- Ethical guidelines
- Advertising, publicity and obtaining professional work
- International standards on quality control (ISQC 1)
- Consideration of laws and regulations
By the end of this chapter students should be able to:
- State the role of ethical code and identify features of the professional ethics adopted by the IFAC, and how they work in public interest.
- Suggest courses of actions that may be taken to resolve ethical conflict of interests relating to the ethical fundamental principles identified.
- State the importance of confidentiality, identifying the risk of accidental disclosure of client’s information, and stating exceptional cases when this may not apply.
- Define objectivity and independence and recognize why those undertaking assurance engagements are required to be independent of their clients.
- Identify threats to fundamental ethical principles and independence of auditors as identified by the IFAC, and possible safeguard to eliminate or reduce such threats.
In this chapter ethical guidelines for the auditor will be explored. In the course of their duty, auditors come across confidential information; this is dealt with in area of professional duty of confidence.
The chapter will also cover International Standards on quality control, advertising, publicity, how auditors obtain professional work and ends with professional liability of auditors.
- Ethical guidelines
1.1 Fundamental principles
Auditors require an ethical code because they hold positions of trust, and people rely on them.
IFAC Code of Ethics for Professional Accountants give the key reasons why accountancy bodies produce ethical guidance: the public interest.
A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. Therefore, a professional accountant’s responsibility is not exclusively to satisfy the needs of an individual client or employer. The public interest is considered to be the collective well – being of the community of people and institutions the professional accountant serves, including clients, lenders, governments, employers, employees, investors, the business and financial community, and others who rely of the work of professional accountants.
The key reason that accountants need to have an ethical code is that people rely on them and their expertise.
As the auditor is required to be, and seen to be, ethical in his dealings with clients, IFAC publishes guidance for its members in its Code of Ethics. This guidance is given in the form of fundamental principles.
The five fundamental principles are summarized below:
- The ACCA’s fundamental principles of professional ethics
- Integrity: Members should be straightforward and honest in all professional and business relationships.
- Objectivity: Members should not allow bias, conflicts of interest or undue influence of others to override their professional or business judgements.da principles of professional ethics
- Professional competence and due care: Members have a continuing duty to maintain professional knowledge and skill at a level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques. Members should act diligently and in accordance with applicable technical and professional standards when providing professional services.
- Confidentiality: Members should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper or specific authority of the client or unless there is a legal or professional right or duty to disclose. Confidential information acquired as a result of professional and business relationships should not be used for the personal advantage of members or third parties.
- Professional behavior: Members should comply with relevant laws and regulations and should avoid any action that discredits the profession. Members
should be courteous towards other people as they discharge their duties as auditors.
Members should consider, in general, when providing professional services whether there are any threats to compliance with fundamental principles above. Members providing assurance services such as audit are supposed to be impartial, unbiased an under no conflict of interests or undue influence from others or the client. Independence and confidentiality have been covered in detail below:
An auditor must be and be seen to be independent, and this helps the auditor to give an unbiased opinion of the financial statements. Independence is essentially an attitude of mind characterised by integrity and objective approach to professional work. A member in the public practice should be, and be seen to be independent in each professional assignment he undertakes of any interest that might detract him/her from objectivity. There is independence of mind and independence in appearance.
- Independence of mind: This is the state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgment allowing an individual to act with integrity and exercise objectivity and professional skepticism.
- Independence in appearance: This is the avoidance of facts and circumstances that are so significant that a reasonable and informed third party, having knowledge of all relevant information including safeguards applied, would reasonably conclude a firm’s integrity, objectivity or professional skepticism had been compromised.
Types of independence
There are three main ways in which the auditor’s independence can manifest itself;
- Programming independence
This is the independence which essentially protects the auditor’s ability to select the most appropriate strategy when conducting an audit. Auditors must be free to approach a piece of work in whatever manner they consider best. As a client company grows and conducts new activities, the auditor’s approach will likely have to adapt to account for these. In addition, the auditing profession is a dynamic one, with new techniques constantly being developed and upgraded which the auditor may decide to use. The strategy/proposed methods which the auditors intend to implement cannot be inhibited in any way.
