implementing gaas 2017–18 · 1.6 development of international standards on auditing (uk) 6 1.6.1...

Implementing GAAS 2017–18Ian Connon and Helen MacNeill BDO LLP

2017–18

xxxiii

Preface

At the time of writing last year’s edition, the Financial Reporting Council

(FRC) had just released a final draft of its proposed revised auditing and

ethical standards. These included a new Ethical Standard, replacing the

Ethical Standards for Auditors issued by the former Auditing Practices

Board, and a new suite of International Standards on Auditing (UK) (ISAs

(UK)), including a revised ISQC (UK) 1, replacing the extant International

Standards on Auditing (UK and Ireland) and ISQC (UK and Ireland) 1.

By virtue of the Statutory Auditors and Third Country Auditors Regulations

2016 (SATCAR 2016) the FRC was designated as the UK Competent

Authority for audit with responsibility for the regulation of statutory

audit; including setting auditing and ethical standards, monitoring and

enforcement and on 17 June 2016 it issued its revised standards, which

now apply in respect of audits for periods commencing on or after that

date.

Responsibility for the setting of auditing standards in the Republic of

Ireland was transferred to the Irish Auditing and Accounting Supervisory

Authority (IAASA), which has since issued its own standards, based on

those issued by the FRC, but with some amendments. As a consequence,

this publication now refers only to the UK standards and does not

specifically consider requirements applicable in Ireland, although in many

cases they will be the same.

In conjunction with the new standards, the FRC issued updates to the

UK Corporate Governance Code and Guidance on Audit Committees

to reflect changes arising from the legislation on audit committees and

auditor appointments. Further changes to the Code are expected following

a recent government consultation on corporate governance.

In updating this edition we have attempted to reflect the key elements of

the changes introduced in the new standards and these are identified in

the introductory paragraphs to each section.

Principal drivers for the changes were:

• An EU Directive issued in 2014 amending the 2006 Statutory Audit

Directive and creating new legal requirements applicable to all

statutory audits. This introduced a new definition of public interest

entities (PIEs), being entities incorporated in an EU member state

with securities listed on a regulated market, credit institutions and

insurers.

• Specific requirements imposed by the EU Regulation in respect of the

statutory audit of PIEs.

xxxiv

Preface

• Changes to International Standards on Auditing not previously

reflected in UK standards. In particular those relating to the audit of

disclosures in the financial statements; the auditor’s responsibilities

regarding other information published with the financial statements;

and revisions to auditor reporting standards including the reporting of

key audit matters (KAMs).

• Changes to UK legislation regarding the auditor’s responsibilities in

relation to directors’ reports and strategic reports.

The new Directive and Regulation requirements are aimed largely at

improving audit quality, through a tightening of regulations governing

auditor independence, audit firms’ internal quality control procedures and

access to audit information by regulators, particularly in relation to work

done by overseas component auditors.

Stricter independence rules apply mainly to PIEs but may also be seen

as best practice in relation to other audits. These include mandatory

retendering of PIE audits after ten years with rotation after 20 years;

shorter rotation periods for key partners (other than the engagement

partner) and a process of gradual rotation for other senior members of

the audit engagement team; prohibitions and restrictions on the supply

of non-audit services by the auditor including a financial cap on fees for

permitted non-audit services; extension of the FRC’s independence rules

to auditors of overseas components and mandatory ‘cooling off’ periods

where audit partners and staff are subsequently employed by audit

clients. In addition, for PIEs, listed companies and other engagements

where an Engagement Quality Control Review is carried out there are

new requirements regarding the timing, extent and documentation of this

process.

In respect of disclosures, ISAs (UK) have been revised to focus

auditors’ attention on disclosures throughout the audit process, including

understanding the sources of information from which disclosures are

derived and systems and controls related thereto, assessment of the

risks of material misstatement relating to disclosures and consideration of

the adequacy and presentation of disclosures in the financial statements

(including accounting policies).

In respect of other information, the standards have been revised to

widen the definition of ‘annual report’ to encompass material intended to

accompany the financial statements that may be published separately.

The auditor’s responsibilities in relation to other information are also

widened to require him to determine whether inconsistencies result from

misstatements within the other information or in the financial statements.

Uncorrected misstatements of other information will need to be reported

in the auditor’s report.

The revised standards also reflect the auditor’s responsibilities in relation to

‘statutory’ other information (directors’ report, strategic report and in some

Preface

xxxv

situations, certain aspects of a separate governance statement) where

the auditor is now required by law to provide certain opinions including

whether the information has been prepared in accordance with legal

requirements and is consistent with his knowledge and understanding;

and in respect of requirements of the Listing Rules and UK Corporate

Governance Code, where applicable. Details are set out in section 34.

New and revised ISAs (UK) make further significant changes to audit

reporting with a completely new format and standard wording for audit

reports (see section 4) and a new requirement for a separate section of

the report dealing with the auditor’s conclusions on going concern. This

clearly distinguishes consideration of the applicability of the going concern

basis from the auditor’s views on the directors assessment of the entity’s

ability to continue to apply the going concern basis for a period of at least

twelve months from the date of approval of the financial statements –

even where the auditor has nothing to report in respect of these matters

(see section 11). Where there is a material uncertainty in relation to gong

concern, and this is adequately disclosed in the financial statements, the

traditional ‘emphasis of matter’ is replaced with a similar paragraph given

greater prominence under the heading of ‘conclusions relating to going

concern’.

A requirement to report ‘key audit matters’ (KAMs) now applies not

only to those companies explaining compliance with the UK Corporate

Governance Code but also now all ‘listed’ companies including those

with a standard listing on the London Stock Exchange, AIM companies

and any other entity whose securities are publicly traded. Companies

and their auditors may also choose to report KAMs voluntarily. KAMs are

those matters that the auditor considers to be of greatest significance

in the audit, including the most significant risks of misstatement. Where

applicable the report sets outs the key matters, the auditor’s response

and certain other matters regarding audit scope and materiality.

For PIEs there are additional specific requirements both for the auditor’s

report and for an ‘additional’ report to the audit committee at the conclusion

of the audit.

The other big event of the year was of course the result of the ‘Brexit’ vote

with its immediate impacts on foreign exchange markets and economic

uncertainty. Implications will vary widely depending on the business and

the sector but going forward auditors will need to consider carefully with

their clients such matters as the need to adjust forecasts (e.g. for changes

in exchange rates or growth assumptions), the impact on asset values,

disclosures in relation to risk and uncertainties and, not least, the potential

impact on going concern assessments.

