Assurance & Risk Fundamentals

Elements of an Assurance Engagement

1. Three Party Relationship

• Responsible Party (Directors) : Determines criteria (IFRS/Estimates) /prepares subject matter (FS/Software)

• Intended User (of Subject Matter): Shareholders

• Practitioner (Auditor): Reviewer of subject matter who provides opinion

2. Subject Matter

• Document that is reviewed by the practitioner

• e.g. Financial Statements/internal controls/corp.governance

3. Suitable Criteria

• Agreed (by intended users) set of criteria subject matter is checked to

• e.g. Accounting standards/int. control manuals/UK code of corp governance

4. Sufficient appropriate evidence

• Evidence gathered by practitioner to support their conclusion

5. Written Assurance Report

• Overall opinion/conclusion by practitioner about subject manner

Two Types of Assurance Levels

Both have sufficient and appropriate evidence to support conclusion:

1. Reasonable Assurance

• Positively worded opinion (Direct)

• “FS show true and fair view in all material respects”

2. Limited Assurance

• Negatively worded conclusion (Indirect)

• “Nothing observed that makes us believe subject matter is misstated”

Never absolute assurance i.e. 100% guarantee over subject matter

Benefits to users of assurance/audit reports

Credibility

Independent Verification

Deterrent from fraud

Attention to issues

Criteria to be exempt from UK Audit

2/3 of the following:

1. No more than £15m Turnover

2. No more than £7.5m Total Assets

3. No more than 50 Employees

Limitations of Assurance

1. Testing/Sampling: Process of creating subject matter not overseen, sampling used as testing everything too expensive

2. Controls Limitations: Accounting systems/controls have limitations, Responsible party may collude in fraud

3. Nature of subject matter: Assurance evidence persuasive rather than conclusive. Subject matter contains judgment items which cannot guarantee 100% correctness

4. Auditor judgment: Professional judgment, so absolute assurance is impossible

Sustainability Reporting Frameworks

1. IFRS S1 and S2 (Issued by ISSB, not currently mandatory)

• IFRS S1: general sustainability related disclosures

• IFRS S2: Specifically climate-related disclosures

2. Companies Act 2006: Mandatory sustainability reporting requirements

• Sustainability risks/uncertainties facing the company

3. EU Corporate Sustainability Reporting Directive (CSRD): Mandatory for:

• Companies with securities listed on EU stock market

• All Large EU companies (>250 employees, >€50m annual revenue, >€25m total assets)

• Non EU companies (>€150 annual revenue in EU, or EU branch with >€40m net turnover)

• EU companies from 1/1/24, Non EU UK listed from 1/1/28

4. Global Reporting Initiative (GRI) standards: Independent organisation producing frameworks to assist companies in sustainability reporting

Aims of ISSB:

• To develop standards for a global baseline of sustainability disclosures

• To meet the information needs of investors

• To enable companies to provide comprehensive sustainability information to global capital markets

• To facilitate interoperability with disclosures that are jurisdiction-specific and/or aimed at broader stakeholder groups

Aims: sustainability reporting baseline, meet investor/global capital markets information needs, facilitate interoperability for wider jurisdictions/stakeholder groups

Auditor Pre-acceptance Procedures

I CARE, P

• I – Integrity of those managing the company

• C – Communicate with present auditors (Professional Clearance)

• A – Adequate existing resources

• R – References (Obtain them)

• E – Ethically acceptable to act

• P – Professionally qualified to act

Audit Engagement Letter Mandatory Items

Engagement Letter: Written by auditor after appointment and before commencement
RRAMOS

• R – Relevant reporting framework (e.g., IFRS/GAAP)

• R – Reports/Output (Expected form and content)

• A – Auditor responsibilities

• M – Management responsibilities

• O – Objective of the audit

• S – Scope of the audit

Procedures to take after Audit Acceptance

• Check outgoing auditor’s removal/resignation was property conducted in accordance with national legislation

• Check new auditor’s appointment is legally valid

• Agree and submit letter of engagement to directors

• Do money laundering checks

Client identification checks

Kept until 5 years after relationship with client has ended

1. Individuals

• Photograph

• Full name

• Permanent address

• In practice: Passport and utility bill

2. Companies

• Certificate of Incorporation (registered as company)

• Registered address (proof)

• Confirmation Statement (Annual return) for directors & shareholders

• Previous financial statements

ISA 300 Objective

ISA 300 (UK and Ireland): Objective of auditor is to plan the audit so that it will be performed in an effective and efficient manner

Audit Strategy

1. Understanding the entity’s:

• Business: Management structure/integrity, past analytical procedures

• Environment: Economic/industry conditions impacting business

• Internal control systems: accounting policy choices/control systems for preventing fraud/error

2. Materiality and Risk

3. Resources: Team members/budgeted hours/timing/fee

Audit Plan

1. Nature of procedures: Tasks undertaken to get evidence (tests of controls/substantive procedures)

2. Timing of procedures: i.e. when tests of controls vs substantive procedures undertaken

3. Extent of procedures: based on risk assessment/outcome of tests of controls

IFRS 315

IFRS 315 (UK and Ireland): Objective of auditor is to identify and assess the risks of material misstatement (Significant FS error), whether due to fraud or error, through understanding the entity and its environment

Elements of Professional Skepticism

1. Questioning Mind

2. Being alert to conditions indicating possible misstatement due to error/fraud

3. Critical assessment of audit evidence

Analytical Procedures

Analytical Procedures: Type of substantive procedure, used at every stage of an audit, comparison