- Investigative independence
This protects the auditor’s ability to implement the strategies in whatever manner they consider necessary. Basically, auditors must have unlimited access to all company
information. Any queries regarding a company’s business and accounting treatment must be answered by the company. The collection of audit evidence is an essential process, and cannot be restricted in any way by the client company.
- Reporting independence
This protects the auditors’ ability to choose to reveal to the public any information they believe should be disclosed. If company directors have been misleading shareholders by falsifying accounting information, they will strive to prevent the auditors from reporting this. It is in situations like this when auditor independence is most likely to be compromised.
The importance of auditor’s professional independence
The auditor acts as a bridging point, helping to make management accountable to the shareholders through the annual financial statements. It is vital to the strength of this bridging point that the auditor is not only independent in mind, but also seen to be independent. Shareholders and other users need an objective and honest assessment and evaluation of the accounting information presented to them by management if they are to treat the information with confidence. It is because of these factors that user confidence in the information is closely related to the degree of independence of the auditor. The more independent he is the greater is the probability that shareholders and others will have confidence in his work and opinion.
1.3 Threats to professional independence
There are five general sources of threats identified by the Code:
- Self-interest threats – arises when the auditor has something to lose, be it reputation, credibility, money and relationships. For example having financial interest in the client
- Self-review threats – this arises when the auditor has to evaluate a material that was originally prepared by himself. For example auditing the financial statements prepared by the auditor himself
- Advocacy threats – This arises when the auditor supports the position of the client to the extent that subsequent objectivity of the auditor becomes questionable. eg assisting the client obtain financing from the bank
- Familiarity threats – This occurs when due to long association the auditor and the client becomes too close resulting in auditors becoming sympathetic toward the client and losing professional skepticism.
- Intimidation threats–This is when for one reason or another the auditor is threatened by the client. For example the auditor receiving threats of dismissal, physical threats and gifts.
The Code also identifies three general categories of safeguards against threats as follows: Safeguards created by the profession, legislation or regulations Safeguards within the firm’s own systems and procedures
Examples of safeguards created by the profession, legislation or regulation:
- Educational training \and experience requirements for entry into the profession
- Continuing professional development requirement
- Corporate governance regulations
- Professional standard
Examples of safeguards within the firm’s own systems and procedures
- Involving an additional professional accountant to review the work done
- Consulting an independent third party, such as a committee of independent directors, a professional regulatory body and another professional accountant
- Rotating senior staff
- Discussing ethical issues with those charged with governance.
Integrity, objectivity and independence
In this section we shall look closely at integrity, objectivity and independence because the public trust in the work of the auditor depends on these attributes. Safeguards must be applied where independence and objectivity are put at risk. If the risk is too great, then the auditor should not accept or withdraw from the engagement
Threats and safeguards
Self – interest
Examples of scenarios that could result in self-interest include the following:
Financial interest – where the auditor or his family members has shares in the company he is auditing. The safeguard is to dispose all the financial interest in the client or remove the one with the financial interest from the audit team
Close business relationship – examples include operating a joint venture between the firm and the client, arrangements to combine one or more services of the firm with one or more products of the client and market the package with reference to both parties. The safeguard here is that the auditors must choose one thing either the audit or the business relationship depending on the profitability levels
Gifts and hospitality- Auditors, their spouses and even their relations should not receive gifts and hospitality from the client unless the value of gifts and hospitality is trivial and inconsequential that a reasonable and informed third party would conclude that the auditor’s objectivity is not impaired.
High percentage fees and contingent fees
If the auditor is receiving a high proportion of his fees from one client, i.e. over 15% of gross practice fees from one client, the auditor may become dependent on the client and this may impair the auditor’s objectivity. The safeguard here is take steps to reduce the high proportion of the fees by finding new clients and in exceptional circumstances the auditors must resign as auditors.
Contingent fees arrangement is where the fees that the auditors will be paid will depend on the outcome of the assignment. For example auditors could be paid based on the profit made by the company. Auditors are not allowed to enter into contingent fees arrangements.