We mentioned auditor scepticism last year and this remains a hot topic

and high on the agenda for both standard setters and regulators. ISAs

(UK) contain two new explicit references to scepticism as a result of

Preface

xxxvi

the EU Directive, requiring the auditor to be particularly sceptical when

reviewing cash flow relevant to the entity’s ability to continue as a going

concern and when reviewing management estimates in relation to fair

values, the impairment of assets and provisions. The IAASB has a

separate project addressing scepticism and is focussing on scepticism

as it revises it standards. An updated ISA 540 on accounting estimates is

expected later this year (to coincide with the application of IFRS 9) with

a much greater emphasis on scepticism than before. The FRC has also

cited lack of scepticism by auditors as a criticism in regulatory file reviews

and in a number of recent disciplinary cases. Expect more scepticism in

the future!

As always, we are grateful to the many people who have contributed

over the years to the material in this book. In particular, we should like

to acknowledge the contributions of Don Bawtree, Ros Brickman, Nick

Carter-Pegg, Chris Kirton, Liz Kulczy cki, Peter Lewis, Nigel Read and

Paula Willock whose help in updating the book this year has been

invaluable.

Any suggestions as to how this publication could be further improved

would be welcome. Please e-mail your views to uk-contentqueries@

wolterskluwer.com.

Ian Connon

Helen MacNeill

v

CONTENTS

Preface xxxiii

1 The nature of auditing standards 1

1.1 Introduction 1

1.2 Limitations of standards 1

1.3 Authoritative bodies 2

1.4 International Auditing and Assurance Standards Board 2

1.4.1 Background 2

1.4.2 Structure and processes 3

1.4.3 IAASB pronouncements 3

1.5 The Financial Reporting Council 4

1.6 Development of International Standards on Auditing (UK) 6

1.6.1 Original ISAs (UK and Ireland) 6

1.6.2 IAASB’s clarity project 6

1.6.3 UK adoption of clarified ISAs 6

1.6.4 EU audit directive and regulation 7

1.6.5 Other changes to ISAs 8

1.6.6 Application of ISAs (UK) 8

1.7 Other FRC guidance 9

1.7.1 Practice Notes 9

1.7.2 Bulletins 9

1.7.3 Standards 10

1.7.4 Statements of Recommended Practice (SORPs) 10

1.8 Other guidance 10

1.9 Conventions 10

1.10 Accounting framework 10

2 Audit regulation and ethics 13

2.1 Introduction 13

2.1.1 Ethical standards for auditors 14

2.1.2 Audit regulations 15

2.2 Qualification 15

2.3 Control of audit firms 15

2.4 Fit and proper person 15

2.5 ICAEW code of ethics 16

2.5.1 Background 16

2.5.2 The fundamental principles 16

2.5.3 Threats and safeguards 17

2.5.4 Conflict resolution 18

2.5.5 Conflicts of interest and confidentiality 19

Contents

vi

2.5.6 Control of confidentiality and independence 20

2.5.7 Receipt of information in confidence by auditors 20

2.6 The FRC’s Revised Ethical Standard 2016 21

2.6.1 Scope 21

2.6.2 Contents of the Revised Ethical Standard 23

2.6.3 Ethical Standard – Introduction and Section 1 – Integrity,

Objectivity and Independence 26

2.6.4 Ethical Standard – Section 2: Financial, Business,

Employment and Personal Relationships 30

2.6.5 Ethical Standard – Section 3: Long Association with

the Audit Engagement 34

2.6.6 Ethical Standard Section 4: Fees, Remuneration and

Evaluation Policies, Litigation, Gifts and Hospitality 36

2.6.7 Ethical Standard Section 5 – Non-Audit Services

Provided to Audited Entities 38

2.7 Section 6 – Provisions available for small entities 39

2.7.1 Background 39

2.7.2 Non-audit services 40

2.7.3 Economic dependence 41

2.7.4 Partners and other persons joining an audit client 41

2.7.5 Audit report wording 42

2.8 Technical standards 43

2.8.1 Acceptance of appointment and reappointment 44

2.8.2 Quality control 44

2.9 Maintaining competence 44

2.10 Meeting of claims 45

2.11 Other areas 45

2.12 Oversight of the profession 45

2.13 Audit quality monitoring 46

2.14 Reports by registered auditors 46

2.15 Other international developments 46

3 Quality control for audit work 49

3.1 Introduction 49

3.2 ISQC (UK) 1 (Revised June 2016) 50

3.2.1 Basic requirement 50

3.2.2 Elements of a system of quality control 51

3.2.3 Leadership 52

3.2.4 Ethical requirements 52

3.2.5 Client acceptance and continuance 53

3.2.6 Human resources 56

3.2.7 Engagement performance 57

3.2.8 Engagement documentation 61

3.2.9 Monitoring 62

3.2.10 Complaints 65

3.2.11 Documentation of quality control system 65

Contents

vii

3.3 ISA (UK) 220 (Revised June 2016) Quality Control for an Audit of

Financial Statements 66

3.3.1 General requirement 66

3.3.2 Leadership responsibilities for quality 67

3.3.3 Ethical requirements 67

3.3.4 Acceptance and continuance 67

3.3.5 Assignment of the team 68

3.3.6 Engagement performance 68

3.3.7 Monitoring 69

3.3.8 Documentation 69

3.4 FRC audit quality framework 70

3.4.1 Background 70

3.4.2 Promoting audit quality 71

3.4.3 Factors outside the auditor’s control 73

3.5 International developments 73

4 The auditor’s report 77

4.1 Introduction 77

4.2 Standards and guidance 77

4.2.1 Other guidance 78

4.3 Contents of this section 79

4.4 Forming an opinion 79

4.5 Contents of an audit report 80

4.5.1 Entities that report on application of the code 81

4.5.2 Public interest entities 82

4.6 Title 82

4.7 Addressee 82

4.8 Auditor’s opinions 82

4.9 Basis for opinion 84

4.10 Going concern 84

4.11 Key audit matters 85

4.11.1 Determining key audit matters 86

4.11.2 Communicating key audit matters 86

4.11.3 Circumstances in which a key audit matter is not

communicated 87

4.11.4 Interaction between key audit matters and going

concern matters included in the auditor’s report 87

4.11.5 No matters to report 88

4.11.6 Communicating other planning and scoping matters 88

4.11.7 Communication with those charged with governance 89


4.12 Other information 90

4.13 Opinion on other matters 90

4.14 Reporting by exception 91

4.15 Responsibilities for the financial statements 92

4.16 Responsibilities of the auditor 92

Contents

viii

