue as a going concern that
has been disclosed in the financial statements.
2. There is a significant uncertainty, the resolution of which depends on future events and which
may affect the financial statement, where such a contingency has been disclosed in the
financial statements.
3. There has been a contravention of statute that is disclosed in the financial statements.
Examples of EoM: Uncertainty relating to exceptional litigation or regulatory action, subsequent

events, a major catastrophe, other significant uncertainties and inconsistencies, and early application
(where permitted) of a new accounting standard.
Legal and other matters paragraph

This is used to draw attention to any contravention of statute by the client (including non-compliance
with IFRS). This paragraph would also make users aware of the fact that an irregularity has been
reported to IRBA.
“Other Matters” are matters relevant to users’understanding of the audit function but not disclosed
in the financial statements. Any matter(s) (other than those presented or disclosed in the financial
statements) that are relevant to the users’ understanding of the audit, the auditor’s responsibilities,
and/or the auditor’s report.
Determining how to modify the audit report

1. Determine whether misstatements are material (see above).
2. Determine whether material misstatements are pervasive (see above).
3. Determine whether the going concern assumption is appropriate.
4. Consider whether there is any material uncertainty and whether such an uncertainty is
pervasive (see above).
5. Conclude on the type of audit opinion that should be given, based on the above.
6. Consider whether an emphasis of matter paragraph is required.
7. Consider whether a legal and other matters paragraph is required.
Audit Reporting
Drafting a report
ISA 700 (Revised), ISA 705 (Revised) and ISA 706 (Revised) Appendices contain illustrated examples
of the audit reports, including modifications and emphasis of matter paragraphs. Students should
familiarise themselves with these illustrated examples and flag them so that they can find them quickly
in an exam. Flag an example of each of the following:
• Unqualified report
• Qualified report
• Disclaimer of opinion
• Adverse opinion
• Emphasis of matter paragraph
• Legal and other matters paragraph
SAAPS 3 (Revised)
This South African Auditing Practice Statement (SAAPS) 3 (Revised November 2013), Illustrative
Reports was prepared by the Committee for Auditing Standards (CFAS) of the Independent Regulatory
Board for Auditors (IRBA) and was approved for issue in November 2013. SAAPS 3 (Revised November
2013) provides practical assistance to auditors when reporting on financial statements that meet the
requirements of the International Standards on Auditing (ISAs) and the International Standards on
Review Engagements (ISREs) and comply with South African jurisdictional requirements, mainly the
Companies Act and the Public Audit Act.
Why is the SAAPS 3 (Revised) important for your purposes?

1) It contains many useful audit report and opinion illustrated examples.
2) The illustrated reports take the ISA requirements and add the South African jurisdictional
requirements, mainly the Companies Act and the Public Audit Act. So the wording of certain
areas is slightly different to take into account the South African specific additions to the audit
report and opinion.
It is recommended that you use the SAAPS 3 (Revised).
Students should be able to adapt these illustrative examples to the issues in the scenario. Please note
the following if you ever have to draft an audit report or opinion in an exam:
1. The following paragraphs are not relevant to the audit opinion and should not be drafted in
an exam: (these issues form part of the audit report as a whole)
“The supplementary schedules set out on pages xx to xx do not form part of the annual
financial statements and are presented as additional information. We have not audited these
schedules and accordingly we do not express an opinion on them."
" With the written consent of all members, we have performed certain accounting and
secretarial duties."
" We have also audited the <whatever it is>, which is the responsibility of the directors and is
set out in pages xx to xx in accordance with statements of South African Auditing Standards.
In our opinion this statement has been properly prepared on the basis set out in the notes
thereto."
" Without qualifying our opinion above, we draw attention to the fact that a register of
directors' interests in contracts with the company, as required by the Regulations to the
Companies Act, has not been maintained."
2. The dates and company names will need to be changed to match those in the scenario.
3. The matters that resulted in modifications will need to be adapted to reflect those in the
scenario.
The Structure of the Audit Report
Refer to ISA 700 (Revised) para 21-52 for a description of, and the order of, each section in the audit
report. The order is as follows:
• Title
• Addressee
• Auditor’s Opinion
• Basis for Opinion
• Going Concern
• Key Audit Matters
• Other Information
• Responsibilities of Management and Those Charged with Governance for the Financial
Statements
• Auditor’s Responsibilities for the Audit of the Financial Statements
• Other Reporting Responsibilities
• Name of the Engagement Partner
• Signature of the Auditor
• Auditor’s Address
• Date of the Audit Report
Note:
 Refer to the Appendix at the back of ISA 700 (Revised) for illustrated examples.
 Refer to the Appendix at the back of ISA 705 (Revised) for illustrated examples of modified
audit reports.
 Refer to the Appendix at the back of ISA 706 (Revised) for illustrated examples of audit reports
with emphasis of matter paragraphs.
How does a Reportable Irregularity impact the Audit Report?
Section 44 of Auditing Profession Act (section 44(3)(e)) states that an auditor must qualify (“except
for”) the opinion if:
• A reportable irregularity exists that has not been reported or is not resolved, or
• A reportable irregularity is in the process of being reported and the second report to be sent
30 days after the initial report is outstanding
Therefore, if there is a Reportable Irregularity, it must impact the opinion paragraph.
In addition to modifying the opinion paragraph regarding the issue, the Audit Report should include
disclosure of all legal or regulatory infringements under the heading “Report on Legal and Regulatory
Requirements”.
ISA 701 Communicating Key Audit Matters in the Independent Auditor’s Report
This is significant. In many people’s opinion, ISA 701 is the most significant change in auditing
standards in the past many years. Key audit matters (KAM) will be of great use to the users of the
financial statements, and you must make sure you understand why this is so.
From ISA 701 “Scope” discussion, there is a good explanation:
• It is intended to address both the auditor’s judgment as to what to communicate in the

auditor’s report and the form and content of such communication.
(Note > It is based on the auditor’s judgement of what the users should understand before
reading the financial statements. It is specifically not management or the Board’s opinion.
Management has no say in this! It will be going in the Audit Report.)
• The purpose of communicating key audit matters is to enhance the communicative value of
the auditor’s report by providing greater transparency about the audit that was performed.
Communicating key audit matters provides additional information to intended users of the
financial statements (“intended users”) to assist them in understanding those matters that, in
the auditor’s professional judgment, were of most significance in the audit of the financial
statements of the current period. Communicating key audit matters may also assist intended
users in understanding the entity and areas of significant management judgment in the
audited financial statements.
(Note > Kam is about discussing the audit areas of most significance. What are the greatest
risk areas in the financial statements?)
• The communication of key audit matters in the auditor’s report may also provide intended
users a basis to further engage with management and those charged with governance about
certain matters relating to the entity, the audited financial statements, or the audit that was
performed.
• Communicating key audit matters in the auditor’s report is in the context of the auditor having
formed an opinion on the financial statements as a whole. Communicating key audit matters
in the auditor’s report is not:
(a) A substitute for disclosures in the financial statements that the applicable financial
reporting framework requires management to make, or that are otherwise necessary to
achieve fair presentation;
(b) A substitute for the auditor expressing a modified opinion when required by the
circumstances of a specific audit engagement in accordance with ISA 705 (Revised);
(c) A substitute for reporting in accordance with ISA 570 (Revised) when a material uncertainty
exists relating to events or conditions that may cast significant doubt on an entity’s ability to
continue as a going concern; or
(d) A separate opinion on individual matters.
The definition of a KAM:

“Those matters that, in the auditor’s professional judgment, were of most significance in the audit of
the financial statements of the current period. Key audit matters are selected from matters
communicated with those charged with governance.”
How does the auditor determine what is a KAM for inclusion in the audit report?
ISA 701: 9
The auditor shall determine, from the matters communicated with those charged with governance,
those matters that required significant auditor attention in performing the audit. In making this
determination, the auditor shall take into account the following:
(Ref: Para. A9–A18)
(a) Areas of higher assessed risk of material misstatement, or significant risks identified in accordance
with ISA 315 (Revised).5 (Ref: Para. A19–A22)
(b) Significant auditor judgments relating to areas in the financial statements that involved
significant management judgment, including accounting estimates that have been identified
as having high estimation uncertainty. (Ref: Para. A23–A24)
(c) The effect on the audit of significant events or transactions that occurred during the period. (Ref:
Para. A25–A26)
Therefore the concept KAM is strongly linked to the risks of material misstatement, auditor judgement
and significant events and transactions that have occurred in the company during the year. Can you
see how this disclosure by the auditor, in the audit report, will add significant value to the user’s
understanding of the entity and the financial statements? Hence why many consider ISA 701 to be
such a significant change to the ISAs.
Specific Topics
Using the Work of Others
The following are third parties whose work may be relied upon during the audit:
1. Internal auditors
2. Component auditors
3. Audit and management experts
Using the work of internal auditors (ISA 610 Revised)

In terms of ISA 500 the onus is on the external auditor to obtain sufficient appropriate evidence to be
able to draw reasonable conclusions on which to base the audit opinion.
The following is well explained in ISA 600 Revised (so please make use of it):
The auditor would consider the following:

1. The organisational status and objectivity of the internal audit function:
• Do they report to and have direct access to those charged with governance?
• Are they free from any conflicting responsibilities?
• Are they free from operational responsibilities?
• Are there any constraints or restrictions placed on the internal audit function?
• Are the internal auditor’s members of relevant professional bodies?
• Is there sufficient audit committee oversight to ensure all of the above?
2. The technical competence of internal audit staff:

• Do internal auditors have adequate:
o Resources
o Qualifications
o Experience
o Training and polices
• Are the policies for hiring and firing appropriate?
• Have they failed to pick up on anything obviously wrong?
3. Whether the internal audit function exercises due professional care and conduct:
- Are activities properly planned, performed, supervised and document?
- Are internal auditors free to communicate with external auditors?
- Are regular meetings held?
The auditor would assess the work performed by the auditor by (refer to the Application guidance in
ISA 600 Revised):
1. Reviewing internal audit working papers
2. Performing tests on similar items
3. Re-performing a sample of items already tested
4. Enquiring of staff regarding the procedures used by the function and considering the
appropriateness thereof
5. Considering whether or not:
- The work was performed by a person with adequate training and proficiency
- Conclusions are supported by audit evidence and are appropriate
- Exceptions, errors and abnormal items were properly resolved
Important Aspect of ISA 600 (Revised): Using Internal Audit to provide “direct assistance” in the
audit
Note: This is a very significant change to the standard! So what does it mean and what are the
restrictions imposed?
Evaluate the significance of threats to objectivity and the level of competency of internal audit.
Respond according to the amount of judgement involved in internal audit work, the assessed RoMM,
organisational status and competence of internal audit.
The auditor cannot use internal audit in “direct assistance” (para 30) if:
- It involve significant audit judgements, and
- Relates to high assessed RoMM where the judgement required is more than limited,
and
- Relate to work which IA report to management
Example: internal audit can be asked to check the accuracy of the age analysis for accounts receivable,
but not to evaluate the adequacy of the allowance for doubtful debts (assuming of course that the
valuation of accounts receivable is assessed as high RoMM)
Using internal audit to provide “direct assistance” (Para 26-35)