Loans, guarantees and overdue fees
Auditors are prohibited from making a loan to a client or guaranteeing a loan of the client. However, auditors can obtain a loan from the client if the client is the bank and the loan is on the normal business terms. Employees of the firm are also allowed to obtain loans from the clients that are bank if the loans are at an arm’s length business terms. Auditors are not allowed to obtain a loan from clients that are not banks.
If the fees from the client have been overdue for a long time, the auditors should take steps to collect the fees for they could be seen as if the auditors have made a loan to a client.
Personal relationships – Personal relationships can also affect objectivity. There is a particular need, therefore, for a practice to ensure that its objective approach to any assignment is not endangered as a consequence of any personal relationship. The safeguard is to remove the person with personal relationship issues from the team.
1.1 Self-review threat
The situations that can result in self-interest include the following
Preparation of accounting records – An auditor should not participate in the preparation of the accounting records of a public limited company he audits, save in emergencies. In the case of a private limited company audit client, it is frequently necessary to provide much fuller service but in all these cases where an auditor is involved in the preparation of records. The safeguard here is to ensure that the client accepts full responsibility for such records and independent third party reviews of the work.
Previous appointment in a company reported on – No one should personally take part in the exercise of the reporting function on a company if he has, during the period upon which the report is to be made, or at any time in the two years prior to the first day thereof, been an officer, or employee of that company.
Internal audit services – There is a significant risk of self-review threat if s firm provided internal audit work that will be relied on in the conduct of the audit. The safeguard includes the client designating an appropriate and competent person to be responsible at all times for internal audit services. For listed companies the auditor shall not undertake to provide internal audit services.
Current appointment in a company reported on – An audit firm, wherever it may be situated, should not report on a company, even if the law of the country in which the company is registered would so permit, if a partner or employee of the audit firm is an officer or employee of the company. Nor should an audit firm report on a company of a company associated with it fills the appointment of secretary to the client.
1.2 Advocacy threat
This threat arises when the auditors are in a position of taking a client’s part in a dispute or somehow acting as an advocate (lawyer). Typical example of this threat is when the firm helps the client convince a bank to offer financing to the client. The safeguard is using different teams for the non-audit service and the audit. If the threat is too high, the auditors must withdraw from the engagement.
1.3 Familiarity threat
This threat arises where the client’s independence is jeopardized by the firms and its staff members becoming overfamiliar with the client and its staff. There is substantial risk of loss of professional skepticism in such circumstances. Familiarity threat can arise due to long association with the client or due to an employee being recently engaged by the client or the auditor. As a rule, the engagement partner should not serve a listed entity for more than five years without being rotated. For a non-listed client the maximum number of years that the engagement partner can serve is as a partner is 10 years. The safeguards that can be applied include rotation of the engagement staff members and having engagement quality control reviews.
1.4 Intimidation threat
This threat arises when the auditors have reason to be intimidated by the client staff. Examples of these threats include auditors being threatened with dismissal, litigation and even physical intimidation. Safeguards include disclosing the issue to the audit committee and involving an additional professional accountant on the team to review the work.
1.5 Other ethical guidelines
Liquidations following receiverships – Where an audit firm or a partner or an employee of that firm has, or during the previous two years has had, a continuing professional relationship with a company, no partner or employee of the audit firm should accept appointment as liquidator of the company if the company is insolvent. Where the company is solvent, such appointment should not be accepted without careful consideration being given to the implications of acceptance in that particular case.
Audit following receivership – Where a partner in or an employee of an audit firm has been receiver of any of the assets of a company, neither the practice nor partner in or employee of the audit firm should accept appointment as auditor of the company, or of any company which was under control of the receiver, for accounting period during which the receiver acted or exercised control
Commission – Where advice given to a client is such that, if acted upon, it will result in commission being earned by the audit firm or anyone in it, special care should be taken that the advice is in fact in the best interests of the client. The client should be informed, in writing, both of the fact that commission will be received and, as soon as practicable, of the amount and terms of such commission.
Confidentiality is about observing secrecy when dealing with any information an individual comes across in an official capacity. An auditor should not use information acquired in the course of work, for his personal benefit or for the advantage of a third party. Auditors must respect the value and ownership of information they receive during an audit and do not disclose information to any third party, orally or in writing, without appropriate authority, and unless there is a legal or professional obligation to do so.