4.17 Entities that report on application of the code 94

4.18 Public interest entities 95

4.19 Name of engagement partner 95

4.20 Signature 96

4.20.1 Audit regulation 96

4.20.2 Senior statutory auditor 96

4.20.3 Signing 97

4.20.4 Joint auditors 97

4.21 Auditor’s location 98

4.22 Date 98

4.23 Unmodified auditor’s reports examples 99

4.24 Directors’ responsibility statements 109

4.25 Small companies 111

4.25.1 Smaller entities and FRS 105 111

4.25.2 The small companies regime 115

4.25.3 Micro-entities 116

4.26 Reporting on the directors’ remuneration report 117

4.26.1 Introduction 117

4.26.2 Companies affected by the rules 117

4.26.3 The ‘auditable part’ of the directors’

remuneration report 118

4.26.4 Reporting on the directors’ remuneration report 118

4.27 Electronic publication of audit reports 118

4.27.1 Background 118

4.27.2 Electronic publication of audit reports 118

4.28 The Bannerman case 119


4.28.2 Auditor’s responsibilities 120

4.28.3 Recommended wording 120

4.28.4 Engagement letters 120

4.28.5 Further developments 120

5 Modified auditor’s reports 123

5.1 Introduction 123

5.2 Modifications 123

5.3 Circumstances when a modification to the auditor’s

opinion is required 124

5.3.1 Financial statements not free from

material misstatement 124

5.3.2 Inability to obtain sufficient appropriate audit evidence 124

5.3.3 Imposed limitation of scope 125

5.4 Types of modified opinion 126

5.4.1 Adverse opinions or disclaimers of opinion 127

5.5 Form and content of the audit report when opinion is modified 127

5.5.1 Opinion paragraph 127

5.5.2 Qualified opinion 128

5.5.3 Adverse opinion 128

Contents

ix

5.5.4 Disclaimer of opinion 128

5.5.5 Basis for modification paragraph 129

5.5.6 Description of auditor’s responsibilities when

the auditor disclaims an opinion 130

5.5.7 Other considerations when the auditor

disclaims an opinion 130

5.5.8 Other implications of modified opinions 131

5.6 Examples 131

5.6.1 Modifications to opinions on other matters 136

5.7 Emphasis of matter 136

5.8 Other matter paragraphs 138

5.9 Placement 139

5.10 Communication with those charged with governance 139

6 Other reports on financial information 141


6.2 Revised financial statements and reports 142

6.2.1 Legal background 142

6.2.2 Guidance 142

6.2.3 Types of revision 142

6.2.4 Procedures 148

6.3 Preliminary announcements 150


6.3.2 Guidance 150

6.3.3 Terms of engagement 150


6.3.5 Alternative performance measures 154

6.3.6 Management commentary 154

6.3.7 Directors’ approval 154

6.3.8 Modification of the auditor’s report 155

6.3.9 Reporting 155

6.3.10 Announcements not agreed 156

6.4 New small companies regime 156


6.4.2 Auditor’s report 157

6.4.3 Guidance 158

6.5 Summary financial statements 158

7 Other statutory reports by auditors 161


7.2 Distributions 161


7.2.2 Distributions made by reference to annual accounts 162

7.2.3 Distributions made by reference to ‘interim’ accounts 165

7.2.4 Distributions made by reference to ‘initial’ accounts 165

Contents

x

7.3 Purchase and redemption of own shares 167


7.3.2 Guidance 167

7.4 Re-registration of companies 168


7.4.2 Guidance 169

7.5 Allotment of shares otherwise than for cash 174


7.5.2 Guidance 175

7.6 Transfer of non-cash assets to a public company by

one of its members 176


7.6.2 Guidance 176

8 Compilation reports on accounts

prepared by accountants 179


8.2 Guidance 179

8.2.1 Professional ethics 179

8.3 Incorporated entities 180


8.3.2 Directors’ responsibilities 182

8.3.3 Accountants’ procedures 183

8.3.4 Misleading financial statements 183

8.3.5 Approving financial statements 184

8.3.6 Accountants’ reports 184

8.4 Unincorporated entities 186

8.4.1 Scope of guidance 186

8.4.2 Accounting basis 186


8.4.4 Client’s responsibilities 188

8.4.5 Planning 188


8.4.7 Misleading financial information 189

8.4.8 Approval of financial information 189

8.4.9 Accountants’ reports 189

8.5 Companies claiming audit exemption 190

8.5.1 Ineligible companies 190

8.5.2 Requirements when a company becomes exempt 191

8.5.3 Engagement letters 191

8.5.4 Resignation procedures 191

9 Reports to financial regulators 193

9.1 Legal background 193

9.1.1 Entities in the financial services sector 193


Contents

xi

9.2 Types of report 194

9.3 Auditing standards and guidance 194

9.4 Financial services – auditor’s responsibilities 195

9.5 Client assets 195


9.5.2 Determining whether a client assets report is required 196

9.5.3 Scope of permissions 198

9.5.4 The CASS rules 198

9.5.5 Scope of the assurance standard 201

9.5.6 Accepting the engagement 202

9.5.7 Assurance procedures 202

9.5.8 Planning the engagement 204

9.5.9 Statutory and non-statutory trusts 205

9.5.10 Reconciliations 205

9.5.11 Custody arrangements 206

9.5.12 Insurance intermediaries 206

9.5.13 Debt management firms 207

9.5.14 Mandates 207

9.5.15 Using the work of the internal audit function 208

9.5.16 Using the work of an expert 208

9.5.17 Reporting 208

9.6 Special ad hoc reports – financial services entities 217

9.6.1 Auditing standards and guidance 217

9.6.2 Right and duty to report 218

9.6.3 ‘Material significance’ 219


9.6.5 Reporting 225

9.6.6 Form of report 227

9.6.7 Communication by the regulator 227

9.6.8 Relationship with other reporting responsibilities 228

9.7 Public interest entities 230

10 Communicating with management and those

charged with governance 231


10.2 Determining those charged with governance 232

10.3 Aims of reports to those charged with governance 233

10.4 The communication process 234

10.4.1 Establishing expectations 234

10.4.2 Form of communication and documentation 234

10.4.3 Addressees 235

10.4.4 Form of reports 236

10.5 Adequacy of communications 237

10.6 Matters to be communicated 237

10.6.1 Overview 237

10.6.2 Auditor’s responsibilities 240

10.6.3 Planned scope and timing 240

Contents

xii

10.6.4 Significant findings from the audit 241

10.6.5 Integrity, independence and objectivity 243

10.7 Communication with audit committees 245

10.7.1 Companies applying the UK Corporate