- Obtain written authorisation from the client allowing internal audit to provide “direct
assistance”
- Management must commit not to intervene in the work done by internal audit in this
regard
- Obtain written agreement from internal audit that they will keep confidential matters
instructed by the auditor and
- Inform the auditor of any threats to their objectivity
- The auditor must direct, supervise and review the work done by internal audit
Audits of Groups and Component Auditors (ISA 600)

Group Audits:
The group engagement partner shall determine whether sufficient appropriate audit evidence can
reasonably be expected to be obtained in relation to the consolidation process and the financial
information of the components on which to base the group audit opinion. For this purpose, the group
engagement team shall obtain an understanding of the group, its
components, and their environments that is sufficient to identify components that are likely to be
significant components. Where component auditors will perform work on the financial information of
such components, the group engagement partner shall evaluate whether the group engagement team
will be able to be involved in the work of those component auditors to the extent necessary to obtain
sufficient appropriate audit evidence.
There shall be a separate overall group audit strategy, group risk assessment, group materiality and
group audit plan.
Component Auditors:
In a group environment the auditor of a holding company may need to rely on the audited financial
statements of its subsidiaries and associates. The auditors of these subsidiaries and associates are
known as component auditors.
In order to establish whether the audit work complied with IFRS, the auditor would perform the
following procedures:
1. Consider the component auditor’s:
- Ethical behaviour
- Independence
- Competence and the impact of these on reliance to be placed on work
2. Perform ARP’s of the component auditor’s financial statements
3. Discuss the audit with the component auditor
4. Request the auditors to complete consolidation questionnaires
5. Request the auditor to provide a summary of issues and how this were resolved
6. Review the auditors audit file
7. Obtain representation from other auditors
8. The depth and extent of procedures would vary based on the materiality of the work covered
The auditor would then prepare documentation concerning the depth extent of the procedures listed
above and the conclusion reached. Finally, they would review the component audit report for any
modifications, and consider the impact of these on the group financial statement.
Using the work of an audit expert (ISA 620)
The auditor will often rely on the work on an expert when performing substantive procedures.
When appointing the expert, the auditor should:

1. Obtain the client’s permission to use an expert
2. Consider the experts qualification, capability and objectivity. Factors to consider include:
• Whether expert is a member of a professional body
• Experts reputation and experience in industry
• The experts independence and objectivity
• Any published papers or books written by expert
3. Consult with the expert prior to appointment regarding:
• The objective of his work
• The basis to be used for valuations or models
• Any methods and assumptions to be used
If client refuses to allow the auditor to use an expert, this would constitute a limitation of scope and
would result in the auditor expressing a qualified opinion or a disclaimer of opinion
In evaluating the adequacy of the expert’s work, the auditor would consider:
1. The relevance and reasonableness of his final conclusions
2. The relevance and reasonableness of the models and assumptions used in arriving at
conclusions
3. The relevance, completeness and accuracy of source data used by the expert
Subsequent Events (ISA 560)
Events occurring between the Date of the Financial Statements and the Date of the Auditor’s Report
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit evidence
that all events occurring between the date of the financial statements and the date of the auditor’s
report that require adjustment of, or disclosure in, the financial statements have been identified. The
auditor is not, however, expected to perform additional audit procedures on matters to which
previously applied audit procedures have provided satisfactory conclusions.
Per para 7 of ISA 560:

- Obtaining an understanding of any procedures management has established to ensure
that subsequent events are identified.
- Inquiring of management as to whether any subsequent events have occurred which
might affect the financial statements.
- Reading management and director meeting minutes, for meetings held after the date of
the financial statements and inquiring about matters discussed at any such meetings for
which minutes are not yet available.
- Reading the entity’s latest subsequent interim financial statements, if any.
- Additional procedures provided in para A8 and A9 of the standard.
• Facts which become known to the Auditor after the Date of the Auditor’s Report but before
the Date the Financial Statements Are Issued – refer to ISA 560 para 10-11.
o The auditor may have to issue a new audit report.
• Facts which become known to the Auditor after the Financial Statements Have Been Issued
– refer to ISA 560 para 14-15.
o The auditor may have to issue a new audit report.
Other Issues
Difference between Audit and Review Engagements

An audit provides reasonable assurance on whether the financial statements of a company are fairly
represented. A review, on the other hand, provides only limited assurance. As a result of this
difference, an audit requires more extensive procedures to be performed than is required for a review.
Refer to IRSE 2400 (revised) for a description of a review engagement.
Advantages and Disadvantages of Audit and Review Engagements
An Audit
• The advantage is that a full audit would provide the client and its stakeholders with reasonable
assurance regarding the fair representation of the financial statements
One would recommend that the AFS be audited for the following reasons:
• Financial statements are accepted as reliable by third parties (e.g. Banks, shareholder potential
investors etc.);
• And therefore the company would be more likely to access credit at lower interest rates.
• The committing of fraud by employees and/or management is deterred (discouraged/ prevented)
• The Receiver of Revenue (SARS) accepts the audited financial statements as a basis for the tax
calculation with less questioning.
• The audited financial statements provide a reliable basis for the valuation of a business or a
shareholder’s interest.
• The audited financial statements are considered to provide a sound basis for the settlement of
claims.
• Credibility of financial statements promotes business trust and promotes business transactions!
• The auditor’s knowledge of business and finance puts him/her in the position to give valuable tax
and business advice. This may lead to the client’s business becoming more efficient and effective
leading to greater profits.
• The management report issued by the auditor in terms of ISA 265 will help management identify
control deficiencies and therefore improve the operations of the company.
• Disadvantages are that:

o An audit would be time consuming;
o The audit fee may be excessive in relation to the benefits.
o The risk to the auditor of litigation is high
A Review
• Would give only limited assurance, but could well be acceptable to the client and other interested
parties (banks etc.).
• The principal advantage is that a review would save time and cost.
• The risk to the auditor of litigation is limited.
The advantages/benefits of an audit given above apply to a lesser degree to a review engagement
simply because of the lower degree of assurance provided.
Determining Whether a Company is required to be Audited
Companies required to be audited
In terms of s30 of the Companies Act the following companies are obliged to be audited:
• A public company
• A state-owned company
• A company whose Memorandum of Incorporation requires it to be audited
In addition, Regulation 28 the Companies Act requires the following companies to be audited:
• A company that holds or administers funds of more than R5 million in a fiduciary capacity (e.g.
pension fund)
• Any company with a public interest score of 350 or above;
• A company with a public interest score of between 100 and 350, where the financial statements
are internally compiled.
In terms of s29 of the Regulations to the Companies Act any company that is not required to be
audited must be reviewed. However, a company may be exempt from a review in terms of
S30(2)(A) of the Companies Act if all its directors are shareholders. Note that a company cannot
be exempted from an audit.
Public interest score

In terms of Regulation 26 and 28 read in conjunction with section 30 of the Companies Act, a
company’s Public Interest Score is calculated as follows:
• One point per employee (excluding contract workers), using the average for the year
• One point for every R1 million (or part thereof) in third party liabilities held at the year-end
• One point for every R1 million (or part thereof) in turnover
• One point per shareholder
Exam technique
Students should use the following approach when determining whether a company is required to be
audited or reviewed:
• Discuss whether the company is required to be audited in terms of s30 of the Companies Act
• If not, calculate the public interest score
• Discuss whether the company is required to be audited in terms of s28 of the Regulations
• If the company is not required to be audited in terms of the above, consider whether all the
directors are shareholders.
o If not, then the company must be reviewed
o If so, then the company does not need to be audited nor reviewed
Review Engagements
Students should read the revised Version of IRSE 2400.
Review procedures
Review procedures are far less detailed than audit procedures. The following table shows the
procedures used in an audit compared to those used in a review:
Audit procedures not required in reviews Audit Procedures

Inspect Enquire
Confirm Analytical Review
Reperform / Recalculate
This difference in procedures used should be born in mind when designing procedures for a review
engagement.
When an auditor performs a review:

• The client may not restrict the scope of the engagement.
• The audit procedures are limited, concentrating on:
o Obtaining knowledge of the entity;
o Understanding accounting practices;
o Enquiry of and discussion with management and staff; and
o Analytical review.
• The auditor is not compelled to obtain substantive evidence.
• The auditor is not compelled to study internal controls.
• If the information appears reliable, the auditor would assume that no amendment to the
information is necessary.
• If the information appears unreliable, the auditor would perform additional MORE DETAILED
procedures.
• The auditor would also:
o Enquire about subsequent events.
o Enquire re material assertions;
o Enquire re meetings of shareholders, board, etc.
o Read the financial statements;
o Read reports from other auditors;
o Enquire whether all transactions are recorded, and financial statements are prepared
in accordance with accounting framework etc.
o Obtain management representations
Refer to IRSE 2400 (revised) for a description of a review engagement.
Code of Professional Conduct (CPC)

Undoubtedly the most important quality and prerequisite for members of the profession is the highest
standard of professional ethics. Intellectual and practical competency is important of course but the
trust and reputation of the profession in the mind of the public can easily be eroded by a lack of
professional ethics.
As was seen in the analysis of past exams and the beginning of this pack, ethics questions are a
common part of the ITC/QE past papers and can be integrated into most, if not all, scenarios.
Here are some helpful tips for addressing ethics and the CPC for the exam:
• Learn to see an ethical conflict of interest situation in a scenario and then simply be able to
explain why it presents a conflict of interest through a clear application of the threats to
the fundamental principles per Part A of the CPC. A conflict of interest is usually a threat
to the fundamental principles. There are 5 threats to 5 fundamental principles per Part A
of the CPC. Apply these to your answer.
• Be familiar with the table of contents (provided below) of the CPC. A thorough knowledge
of this table of contents really will help you in the exam if an issue presents itself that is
dealt with in the CPC – you will know where to go look! There is no need to learn the entire
CPC.
• Understand that independence of the auditor (in public practice of course) is very
important and largely dealt with in section 290 of the CPC. It is highly recommended that
you briefly work through the various parts of section 290 to familiarise yourself with the
various areas where the INDEPENDENCE of the auditor is compromised.
• Read the tables provided below to revise various scenarios that can present a threat to
independence and the appropriate considerations and responses that could follow these
threats.
• Depending on the question asked of course, most conflict of interest scenarios will require
you to provide considerations as well as possible responses. Use the tables below to revise
threats to independence and appropriate considerations/ responses.
Fundamental principles section 100.1 of CPC:

a) Integrity – to be straightforward and honest in all professional and business relationships.
b) Objectivity – to not allow bias, conflict of interest or undue influence of others to override
professional or business judgments.
c) Professional Competence and Due Care – to maintain professional knowledge and skill at the
level required to ensure that a client receives competent professional services based on
current developments in practice, legislation and techniques and act diligently and in
accordance with applicable technical and professional standards.
d) Confidentiality – to respect the confidentiality of information acquired as a result of

professional and business relationships and, therefore, not disclose any such information to
third parties without proper and specific authority, unless there is a legal or professional right
or duty to disclose, nor use the information for the personal advantage of the chartered
accountant or third parties.
e) Professional Behaviour – to comply with relevant laws and regulations and avoid any action
that discredits the accountancy profession.
The Table of Contents: Code of professional conduct for chartered accountants