However, there are recognised exceptions to confidentiality;
- There can be obligatory disclosure where a client has committed an offence of treason.
- Disclosure can be made to protect auditor’s interest.
- Disclosure may be required by legal process.
- Public duty can compel an auditor to disclose.
- There may be need to comply with technical standards and ethical requirements.
- When there is need to comply with the quality review of the auditor.
- There is need for an inquiry or investigation by a regulatory body.
Having decided that confidential information can be disclosed, auditors must consider the following.
- Whether all relevant facts are known and substantiated.
- What type of communication is expected and to whom should it be addressed.
- Whether the auditor will incur legal liability as a result of disclosure.
- Obtaining an engagement
- Publicity and obtaining professional work
Auditors in public practice are in business offering audit and other professional services like any other firm in any other field or profession. It is therefore acceptable to advertise their services so as to obtain new business. However such advertisements or any other form of marketing should be done in a manner or medium that does not reflect adversely or bring the profession into disrepute.
Particularly, the advertisements or any promotional materials should reflect honesty and truthfulness, and should not;
- Make exaggerated claims for services offered, qualifications or experience possessed, or be misleading either directly or by implication.
- Make disparaging reference in comparison to the work of another, or particularly discrediting services offered by others or claiming superiority of one’s services over others’
- Fall short of any recognised national advertising standards or codes.
- Fees and Commissions
It is generally inappropriate to include fees in promotional materials meant to increase the potential clients’ general awareness of the firm. This issue might be reserved for a free consultation or discussion with interested potential clients.
It is allowable to offer or receive commissions for introducing to clients:
An employee of a member of the profession
Another public accountant
Because it is only appropriate to deal in commissions with people who are subjected to similar ethical requirements to avoid contravention of ethical requirements such as
Firms may obtain new clients in response to tender, either by being approached by a prospective client or in response to an advertisement from the media. When writing this
proposal or tender the firm should be aware of all ethical considerations in the practical issues and fee quotations.
The firm should ascertain the work required or involved, which staff or levels will be required and in what proportion they will be involved, and the period it is likely to take. The firm standard charge out rates can then be applied to that information and a fee estimated.
IFAC code states that, the fact that in response to tenders, one firm may quote a fee lower than another is in itself not unethical. However there may be threats to compliance with ethical principles arising from the level of fees quoted. The practice of undercutting fees, known as lowballing, to the extent that it is less than the expected market rate which makes the firm willingly undertake the work at less than it is worth or at a loss, without compromising its quality, will make the auditor’s independence to be called into question.
4.4 Accepting an audit engagement
Audit engagement comprises all procedures and documents needed to acquire or procure services of an auditor.
There are professional requirements governing the appointment of new auditors. The key requirement is for the current and proposed auditors to communicate about the client’s affairs before the prospective auditor can accept the appointment.
4.4.1 Why there is need to communicate
- To preserve the integrity of the auditor’s position. The auditors must communicate with the outgoing auditors when the client has given permission. If the client refuses, the proposed auditors should decline nomination.
- To give the proposed auditors information. This information will help the auditors decide whether to accept nomination. The auditors can also get references about the client.
4.5 Appointment considerations
These are the procedures that the auditors must undertake to ensure that their appointment is valid and that they are clear to act.
4.5.1 Procedures before accepting nomination
The nominee auditors must carry out the following procedures before accepting the nomination
- The nominee auditors must ensure that they are professionally qualified to act
- They should also ensure that they have adequate resources in terms of personnel, technical expertise and time to undertake the engagement
- Obtain references and make independent enquiries if the directors are not personally known
- Communicate with present auditors. Find out whether there are reasons behind the change which new auditors ought to know; but do with courtesy.
4.5.2 Procedures after accepting nomination
- Ensure that the outgoing auditors’ removal or resignation has been properly conducted in accordance with the law. Check valid notice or confirm that the outgoing auditors were properly removed.
- Ensure that the new auditor’s appointment is valid. The new auditors should obtain a copy of resolution passed at the general meeting appointing them as company auditors.