Governance Code 245


10.8 Groups 247

10.9 Third parties 247

10.10 Communicating deficiencies in internal control 248

10.10.1 Identifying and reporting deficiencies 248

10.10.2 Significant deficiency 248

10.10.3 Reporting of significant deficiencies 249

10.10.4 Reporting of other deficiencies 250

11 Going concern 251


11.2 Auditing standards and other guidance 252

11.3 General requirement 253

11.4 The entity’s responsibilities 253

11.5 The auditor’s responsibilities 255

11.6 Risk assessment procedures and related activities 255

11.6.1 Significant doubt about the entity’s ability to

continue as a going concern 255

11.7 Evaluating the entity’s assessment of going concern 257

11.7.1 Possible audit procedures 258

11.7.2 Borrowing facilities 259

11.8 Events after the period considered by those charged

with governance 260

11.9 Additional procedures when events or conditions

are identified 261

11.10 Auditor conclusions 261

11.10.1 Entities applying the UK Corporate Governance Code 262

11.11 Adequacy of disclosures 263

11.11.1 Adequacy of disclosures when events or

conditions have been identified and a

material uncertainty exists 263

11.11.2 Adequacy of disclosures when events or

conditions have been identified but

no material uncertainty exists 264

11.12 Implications for the auditor’s report 264

11.12.1 Auditor’s conclusions 264

11.12.2 Going concern basis of accounting inappropriate 264

11.12.3 Going concern basis of accounting is appropriate

and no material uncertainty has been identified 265

11.12.4 Use of going concern basis of accounting is

appropriate but a material uncertainty exists 265

11.12.5 Other considerations 266

Contents

xiii

11.12.6 Small and micro-entities 266

11.12.7 Entities applying the UK Corporate Governance Code 266

11.12.8 Key audit matters 266

11.12.9 Other information 267

11.13 Entity unwilling to make or extend its assessment 267



11.15 Significant delay in the approval of financial statements 268

11.16 Example report extracts 268

11.17 Regulated entities 273

11.18 Groups 273

11.19 Preliminary announcements 273

11.20 Bulletin 2008/10 273

11.20.1 The need for guidance 273

11.20.2 General principles 274

11.20.3 Detailed considerations 274

11.20.4 Availability of finance 275

12 Documentation 277


12.2 Purpose of documentation 277

12.3 Form and content 278

12.3.1 Factors affecting form and content of working papers 279

12.3.2 Documenting characteristics of items tested 280

12.3.3 Judgment areas 281

12.3.4 Documentation of departures from ISAs (UK) 282

12.3.5 Identification of the preparer and reviewer

of documentation 282

12.3.6 Specific documentation requirements 282

12.4 Assembly of the final audit file 283

12.5 Changes to audit documentation 283

12.6 Other documentation requirements 284

12.7 Confidentiality, custody and ownership of working papers 286

12.8 Retention of working papers 287

12.9 Access to working papers 288

12.9.1 Working paper ownership and access 288

12.9.2 Further explanations 297

12.9.3 Access for other parties 298

12.9.4 Investigating accountants from the same

firm as the auditor 300

12.9.5 Change of auditor 300

13 Planning 301


13.2 Planning the work 301

Contents

xiv

13.3 Preliminary engagement activities 302

13.4 The overall audit strategy 302

13.5 Audit plan 305

13.5.1 Disclosures 306

13.6 Documentation 307

13.7 Initial audit engagements 307

13.8 Changes to planning decisions during the course of

the audit 308

13.9 Direction, supervision and review 308

13.10 Communications with those charged with governance 308

14 Engagement letters 309


14.2 Purpose 310

14.3 Preconditions for an audit 310

14.4 Contents 311

14.4.1 Recurring audits 319

14.4.2 Groups of companies 320

14.4.3 Changes in terms 320

14.4.4 Disengagement 321

14.5 Liability limitation 321


14.5.2 FRC guidance 321

14.5.3 Liability limitation agreements 322

14.5.4 Liability limitation – other services 322

14.6 Small companies and micro-entities 323

15 Materiality and the audit 325


15.2 Materiality 325

15.3 Materiality in the audit 326

15.4 Setting materiality 327

15.4.1 Overall financial statement materiality 327

15.4.2 Performance materiality 328

15.5 Revision to materiality assessments 329

15.6 Evaluation of uncorrected misstatements 329

15.6.1 During the audit 330

15.6.2 At the completion phase 331



15.8 Communication of misstatements 333

15.9 Written representations 333

15.10 FRC thematic review 333

Contents

xv

16 Fraud and error 335


16.2 Definitions 335

16.2.1 Fraud 336

16.2.2 Error 337

16.3 Responsibilities of those charged with governance 337

16.4 Responsibilities of the auditor 338

16.4.1 Professional scepticism 338

16.4.2 Engagement team discussion 339

16.4.3 Risk assessment 340

16.4.4 Identification and assessment of fraud risk 342

16.4.5 Responses to fraud risk 343

16.5 Evaluating audit evidence 347

16.6 Auditor unable to continue the engagement 347

16.7 Management representations 348

16.8 Communication with management and those

charged with governance 348


16.9 Communication with the authorities 349



17 Consideration of laws and regulations 351


17.2 Legal and regulatory framework 351

17.3 Management responsibility 352

17.4 Responsibility of the auditor 353

17.5 Consideration of compliance 355

17.5.1 Laws with a direct effect on the financial statements 355

17.5.2 Laws affecting the operations of the entity 356

17.6 Money laundering 356

17.7 Non-compliance 356

17.8 Reporting 358

17.8.1 Reporting to those charged with governance 358

17.8.2 Reporting in the auditor’s report 359

17.8.3 Reporting to third parties 359


17.9 Resignation 361


18 Money laundering 363


18.2 Principal requirements 364

18.3 Practice Note 12 (revised) 364

Contents

xvi


18.3.2 What is money laundering? 364


18.3.4 Tipping off 372

18.3.5 Reporting to the MLRO and NCA 372

18.3.6 Privilege reporting exemption 373

18.3.7 The auditor’s report on the financial statements 375

18.4 Future developments 375

19 Initial engagements, opening balances

and comparatives 377


19.2 Initial engagements 377