Introduction and application
Definitions
PART A: General application of the code

100 Introduction and Fundamental Principles
110 Integrity
120 Objectivity
130 Professional Competence and Due Care
140 Confidentiality
150 Professional Behaviour
PART B: Chartered accountants in public practice

200 Introduction
210 Professional Appointment
220 Conflicts of Interest
230 Second Opinions
240 Fees and Other Types of Remuneration
250 Marketing Professional Services
260 Gifts and Hospitality
270 Custody of Client Assets
280 Objectivity – All Services
290 Independence – Audit and Review Engagements
291 Independence – Other Assurance Engagements
PART C—Chartered accountants in business

300 Introduction
310 Potential Conflicts
320 Preparation and Reporting of Information
330 Acting with Sufficient Expertise
340 Financial Interests
350 Inducements
Note: As recommended above – have a good knowledge of this table of contents (and the table of
contents provided for section 290 as well) so that you can adequately use this CPC in answering a
question. Knowing “where to go” in the CPC can provide easy marks when answering an ethics
question.
Addition notes: Section 290 of the SAICA CPC
Note: The purpose of these notes are:
1. For you to work through section 290 of the CPC.

2. To learn how to assess the significance of the threats to independence. Always discuss the factors that influence the significance of a threat.
3. To learn how to apply safeguards. Sometimes the safeguard comes right from the CPC itself. Most of the time you need to apply them using common
sense given the scenario.
ISSUE: Provides a brief description of a scenario that can present itself to the auditor. Obviously the issue presents a threat to the
auditor’s independence in some way.
SIGNIFICANCE ASSESSED: What will have an impact on the significance of such a threat to independence? Sometimes this is guidance straight from the
CPC section 290, other times it is simply common sense considerations.
SAFEGUARDS: What should the auditor do in order to respond to such a threat to independence? What safeguards should be put in place to
manage these threats?
INDEPENDENCE ISSUE: SIGNIFICANCE ASSESSED: SAFEGUARDS:
Client: ShowMin (Pty) Ltd
Audit Firm: Lip & Associates factors to consider when determining the significance of the examples of appropriate safeguards
threat to independence
Audit Partner: Fiona Green
Holding a financial interest in ShowMin: • The role of the person holding the financial interest o (see below)
s290.102
• Whether the financial interest is direct or indirect

• The materiality of the financial interest
A member of the audit team of Lip & Associates • Always assessed as significant o No safeguards are able to reduce the
or their daughters have a direct financial interest threat to a significant level
S290.104
or material indirect financial interest in

ShowMin.
A member of the audit team’s cousin has a direct • The nature of the relationship between the member of o The close family member to dispose, as
or indirect material financial interest in the audit team and the close family member soon as practical, all of their financial
ShowMin. • The materiality of the financial interest interest or sufficient portion so that the
remaining indirect interest is no longer
The audit member is aware of his’s cousin’s
S290.105
material.
financial interest. o Have a chartered accountant review that
member’s work.
o Remove the individual from the audit
team.
An audit partner working alongside Fiona Green, • Always assessed as significant, o As significant, no safeguards available to
S290.108
and their parents hold a direct/material indirect • Unless held as a result of immediate family member’s reduce the threat to an acceptable level.
financial interest in ShowMin. employment rights.
An audit partner working alongside Fiona Green • Always assessed as significant o No safeguards available
S290.110
provides non-assurance services to Lip & • Unless held as a result of immediate family member’s
Associates and holds a financial interest. employment rights.
Carl Glock is a member of the audit team of Lip • Is the amount material o The audit member should dispose of the
& Associates. Carl Glock is busy working on the • Can the audit client exercise significant influence over interest, or,
2016 audit of ShowMin. the entity o Dispose of a sufficient amount of the
interest so the remaining interest is no
S290.112
longer material.
Both Carl and ShowMin hold a financial interest

in Alibi Ltd.
Carl Glock is a member of the audit team of Lip • The role of the professional on the audit team o Remove the member from the audit team.
& Associates. Carl Glock is busy working on the • Whether ownership of the entity is closely or widely o Have a chartered accountant review the
2016 audit of ShowMin. held work of the member.
S290.113
• Does the interest give the investor the ability to control

or significantly influence the entity
• How material is the financial interest
Both Carl and the CEO of ShowMin hold a
financial interest in Alibi Ltd.
A known financial interest in ShowMin held by • Consider the firm’s organisational, operating and o Remove the member of the audit team
partners in the firm, other than discussed in the reporting structure with the personal relationship from the
S290.115
above principle and other than immediate • The nature of the relationship between the individual audit team.
family. and the member of the audit team o Having a chartered accountant review the
work of the member.
A member of the audit team, Liam Youngen or • Assessed as significant if the loan or guarantee is not o No safeguard available, no firm shall accept
his sister, Deborah has received a loan from an made under normal lending conditions such a loan or guarantee.
audit client that is a bank, or similar institute.
S290.117
o In in any other case, have the work

• In any other case, assess, reviewed by a chartered accountant from a
• Is the loan made under normal lending conditions network that is neither involved with the
• Is it material to the audit client or firm receiving the audit nor received the loan.
loan
(same as above, however not a bank) • Significant, unless the loan is material o No safeguards available
S290.120
Fiona Green, has a financial interest in a joint • Significant, unless the financial interest is immaterial o No other safeguards available other than
S290.123
venture with the CEO of ShowMin. and the business relationship is insignificant. to remove the individual from the audit
team.
Lip & Associates uses the streaming service • Has the transaction been made in the normal course of o Eliminate or reduce the magnitude of the
S290.125
provided by ShowMin, to watch series and business and at arm’s length transaction.
movies in the office entertainment room. • Nature and magnitude of the transaction o Remove the individual from the audit
team.
Steve Green, Fiona Green’s husband is currently • The position held by the immediate family member o Remove the individual from the audit team
an executive director of ShowMin. • The role of the professional on the audit team o Structure the responsibilities of the audit
• Is the family member of the audit team member in a team so that the professional does not deal
position to exert significant influence over the client’s with matters that are within the
S290.127
financial position, performance or cash flows responsibility of the immediate family

Or, member.
Had held an executive position during the period

covered by the audit of the financial statements.
Veronica Fisher, Fiona Green’s cousin is currently • The nature of the relationship between the member of o Remove the individual from the audit
the CEO of ShowMin. the audit team and the close family member team.
• The position held by the close family member o Structure the responsibilities of the audit
S290.129
• The role of the professional on the audit team team so that the professional does not deal
with matters that are within the
responsibility of the close family member.
A member of the Lip & Associates audit team has • The nature of the relationship between the individual o Remove the individual from the audit
a close relationship with the director of and the member of the audit team team.
ShowMin. • The position the individual holds with the client o Structure the responsibilities of the audit
S290.130
• The role of the professional on the audit team team so that the professional does not deal
with matters that are within the
responsibility of the individual whom the
They share an apartment in the CBD. professional has a close relationship.
Ian Red another partner of Lip & Associates who • The nature of the relationship between the partner or o Structuring the partner’s or employee’s
does not sit on the audit of ShowMin has been the employee of the firm and the director of the client responsibilities to reduce any potential
dating Mikey Thug, the IT manager of ShowMin. • The interaction of the partner or employee of the firm influence over the audit.
S290.131
with the audit team o Have a chartered accountant review the

• The position of the partner or employee within the firm relevant audit work performed.
• The position the individual holds within the client
Fiona Green has joined the audit client in such a • Always assessed as significant, unless, the individual is o As significant no safeguards are available.
position and a significant connection remains not entitled to any payments or benefits from the firm
between Lip & Associates and Fiona. and the individual does not continue to participate in o In any other case, potential safeguards,
the firm’s professional activities. o Modify the audit plan.
o Assign individuals to the audit team who
• In this case, assess, have sufficient experience.
S290.132
• Position the individual has taken in the client o Have a chartered accountant review the
• Any involvement the individual will have with the work of the former member.
audit team
• The length of time since the individual was a
member of the audit team
• The former position of the individual within the audit
team
Carl Glock a member of the audit team • o Remove the individual from the audit
S290.136
participates in the audit of ShowMin while team.

knowing that he may join the firm in the future. o Review any significant judgements made
by the individual while on the audit team.
Fiona Green joins ShowMin as a director. • Independence is compromised and therefore the threat o No safeguards.
S290.137
is significant.
The senior partner of Lip & Associate resigns and • Significant, independence is compromised, unless 12 o No safeguards
S290.138
fulfils the position of CEO at KevBall Ltd. months have passed.
KevBall Ltd is an audit client of Lip & Associates.
Lip & Associates often loan their staff to their • The period of time that staff are loaned to the firm o Conduct an additional review of the work
audit clients. • Are staff providing non-assurance services performed by loaned staff.
• Are staff assuming management responsibilities o Do not give loaned staff audit responsibility
S290.140
• Are loaned staff or the audit client responsible for for any function that the performed during
directing and supervising activities their temporary assignment.
o Do not have the loaned staff as a member
of the audit team.
Fiona Green was previously employed as the CFO • Significant if, during the period covered by the audit o In such instances where the threat is
of ShowMin. Her roles as CFO included the report a member of the audit team had served as a significant no safeguards apply.
preparation of the accounting records. director, employee and was in a position to exert
significant influence
S290.141
• In any other case, assess, o In other cases,

As audit partner on the audit of ShowMin she is
• The position held by the individual o Conduct a review of the work performed
evaluating elements of the financial statements
• The length of time since the individual left the client by the individual as a member of the
that she had previously prepared.
• The role of the professional on the audit team audit team.
Fiona Green serves as a director on one of her • Significant o No safeguards are available to reduce this
clients board, and in addition to this acts as the • However, performing routine administrative functions threat
S290.144
Company Secretary of Lip & Associates. to support a company secretarial function does not
generally create a threat.
Fiona Green has served as the engagement • How long the individual has been on the audit team o Rotate senior personnel off the audit team.
partner of Lip & Associates for 10 years. • The role of the individual on the audit team o Have a chartered accountant who was not
• The structure of the firm a member of the audit team review the
S290.148
• The nature of the audit engagement work of senior personnel.