- Set up and submit an engagement letter to the directors of the company.
4.5.3 Additional procedures
- Find out whether the previous auditors have fees owed to them. The new auditors should decide how far they may go in helping the former auditors to obtain their fees, as well as whether they should accept appointment.
- The new auditors should obtain all books and papers which belong to the client from the auditors unless the former auditors have a lien over the books because of unpaid fees.
- The old auditors should also pass any useful information to the new auditors if it will be of help, without charge unless a lot of work is involved.
4.5.4 Client Screening
Client screening is the conduct of stringent checks on potential audit clients and their management.
The purpose of client screening procedures is to determine whether the prospective client is suitable for the firm.
Following the procedures, in arriving at the decision as to whether to accept an audit appointment the firm should evaluate the potential risk to the firm of acceptance.
When a client is deemed to represent a high audit risk to the firm, the firm should carefully consider the implications arising should it fail in meeting its objective of giving an accurate audit opinion. If the firm is not confident that the benefit to be derived from accepting the appointment outweighs the potential risks (including financial and reputational risk of being sued), then the firm should decline the appointment.
In client screening, consider the following issues.
- Consider the following factors like
- Management integrity
- Risk: There may be low risk and high risk clients and they have the following contrasts.
|Low risk||High risk|
|Good long-term prospects||Poor recent or forecast performance|
|Well-financed||Lack of finance|
|Strong internal control||Significant control weaknesses|
|Conservative prudent accounting policies||Evidence of questionable integrity doubtful accounting policies|
|Competent honest management||Lack of finance director|
|Few unusual transactions||Significant unexplained transactions|
- Expected fees from a new client should reflect the level of risk expected.
- Relationship: The audit firm wants the relationship with a client to be long term.
- Get the information about new clients from available sources like
- Enquiries of other sources like bankers and lawyers.
- Review of documents like most recent annual accounts
- Previous accountants/auditors
- Review of rules and standards. Consider specific laws/standards that relate to the industry.
- Obtaining legal information from the Registrar of Companies, for example certificate of incorporation, the registered address and list of shareholders.
4.6 Agreeing terms of an engagement
Once all the relevant procedures and information gathering has taken place the company must draft and submit an engagement letter. The engagement partner will have completed a client acceptance form which will be submitted with other relevant documents to the managing partner.
Engagement letter is a document which documents and confirms that the auditor has officially accepted the appointment.
It is important that before commencing any professional work an auditor should agree, in writing, the precise scope, terms and nature of the work to be undertaken.
Purpose of an engagement letter
- To define clearly the extent of the auditor’s responsibility.
- To minimise misunderstandings between auditor firm and client in the future.
Possible areas of misunderstanding include:
- The objective of the audit of the financial statements.
- The extent to which reliance may be placed on the audited financial statements.
- With whom the responsibility for the preparation of the financial statements rests.
- The extent to which the auditor has a right to unhindered access to accounting and other records necessary to form an opinion on the financial statements.
- The extent to which the auditor is responsible for detecting fraud and (other) misstatements.
- The extent to which the auditor is responsible for reporting weaknesses in internal control procedures.
- The extent to which the auditor is responsible for reporting deficiencies in operating procedures.
- The amount of the audit fee and when it is payable.
- To confirm in writing verbal arrangements.
- To confirm acceptance by the auditor of his engagement.
- To inform and educate the client about the audit
- To avoid a situation where terms of engagement are implied as arising out of the articles of association or previous conduct of the auditor.
When the letter should be sent:
- To all new clients before any professional work has been started.
- To all existing clients who have not received such a letter previously.
- Whenever there have been major changes at the client e.g. change of top management at the client and changes in the structure and nature of the business
- Whenever the auditor has reasons to believe that the client does not understand the purpose of the audit
Contents of an engagement letter
The letter should outline the clients’ statutory duties on accounting records and the auditor’s statutory and professional responsibilities on the report and auditing guidelines.
The section in the letter may
- The objective of the audit of financial statements.
- The management’s responsibility to keep proper records and prepare financial statements which show a true and fair view.
- The auditor’s responsibility to report on the financial statements.