19.3 Opening balances 378

19.3.1 Modifications to the predecessor auditor’s report 381


19.4 Comparatives 383

19.4.1 Qualified reports 384

19.4.2 Prior period financial statements issued by a

predecessor auditor 388

19.4.3 Prior period financial statements not audited 388

20 Related parties 391


20.2 Auditing standards 392

20.3 General requirement 392


20.5 Risk assessment 393

20.5.1 Enquiries 394

20.5.2 Understanding of controls 394

20.5.3 Team discussion 394

20.5.4 Remaining alert 395

20.5.5 Assessment of risk 396

20.6 Response to risk 397

20.6.1 Arm’s length transactions 398

20.7 Control disclosures 398

20.8 Representations from those charged with governance 398



20.11 Reporting 399

20.12 The audit of related parties in practice 400


20.12.2 The five-point action plan 400

Contents

xvii

21 Audit risk assessment and the auditor’s response 405


21.2 General overview 406

21.3 Identifying and assessing risks 406

21.3.1 Requirements 406

21.3.2 Risk assessment procedures and related activities 407

21.3.3 Engagement team discussion 408

21.3.4 Understanding the entity and its environment,

including the entity’s internal control 409

21.3.5 Internal control 415

21.3.6 Identifying and assessing the risks of

material misstatement 422

21.3.7 Communicating with those charged with governance 426


21.4 Responses to assessed risks 427

21.4.1 Overall responses 427

21.4.2 Responses at the assertion level 428

21.4.3 Presentation of the financial statements 433

21.4.4 Evaluating audit evidence 433


22 Service organisations 435


22.2 Understanding the services provided by a service

organisation, including internal control 436

22.2.1 Using a type 1 or type 2 report 439

22.2.2 Accounting records 440

22.3 Responding to the assessed risks of material misstatement 441

22.4 Subservice organisations 442

22.5 Fraud, non-compliance with laws and regulations and

uncorrected misstatements 442

22.6 Reporting 442

23 Audit evidence 445


23.2 The nature of audit evidence 446

23.2.1 Concept of audit evidence 446

23.2.2 Sufficient appropriate evidence 446

23.2.3 Sources of evidence 448

23.2.4 Using assertions to gather audit evidence 448

23.2.5 Audit procedures 448

23.2.6 Selection and sampling of items for testing 450

23.2.7 Dealing with inconsistent or potentially

unreliable evidence 451

23.3 Management’s experts 451

Contents

xviii

23.3.1 Using the work of a management’s expert 451

23.3.2 Evaluating the expert’s competence, capabilities and

objectivity 452

23.3.3 Obtaining an understanding of the expert’s work 452

23.3.4 Evaluating the appropriateness of the expert’s work 453

23.4 Specific considerations 453

23.5 Attendance at stocktaking 453


23.5.2 Assessment of risks and internal controls 454

23.5.3 Audit evidence 454

23.5.4 Audit procedures before, during and after the stocktake 455

23.5.5 Work in progress 457

23.5.6 The use of experts 457

23.5.7 Stock held by third parties 457

23.6 Enquiries about litigation and claims 458


23.6.2 Written representations 462

23.7 Segment information 462

23.8 External confirmations 462

23.8.1 Use of external confirmations 462

23.8.2 Debtors’ confirmations 464

23.9 Auditor scepticism 467


23.9.2 A sceptical mind 467

23.9.3 Throughout the audit 468

23.9.4 The growing importance of scepticism 469

23.9.5 Difficulties for audit firms 470

23.9.6 Improving auditor scepticism 470

24 Bank confirmations 475


24.2 Guidance 475

24.3 Authority 475

24.4 Disclaimers 476

24.5 Bank confirmation process 476

24.5.1 Timing of requests 477

24.5.2 Information required 477

24.5.3 Type of report 478

24.5.4 Where to send the request 484

24.5.5 Acknowledgement letters 485

24.5.6 Other issues 485

24.5.7 Non-BBA banks 485

24.5.8 Online confirmations 485

24.6 Confirmation of ongoing facilities 485


24.6.2 Level of reliance to be placed on reply 487

Contents

xix

25 Analytical procedures 489


25.2 What is meant by analytical procedures? 489

25.3 Problems in practice 491

25.4 Use of analytical procedures in risk assessment 492

25.5 Analytical procedures as a substantive procedure 492

25.5.1 Suitability of analytical procedures 493

25.5.2 Reliability of data 493

25.5.3 Precision of expected results 494

25.5.4 Acceptable differences 494

25.6 Analytical procedures near the end of the audit 494

25.7 Investigating variances 495

26 Audit sampling 497


26.2 Use of sampling 497

26.3 Risk assessment 498

26.3.1 Sampling risk 498

26.3.2 Non-sampling risk 499

26.4 Design of the sample 499

26.4.1 Deciding whether to sample 499

26.4.2 Designing the sample 500

26.5 Sample size 501

26.6 Selecting the sample 503

26.7 Performing audit procedures 504

26.8 Deviations and misstatements 504

26.8.1 Tolerable misstatement/deviation 504

26.8.2 Expected error 505

26.8.3 Projecting errors 505

26.9 Evaluating results 506

26.10 Statistical and non-statistical sampling 507

27 Audit of accounting estimates 509


27.2 Accounting estimates 509

27.3 Risk relating to the use of accounting estimates 510

27.4 Audit procedures 511

27.4.1 Significant risks 512

27.4.2 Testing management’s methods 512

27.5 Evaluation of results 513

27.6 Disclosure 514

27.7 Indicators of possible management bias 514




Contents

xx

28 Auditing fair value 517


28.2 Guidance 517

28.3 Understanding the entity’s process 518

28.4 Evaluating the entity’s approach 519

28.5 Using the work of an expert 520

28.6 Audit procedures 521

28.6.1 Testing the entity’s assumptions, model and data 521

28.6.2 Independent fair value estimates 523

28.6.3 Subsequent events 523

28.7 Disclosures 523


28.9 Complex financial instruments 524


28.9.2 General considerations 524

28.9.3 Responsibilities 525

28.9.4 Understanding the entity 526

28.9.5 Reliance on controls 528


28.9.7 Evaluating audit evidence 531

28.9.8 Management representations 532

28.9.9 Considerations in difficult market conditions 532

29 The audit of retirement benefits 535


29.2 Guidance 535

29.3 Respective responsibilities 536

29.4 Planning 537

29.4.1 Risks of material misstatement 537