• Whether the client’s management team has changed o Regular independent internal or external
• The nature or complexity of the client’s accounting quality reviews of the engagement.
Lip & Associates has provided ShowMin with • Does not create a threat if, it necessitates dialogue o However, the firm must not assume a
accounting and bookkeeping services. between the firm and management of the audit client: management responsibility.
• The application of accounting standards or policies
and financial statement disclosure
• The appropriateness of financial and accounting
control and the methods used in determining the
stated amounts of assets and liabilities
• Proposing adjusting journal entries
S290.165
• In any other case, consider whether,

o In these cases, arrange for such services to
• The firm is not a public interest entity, the
be performed by an individual who is not a
significance must be assessed.
member of the audit team
o If such services are performed by a
• The firm is a public interest entity, assess, member of the audit team, use a partner
• Is it an emergency situation or senior staff member with expertise who
• Is it of a routine or mechanical nature is not a member of the audit team to
• Services are collectively immaterial review the work performed.
Lip & Associates provided emergency accounting • Does not create a threat if all safeguards are applied. o Those who provide the services must not
and bookkeeping services to ShowMin. be members of the audit team.
o The services are provided for only a short
S290.171
period of time.
o The situation is discussed with those
charged with governance.
A company is looking to purchase a substantial • Will the valuation have a material effect on the o Have a professional who is not involved in
portion of the shares in ShowMin and has financial statements providing the valuation service review the
requested ShowMin provide them with a • The extent of the client’s involvement in determining audit or valuation work performed.
discounted cash flow valuing the equity in the and approving the valuation methodology and other o Make arrangements such that personnel
business. significant matters of judgement providing such services do not participate
• The availability of established methodologies and in the audit engagement.
professional guidelines
S291.172
• For valuations involving standard methodologies, the

Lip & Associates has agreed to perform the degree of subjectivity inherent in the item
valuation and make assumptions regarding the
• The reliability and extent of underlying data
applicable methodologies and techniques.
• The degree of dependence on future events of a nature
that could create significant volatility in amounts
• Extent and clarity of disclosures in the financial
statements
When performing the audit of ShowMin, Fiona • The system by which the tax authorities assess and o (depends on whether the client is a public
Green prepared all current and deferred tax administer the tax in question and the role of the firm interest entity or not)
calculations for the purpose of preparing the in that process o Use professionals who are not members of
accounting entries. • The complexity of the tax legislation the audit team
S290.178
• The degree of judgement necessary in applying the tax o If the service is provided by a member of
law the audit team have a partner with the
• The characteristics of the engagement appropriate expertise review the tax
These entries will subsequently be audited by calculation
• The level of tax expertise of client’s employees
Fiona Green’s audit team. Obtain advice from a tax professional
• Materiality of the amounts in the financial statements o
Lip & Associates will allocate half of its time at a • Always assessed as significant, if o No safeguards available.
client to performing tax advisory services. • the effectiveness of the tax advice depends on a
particular accounting treatment and the audit team
has reasonable doubt over the appropriateness, or
• the outcome has a material effect on the financial
statements on which the firm will express an opinion
o Potential safeguards in these instances,
• In other cases, consider the following,
S290.185
o Use a professional who is not a member

• The degree of subjectivity involved of the audit team
• The extent to which the tax advice will have a o Have a tax professional who is not
material effect involved in providing the tax service
• The level of tax expertise advise the audit team and review the
• The extent to which the tax advice is supported by financial statement treatment
tax law o Obtain advice on the service from an
• Whether the tax treatment is supported by private external tax professional
ruling or cleared by the tax authority
ShowMin has delayed payments to SARS and is • Always significant if, the amounts involved in the tax o If significant, no safeguard available.
thus subject to a tax dispute. Lip & Associates has dispute are material to the financial statements on
agreed to represent the client. which the auditor will express an opinion
• In any other case, consider,

• The extent to which the outcome of the dispute will
have a material effect on the financial statements o Safeguards to eliminate the threat in other
S290.189
• The extent to which the matter is supported by tax cases,

law o Use professionals who are not members
of the audit team
• Whether the proceedings are conducted in public
o Have a tax professional, who is not
• The role management plays in the resolution of the
involved in providing the tax service
dispute
advise the audit team
o Obtain advice on the service from an
external tax professional.
Lip & Associates reviews and monitors the • Do the internal audit services performed comprise a o No safeguards available if audit members
operating effectiveness of the internal controls significant part of the client’s internal audit activities are taking on management’s responsibility.
of ShowMin. • Are members of the audit team assuming the o Potential safeguards if the firm designates
S290.192
responsibility of the firm’s management an appropriate resource to be responsible

• at all times for internal audit activities.
o If management assess the scope of internal
audit services
The design and implementation of ShowMin’s • Consider whether the firm is a public interest entity or o Safeguards are dependent on whether the
software system was completed by a partner of not a public interest entity firm is a public interest entity or not.
S290.198
Lip & Associates. o Safeguards often require management of

the client to acknowledge their
responsibility with regard to IT.
ShowMin has been involved for the past year in • Assessed as significant if, the partner of the firm has o No safeguards available, no member
litigation with the broadcast committee for been appointed as the legal advisor for the client. should accept such an appointment
airing programmes without advising viewers on
the applicable viewing restrictions, namely o In this case,
18SNVL. • In any other case,
S290.206
o Use professionals who are not members

• The nature of the service of the audit team.
To this extent, Lip & Associates, including Fiona • Is the service provided by a member of the audit o Have a professional who was not
Green has assisted them by providing legal team involved in providing the legal service
advice. • The materiality of any matter in relation to the advise the audit team.
Lip & Associates has provided recruitment • The nature of the requested assistance o The firm shall not assume such
services to ShowMin. • The role of the person to be recruited management responsibilities, however,
S290.211
o The firm may generally provide such

They recruited the current CEO of ShowMin. services as reviewing the professional
qualifications of candidates.
Lip & Associates provides corporate financial • Assessed as significant if, the outcome of the service o As significant no safeguards available to
services for ShowMin. will have a material effect on the financial statements reduce the threat.
on which the auditor expresses an opinion.
Lip & Associates has assisted the company in
raising capital for investment projects.
• In any other case, assess,
S290.213
• Degree of subjectivity involved in determining the o In this case,

outcome of the services on the financial statements o Use professionals who are not members
• Extent to which the outcome will affect amounts in of the audit team.
the financial statements o Have a professional who was not
• Whether the effectiveness of the service is involved in providing the corporate
dependent on accounting treatment and there is finance service advise the audit team.
doubt as to the appropriateness
Fees received from ShowMin represent a large • The operating structure of the firm o Reduce the dependency on the client
portion of the total fees of Lip & Associates. They • Whether the firm is well established or new o External quality control reviews
S290.217
are therefore reliant on receiving such fees. • The significance of the client to the firm both o Consult a third party, such as the
quantitatively and qualitatively Regulatory Board, on key audit judgements
Fees generated from ShowMin represent a large • The significance of the client to the partner both o Reduce the dependency on the client
portion of the revenue from Fiona Green’s quantitatively and qualitatively o Have a chartered account review the work
S290.218
clients. • The extent to which the remuneration of the partner is or advise

dependent upon the fees generated by the client o Regular independent internal or external
quality reviews
Fees due from ShowMin have remained unpaid • Significance of the overdue fees o Have an additional chartered accountant
for a long time. • Whether the audit report has already been issued who did not take part in the audit, provide
advice or review the work performed.
S290.220
Fees are still outstanding after the audit report o Consider the appropriateness of the firm
has been issued. being re-appointed or continuing the audit
engagement.
Lip & Associates has directly or indirectly • Always assessed as significant o No safeguards available.
S290.222
charged ShowMin a contingent fee in respect of o The firm is not to enter into such fee
the audit engagement. arrangements.
Lips & Associates has charged ShowMin a • Always assessed as significant, if the fee is charged by o No safeguards available if assessed as
contingent fee for non-assurance work the firm expressing the opinion on the financial significant.
performed. statements and the fee is or would be material to the
firm
• In any other case, assess, o In this case,

• The range of possible fee amounts o Having a chartered accountant review
• Whether an appropriate authority determines the the relevant audit work or advise as
outcome of the matter upon which the contingent necessary.
fee will be based o Use professionals who are not members
of the audit team to perform the non-
S290.223
• The nature of the service

• The effect of the event on the financial statements assurance services.
A member of the audit team of Lip & Associates • The proportion of the individual’s compensation or o Revise the compensation plan or
is evaluated and compensated for selling non- performance evaluation is based on the sale of such evaluation process for that individual.
assurance services to ShowMin. services o Remove the member from the audit team
• The role of the individual on the audit team o Have a chartered accountant review the
• Whether promotion decisions are influenced by the work of the member of that audit team.
s290.225
sale of such services
Lip & Associates and members of the audit team • Consider the value of the gift/hospitality o Unless the value of the gift/hospitality is
have accepted ShowMin’s gift of various trivial and inconsequential, the threat
Hawaiian T-shirts as well a ticket and created would be so significant that no
accommodation to visits the island on safeguards could reduce the threat to an
completion of the audit. acceptable level.
s290.227
Litigation has taken place or appears likely to • The materiality of the litigation o If the litigation involves a member of the
take place between Lip & Associates or a • Whether the litigation relates to a prior audit audit team, removing that that individual
member of the audit team and ShowMin. engagement from the audit team.
o Having professional review the work
performed.
S290.228
Corporate Governance and King III
A simple statement right up-front: You must have read and have highlighted the entire King III Report
(2009). Do not go into the ITC exam without knowing your way around this report as many marks are
gained by simple statement and application of King III principles.
Corporate Governance is the system whereby entities are managed and controlled. The directors are
responsible for managing the entity whereas the shareholders are responsible for appointing the
directors. A good system of Corporate Governance is essential for the proper functioning of the
enterprise. The principal characteristics of Good Governance are set out below.
Transparency
Transparency is the ease with which an outsider is able to make meaningful analysis of a company’s
actions, its economic fundamentals and the non-financial aspects pertinent to that business. This is a
measure of how good management is at making necessary information available in a candid, accurate
and timely manner – not only the audit data but also general reports and press releases. It reflects
whether or not investors obtain a true picture of what is happening inside the company.
Accountability
Individuals or groups in a company, who make decisions and take actions on specific issues, need to
be accountable for their decisions and actions. Mechanisms must exist and be effective to allow for
accountability. These provide investors with the means to query and assess the actions of the board
and its committees.
Responsibility
With regard to management, responsibility pertains to behaviour that allows for corrective action and
for penalising mismanagement. Responsible management would, when necessary, put in place what
it would take to set the company on the right path. While the board is accountable to the company, it
must act responsively to and with responsibility towards all stakeholders of the company.
Fairness
The systems that exist within the company must be balanced in taking into account all those that have
an interest in the company and its future. The rights of various groups have to be acknowledged and
respected. For example, minority shareowner interests must receive equal consideration to those of
the dominant shareowner(s).
The Code of Governance

Included in the King Report is the Code of Governance. The Code is divided into 9 Chapters and
includes the core principles set out on the following pages.
Chapter 1 Ethical leadership and corporate citizenship
Chapter 2 Boards and directors
Chapter 3 Audit committees
Chapter 4 The governance of risk
Chapter 5 The governance of information technology
Chapter 6 Compliance with laws, rules, codes and standards
Chapter 7 Internal audit
Chapter 8 Governing stakeholder relationships
Chapter 9 Integrated reporting and disclosure
King III takes an “apply or explain” approach. Where it is in the best interests of a company, the board
of directors may depart from King III, provided this is explained with reasons.
The practical implication of this is that:
o Listed companies are obliged to comply with King III;
o State Owned Companies will probably comply because of the Public Finance
Management Act; and
o Many Private Companies will probably not comply because of the cost and
administrative burden.
Chapter 1: Ethical leadership and corporate citizenship
1. The board should provide effective leadership based on an ethical foundation.

