Lesson 2: Professional Ethics and Audit Responsibilities

Fundamental Ethical Principles

1. Professional behaviour

2. Integrity and due care

3. Objectivity

4. Professional competence

5. Confidentiality

Approach to Resolving an Ethical Dilemma

1. Obtain the relevant facts

2. Identify the ethical issues from the facts

3. Determine who is affected by the outcome of the dilemma and how each person or group is affected

4. Identify the alternatives available to the person who must resolve the dilemma and the likely consequences of each alternative

5. Decide the appropriate action

Independence

Professional rule of conduct, ensures that the auditor has an unbiased viewpoint which is critical to the credibility of the audit opinion. Most important characteristic of the auditor. Five facets of _________ :

• Self-interest

• Advocacy

• Self-review

• Familiarity

• Intimidation

Is maintained by regulations such as the code of professional conduct, corporate governance policies, competent accounting staff and audit committee, quality controls established by individual accounting firms, and application of accounting principles

Self-interest

Threat - when there is a financial interest

Advocacy

Threat - when the firm or public accountant seems to be promoting the client or acting as its representative

Self-review

Threat - when any of the audit staff are auditing their own work

Familiarity

Threat - when audit staff conduct a company’s audit for many years, they might take some aspects of the company for granted

Intimidation

Threat - when the client is trying to impose some conditions on the audit

Audit Committee

Required to review the company’s financial statements before they are issued. Must comprise at least three members of the company’s Board of Directors, the majority of whom must be outside directors. The directors have an obligation to inform the auditor and audit committee of any wrongdoing or misstatements that come to their attention.

Audit Committee Duties

• Advising shareholders about which firm to appoint as auditors,

• Meeting with the auditors on a periodic basis,

• Resolving any disputes that auditors may have with management, and

• Monitoring the findings and audit work performed by both the external and internal auditors.

Communication between Auditors and Audit Committee

For public companies:

• Details of the audit process, including planning and approach;

• Matters that arise during the audit; and

• Matters that could bear on the independence of the auditor.

Confidentiality

Accounting professionals are not allowed to disclose confidential information about their clients or employers. However, this rule does not apply to the information demanded by a court. Also, this rule does not apply when the member’s professional association will be conducting a practice review or when there is a disciplinary process. Consequently, an auditor must be very careful when placing information in a file and should not release that information to anyone (except a court) without the client’s permission.

Maintaining the Reputation of the Profession

This principle prohibits public criticism of professional colleagues. Accountants should never do anything that diminishes the reputation of their profession.

Integrity and Due Care

Integrity refers to the accountant’s honesty and fairness, which must be above question. Failure to exercise due care results in negligence, which may lead to legal liability.

Competence

Professional competence is usually maintained by participating in continuing education programs. An auditor should not undertake an audit of a client unless that auditor has knowledge of both the client’s business and industry.

Association with False and Misleading Information

PAs cannot associate themselves with false or misleading information, including letters, reports, and written or oral statements or fail to reveal material omissions.

Compliance with Professional Standards

PAs are required to comply with GAAP and GAAS when preparing and auditing financial statements.

Advertising and Solicitation

Solicitation of another public accountant’s client is strictly prohibited. However, responses to proposals to provide accounting services are allowed. Advertising must not be comparative or include dollar amounts for fees and must not promise favourable outcomes.

Under common law…

The audit profession has the obligation to fulfill implied or expressed contracts with clients. If auditors fail to provide the services that were agreed upon, they can be sued for negligence and/or breach of contract

Under the Provincial Securities Act

Auditors are also legally responsible to third parties, in certain circumstances. The Supreme Court of Canada’s position is that the auditor is held accountable for a duty of care to third parties—that limited group of persons who the auditor knows will use and rely on the audit and financial statements.

Major Cause of Lawsuits against Public Accountants

• Business failure—when a business is unable to pay its liabilities

• Audit failure—when the auditors have failed to discover material misstatements, because of not following GAAS

• Audit risk—the risk that the audit will not uncover a material financial statement misstatement, even when GAAS have been followed.

Areas of Liability

• Liability to clients

• Liability to third parties

• Criminal liability

Liability to Clients

An auditor’s liability may be due to failure to fulfill the terms of a contract (letter of engagement) or failure to comply with GAAS. The auditor cannot withhold from the court's information or working papers on the grounds of privileged information. In a partnership, every partner can be held liable in a civil action for the actions of each of the other partners and the employees of the partnership. In Ontario, since 1998, accounting firms have been allowed to form limited liability partnerships whereby partners who had nothing to do with the engagement would not be liable on their personal assets.

Liability to Third Parties

Anyone who did not enter into a contract with the auditor including actual and potential shareholders, vendors, bankers and other creditors or investors, employees and customers. The courts have still not agreed as to who is included under the third-party umbrella, and each case has to be decided individually. In general, the liability to third parties is the liability that

• results from failure to exercise a duty of care due to claim of negligence.