29.4.2 Communication 539

29.5 Audit evidence 541

29.5.1 Understanding the schemes involved 541

29.5.2 Scheme assets 541

29.5.3 Using the work of the scheme auditor 542

29.5.4 Multi-employer schemes 543

29.5.5 Scheme liabilities 543

29.5.6 Competence and objectivity of the actuary 543

29.5.7 The actuary’s work as audit evidence 544

29.5.8 Actuarial assumptions 544

29.5.9 Assessing the results of the actuary’s work 545

29.5.10 Valuation of scheme liabilities and materiality 546


29.5.12 Going concern 546

29.5.13 Distributable profits 547

29.5.14 Management representations 547

29.6 Smaller entities with insured schemes 548

Contents

xxi

30 Audits of group financial statements 551


30.2 Auditing standards and guidance 551

30.3 Definitions 552

30.4 Responsibilities 553

30.5 Acceptance and continuance 553

30.6 Overall audit strategy and audit plan 554

30.7 Understanding the group, its components and their environments 554

30.8 Understanding the component auditor 555


30.10 Responding to assessed risks 557

30.10.1 Involvement in the work performed by

component auditors 560

30.11 The consolidation process 560

30.12 Subsequent events 561

30.13 Communication with the component auditor 562

30.14 Evaluating the sufficiency and appropriateness of audit evidence 563

30.15 Communication with those charged with governance of the group 564



30.16.1 External monitoring 567

30.16.2 Examples 567

30.17 ICAEW practical guidance 569


31 Reliance on others 571


31.2 Internal audit function 571

31.2.1 Auditing Standards 571

31.2.2 Understanding the internal audit function 572

31.2.3 Use of the work of the internal audit function 573

31.2.4 Using the work of the internal audit function 575

31.2.5 Direct assistance 577


31.3 Auditors’ experts 578

31.3.1 Auditing standards 578

31.3.2 Definition of an auditor’s expert 579

31.3.3 Determining the need for an auditor’s expert 579

31.3.4 The nature, timing and extent of audit procedures 579

31.3.5 Competence, capabilities and objectivity of the expert 580

31.3.6 Understanding the expert’s field of expertise 581

31.3.7 Agreement with the auditor’s expert 581

31.3.8 Evaluating the adequacy of the expert’s work 581

31.3.9 Reference to the expert in the audit report 582


Contents

xxii

32 Management representations 583


32.2 Requirement to obtain written representations 583

32.3 Acknowledgement of directors’ responsibilities 584

32.4 Other written representations required by ISAs 585

32.5 Additional written representations 587

32.6 Representations by management as audit evidence 587

32.7 Reliability of representations 588

32.8 Refusal to provide written confirmation 588

32.9 Example representation letter 589

32.10 Audit 4/02: Management representation letters 593

32.10.1 The case 593

32.10.2 Increasing the usefulness of representation letters 593

33 Subsequent events 595



33.3 Before the date of the audit report 596

33.4 Before the financial statements are issued 598

33.4.1 Directors make the required amendments 598

33.4.2 Failure to amend financial statements 598

33.5 Revising or withdrawing financial statements 599

34 The auditor’s responsibilities in relation to other

information 601


34.2 Auditing standards 602

34.3 The auditor’s consideration of other information 602

34.3.1 Other information 602

34.3.2 The auditor’s responsibility 603

34.3.3 Obtaining an understanding 604

34.3.4 Obtaining the other information 604

34.3.5 Reading and considering the other information 604

34.4 Responding to inconsistencies and misstatements 605

34.4.1 Responding when a material misstatement of the

other information exists 606

34.4.2 Responding when a material misstatement in the

financial statements exists or the auditor’s

understanding needs to be updated 607

34.5 Timing 607

34.6 Reporting 607

34.6.1 All entities 607

34.6.2 Directors’ report and strategic report 608

34.6.3 Separate corporate governance statement 608

34.7 UK Corporate Governance Code reporting 609

Contents

xxiii

34.7.1 Statement on the directors’ assessment of the

principal risks that would threaten the

solvency or liquidity of the entity 610

34.8 Modified audit reports 611


34.10 Electronic publication 611

35 Data analytics 613


35.2 Guidance 613

35.3 Use of data analytics in external audits 614

35.3.1 Audit quality 615

35.3.2 Common data analytic routines 616

35.3.3 ICAEW papers 616

35.3.4 Audit quality thematic review 617


36 The audit of small businesses 619


36.2 Guidance 620

36.3 Characteristics of small businesses 620

36.4 The relationship between small businesses and their auditors 621

36.5 Responsibilities 622

36.5.1 The auditor’s responsibilities relating to fraud 622

36.5.2 Consideration of laws and regulations 623


36.5.4 Agreeing the terms of the engagement 624

36.5.5 Subsequent events 624

36.6 Planning, controlling and recording 624

36.6.1 Planning an audit of financial statements 624

36.6.2 Identifying and assessing risks of material misstatement 625

36.6.3 Materiality 625

36.7 Accounting systems and internal control 626

36.7.1 Identifying and assessing risks and the auditor’s

responses to them 626

36.7.2 Service organisations 627

36.8 Evidence 627

36.8.1 Audit evidence and external confirmations 627

36.8.2 Analytical procedures 628

36.8.3 Audit sampling 629


36.8.5 Initial audit engagements and comparative information 630

36.8.6 Estimates and fair values 630

36.8.7 Related parties 630

Contents

xxiv

36.9 Reporting 631

36.9.1 The independent auditor’s report on

financial statements 631

36.9.2 Communication with those charged with governance 631

36.10 Practice Note 26 and documentation 632


36.10.2 The purpose of audit documentation 632

36.10.3 Special considerations for smaller entities 633

36.10.4 Audit documentation requirements in the ISAs 635

36.11 International guidance 635

37 Other operational issues 637


37.2 The auditing implications of FRS 102 637

37.2.1 Guidance for auditors 637

37.2.2 Ethical considerations 639

37.2.3 Potential problem areas 639

37.3 XBRL tagging of information in financial statements 641


37.3.2 Auditor’s involvement 641

37.3.3 Technical Release AAF 04/10 642

37.4 Computer-assisted audit techniques 644

37.5 Paid cheques 645

37.5.1 Existing guidance 645

37.5.2 Audit evidence 645

37.5.3 Cheques Act 1992 646

37.5.4 Obtaining paid cheques 646

37.6 Auditing when financial market conditions are difficult 646

37.7 Auditing implications of Brexit 647

38 Change of auditor 649


38.2 Procedures on cessation of office as auditor 650

38.2.1 The Companies Act 2006 requirements 650

38.2.2 All companies 651

38.2.3 Non-public interest companies 651

38.2.4 Section 519 statement 652

38.2.5 Notifications – non-public interest companies 653

38.2.6 Public interest companies 654

38.2.7 Legal advice 656

38.3 Access to information by a successor auditor 663

38.3.1 Requirements of the Act 663

38.3.2 Technical Release AAF 01/08 664

Contents

xxv

39 Review of interim financial information 673


39.2 Guidance for the auditor 674

39.3 General principles 674

39.4 Assurance provided 674

39.5 Engagement letters 675

39.6 Planning 677

39.7 Procedures and evidence 679




39.11 Comparative periods 681

39.12 Management representations 682


39.14 Evaluating misstatements 684

39.15 Communication 684

39.16 Reporting 685

39.16.1 Modification of the review report 686

39.16.2 Prior period modifications 688

39.16.3 Date of review report 688

39.17 Complete set of interim financial information 689

39.18 Requests to discontinue an interim review engagement 689

40 Reports for special purposes and to third parties 691


40.2 Development of guidance 692

40.3 General guidance 693

40.3.1 Accepting an engagement 693

40.3.2 Managing professional liability 694


40.4 Duties to lenders 695

40.4.1 Case law 695

40.4.2 Duties of care for the statutory audit report 695

40.4.3 Draft accounts 696

40.4.4 Disclaimer of responsibility 696

40.4.5 The Contracts (Rights of Third Parties) Act 1999 697

40.4.6 Separate engagements to provide specific

assurances to lenders 697

40.5 Covenants in agreement for loans and other facilities 698

40.5.1 Common financial and non-financial covenants 698

40.5.2 The lender’s requirement for evidence of covenant

compliance 699

40.5.3 The firm’s duty of care 701

40.5.4 The firm’s consideration of acceptance of

the engagement 703

Contents

xxvi

40.6 Engagements to report on covenant compliance 704

40.6.1 Scope of work performed 704

40.6.2 The report 705

40.7 Reports on internal controls of service organisations 707


40.7.2 Responsibilities of the service organisation 708


40.7.4 Reporting accountant’s procedures 713


40.8 Reports to other third parties 716


40.8.2 TECH 10/12AAF: Reporting to third parties 716

40.8.3 Requests for references on clients’ financial status 724

40.9 Audit liability: Claims by third parties 726

40.9.1 Potential investors 727

40.9.2 Creditors and lenders 728

40.9.3 Regulators and trade bodies 728

40.9.4 Affiliates or associates of the audit client 728

41 Other engagements 731


41.2 Review engagements 733

41.2.1 Guidance 733

41.2.2 Features of a review engagement 733


41.2.4 Reliance by third parties 737

41.2.5 Performing the engagement 737



41.3 Agreed upon procedures 739

41.4 Auditor’s reports on special purpose financial statements 740

41.4.1 Special purpose frameworks 741

41.4.2 Reports on a single financial statement or

a specific element 745

41.5 Assurance on non-financial information 748

41.5.1 Non-financial information 748

41.5.2 Current practices and guidance 748

41.5.3 Considerations for practitioners 750

42 Corporate governance 753

42.1 Background 753

42.1.1 Corporate governance framework 753

42.1.2 Directors’ remuneration 754

42.1.3 Disclosure and transparency rules 755

42.2 Guidance 755

Contents

xxvii

42.2.1 FRC – companies and investors 755

42.2.2 FRC – auditors 756

42.3 Terms of engagement 757

42.4 Auditor’s responsibilities for the ‘comply or explain’ statement 757

42.5 Provisions of the UK Corporate Governance Code 758

42.6 Procedures 761

42.6.1 Statement of compliance 761

42.6.2 Specific procedures – the verifiable code provisions 761

42.6.3 Non-compliance with the code 767


42.7 Other disclosures and reporting requirements 769

42.7.1 Disclosures under the ‘Disclosure Rules and

Transparency Rules’ 769

42.7.2 Standard listed companies 772

42.8 Audit committees and the external auditor 772

42.8.1 Role and responsibilities of the audit committee 772

42.8.2 FRC guidance on audit committees 773

42.8.3 Communication between the auditor and the

audit committee 776

42.9 Monitoring 778

42.10 Future plans 778

43 Charities 779


43.1.1 General 781

43.1.2 Independent examination 782

43.1.3 Whistle-blowing duties for auditors and examiners 782

43.2 Audit guidance 783

43.3 Background 783

43.4 Overall conduct of an audit in accordance with ISAs 784

43.5 Agreeing the terms of audit engagements 784

43.6 Quality control for an audit of financial statements 785

43.7 The auditor’s responsibilities relating to fraud 785

43.8 Consideration of laws and regulations 786

43.8.1 Laws relating directly to the preparation of financial

statements 786

43.8.2 Laws central to a charity’s conduct of business 787

43.9 The auditor’s right and duty to report to regulators 788


43.11 Communicating deficiencies in internal control 789

43.12 Planning an audit of financial statements 789

43.13 Identifying and assessing risks of material misstatement 790

43.13.1 Risk of misstatement 791

43.13.2 Control environment 792

43.13.3 Control activities 793

43.13.4 Accounting policies 793

Contents

xxviii

43.14 Materiality in planning and performing an audit 794

43.15 The auditor’s responses to assessed risks 794

43.15.1 Completeness of income 795

43.15.2 Overseas operations 795

43.15.3 Restricted funds 796

43.16 Audit considerations relating to an entity using a

service organisation 797


43.18 Initial audit engagements – opening balances 797

43.19 Analytical procedures 798

43.20 Auditing accounting estimates, including fair value

accounting estimates, and related disclosures 798

43.21 Related parties 800




43.25 Audits of group financial statements 802

43.26 The auditor’s report on financial statements 803


43.28 Summarised financial statements 805

44 Pension schemes 807



44.3 Accounting guidance 810

44.4 Schemes exempt from audit 811

44.5 Appointment and resignation 811

44.6 Considerations of fraud 812

44.7 Control activities 813

44.8 Communication with trustees 816


44.10 Reporting 818

44.10.1 Key audit matters 821

44.11 Contributions 822

44.12 Schemes in the process of winding up 826

44.13 Other reporting situations 827

44.14 Whistle-blowing responsibilities 827

44.15 Non-statutory audits 828

44.15.1 Appointment and removal 828

44.15.2 Engagement letter 828

44.15.3 Reporting to the Pensions Regulator (TPR) 828

44.15.4 Auditor’s statement about contributions 829

44.15.5 Termination of appointment 829

44.15.6 Trustees’ responsibilities statement 829

44.15.7 Auditor’s report 829

Contents

xxix

45 Solicitors’ Accounts Rules 831

45.1 Background 831

45.1.1 Summary of recent changes 831

45.1.2 Compliance with the rules 832

45.1.3 Objective 834

45.2 Engagement letter 835

45.2.1 ‘Whistle-blowing’ 836

45.2.2 Termination of appointment 838

45.2.3 Independence 838

45.3 Procedures 838

45.3.1 The role of the reporting accountant 841

45.4 Common breaches 842

45.4.1 Debit balances 842

45.4.2 Client confidentiality 843

45.4.3 ‘Without delay’ 843

45.4.4 Receipt and transfer of costs – the ‘14 day rule’ 843

45.4.5 Reconciliations 843

45.4.6 Prompt return of client money and residual balances 843

45.4.7 Providing bank facilities 844

45.5 Reporting 844


46 Investment businesses 847


46.2 Rules and reporting requirements 847

46.3 The audit of financial statements 850

46.3.1 Overall objectives of the auditor and the

conduct of an audit in accordance with ISAs 850


46.3.3 The auditor’s responsibilities relating to fraud 851

46.3.4 Consideration of laws and regulations 851

46.3.5 Planning an audit of financial statements 853

46.3.6 Identifying and assessing risks of material

misstatement 853

46.3.7 The auditor’s responses to assessed risks 855

46.3.8 Audit considerations relating to an entity using a service

organisation 856

46.3.9 Analytical procedures 857

46.3.10 Auditing accounting estimates, including fair

value accounting estimates, and related disclosures 857



46.4 High level standards and conduct of business rules 858

46.4.1 Impact on the audit 859

46.4.2 Audit approach 859

46.5 Review reports on interim profits 861

Contents

xxx

46.6 CREST 862

46.6.1 Understanding the business 863

46.6.2 Evaluating internal controls 863

47 Registered Providers of Social Housing 865

47.1 Existing audit guidance 868

47.1.1 Practice Note 14 868

47.2 Background 869

47.2.1 The nature of Registered Providers 869

47.2.2 Responsibilities of the board 871

47.2.3 Responsibilities of audit committees 872

47.2.4 Financial reporting requirements 873

47.2.5 Responsibilities of the auditor 874

47.2.6 Features of social housing audits 875

47.2.7 The auditor’s relationship with the Regulators 879

47.3 Audit engagement letters 879

47.4 Quality control 886

47.5 Responsibilities relating to fraud 886

47.6 Laws and regulations 887

47.6.1 ISA (UK) 250A (Revised June 2016)

Section A – Consideration of Laws and

Regulations in an Audit of Financial Statements 887

47.6.2 ISA (UK) 250B (Revised June 2016) 889


47.8 Identifying and assessing risks of material misstatement 891


47.10 Responses to assessed risks 893

47.11 Using a service organisation 893

47.12 Audit evidence 894


47.14 Analytical procedures 895

47.15 Auditing accounting estimates 896





47.20 Using the work of internal auditors 899

47.21 Using the work of an auditor’s expert 899

47.22 The auditor’s report on financial statements 900

47.22.1 UK Corporate Governance Code and enhanced audit

reporting 904


47.24 Miscellaneous reports 906

47.25 Service charge audits 906

Contents

xxxi

48 Public sector audits 909


48.2 The role of the public sector auditor 909


48.4 Overall objectives of the auditor and the conduct of an audit 911

48.5 Agreeing the terms of audit engagements 911


48.7 The auditor’s responsibilities relating to fraud 912

48.8 Consideration of laws and regulations 913

48.8.1 Consideration of legislation on corruption 914

48.8.2 Money laundering regulations in the public sector 914

48.8.3 Reporting non-compliance 914


48.10 Identifying, assessing and responding to risks 916

48.11 Materiality in planning and performing an audit 917

48.12 Using a service organisation 918

48.13 Evaluation of misstatements 918

48.14 Opening balances 918

48.15 Accounting estimates 920




48.18.1 The auditor’s other responsibilities relating to

going concern 921

48.18.2 Circumstances affecting going concern 922

48.18.3 Consideration of the foreseeable future 922

48.18.4 The auditor’s responsibilities in considering

going concern 922

48.18.5 Entities that prepare their financial statements

on a cash basis 923

48.18.6 Auditors’ responsibilities for reviewing and

reporting on an entity’s arrangements for

securing value for money 923


48.20 Audits of group financial statements 923

48.21 Using the work of internal auditors 924

48.22 Using the work of an auditor’s expert 924

48.23 Forming an opinion and reporting on financial statements 924

48.24 The auditor’s responsibilities relating to other information

in documents containing audited financial statements 926

48.25 Regularity 926

48.26 Grant claims 927

49 Regulated entities 929


49.2 Duty of care and engagement contracts 930

Contents

xxxii

49.2.1 Tri-partite engagement contracts 930

49.2.2 Bi-partite engagement contracts 930

49.3 Reporting 931


49.5 Working with independent experts 932

Appendix 1 933

Existing guidance at 30 April 2017 933

Appendix 2 939

Specific ISA requirements relating to statutory audits of

public interest entities 939

Appendix 3 941

Glossary 941

Index 943

implementing gaas 2017–18 · 1.6 development of international standards on auditing (uk) 6 1.6.1...

Documents