Important considerations include:
o The four fundamental characteristics of sound governance set out on Page 1:
i. Providing strategic direction;
ii. Ensuring long term sustainability;
iii. Considering the environment; and
iv. Considering of all stakeholders and acting in the best interests of all
stakeholders.
2. The board should ensure that the company is and is seen to be a responsible corporate
citizen. Important considerations include:
o Considering the company’s impact on society and the economy;
o Considering the environment;
o Being guided by the Constitution and the Bill of Rights;
o Promoting ethical conduct and good corporate citizenship; and
o Implementing measurable corporate citizenship programmes.
3. The board should ensure that the company’ ethics are managed effectively.
o Ethical culture;
o Clear ethical standards (Code of Conduct) understood and enforced;
o Measurement of adherence to standards; and
o Considering ethical performance of business partners.
Chapter 2: Boards and directors

Responsibilities
1. The board should act as the focal point for and custodian of corporate governance. Important
considerations include:
o The establishment and use of a charter; and
o Meeting at least four times per year.
2. The board should appreciate that strategy, risk, performance and sustainability are
inseparable. Important considerations include strategies that:
o Identify and monitor key performance areas;
o Identify and manage significant risks; and
o Result in sustainable outcomes.
3. The board should provide effective leadership based on an ethical foundation.

This is dealt with in Chapter 1.
4. The board should ensure that the company is and is seen to be a responsible corporate
citizen. This is dealt with in Chapter 1.
5. The board should ensure that the company’s ethics are managed effectively.
6. The board should ensure that the company has an effective and independent audit
committee. This is dealt with in Chapter 3.
7. The board should be responsible for the governance of risk. This is dealt with in Chapter 4.
8. The board should be responsible for information technology (IT) governance.

9. The board should ensure that the company complies with applicable laws and considers
adherence to non-binding rules, codes and standards. This is dealt with in Chapter 6.
10. The board should ensure that there is an effective risk-based internal audit. This is dealt with
in Chapter 7.
11. The board should appreciate that stakeholders’ perceptions affect the company’s reputation.
12. The board should ensure the integrity of the company’s integrated report.
13. The board should report on the effectiveness of the company’s system of internal controls.
This is dealt with in the section concerning internal financial controls.
14. The board and its directors should act in the best interests of the company.
o Compliance with legal responsibilities;
o Compliance with acceptable standards of conduct;
o Disclosure of conflicts of interest;
o Dealing with company securities in accordance with regulation (insider trading) and
company policy;
o Taking independent advice where appropriate; and
o Companies should have policies and codes of conduct dealing with these issues.
15. The board should consider business rescue proceedings or other turnaround mechanisms as
soon as the company is financially distressed as defined in the Act. This is dealt with in
Chapter 10.
Composition
16. The board should elect a chairman of the board who is an independent non-executive
director. The Chief Executive Officer (CEO) of the company should not also fulfil the role of
chairman of the board. If this guideline is not applied a lead independent director should be
appointed and this fact should be disclosed. Important considerations include:
o Formalising the role of the chairman;
o Performance assessment;
o The impact of any other chairmanships held by the same individual outside of the
company; and
o Succession planning.
Note that a former CEO should not become Chairman until three years have elapsed.
The chairman should not:
o Be a member of the audit committee;
o Chair the remuneration committee; or
o Chair the risk committee.
The chairman may:
o Be a member of the remuneration committee;
o Be a member of the risk committee; and
o Be a member of and chair the nomination committee.
17. The board should appoint the chief executive officer and establish a framework for the
delegation of authority.
o Formalising the role of the CEO;
o Performance assessment; and
o Board input concerning other senior management appointments.
The CEO should not:

o Be the chairman;
o Be a member of the audit committee, risk committee, nomination committee, but

may attend by invitation; or
o Accept appointment as chairman of other companies outside of the group.
18. The board should comprise a balance of power, with a majority of non-executive directors.
The majority of non-executive directors should be independent. There should be a minimum
of two executive directors – the CEO and Chief Financial Officer (CFO). Important
o Annual assessment of independence. (Rigorous assessment after 9 consecutive
years.);
o Maintaining a board of sufficient size, skills, diversity and demographics;
o Rotate one third of non-executive directors each year; and
o A nomination committee to recommend prospective new directors.
An independent director is a director who:

o Does not represent a major shareholder;
o Does not have a material (greater than 5%) interest in the company;
o Has not been employed within the group as an executive for three years.
(Or a member of the immediate family of such a former executive.);
o Is not a professional advisor to the company;
o Is free from material business relationships with the company; and
o Does not receive performance-based remuneration.
19. Directors should be appointed through a formal process. Important considerations include:
o Transparency of the process;
o Background checks;
o Nomination committee; and
o Disclosure of directors’ particulars.
20. The induction of and on-going training and development of directors should be conducted
through formal processes. Important considerations include:
o Training through formal induction and mentorship programmes, and
o Continuing professional development.
21. The board should be assisted by a competent, suitably qualified and experienced company
secretary.
Evaluation
22. The evaluation of the board, its committees and the individual directors should be performed
every year. Important considerations include:
o This includes the chairman, CEO and other executive directors;
o Possible use of an independent service provider;
o This is used to identify training and development needs; and
o Reappointment only after evaluation.
Delegation
23. The board should delegate certain functions to well-structured committees, but without
abdicating its own responsibilities. The following committees are mentioned specifically:
o Audit Committee;
o Risk Committee;
o Nomination Committee; and
o Remuneration Committee.

o Establish and disclose terms of reference;
o Majority of non-executive directors of whom the majority are independent;
o External advisors may attend by invitation; and
o Committees are encouraged to take independent professional advice where

necessary.
24. A governance framework should be agreed between the group and its subsidiary boards.
Remuneration
25. Companies should remunerate directors and executives fairly and responsibly. Important
o The establishment of a remuneration committee which assists the board in setting
remuneration policies for:
 Senior executives;
 Non-executive directors; and
 And possibly all levels.
o Executive remuneration should be a mix of fixed and performance-based

remuneration and may be in cash, shares or other elements;
o Levels of pay should achieve sustainability by creating long term value and retaining
staff;
o Non-executive directors should receive a retainer plus fees for attending meetings;
o Non-executive directors’ remuneration should not be performance based;
o Executive remuneration should be a fair reflection of the individual’s contribution:
 Bonuses should relate to the achievement of specific performance objectives;

and
Performance targets / objectives should be reviewed annually and should

include multiple performance measures to avoid manipulation of results.
o Employment contracts should not commit the company to excessive severance

packages;
o Shareholders should approve share based incentive schemes in advance:
 The chairman and the non-executive directors should not receive share or
performance based incentives;
 Non-executive directors should not receive share options;
 Share option awards should not be backdated; and
 Share option awards should be exercisable between 3 and 10 years after

grant.
26. Companies should disclose the remuneration of each individual director and certain senior
executives. Important considerations include:
o The remuneration committee to report in the integrated report.
27. Shareholders should approve the company’s remuneration policy.
Chapter 3: Audit committees

1. The board should ensure that the company has an effective and independent audit
committee. Important considerations include:
o Public and state-owned companies are required to establish audit committees;
o Terms of reference should be approved by the board;
o The committee should meet at least twice a year; and
o The committee should meet at least once a year with internal and external auditors
without management present.
Composition
2. Audit committee members should be suitably skilled and experienced independent non-
executive directors. Important considerations include:
o At least three members;
o Vacancies should be filled by the board as soon as possible;
o All independent non-executive director;
o Board Chairman should not be a member;
o Should not be chaired by board Chairman;
o Members should be suitably qualified and experienced, and up to date; and
o The committee or its members may take independent professional advice where
necessary. There should be an agreed process for this.
3. The audit committee should be chaired by an independent non-executive director.

The audit committee chairman should be:
o Elected by the board;
o Involved in setting the agenda for meetings; and
o Present at the AGM.
Responsibilities
4. The audit committee should oversee integrated reporting. Important considerations include:
o Considering Factors and risks that could impact on the report’s integrity;
o Reviewing the financial statements;
o Reviewing sustainability disclosures of issues to ensure that this does not conflict with
financial information;
o Considering whether or not an external assurance provider is needed for

sustainability issues; and
o Considering the need for summarised information and whether or not this should be
audited.
5. The audit committee should ensure that a combined assurance model is applied to provide a
coordinated approach to all assurance activities. Important considerations include:
o Monitoring the relationship between internal and external audit; and
o Considering whether or not the combined assurance provided is sufficient to address

all significant risks.
6. The audit committee should satisfy itself of the expertise, resources and experience of the
company’s finance function. Important responsibilities include:
o An annual review of the finance function; and
o Reporting thereon in the integrated report.
7. The audit committee should be responsible for overseeing of internal audit.
Important responsibilities include:
o Appointment and dismissal of the Chief (Internal) Audit Officer (CAO);
o Performance management of the CAO;
o Approval of the internal audit plan; and
o Monitoring quality review of internal audit.
8. The audit committee should be an integral component of the risk management process.
Important responsibilities include oversight of:
o Financial reporting risks;
o Internal financial controls;
o Fraud risk to the extent that this relates to financial reporting; and
o IT risk to the extent that this relates to financial reporting.
9. The audit committee is responsible for recommending the appointment of the external
auditor and overseeing the external audit process. Important responsibilities include:
o Nominating the external auditor;
o Approving the terms of engagement;
o Approving the remuneration for the external audit;
o Monitoring the auditor’s independence;
o Setting policies for non-audit services awarded to the external auditor;
o Considering any information concerning any Reportable Irregularities reported by the

auditor; and
o Reviewing the overall quality and effectiveness of the external audit.
10. The audit committee should report to the board and shareholders on how it has discharged its
duties. This includes:
o Report to the Board on statutory duties and any duties assigned by the board; and
o Report to Shareholders on:
a. Compliance with its statutory duties;

b. The independence of the external auditor;
c. Its view on the financial statements;
d. Its view on the accounting practices; and
e. Whether or not internal financial controls are effective.
The committee should also recommend the integrated report for approval by the board. The
integrated report should disclose the committee’s:
o Role;
o Composition;
o Number of meetings; and
o Activities.
Chapter 4: The governance of risk