- Scope of the auditors work i.e., should be in accordance with auditing standards and guidelines, accounting systems review be conducted, collection of audit evidence and tests and reliance on internal controls.
- Letter of weakness.
- Special factors e.g. relations with internal audit and audit of branches or divisions.
- Need for a letter of representation from management.
- Management’s primary responsibility on fraud and irregularities and the auditor’s consideration in his plan of the audit.
- Any agreement to carry out tax and other services apart from the audit.
- The basis on which fees are charged.
- Written acknowledgement of the letter creating a contractual obligation.
- Irregularities and fraud: this covers directors’ primary responsibility, auditor’s plan of his audit expecting to discover misstatements
On recurring audits, the auditor should consider whether circumstances require the terms of the engagement to be revised and whether there is need to remind the client of existing terms of the engagement.
Factors that may require the issuing of a new letter of Engagement
- An indication that the client misunderstands the objective and scope of the audit.
- Any revised or special terms of the engagement.
- A recent change of senior management, board of directors, or ownership committee.
- A significant change in the nature or size of the client’s business.
- Legal requirement.
- A change in the financial reporting framework adopted by management in preparing the financial statements.
- International Standards on Quality Control
The International Standards on quality control ISQC 1 Quality control for firms that perform audits and review of historical financial information, and other assurance and related services engagements, was issued by the IAASB to enhance the quality of the process and product of the audit in the following areas:
- Engagement Process
The firm should establish policies and procedures to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements. The following are the elements of the firm quality control system.
- Leadership responsibilities for quality within the firm
- Ethical requirement
- Engagement Process
- Human resources/Education and training
- Engagement performance
The standard points out the importance of quality being an established part of the culture of the firm. This must be instigated by the leaders of the firm, that is, its partners. In practical terms, the people directing the firm and its resources should ensure that:
- Commercial consideration do not override the quality of the work performed
- The firm policies in relation to staff promotion, remuneration and performance review incorporate the importance of quality work.
- Sufficient resources are allocated to the development, documentation and support of quality control policies and procedures.
4.1.2 Ethical requirement
The firm should have policies and procedures designed to ensure that ethical requirements are met. The firm should establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirement (including experts contracted by the firm and personnel), maintain independence where required by the IFAC Code and the national ethical requirements. Such policies and procedures should enable the firm to:
- Communicate its requirements to its personnel and, where applicable, others subject to them.
- Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate actions to eliminate those threats or reduce them to acceptable level by applying safeguards, or, if considered appropriate, to withdraw from engagement.
According to the standard, such policies and procedures should require:
- Engagement partners to provide the firm with relevant information about client engagement, including the scope of services, to enable the firm to evaluate the overall impact, if any, on independence requirements.
- Personnel to promptly notify the firm of circumstances and relationships that create a threat to independence so that appropriate actions can be taken.
- Engagement Process
The firms should also have policies and procedures designed to ensure that only appropriate clients are accepted in the first place and retained. The engagement partner should carry out similar considerations a he did when he accepted the client every year when bearing in mind whether to retain the client
- Human resources/ Education and training
As part of the firms overall culture of quality control, it should have policies and procedures to ensure hat that it employs and trains staff with the capabilities, competencies and commitment to ethical principles necessary to perform the engagements. There should be policies on recruitment, career development, performance evaluation and promotion. It is also important to allocate staff to assurance engagements appropriately.
- Engagement performance
Key issues under engagement performance are supervision, direction, review, consultation and resolution of disputes
The partner has overall responsibility for supervising the audit, but will normally delegate supervisory duties to a manager or supervisor who will similarly delegate to the senior or the in charge who is responsible for day to day management of the engagement
This is again largely the responsibility of the engagement partner who controls how the assurance engagement should be conducted. The engagement partner is responsible for ensuring that team members know:
- What work they are supposed to do
- The nature of the entity’s business
- Any risk relevant to audit
- Problems that might arise during the engagement
The work performed by staff must be reviewed by other more senior staff or the engagement partner. The purpose of the review is to consider whether the work done is in line with the audit strategy
Consultation and resolution of disputes
When difficult or contentious issues arise, the assurance team must consult properly on the matter and conclusion drawn as a result of the consultation must be properly recorded. Any differences of opinion must be resolved prior to the assurance report being issued.