• Comparison: analyses relationships between sets of data (financial vs non financial, internal vs external)

Sources compared to financial statements:

• Prior periods

• Budgets

• Related figures within Financial Statements (Ratio analysis)

• Non financial information (e.g number of employees employed, no of staff compared to staff costs)

• Industry information (external)

Analytical Procedures Ratios

Performance Ratios:

• ROCE = PBIT/Capital Employed(TA-CL)

Materiality by Size

Materiality Size:

• Profit before tax: 5-10%

• Revenue: 0.5-1%

• Total Assets: 1-2%

Types of Materiality

Materiality by Size: Financial Materiality

Materiality by Nature: Qualitative intrinsic value e.g. transactions related to directors regarded of their size due to shareholders’ intrinsic interest

Double Materiality: Materiality both in terms of financial impact and nature, specifically in context of sustainability

• Sustainability issues may create financial risks for company (dependencies) and company’s activities may materially impact people/environment

Performance Materiality: Amount set by auditor at less than materiality for FS to audit specific risky assertions

Materiality is reviewed constantly, changes required if:

• Draft accounts altered (due to material error etc)

• External factors causing changes in risk estimates

Types of Risk

AUDIT RISK = Inherent Risk x Control Risk x Detection Risk

1. Risk of Material Misstatement: Risk that FS/account/assertions may contain fraud/error

2. Audit Risk: Risk of auditor expressing inappropriate audit opinion when FS materially misstated (contains Inherent, Control, and Detection Risk)

3. Inherent Risk: The natural chance of a material misstatement occurring due to the complexity/nature of the business, ignoring any internal checks.

• e.g. cash based business/being sold/raising finance/under pressure

4. Control Risk: The risk that a company’s own internal processes and safety checks fail to prevent or catch a misstatement.on a timely basis

• Employee integrity & competence/management role/segregation of duties

4. Detection Risk: The risk that the auditor’s own testing and procedures fail to notice a material misstatement that is already present.

Detection Risk made up of:

• Sampling Risk: Auditor does not sample 100% of transactions

• Non Sampling Risk: Risk that material misstatement not discovered due to other factors e.g. rushed job/unskilled team

Audit Procedures

2 Types:

1. Test of Controls: procedures designed to evaluate operating effectiveness of controls in preventing/detecting and correcting material misstatements at the assertion level

2. Substantive procedures: All other procedures designed to detect material misstatements at the assertion level e.g. inventory valuation tests cost vs NRV. Comprised of:

• Tests of Details (i.e. classes of transactions/account balances/disclosure)

• substantive analytical procedures

Substantive procedures performed on all audits on material items. Nature/extent of substantive testing depends on risk assessment

Never appropriate to do only tests of control and no substantive testing

• Return on Capital Employed (ROCE) = Profit before interest and taxCapital employed (Total Assets − Current Liabilities)\frac{\text{Profit before interest and tax}}{\text{Capital employed (Total Assets − Current Liabilities)}}Capital employed (Total Assets − Current Liabilities)Profit before interest and tax​

• Gross Profit Margin = Gross profitRevenue×100\frac{\text{Gross profit}}{\text{Revenue}} \times 100RevenueGross profit​×100

• Cost of Sales Percentage = Cost of salesRevenue×100\frac{\text{Cost of sales}}{\text{Revenue}} \times 100RevenueCost of sales​×100

• Operating Cost Percentage = Operating costsRevenue×100\frac{\text{Operating costs}}{\text{Revenue}} \times 100RevenueOperating costs​×100

• Net Profit Margin = Profit before interest and taxRevenue×100\frac{\text{Profit before interest and tax}}{\text{Revenue}} \times 100RevenueProfit before interest and tax​×100

Liquidity Ratios:

• Current Ratio = Current assetsCurrent liabilities\frac{\text{Current assets}}{\text{Current liabilities}}Current liabilitiesCurrent assets​

• Quick Ratio = Current assets − InventoryCurrent liabilities\frac{\text{Current assets − Inventory}}{\text{Current liabilities}}Current liabilitiesCurrent assets − Inventory​

Long-Term Solvency Ratios:

• Gearing = Net debtEquity×100\frac{\text{Net debt}}{\text{Equity}} \times 100EquityNet debt​×100

• Interest Cover = Profit before interest payableInterest payable\frac{\text{Profit before interest payable}}{\text{Interest payable}}Interest payableProfit before interest payable​

Efficiency Ratios:

• Inventory Period = InventoryCost of sales×365\frac{\text{Inventory}}{\text{Cost of sales}} \times 365Cost of salesInventory​×365

• Trade Receivables Period = Trade receivablesRevenue×365\frac{\text{Trade receivables}}{\text{Revenue}} \times 365RevenueTrade receivables​×365

• Trade Payables Period = Trade payablesRevenue×365\frac{\text{Trade payables}}{\text{Revenue}} \times 365RevenueTrade payables​×365

The five components of internal control as defined by ISA (UK) 315

• Control environment: The "tone at the top," including management's integrity, ethical values, and commitment to competence.

• Entity's risk assessment process: How management identifies, analyzes, and manages business risks that could result in material misstatements.

• The information system and communication: The procedures and records established to initiate, record, process, and report entity transactions and maintain accountability.

• Control activities: The specific policies and procedures that help ensure management directives are carried out. These include authorizations, reconciliations, verifications, and segregation of duties.

• Monitoring of controls: The process management uses to assess the effectiveness of internal control performance over time.