1. The board should be responsible for the governance of risk.
2. The board should determine the levels of risk tolerance.
3. The risk committee or audit committee should assist the board in carrying out its risk
responsibilities.
4. The board should delegate to management the responsibility to design, implement and
monitor the risk management plan.
5. The board should ensure that risk assessments are performed on a continual basis.
This should be done at least once annually.
6. The board should ensure that frameworks and methodologies are implemented to increase
the probability of anticipating unpredictable risks. Risks should be prioritised and ranked to
ensure that risk management focuses on risks that may have consequences beyond
acceptable levels of risk tolerance.
7. The board should ensure that management considers and implements appropriate risk
responses.
8. The board should ensure continuous risk monitoring by management. Paragraphs 7 and 8
emphasise the approval, implementation and monitoring of the annual risk management
plan.
9. The board should receive assurance regarding the effectiveness of the risk management
process.
10. The board should ensure that there are processes in place enabling complete, timely,
relevant, accurate and accessible risk disclosure to stakeholders.
11. The board should discuss the effectiveness of the risk management process in the integrated
report.
Chapter 5: The governance of information technology
1. The board should be responsible for information technology (IT) governance.
2. IT should be aligned with the performance and sustainability objectives of the company.
3. The board should delegate to management the responsibility for the implementation of an IT
governance framework.
This responsibility should be delegated to a Chief Information Officer (CIO), appointed by the
CEO.
4. The board should monitor and evaluate significant IT investments and expenditure.
5. IT should form an integral part of the company’s risk management.
6. The board should ensure that information assets are managed effectively.
7. A risk committee and audit committee should assist the board in carrying out its IT
responsibilities.
Chapter 6: Compliance with laws, rules, codes and standards

1. The board should ensure that the company complies with applicable laws and considers
adherence to non-binding rules, codes and standards. Important considerations include:
o Ethical responsibilities to comply with law and regulation; and
o To deal appropriately with exceptions.
2. The board and each individual director should have a working understanding of the effect of
the applicable laws, rules, codes and standards on the company and its business.
3. Compliance should form an integral part of the company’s risk management process.
It must be clearly understood that compliance is compulsory.
4. The board should delegate to management the implementation of an effective compliance

framework and processes. Important considerations include:
o Compliance policy approved by the board;
o Integration within the business;
o Education and training;
o Monitoring of key performance indicators;
o Possible appointment of a compliance officer; and
o Reporting on compliance in the integrated report.
Chapter 7: Internal audit
1. The board should ensure that there is an effective risk-based internal audit. In the absence of
an internal audit function, the board should demonstrate how it evaluated:
o Governance processes;
o Risk management;
o Internal control;
o Business processes and related controls; and
o Fraud risk, ethical behaviour and irregularities.
If an internal audit is outsourced, a senior director or executive should be responsible for the
internal audit.
2. Internal audit should follow a risk-based approach to its plan.
3. Internal audit should provide a written assessment of the effectiveness of the company’s
system of internal controls and risk management.
o Report to the board on internal controls and risk management; and
o Report to the audit committee on internal financial controls.
Internal audit should consider operational, compliance and sustainability issues as well as
financial issues.
4. The audit committee should be responsible for overseeing internal audit. Important
o The allocation of resources;
o Approval of the internal audit plan;
o Internal audit remuneration, bonuses and benefits;
o Independent quality review;
o Performance monitoring; and
o CAO to report to the Audit Committee.
5. Internal audit should be strategically positioned to achieve its objectives. The CAO should
have a standing invitation to attend executive meetings.
Chapter 8: Governing stakeholder relationships
1. The board should appreciate that stakeholders’ perceptions affect a company’s reputation.
o The board should consider relationships with important stakeholders regularly;
o Identification of important Stakeholders. These might include:
 Employees;
 Communities;
 Shareholders;
 Creditors;
 Investors;
 Government;
 Customers;
 Suppliers;
 Labour unions;
 Government regulatory agencies;
 Industry trade groups;
 Professional associations;
 NGOs and other advocacy groups;
 Prospective employees;
 Prospective customers;
 Local communities;
 National communities;
 Public at Large (global community);
 Competitors; and
 Schools.
2. The board should delegate to management to proactively deal with stakeholder relationships.
3. The board should strive to achieve the appropriate balance between its various stakeholder
groupings, in the best interests of the company.
4. Transparent and effective communication with stakeholders is essential for building and
maintaining their trust and confidence.
Chapter 9: Integrated reporting and disclosure

1. The board should ensure the integrity of the company’s integrated report.
The audit committee should evaluate sustainability disclosures.
2. Sustainability reporting and disclosure should be integrated with the company’s financial
reporting. Important issues to be dealt with in the sustainability report include:
o Commentary on the company’s financial results;
o Going concern disclosures; and
o Positive and negative impacts of the company’s operations and future plans to add
value to the positive and negate the negative.
3. Sustainability reporting and disclosure should be independently assured.
The Companies Act (2008)

The relevant sections of the Companies Act must be reviewed and highlighted for application in an ITC
question. There is significant practice of this in the tutorial questions provided.
Apart from your coverage of the Act in your studies to date – to which you hopefully have reviewed
and highlighted the more important and commonly asked sections – it is highly recommended that
you review the SAICA Competency Framework for the level of knowledge required for each section of
the Act.
Here is an extract of the Competency Framework to guide you in your revision of the Act. Take
particular note of the knowledge level 2 and 3 sections.
Extract of Competency Framework:
Knowl-
Companies Act of 2008 (Act 71 of 2008) edge
level
Section Topic
Chapter 1: Interpretation, purpose and application
Part A: Interpretation
1 Definitions To be read
in
conjunct-
ion with
relevant
sections
2 Related and inter-related persons, and control 3
3 Subsidiary relationships 3
4 Solvency and liquidity test 3
5 General interpretation of Act 1
6 Anti-avoidance, exemptions and substantial compliance 1
Part B: Purpose and application
7 Purposes of Act
• May be covered as part of a specific discipline or in a separate
course
8 Categories of companies 3
9 Modified application with respect to state-owned companies
• To be covered in the supportive course
10 Modified application with respect to non-profit companies
course
Chapter 2: Formation, administration and dissolution of

Companies
Part A: Reservation and registration of company names

11 Criteria for names of companies
course
12 Reservation of name for later use
course
Part B: Incorporation and legal status of companies
13 Right to incorporate company 2
14 Registration of company
course
15 Memorandum of Incorporation, shareholder agreements and rules 3
of company
16 Amending Memorandum of Incorporation 2
17 Alterations, translations and consolidations of Memorandum of
Incorporation
course
18 Authenticity of versions of Memorandum of Incorporation
course
19 Legal status of companies 2
20 Validity of company actions 3
21 Pre-incorporation contracts 3
Knowl-
level
22 Reckless trading prohibited 3
Part C: Transparency, accountability and integrity of
companies
23 External companies and registered office
course
24 Form and standards for company records 3
25 Location of company records
course
26 Access to company records
course
27 Financial year of company 2
28 Accounting records 3
29 Financial statements 3
30 Annual financial statements 3
31 Access to financial statements or related information
course
32 Use of company name and registration number
course
33 Annual return
May be covered as part of a specific discipline or in a separate
course
34 Additional accountability requirements for certain companies
• To be covered in the supportive course
Part D: Capitalisation of profit companies
35 Legal nature of company shares and requirement to have 3
shareholders
36 Authorisation for shares 3
37 Preferences, rights, limitations and other share terms 3
38 Issuing shares 3
39 Pre-emptive right to be offered and to subscribe for shares 3
40 Consideration for shares 3
41 Shareholder approval for issuing shares in certain cases 3
42 Options for subscription of securities 2
43 Securities other than shares 2
44 Financial assistance for subscription of securities 3
45 Loans or other financial assistance to directors 3
46 Distributions must be authorised by board 3
47 Capitalisation shares 3
48 Company or subsidiary acquiring company’s shares 3
Part E: Securities registration and transfer
49 Securities to be evidenced by certificates or uncertificated 1
50 Securities register and numbering 1
51 Registration and transfer of certificated securities 1
52 Registration of uncertificated securities 1
53 Transfer of uncertificated securities 1
54 Substitution of certificated or uncertificated securities 1
55 Liability relating to uncertificated securities 1
Knowl-
level
56 Beneficial interest in securities 1
Part F: Governance of companies
57 Interpretation and restricted application of Part 3
58 Shareholder right to be represented by proxy 1
59 Record date for determining shareholder rights 1
60 Shareholders acting other than at meeting 2
61 Shareholders meetings 2
62 Notice of meetings 2
63 Conduct of meetings 1
64 Meeting quorum and adjournment 2
65 Shareholder resolutions 3
66 Board, directors and prescribed officers 3
67 First director or directors 2
68 Election of directors 2
69 Ineligibility and disqualification of persons to be director or 3
prescribed officer
70 Vacancies on board 2
71 Removal of directors 3
72 Board committees 3
73 Board meetings 3
74 Directors acting other than at meeting 3
75 Director’s personal financial interests 3
76 Standards of directors’ conduct 3
77 Liability of directors and prescribed officers 2
78 Indemnification and directors’ insurance 2
Part G: Winding-up of solvent companies and deregistering
companies
79– 83 May be covered as part of a specific discipline or in a separate course
Chapter 3: Enhanced accountability and transparency
Part A: Application and general requirements of chapter

84 Application of Chapter 2
85 Registration of secretaries and auditors 2
Part B: Company secretary
86 Mandatory appointment of company secretary 2
87 Juristic person or partnership may be appointed company 2
secretary
88 Duties of company secretary 2
89 Resignation or removal of company secretary 2
Part C: Auditors
90 Appointment of auditor 3
91 Resignation of auditors and vacancies 3
92 Rotation of auditors 3
93 Rights and restricted functions of auditors 3
Part D: Audit committees
94 Audit committees 3
Knowl-
level
Chapter 4: Public offerings of company securities
95–111 May be covered as part of a specific discipline or in a separate course

Level should be interpreted in conjunction with the requirements of
section V – Financial Management
Chapter 5: Fundamental transactions, takeovers and offers
Part A: Approval for certain fundamental transactions

112– Level should be interpreted in conjunction with the requirements of
116 section V – Financial Management and Section VI – Management
Decision Making and Control
Part B: Authority of panel and takeover regulations
120 section V – Financial Management
Part C: Regulation of affected transactions and offers
127 section V – Financial Management and Section VI – Management
Decision Making and Control
Chapter 6: Business rescue and compromise with creditors
Part A: Business rescue proceedings