This involves an ongoing evaluation of the system of quality control and periodic inspection of selected completed engagements, identifying the effects of any deficiencies found (one off or systematic or repetitive) that require correction (such as: remedial or disciplinary action with an individual, communication of findings with the training department, or changes in policies and procedures themselves)
Quality Control at Firm Level (ISQC 1.3)
The standard requires the firm to establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional
standards and regulatory and legal requirements and that reports issued by the firm or engagement partners are appropriate in the circumstances.
All quality control policies procedures should be documented and communicated to the firm’s personnel, and should include:
- Leadership responsibility for quality within the firm:
The standard requires that the firm implement policies such that the internal culture of the firm is one where quality is considered essential. Such a culture must be inspired by the leaders of the firm who must sell this culture through their actions and messages.
- Human resources:
The firms’ policies and procedures should ensure excellence its staff in terms of capabilities, competence and commitments to principles in performance of its engagements, and engage partners to issue reports that are appropriate in the circumstances. (these include: recruitment, career development, staff performance evaluation, promotion amongst others). Assignment of engagement teams with appropriate competences and capabilities to particular audits.
- Engagement performance:
The firm should establish policies and procedures designed to provide it with reasonable assurance that:
Appropriate consultations take place on difficult or contentious matters (including external consultations such as other firms or supervisory professional boards) Other such necessary review on the audit process should be carried out and completed before the report is signed.
Quality Control on an Individual Audit
The requirements concerning control on individual audit are found in ISA 220 Quality control for audits of historical financial information. ISA 220.2 requires that the engagement team should implement quality control procedures that are applicable to the individual audit engagement. Areas of consideration include:
ISA 220.6 requires engagement partners to take responsibility for the overall quality on each audit engagement to which that partner is assigned.
ISA 220.8 requires the engagement partner to consider whether members of the audit team have complied with ethical requirements, such as independence and other fundamental requirements in the Code of Ethics.
Assignment of engagement teams (ref: human resources above)
- Direction of the audit process by the engagement partner, briefing and discussion with the team, determination of detailed approach to the performance of the engagement
- Supervision, including: tracking the progress of the engagement, addressing significant issues arising during the engagement and modifying planned approach where necessary etc.
- Reviews include: whether work has been performed in accordance with professional standards and other regulatory and legal requirements.
- Consultation of any contentious matters related to the particular engagement and ensuring conclusion thereon are properly reached and recorded
- Quality control review includes: evaluation of the significant judgments made by the team and conclusions reached in formulating the auditor’s report, and such other matters as considered above.
- Consideration of laws and regulations
The professional requirement of the auditors with regard to their liability is covered under ISA250 Considering of laws and regulations in an audit of financial statements. It states that auditors should plan and perform their audit procedures and evaluate and report on the results thereof recognising that non-compliance by the entity with law or regulations may materially affect the financial statements.
Auditors plan their work with reasonable expectation of detecting material misstatements in the financial statements that may arise through non-compliance. It must be noted that the auditor cannot be expected to detect non-compliance hidden by collusive behaviour, forgery, override of controls, or intentional misrepresentations by management.
It is the responsibility of directors to take steps to ensure that their entity complies with laws and regulations to establish arrangements for preventing and detecting any noncompliance and to prepare financial statements which comply with all laws and regulations.
Directors may fulfill their responsibilities by:
- Maintaining an up-to-date register of relevant laws and regulations and monitoring any changes to these.
- Instituting and operating appropriate systems of internal control.
- Developing a code of conduct to inform employees and to ensure employees are trained and that sanctions exist against breaches.
- Engaging legal advisers to assist in this area.
- Maintaining a register of complaints and breaches.
- In large companies, maintaining internal audit and compliance functions as separate departments.
The auditors should obtain sufficient and appropriate audit evidence about compliance with those laws and regulations which relate directly to the preparation of or the inclusion or disclosure of specific items in the financial statements.
The auditors should perform procedures to help identify possible or actual instances of non-compliance with those laws and regulations which provide a legal framework within which the entity conducts its business.
On the audit, staff should be alert for instances of actual or possible breaches which might affect the financial statements. When actual or possible breaches are encountered the auditors should gather all possible information and evidence evaluate if and fully document their evidence, reasoning, findings and conclusions.
6.1 Money laundering
There is a risk of criminal offences added on accountants and auditors. It is now a criminal offence not to maintain appropriate procedures for the prevention or reporting of money laundering while carrying out relevant financial business like banking, insurance, investment business, and advising on setting up of trusts.
In engaging in such activities accountants need to have procedures to recognise, prevent and report money laundering. Reporting of money laundering suspicions is exempted from all confidentiality requirements. Additionally it is criminal offence to disclose that a money laundering suspicions have been reported to the authorities (tipping off).
6.1.1 Effect of money laundering provisions
The consequence of provisions on money laundering is that firms must have procedures in place for identification of clients, as well as for keeping records of all transactions for five years. There must also be procedures for internal reporting and as may be necessary for the purposes of forestalling and preventing money laundering.
6.2 Liability to detect fraud
Fraud is an intentional act by one or more individuals among management, those charged with governance, employees or third parties involving the use of deception to obtain an unjust or illegal advantage. Fraud may be perpetrated by an individual, colluded in, with people internal or external to the business. ISA 240 The Auditors Responsibility Relating to Fraud in an Audit of Financial Statements stresses that auditors have no responsibility for the prevention and detection of fraud as such – that is managements job, but fraud can have a material impact on financial statements so it becomes part of audit after all.
6.2.1 Types of fraud
ISA 240 makes a crucial distinction between two types of fraud:
- Misstatements arising from fraudulent financial reporting usually perpetrated by the management of the company
- Misstatements arising from misappropriation of assets usually committed by the juniors in the company
6.2.2 Responsibilities with regard to fraud
Management and those charged with governance in an entity are primarily responsible for preventing and detecting fraud. It is up to them to put a strong emphasis within the company on fraud prevention by putting in place internal controls to prevent and detect fraud.
The auditors’ approach to the possibility of fraud is similar to the approach to the possibility of error. The key requirement for an auditor is set out in the ISA 240: ‘In planning and performing the audit to reduce audit risk to an acceptability low level, the auditor should consider the risks of material misstatements due to fraud’.
An overriding requirement of the ISA is that auditors are aware of possibility of there being misstatements due to fraud. The team must have professional skepticism and must discuss the possibility of material misstatements due to fraud (how fraud could be perpetrated and by whom, how unpredictability could be added into the audit and such like)
6.3 Risk assessment procedures
The auditor should undertake risk assessment procedures which should include assessing the risk of fraud. These procedures will include:
- Inquiries of management and those charged with governance: This requires the auditor to make specific enquiries of management regarding fraud. For example, what they think the risk is, what their process for identifying and responding to fraud is, management communications on the topic. Auditors are also required to enquire of management, internal audit and others whether any alleged, actual or suspected fraud has taken place.
- Consideration of when fraud risk factors are present: The auditors should be alert for evidence of factors for management or employees to carry out frauds.
- Consideration of results of analytical procedures: Analytical procedures can be used at every level of the audit and as well as assessing risks including fraud risks.
- Consideration of any other relevant information: The auditor should evaluate the design of the entity’s related controls, including relevant control activities, and determine whether they have been implemented.
- Reporting fraud to appropriate authorities. The auditor should report to those charged with governance or relevant external authorities where appropriate.
End of Chapter Question
Discuss, with reasons, the ethical requirements issued by the accountancy regulatory body relating to the four matters listed below in order to maintain integrity, independence and objectivity of the auditor.
- A senior partner of the firm lent K1 million to a client at a rate of interest equal to that charged by the bank.
- The wife of one of the partner and her cousins own a controlling shareholding in a company where the husband is a reporting auditor.
- A computer manufacturing company contributes 25% of the gross recurring fees of the partnership.
- A firm also acts for Computer Dealers Limited which is a direct competitor of Computer Manufacturers Company.
(Each part carries 5 marks) TOTAL: 20 MARKS)