• results from deliberately producing an assertion that is known to be false due to claim of fraud.

Defenses used by Public Accounting Firms

• Lack of duty of care

• Absence of misstatement

• Absence of negligence

• Contributory negligence

• No damages

• Absence of causal connection

Lack of duty of care

Expectation was not part of a letter of engagement

Absence of misstatement

Before defending negligence, the auditor would provide evidence that there is nothing wrong with the financial statement—that is, they are in accordance with the applicable accounting framework and no material errors exist

Absence of negligence

The audit was performed according to GAAS, and the auditor is not expected to be infallible

Contributory negligence

Here the auditor must prove that the client was negligent, by not acting on some of the auditor’s recommendations or by providing false information to the auditor

No damages

When a party makes a claim for which it has suffered no damages

Absence of causal connection

The auditor claims that the losses had nothing to do with anything that the auditor did

Criminal Liability

The auditor knowingly commits a wrongful act and is found guilty under the statute of criminal law appropriate in the jurisdiction where the crime occurs—in Canada, this is the Criminal Code of Canada.

Auditors can use the following practices to minimize their liability:

• Deal only with clients possessing integrity

• Maintain independence

• Understand the client’s business

• Perform quality audits

• Document the work properly

• Exercise and maintain professional skepticism

• Seek legal counsel

Management Responsibilities

Responsible for the decisions involving the selection of accounting principles, maintaining adequate internal control, and making fair representations (assertions) in the financial statements. Also responsible for the preparation of financial statements and internal controls.

Canadian Securities Administrators (CSA) Requirements

For the companies listed on Canadian stock exchanges to:

• certify annual and interim financial statements, as well as management discussion and analysis (MD&A) and other forms that are filed with the stock exchanges.

• certify that they have reviewed the documents, that the documents are free of misrepresentation, and that internal control over financial reporting has been designed, evaluated, and disclosed.

TCWG Responsibilities

For the public companies, those charged with governance include one or all of the following, depending on the size of the company: the board of directors, the audit committee, and senior management. These bodies are responsible for the strategic direction and accountability of the entity. Help develop the organizational culture of the entity through the policies and procedures they approve. They are also responsible for oversight of the financial reporting process, including management performance and the financial statement audit. Required to explain the “Responsibilities of Management and Those Charged with Governance for the Financial Statements” in the auditor's report

Overall Objectives of the Audit

• To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and

• To report on the financial statements and communicate as required by the CASs in accordance with the auditor’s findings.
  (CPA Canada Handbook—Assurance, CAS 200)

Misstatements are material when

The combined uncorrected errors and fraud in the financial statements are likely to have changed or influenced the decisions of a reasonable person using the statements.

Error

Unintentional misstatement

Fraud

Intentional misappropriation of assets (cash theft) and fraudulent financial reporting (intentional overstatement of sales). Misappropriation of assets is often called defalcation and employee fraud, and fraudulent financial reporting is often called management fraud. 

Auditor’s Responsibilities

• Provide reasonable (not absolute) assurance of detecting both material errors and fraud in financial statements.

• Get written representation of noncompliance (of any laws or regulation) that would affect the financial statements or their notes from management. (CAS 250)

• Obtain sufficient appropriate audit evidence regarding, and to conclude on the appropriateness of management’s use of the going-concern basis of accounting and whether there is a material uncertainty about the entity’s ability to continue as a going concern. (CAS 570)

• Exercise professional judgement and maintain professional skepticism (although one should still assume management’s good faith until proven otherwise).

If an error is material

The auditor requests the client to adjust the financial statements. Should the client refuse to do so, the auditor considers the financial statements are not prepared in accordance with GAAP

If an error is immaterial

No adjustment to the financial statements is required. However, an auditor cannot ignore these immaterial errors, because the aggregation of a number of these immaterial errors could indeed be material. Should this aggregate be material, adjustments to the financial statements are required. Therefore, the auditor maintains a listing and a total of these immaterial, unadjusted errors.

Professional Skepticism

Being alert to:

• Audit evidence that contradicts other audit evidence obtained.

• Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence.

• Conditions that may indicate fraud.

• Circumstances that suggest the need for audit procedures in addition to those required by the CASs. (CAS 200)

Major Financial Statement Cycles

1. Revenue and Collection (sales and receivables)

2. Acquisition and Payment (purchases and payables)

3. Human Resources and Payroll

4. Inventory and Distribution

5. Capital Acquisition and Repayment

Revenue and Collection (sales and receivables)

Transactions in this cycle record sales, receivables, and cash receipts; these transactions are usually the responsibility of the entity's accounts receivable department.

Acquisition and Payment (purchases and payables)

This cycle includes transactions that record purchases of assets and expenses, current liabilities, and cash disbursements. The capital acquisition and repayment cycle is a subset of this cycle.

Human Resources and Payroll

Transactions in this cycle pertain to the payment of employee compensation.

Inventory and Distribution

Transactions in this cycle include those that affect the cost of goods sold and inventory balances.

Capital Acquisition and Repayment

This cycle will not be specifically introduced in this course. (THIS IS CAPITAL ACQUISITION AND REPAYMENT, WILL DELETE THIS FLASHCARD)

Assertions

The recognition and measurement that are used by the auditor to identify and assess “what can go wrong”

Assertions to be Proved

• Occurrence/Existence

• Completeness

• Accuracy (Valuation)

• Accuracy (Posting and Summarization)

• Classification

• Cutoff/Timing

Occurrence/Existence

Assets and liabilities included in the financial statements exist and the transactions actually took place

Completeness

There are no unrecorded items

Accuracy (Valuation)

Assets and liabilities are properly valued. Revenues and expenses are recorded in the proper amount. The general ledger agrees to supporting records (such as subsidiary ledgers)

Accuracy (Posting and Summarization)

The transactions have been properly transferred from subsidiary records to general ledger

Classification

Transactions in the company records are properly classified

Cutoff/Timing

Transactions should be recorded when they occur

Assertion Categories

1. Assertions about classes of transactions and events, and related disclosure, for the period under audit

2. Assertions about account balances and related disclosures at period end

Overview of Audit Process

1. Client Acceptance and Continuance

2. Audit Planning

3. Assess Risk of Material Misstatement (RMM)

4. Develop Risk Response

5. Perform Risk Responses

6. Conclusion

7. Reporting (completing quality control and issuing the report)

Client Acceptance and Continuance

Prior to the start of the audit, the auditor must

• assess engagement risks including external users' reliance on the financial statements, going concern, and management integrity

• assess the firm's competence to conduct the audit including capabilities, time, and resources

• complete independence threat analysis

• identify the purpose of the financial statements

• obtain an engagement letter if deciding to accept or continue doing the audit

Audit Planning

The auditor must perform preliminary planning to

• obtain knowledge of the industry and business environment,

• obtain knowledge of the client's business,

• obtain thorough understanding of the client's system of internal control, and

• determine materiality.

Assess Risk of Material Misstatement (RMM)

The auditor must perform risk assessment procedures to

• identify and assess ______ at the overall financial statement level,

• identify and assess ______ at the assertion level, and

• identify significant risks (including fraud risks).

_____ at the financial statement level are pervasive risks that can potentially affect many assertions (such as incompetent accounting staff, significant control deficiency and declining economic conditions etc.)

_____ at the assertion level refers to the risks that affect classes of transactions, account balances, and disclosure, which is composed of an assessment of inherent risk and control risk.

Develop Risk Response

The auditor needs to develop the following further audit procedures to address the risk of material misstatement in an efficient and effective manner:

• develop an overall audit strategy to address the risks identified in the RMM assessment;

• determine audit approach for each cycle, such as a combination of control tests and substantive tests;

• finalize audit plan; and

• develop audit programs to list the testing procedures for each cycle.

The auditor considers different types of tests in dealing with the specific risks and materiality.

Perform Risk Responses

The auditor then performs the following testing procedures listed in the audit program to gather audit evidence:

• determine testing samples;

• perform tests of controls;

• perform substantive analytical procedures; and

• perform substantive tests of details.

The assessment of control risk at a level below maximum must be confirmed by performing tests on the system of internal controls. Tests of control involve inquiry, observation, reperformance, and inspection of controls and transactions. If control risk is assessed at maximum during the planning stage of the audit, this stage will not be conducted. When control risk is assessed at maximum, internal controls cannot be relied on so there is no point in testing them, or it is considered more efficient to obtain the audit evidence through substantive tests (tests of details of balances).

At this stage, tests are also done to substantiate the balance in an account at a certain date. These tests satisfy the examination standard of GAAS. They consist of analytical procedures, tests of details of balance, and tests of key items.

Conclusion

This is a completion stage of the audit. The auditor performs the following procedures to ensure a quality audit:

• perform additional tests for presentation and disclosure;

• review the sufficiency of the audit evidence;

• reach overall conclusion as to whether the financial statements are fairly presented; and

• communicate with the audit committee and management about the important audit findings and other matters.

As a result of the audit work being compiled, there is ongoing supervision from the supervisor, manager, and partner. Together they assess the impact upon the risks and decide if further procedures have to be designed.

Reporting (Completing quality control and issuing the report)

The auditor must consider not only events that have occurred before the audit report date but also those that have occurred subsequent to the year end, and the auditor must determine whether these events affect the financial statements. The audit report represents a conclusion about the financial statements taken as a whole.