128– To be covered at a high level awareness for the Part I and new Part 1
137 II exam
Part B: Practitioner’s functions and terms of appointment
138–143 To be covered at a high level awareness for the Part I and new Part 1
II exam
Part C: Rights of affected persons during business rescue
proceedings
144– To be covered at a high level awareness for the Part I and new Part 1
149 II exam
Part D: Development and approval of business rescue plan
150– To be covered at high level awareness for the Part I and new Part II 1
154 exam
Part E: Compromise with creditors
155 Compromise between company and creditors 1
• To be covered at high level awareness for the Part I and new Part
II exam
Chapter 7: Remedies and enforcement
Part A: General principles

156 Alternative procedures for addressing complaints or securing
rights
course at a high level of awareness
157 Extended standing to apply for remedies
course at a high level of awareness To be covered in the
supportive course at a high level of awareness
158 Remedies to promote purpose of Act
159 Protection for whistle-blowers 2
Knowl-
level
Part B: Rights to seek specific remedies
160 Disputes concerning reservation or registration of company
names
161 Application to protect rights of securities holders
162 Application to declare director delinquent or under probation 2
163 Relief from oppressive or prejudicial conduct or from abuse of
separate juristic personality of company
164 Dissenting shareholders’ appraisal rights
course at a high level of awareness l
165 Derivative actions
Part C: Voluntary resolution of disputes
166 Alternative dispute resolution
167 Dispute resolution may result in consent order
Part D: Complaints to Commission or Panel
May be covered as part of a specific discipline or in a separate course at
168– a
175 high level of awareness
Part E: Powers to support investigations and inspections
176– a
Part F: Companies Tribunal adjudication procedures
180– a
Chapter 8: Regulatory agencies and administration of Act

a high level of awareness in terms of what regulation bodies exist and
its function
Part A: Companies and Intellectual Property Commission
185– a
Part B: Companies Tribunal
193– a
Part C: Takeover Regulation Panel
196– a
Part D: Financial Reporting Standards Council
203– a
high level of awareness
Knowl-
level
204
Part E: Administrative provisions applicable to Agencies
205– a
Chapter 9: Offences, miscellaneous matters and general
provisions
Part A: Offences and penalties

213 Breach of confidence 2
214 False statements, reckless conduct and non-compliance 3
215 Hindering administration of Act 1
216 Penalties 1
217 Magistrate’s Court jurisdiction to impose penalties
• Not relevant – can be ignored
Part B: Miscellaneous matters
218 Civil actions 1
219 Limited time for initiating complaints 1
220 Serving documents
221 Proof of facts
222 State liability
Part C: Regulations, consequential matters and
commencement
223 Regulations
224 Consequential amendments, repeal of laws and transitional
arrangements
225 Short title and commencement
Schedule 1: Provisions concerning non-profit companies
Not relevant – can be ignored

Schedule 2: Conversion of close corporations to companies
1 Notice of conversion of close corporation 1
2 Effect of conversion on legal status 1
Schedule 3: Amendment of laws
A Close Corporations Act, 1084 1

B Consequential amendments to certain other Acts listed in 1
Schedule 4
Schedule 4: Legislation to be enforced by commission
Not relevant – can be ignored
Schedule 5: Transitional arrangements
1 Interpretation 1
Knowl-
level
2 Continuation of pre-existing companies 1
3 Pending filings 1
4 Memorandum of Incorporation and rules 1
5 Pre-incorporation contracts 1
6 Par value of shares, treasury shares, capital accounts and share 1
certificates
7 Company finance and governance 1
8 Company names and name reservations 1
9 Continued application of previous Act to winding-up and 1
liquidation
10 Preservation and continuation of court proceedings and orders 1
11 General preservation of regulations, rights, duties, notices and 1
other instruments
12 Transition of regulatory agencies
13 Continued investigation and enforcement of previous Act
14 Regulations 1
The Auditing Profession Act (APA)

Per the SAICA Examinable Pronouncements:
The Auditing Profession Act (APA) is examinable for the ITC 2015. The following sections of the APA
are examinable:
• 1 – Definitions
• 2 – Objects of Act
• 3 – Establishment and legal status
• 4 – General Functions
• 20 – Establishment of committees
• 21 – Committee for auditor ethics
• 22 – Committee for auditing standards
• 37 – Registration of individuals as registered auditors
• 38 – Registration of firms as registered auditors
• 39 – Termination of registration
• 41 – Practice
• 44 – Duties in relation to audit
• 45 – Duties to report on irregularities
• 46 – Limitation of liability
• 52 – Reportable irregularities and false statements in connection with audits
Make sure you concentrate on and highlight in the Act the following:
• Section 1 – Definition of Reportable Irregularity
• Section 41 – Conduct
• Section 44 – Auditor’s duties
• Section 45 – Reportable Irregularities
• Section 46 – Accountability
• Sections 52 and 54 – Offences
Business rescue and insolvency (A brief overview)

A going concern uncertainty and financial distress is a common situation that can present in an ITC
paper. As part of strategy, risk management and governance (per the SAICA competency framework)
the knowledge requirement for students is level 1. Therefore it is submitted that working through the
notes provided here should be more than sufficient preparation for this subject area and a great way
to show a higher level of competency in a strategy or risk management question.
A link to the Companies Act:
• Business Rescue is covered in Chapter 6 of the Companies Act (2008), which is from section
128 onwards. Much of the notes and definitions below on business rescue are found in the
Companies Act – so make sure you read those sections and highlight them.
• If a company is experiencing any kind of financial distress, ask yourself the following
questions:
o Should they enter business rescue proceedings?
o Is the Board trading recklessly in terms of section 22 or contravening section 76?

Directors could therefore be held liable in terms of section 77.
o What could management do to rectify the situation (a compromise with creditors,

additional finance of some kind, etc.)?
o If you are the auditor, think ISA 570 Going Concern.
Insolvency law and practice: A brief summary

What can a court do where the debtor simply has no money to pay a debt? Here are various
alternatives to be considered by a court and by the debtor before considering insolvency:
Debt restructuring or rescheduling and debt consolidation
If not truly insolvent (i.e. not factually insolvent), then perhaps existing lines of credit can be used to
borrow money to repay existing creditors, or one large loan can be obtained to repay many smaller
loans, and in doing so consolidate the debt. Consolidation or restructure can result in obtaining lower
long-term interest rates and more manageable payment terms, hence alleviating the cash flow
problem. The creditors could also be approached and requested to reschedule the timing of the debt
payments.
Note: This option is not possible if factually insolvent. No matter how one restructures debt, if the
company in factually insolvent then it will not alleviate the problem.
Remember the “Solvency and Liquidity Test” in section 4 of the Companies Act, 2008:
For any purpose of this Act, a company satisfies the solvency and liquidity test at a particular
time if, considering all reasonably foreseeable financial circumstances of the company at
that time—
a) the assets of the company, as fairly valued, equal or exceed the liabilities of the company,
as fairly valued; and (FACTUAL INSOLVENCY)
b) it appears that the company will be able to pay its debts as they become due in the
ordinary course of business for a period of—
i) 12 months after the date on which the test is considered; or (COMMERCIAL
INSOLVENCY)
ii) in the case of a distribution contemplated in paragraph (a) of the definition of
‘distribution’ in section 1, 12 months following that distribution.
Liquidation of assets
Certain assets or business units can be sold to repay debts. However this impacts on a company’s
ability to operate and non-productive assets are obviously preferable. However, if declared insolvent
by a court at a later stage the debtor may face allegations in terms of the Insolvency Act for preferring
certain creditors over others.
Compromise
This is an agreement with creditors for them to receive less than is otherwise owing to them, e.g. 75c
in the rand. This procedure is governed by section 155 of the Companies Act, 2008, and is a “court-
driven” compromise that requires the court to sanction the compromise only once it has been agreed
to by all parties involved. The new Act has attempted to simplify the old compromise procedures that
were governed by the previous Companies Act, 1973.
Administration order
If the debts do not exceed R50, 000 then the person can apply to a Magistrates Court for an
“administration order”, which allows the debtor to pay off debts through a single monthly payment
to an “administrator” of an amount that the court determines in relation to the person’s income and
living expenses.
Business rescue
Note: This is a very important and highly topical subject, given its common use in practice and
prominence in Chapter 6 of the Companies Act, 2008. Students must have an understanding of the
basics of Business Rescue.
Business rescue proceedings are proceedings aimed to facilitate the rehabilitation of a

company that is financially distressed by providing for –
• the temporary supervision of the company, and the management of its affairs,
business and property, by a business rescue practitioner;
• a temporary moratorium (stay) on the rights of claimants against the company or in
respect of property in its possession; and
• the development and implementation, if approved, of a business rescue plan to
rescue the company by restructuring its business, property, debt, affairs, other
liabilities and equity (section 128(1)(b)).
There has been a move away from a culture of liquidation to a culture of rescue, in that if a company
is not able to be restored to a position of solvency, then the next best option is for it to at least achieve
a better result for the creditors than would arise from liquidation. Liquidation is still an option, but it
is the last resort.
(Refer to the below notes on Business Rescue)
The Insolvency Act
“Insolvent” in terms of the Act does not mean a person, juristic or natural, is simply unable to pay
their debts. “Insolvent” means that the person has been declared “insolvent” by the High Court after
they have committed an “act of insolvency” and their total liabilities exceed their total assets (factual
insolvency).
Voluntary surrender
Person applies to the High Court to “surrender” their estate and hence be placed into insolvency.
There are various reasons why a person would perform a voluntary surrender, such as to halt legal
proceedings against them by creditors or solve the problem of creditors not agreeing to a compromise.
No “act of insolvency” needs be proved in the case of a voluntary surrender, but it must be shown
that:
• The estate/business is insolvent;
• There is sufficient realisable property to meet all the costs of insolvency; and
• Insolvency will be to the advantage of the creditors as a whole.
Compulsory sequestration or liquidation:
A creditor can apply to the court for a company (juristic person) to be declared “insolvent” or a natural
person to be “sequestrated”. When applicable to juristic persons it is called insolvency and for a
natural person it is called sequestration.
The applicant must prove the following:
• Claim must be greater than R100;
• The debtor is insolvent or has committed an “act of insolvency”; and
• There is reason to believe that the insolvency will be to the benefit of all creditors, not just
the one creditor.
Acts of Insolvency
For the purpose of compulsory insolvency/sequestration, proving an “act of insolvency” is often easier
than proving insolvency itself. These various events may constitute an act of insolvency:
• A debtor leaving South Africa or moving to another address with “intent by so doing to
evade or delay the payment of debts”;
• Failure of a debtor to satisfy a court judgment;
• Written notice by a debtor informing any creditor of the inability to pay a debt;
• The disposal or removal of property by a debtor that has the effect of prejudicing creditors
or preferring one above the other;
• If a debtor makes or offers to make an arrangement with one of the creditors in order to be
released wholly or partly from debts; and
• If, after having published a notice of surrender of the estate, fails to comply with the
procedural deadlines and requirements.
These acts must be interpreted appropriately by the court.
Other Important Points
• The Insolvency Act divests the estate of the insolvent and vests it in a trustee.
• All civil proceedings against the debtor in respect of debts are halted.
• On insolvency, a collective of creditors comes into existence. A creditor’s sole redress now
is to prove a claim against the insolvent estate for the purposes of sharing in the proceeds
of that estate with all other proven creditors.
• The trustee must collect all assets and may take steps to set aside assailable transactions
entered into by the insolvent before sequestration/insolvency.
• After sale of the assets, the trustee must distribute the proceeds among the creditors in the
order of preference set out in the Insolvency Act. The claims of secured creditors are met
first. The remainder is known as the free residue.
• The insolvent may not enter into any contract in which the estate is likely to be adversely
affected. These contracts are not void but voidable at the election of the trustee.
• The termination of the insolvency is known as rehabilitation (only for a natural person), and
has the effect of ending the sequestration and terminating all debts that were due.
Creditors
The law recognises three classes of creditors of an insolvent estate:
1. Secured creditors are those who have the right to control particular assets in the estate as
security for their debts and include the holders of mortgage bonds as well as sellers of goods
under the credit agreements Act (hire purchase). They have a first claim to full settlement out
of the proceeds of the relevant assets;
2. Preferent creditors are defined by the Insolvency Act and have the right to settlement before
so-called concurrent creditors. This category includes auditors and accountants, employees
and state departments such as the Department of Finance and the Receiver of Revenue; and
3. Concurrent creditors are any others who are able to prove claims against the estate. When
the assets of the estate have been realised, and the secured and preferent creditors have
been paid, the remainder is divided among the concurrent creditors in proportion to their
claims.
Remember: There has been a move away from a culture of liquidation to a culture of rescue, in that
if a company is not able to be restored to a position of solvency, then the next best option is for it to
at least achieve a better result for the creditors than would arise from liquidation. Liquidation is still
an option, but it is the last resort.
What is the interplay between business rescue proceedings and liquidation proceedings?
If liquidation proceedings have already commenced, an application to court for business rescue will
suspend the liquidation proceedings until the court has adjudicated on the application or when
business rescue proceedings end when the court grants an order applied for (section 131(6)).
Further, the Companies Act, 2008 provides that a court may grant an order placing a company under
business rescue at any time during the course of any liquidation proceedings or proceedings to enforce
any security against the company (section 131(7)). This section has given rise to some debate. It seems
to suggest that even a company that has been liquidated may subsequently be placed under business
rescue. It has been suggested that compelling reasons would need to be placed before a court before
such extreme action is taken.
If business rescue proceedings have commenced by way of an application to court, the company may
not adopt a resolution for its liquidation until business rescue proceedings have terminated. The
company must notify all affected persons of the order of the court within five business days of the
date of the order (section 131(8)).
Business Rescue (Understood through Question and Answer)

Use these notes as an opportunity to highlight the sections in the Companies Act as most of what you
need is already there for use in a question.
What is business rescue?
Business rescue proceedings are proceedings aimed to facilitate the rehabilitation of a company that
is financially distressed by providing for:
• The temporary supervision of the company, and the management of its affairs, business
and property, by a business rescue practitioner;
• A temporary moratorium (stay) on the rights of claimants against the company or in respect
of property in its possession; and
• The development and implementation, if approved, of a business rescue plan to rescue the
company by restructuring its business, property, debt, affairs, other liabilities and equity
(section 128(1)(b)).
What is the aim of business rescue?
The aim of business rescue is to restructure the affairs of a company in such a way that either
maximises the likelihood of the company continuing in existence on a solvent basis or results in a
better return for the creditors of the company than would ordinarily result from the liquidation of the
company (section 128(1)(b)(iii)).
What is a business rescue practitioner?
A business rescue practitioner is a person appointed, or two or more persons jointly appointed, to
oversee a company during business rescue. While the Act defines a business rescue practitioner as
one or more persons, the business rescue provisions of the Act do not necessarily refer to or support
joint appointment. Further, the word “person” in the Act includes a juristic person. It is therefore
arguable that a company can take appointment as a business rescues practitioner (section 128(1)(d)).
What is an affected person?
Affected persons are important role players in the business rescue process. An affected person is a
shareholder, creditor, employee (or their representative) or a registered trade union representing
employees of the company. Affected persons have various rights throughout the business rescue
process (section 128(1)(a)).
What is the test for business rescue?
The test for whether or not a company should be placed in business rescue is whether or not the
company is financially distressed. The Act defines the words “financially distressed” (section 128(1)(f))
to mean that –
• It appears to be reasonably unlikely that the company will be able to pay all of its debts as
they become due and payable within the immediately ensuing six months (commercial
insolvency); or
• It appears to be reasonably likely that the company will become insolvent within the
immediately ensuing six months (factual insolvency).
When should a company commence business rescue?
A company should commence business rescue proceedings at the first signs of it being financially
distressed, within the meaning of the Act. That is, either when it is reasonably unlikely that a company
will be able to pay its debts when they fall due for payment in the immediately ensuing six months or
when it is likely that the company will become insolvent in the immediately ensuing six months.
In a recent decision of the South Gauteng High Court, in the case of Welman v Marcelle Props 193 CC
JDR 0408 (GST), the court stated that “business rescue proceedings are not for terminally ill close
corporations. Nor are they for chronically ill. They are for ailing corporations, which given time will be
rescued and become solvent”. This statement supports the contention that at the first signs of
financial distress, a company should apply for business rescue. Once a company is more than
“financially distressed”, options other than business rescue become more attractive for ailing
companies, such as liquidations or compromises.
How is a company placed in business rescue?
There are two main ways in which a company can be placed in business rescue, namely:
1. Voluntary: When the board of directors of a company resolves that the company voluntarily
commence business rescue proceedings and be placed under the supervision of a business
rescue practitioner (section 129 of the Act); and
2. Compulsory: When an affected person makes a formal application to court for an order
placing the company under supervision and commencing business rescue proceedings
(section 131 of the Act), provided the company has not already been placed under business
rescue in terms of section 129, on the basis that:
o The company is financially distressed;
o The company has failed to pay over any amount in terms of an obligation under or in
terms of a public regulation, or contract, with respect to employment related matters;
or
o It is otherwise just an equitable to do so for financial reasons, and there is a

reasonable prospect of rescuing the company.
Take note of the two ways that a business can enter into business rescue.
Is business rescue suitable for all companies?
Business rescue proceedings are not necessarily suitable for all companies. The type of company is for
the most part determinative as to whether or not a company is a suitable candidate for business
rescue. For instance, companies that are involved in retail are more suitable for business rescue than
companies that have been set up for property investment purposes, as retail companies have a
“business” that can be rescued, while property investment companies may not.
In a recent decision of the South Gauteng High Court, Johannesburg, in the case of Oakdene Square
Properties (Pty) Ltd v Farm Bothasfontein (Kyalami) (Pty) Ltd 2012 JPR 0239 (GSJ) the court considered
the plausibility of business rescue in an instance where liquidation was preferable. In this instance,
the court dismissed the application for business rescue and held that a liquidation of the company
would achieve a similar result to that of a business rescue.
This judgment makes it clear that prior to a company, or an affected person, placing a company in
business rescue, consideration should be given to the nature of the company, the extent to which
business rescue is the appropriate procedure for that company and the extent to which business
rescue would be more beneficial for the company than liquidation. If the answer to the latter
questions is in the affirmative, business rescue proceedings are likely to be successful. If not,
liquidation may be the preferred alternative.

ITC Auditing - Notes - FINAL PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ITC Auditing - Notes - FINAL PDF

Uploaded by

Copyright:

Available Formats

AUDITING AND

Potential mark allocation

Analysis of past exams

• What is the difference between the “completeness” and “occurrence” assertions?

I find this very helpful – the COD technique:

Any question will require candidates to address a number of major issues.

You may now add detail where applicable.

4. Write your answer in points or bullet points.

Tutorial Recorded Suggested reading prior to

Paragraph No. Some relevant Extracts from ISAs

200.11 In conducting an audit of financial statements, the overall objectives of

(a) To obtain reasonable assurance about whether the financial

(b) To report on the financial statements, and communicate as required

200.3 The purpose of an audit is to enhance the degree of confidence of

• The overall financial statement level; and

• The assertion level for classes of transactions, account balances,

• The nature of financial reporting;

• The nature of audit procedures; and

• The need for the audit to be conducted within a reasonable period

Paragraph No. Relevant Extracts from ISAs

Assertions—Representations by management, explicit or otherwise,

Examples of management’s assertions include:

ASSERTION CLASS OF ACCOUNT PRESENTATION

RIGHTS (ASSETS ONLY) AND

VALUATION AND ALLOCATION √ √

Audit Risk = Inherent Risk x Control Risk x Detection Risk

Audit Risk = Risk of Material Misstatement (RoMM) x Detection Risk

• Assess the risks of material misstatement; and

Inherent Risk: Fraud vs. Error

320.8 The objective of the auditor is to apply the concept of materiality

320.11 The auditor shall determine performance materiality for purposes of

(a) Materiality for the financial statements as a whole;

(b) If applicable, the materiality level or levels for particular classes of

(c) Performance materiality; and

(d) Any revision of (a)-(c) as the audit progressed.

Typical ranges used in the calculation of overall materiality would be:

Performing the audit

200.16 The auditor shall exercise professional judgment in planning and

200.17 To obtain reasonable assurance, the auditor shall obtain sufficient

(a) Determine whether any audit procedures in addition to those

(b) Evaluate whether sufficient appropriate audit evidence has been

A risk-based audit has three key steps, as follows:

Reporting This involves:

• Forming an opinion based on the audit evidence obtained; and

Risk Response (Read ISA 330)

Further audit procedures generally consist of:

Again, see ISA 330.

• Use of tests of controls

• Substantive analytical procedures

The need to incorporate an element of unpredictability in procedures performed. A typical

The audit response to “significant risks” that have been identified.

An audit misstatement is a difference between the amount, classification, presentation, or disclosure

(a) To form an opinion on the financial statements based on an

It is important during this phase of the audit to determine:

• Any change in the assessed level of risk;

When all procedures have been performed and conclusions reached:

Stages of the Audit Process

More detailed auditing notes

A Comment on Audit Risk

Inherent risk—The susceptibility of an assertion about a class of transaction, account

Integrity (Validity, Accuracy and Completeness) of financial information is not an operational

The diagram below may be useful in illustrating the point 3: