ADVANCED AUDIT AND ASSURANCE 1

COURSE NOTE

ADVANCED AUDIT & ASSURANCE

(1) REGULATORY ENVIRONMENT (2) PROFESSIONAL & ETHICAL

1 CONSIDERATION
 Codes of ethics
Regulatory framework for audit & assurance
Professional liability
Laws & regulation

Fraud & error

(3) PRACTISE MANAGEMENT

Tendering

Professional appointment

(4&5) PLANNING STAGE (7) REPORTING

(7.1) Evaluation and review

Planning
(3) Quality control

(7.2) Auditor’s report

Assessing risk of material misstatement

(6) GATHERING Evidence

Test of control

Substantive Test

2
 LECTURE 1: RE-INTRODUCTION TO AUDIT AND ASSURANCE
1. THE CONCEPT OF AUDIT AND OTHER ASSURANCE ENGAGEMENTS?
1.1. ASSURANCE ENGAGEMENTS
An assurance engagement is one in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the
responsible party about the subject matter information (that is, the outcome of
the evaluation or measurement of a subject matter against criteria).
Assurance means the auditors’ satisfaction as to the reliability of the assertion made
by one party for use by another party.
An assurance engagement performed by a practitioner will consist of the following
FIVE elements:

(a) A three party relationship

Intended users are the person, persons or class of persons for whom the
practitioner prepares the assurance report.
The responsible party is the person (or persons) responsible for the subject matter
(in a direct reporting engagement) or subject matter information of the assurance
engagement.
The practitioner is the individual providing professional services that will review
the subject matter and provide the assurance.
(b) A subject matter: for which the auditor is giving assurance on. For audit
assurance, the subject matter is the financial statements.
(c ) Suitable criteria: use by the auditor to measure the subject matter
(d) Evidence collection: collected by auditor to support the assurance to be given
(e) A conclusion or an opinion

1.2 AUDIT AND OTHER ASSURANCE COMPARED

3
 ASSURANCE

OTHER ASSURANCE AUDIT

AUDIT
Review Examining Others
engagement prospective FI

Level of Reasonable Limited

assurancee assurance assurance

Positive Negative
Opinion assurance
assurance

The amount and

Sufficient and
types of
appropriate
Evidence evidence
evidence
required will be
required
less

Regulatory ISAs ISAEs ISREs

1.3 BENEFIT OF ASSURNANCE

- Benefit to users:
- Enhances the credibility of the information being reported on
- Reduces the risk of management bias, error or even fraud in the information
being reported on
- Draws the attention of the user to any deficiencies in the information being
reported on
- Assurance services also give added credibility to the wider share market:
- They ensure that high quality, reliable information circulates in the market
- They give investors added faith in the market
- - They improve the reputation of organization trading in the market
- For example

4
 The advantages (benefits) of statutory audit include:

Shareholders The impartial view provided by the auditors

Companies Recommendations being made in relation to accounting and

control systems and the possibility that auditors might detect
fraud and error

Other - More credibility for financial statements prepared by

advantages management
- Reduce the risk of fraud and errors
- Other users like banks, government, creditors, employees
can use the audited accounts to help them in decision making.

1.4 WHAT IS THE AUDIT OF FINANCIAL STATEMENT?

The objective of an audit of financial statement.

The objective of an audit of financial statements is to enable the auditor to

express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting
framework, or
“whether the FS are give a true and fair view/presented fairly, in all material
respect”

2. RESPONSIBILITY
2.1. Management responsibilities
Management is responsible for:
- Managing the business so as to achieve company objectives
- Assessing the business risk
- Safeguarding the company’s assets
- Keeping proper accounting records
- Preparing company financial statements fairly
o Select suitable accounting policies and then apply them consistently
o Make judgements and estimates that are reasonable and prudent
o Comply with applicable accounting standards
o Prepare the financial statements on the going concern basis unless it is
inappropriate to presume that the company will continue in business
- Ensuring the company complies with applicable laws and regulations
It is not the responsibility of auditor of the company to do any of the above.

5
 2.2. Auditor’s responsibilities
The assurance provider is responsible for:
- Carrying out the assurance services in accordance with professional and
ethical standards
- Carrying out the assurance service in accordance with the term of
engagement.
In the case of audit of financial statements, the auditor is responsible for:
- Forming an independent opinion on the truth and fairness of the annual accounts.
- Confirming that the annual accounts have been properly prepared in accordance
with applicable accounting standards.
- Confirming that the information contained within the director’s report is
consistent with the annual accounts.
In case of non-assurance services, the firm is responsible for providing services
specifically negotiated with management. Such non-assurance services as assisting the
company with maintenance of its accounting records or assisting the company with
preparing management information…do not result in the firm taking responsibility for
any aspects of the company’s operations or procedures. The management retains the
overall responsibility for all of these matters. The firm is employed as a support to
management, providing expert assistance.
Fraud and the auditor
ISA 240 The auditor's responsibilities relating to fraud in an audit of financial
statements
Responsibilities with regard to fraud
The primary responsibility for the prevention and detection of fraud is with those
charged with governance and the management of an entity. This is effected by having
a commitment to creating a culture of honesty and ethical behaviour and active
oversight by those charged with governance.
The auditor is responsible for obtaining reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or error.
The auditor is responsible for maintaining professional skepticism throughout the
audit, considering the possibility of management override of controls, and
recognizing that audit procedures effective for detecting errors may not be effective
for detecting fraud.
2.3. Compliance with the laws and regulation
ISA 250, Consideration of Laws and Regulations in an Audit of Financial
Statements
6
An important part of an external audit is the consideration by the auditor as to
whether the client has complied with laws and regulations.
Non-compliance refers to acts of omission or commission, intentional or
unintentional, committed by the entity, or by those charged with governance, by
management or by other individuals working for or under the direction of the entity,
which are contrary to the prevailing laws or regulations. Non-compliance does not
include personal misconduct unrelated to the business activities of the entity. ISA
250 (Revised) para 12
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence regarding compliance with
the provisions of those laws and regulations that have a direct effect on the
determination of material amounts and disclosures in the financial statements
b) To perform specified audit procedures to help identify non-compliance with
other laws and regulations that may have a material effect on the financial
statements
c) To respond appropriately to identified or suspected non-compliance with laws
and regulations identified during the audit
Responsibilities of management compared with auditors
It is management's responsibility to ensure that the entity complies with the relevant
laws and regulations (ISA 250: para. 3).
It is not the auditor's responsibility to prevent or detect non-compliance with laws
and regulations.
The auditor's responsibility is to obtain reasonable assurance that the financial
statements are free from material misstatement whether due to fraud or error and, in
this respect, the auditor must take into account the legal and regulatory framework
within which the entity operates (ISA 250: para. 5).
ISA 250 (para. 6) distinguishes the auditor's responsibilities in relation to compliance
with two different categories of laws and regulations:
a) Those that have a direct effect on the determination of material amounts and
disclosures in the financial statements (such as tax or pension laws and
regulations)
b) Those that do not have a direct effect on the determination of material
amounts and disclosures in the financial statements but where compliance
may be fundamental to the operating aspects, ability to continue in business,
or to avoid material penalties (such as regulatory compliance or compliance
with the terms of an operating licence)

7
For the first category, the auditor's responsibility is to obtain sufficient appropriate
audit evidence about compliance with those laws and regulations (ISA 250: para.
14).
For the second category, the auditor's responsibility is to undertake specified audit
procedures to help identify non-compliance with laws and regulations that may have
a material effect on the financial statements. These include enquiries of management
and inspecting correspondence with the relevant licensing or regulatory authorities
(ISA 240: para. 15).
In accordance with ISA 315, the auditor shall obtain a general understanding of:
 The applicable legal and regulatory framework
 How the entity complies with that framework
The auditor can achieve this understanding by using their existing understanding
and updating it, and making enquiries of management about other laws and
regulations that may affect the entity, and about its policies and procedures for
ensuring compliance and about its policies and procedures for identifying, evaluating
and accounting for litigation claims.
The auditor shall remain alert throughout the audit to the possibility that other
audit procedures may bring instances of non-compliance or suspected non-
compliance to the auditor's attention. These audit procedures could include:
 Reading minutes
 Making enquiries of management and in-house/external legal advisers regarding
litigation, claims and assessments
 Performing substantive tests of details of classes of transactions, account
balances or disclosures (ISA 250: para. A15)
The auditor shall request written representations from management that all
known instances of non-compliance or suspected non-compliance with laws and
regulations whose effects should be considered when preparing the financial
statements have been disclosed to the auditor (ISA 250: para. 16).
Audit procedures when non-compliance is identified or suspected
The following table summarises audit procedures to be performed when non-
compliance is identified or suspected (ISA 250: paras. A20-25).

Non-compliance: Audit procedures

Obtain an understanding of the nature of any acts and circumstances

8
 Obtain further information to evaluate the possible effect on the financial
statement

Discuss with mgt and those charge with governance unless laws and regulation in
the jurisdiction concerned prohibit such communication (ex: avoiding tipping off
in case of suspected money laundering) meaning legal advice may need to be
sought by the auditor before proceeding with such enquiries.

Consider the need to obtain legal advice anyway if sufficient information is not
provided and the matter is material

Evaluate the effect on the auditor’s opinion if sufficient information is not

obtained.

Evaluate the implications of any identified or suspected non-compliance on risk

assessment and the reliability of any written representation (especially if the
auditor possesses evidence of either management or those charged with
governance being involved in this non-compliance in some way)

Reporting identified or suspected non-compliane.

The auditor shall communicate with those charged with governance, but, if the
auditor suspects that those charged with governance are involved, the auditor shall
communicate with the next highest level of authority, such as the audit committee
or supervisory board. If this does not exist, the auditor shall consider the need to
obtain legal advice (ISA 250: paras. 23–25). The auditor shall consider the impact
of any identified or suspected non-compliance (including those related to other
reporting responsibilities beyond ISAs and any associated with key audit matters) on
the auditor's report if they conclude that the non-compliance has a material effect
on the financial statements and has not been adequately reflected or is prevented by
management and those charged with governance from obtaining sufficient
appropriate audit evidence to evaluate whether non-compliance is material to the
financial statements (ISA 250: paras. 26–28).
The auditor shall determine whether identified or suspected non-compliance has to
be reported to an appropriate authority outside the entity in line with law,
regulation or relevant ethical requirements. This responsibility requires the auditor
to make an assessment of when it may be appropriate to report to such an authority
(ISA 250: para. 29).
However, in some jurisdictions, reporting or communicating any identified or
suspected non-compliance may be prohibited (for example, investigations into an
entity by a regulatory authority which may be prejudiced by such disclosure). In any

9
 event, legal advice should be sought by the auditor when deciding on how best to
discharge reporting and disclosure responsibilities (ISA 250: paras. A26-33).
If legally permitted, withdrawal from an audit engagement may be an option for an
auditor who believes that any identified or suspected non-compliance is sufficient to
raise questions about the client's integrity.
However, this should only be undertaken after obtaining legal advice and should not
be seen as a way of avoiding other requirements (such as informing an appropriate
authority or even an incoming auditor) (ISA 250: para A25
2.5 Related parties
- Disclosure required by IAS 24
+ Related party relationships, where control exists, must be disclosed
irrespective of whether there have been related party transactions, so a
reader can form a view about the effects of these relationships.
+ If there have been transactions between related parties
- the nature of the relationships as well as
- the types of transactions and
- their "elements" must be disclosed.
"Elements" normally include:
 an indication of the volume (amount or proportion);
 amounts or proportions of outstanding items;
 pricing policies.

 Auditor’s responsibilities
The relevant standard is ISA 550 Related Parties.
The auditor must understand related party relationships and transactions to be
able:
 to recognise related fraud risk factors; and
 to conclude on fair presentation.
In addition, auditor must obtain sufficient appropriate audit evidence about
whether related party relationships and transactions have been appropriately
identified, accounted for and dislosed in the financial statements in accordance
with the framework.
3. CORPORATE GOVERNANCE
3.1. Why corporate governance is needed
Corporate governance may be defined as "the system by which companies are
directed and controlled".
Therefore, the objectives of corporate governance are:
- To ensure that the company’s assets are used efficiently and productively and
in the best interests of its shareholders and other stakeholders;

10
 - To eliminate or mitigate conflicts of interest, particularly those between
management and shareholders.
 The problem with bad corporate governance is that although the shareholders
own companies, the day-to-day management and direction of companies is given to
the Board of Directors. In large companies many shareholders are relatively passive
and the Board of Directors is given more or less free rein to make whatever decisions
they wish.
 Auditing was instituted so at least once a year, when the financial statements (FS)
were presented to the members of the company, the auditors would examine them
and give some expression of opinion to the members of the company as to whether
the financial statements were true and fair. Without that assurance the members of
the company really would have a little idea whether or not the information could be
relied on. The auditors therefore examine the financial statements and this adds
credibility to those statements, the shareholders have a much better idea of the
performance of the directors and the company..
3.2. Principles of corporate governance
OECD principles of corporate governance
- The OECD principles of corporate governance set out the rights of
shareholders, the importance of disclosure and transparency and the
responsibilities of the board of directors.
- The OECD Principles of Corporate Governance are:
(a) The corporate governance framework should promote transparent and efficient
markets, be consistent with the rule of law and clearly articulate the division of
responsibilities among different supervisory, regulatory and enforcement authorities.
(b) The corporate governance framework should protect and facilitate the exercise
of shareholders' rights.
(c) The corporate governance framework should ensure the equitable treatment of
all shareholders, including minority and foreign shareholders. All shareholders
should have the opportunity to obtain effective redress for violation of their rights.
(d) The corporate governance framework should recognise the rights of
stakeholders established by law or through mutual agreements and encourage active
co-operation between corporations and stakeholders in creating wealth, jobs and the
sustainability of financially sound enterprises.
(e) The corporate governance framework should ensure that timely and accurate
disclosure is made on all material matters regarding the corporation, including the
financial situation, performance, ownership and governance of the company.
(f) The corporate governance framework should ensure the strategic guidance of
the company, the effective monitoring of management by the board, and the board's
accountability to the company and the shareholders.

11
 The UK Corporate Governance Code
The OECD principles are put into effect in a variety of ways in different countries.
The UK Corporate Governance Code published by the Financial Reporting Council
(FRC) can be referred to as an example of best practice.
The Principles of the Code emphasise the value of good corporate governance to the
long-term success of the company.
The UK Corporate Governance Code is a prime example of good corporate
governance practice.
 It applies only to listed companies, but it can be used by any entity (private
or public) as the basis for best practice.
 It explains the concept of "comply or explain" and contains 18 Principles
covering leadership, stakeholder relations, board effectiveness,
accountability, audit, risk and internal control and remuneration.
 It is supported by guidance, which boards and companies are encouraged to
use in applying the Code’s Principles on:
o Board effectiveness;
o Risk management and internal control; and
o Audit committees
Comply or explain
The Code has no force in law and is enforced on listed companies through the Stock
Exchange. Listed companies are expected to ‘‘comply or explain’’ and this approach
is the trademark of corporate governance in the UK.
Listed companies have to state that they have complied with the code or else explain
to shareholders why they haven’t. This allows some flexibility and non-compliance
might be acceptable in some circumstances.
Main principles of the UK Code
 Board Leadership and Company Purpose
 Division of Responsibilities
 Composition, Succession and Evaluation
 Audit, Risk and Internal Control
 Remuneration

Board Leadership A successful company is led by an effective and entrepreneurial

and Company board. Its role is to promote the company’s long-term success,
Purpose creating value for shareholders and contributing to broader society.
 The board should ensure effective engagement with, and
encourage participation from, shareholders and stakeholders
(e.g. through meetings).
12
  The board should:
- Establish the company’s purpose, values and strategy –
aligned with the company’s culture.
- Ensure that the necessary resources are available to meet the
company’s objectives and measure performance against
them.
- Establish a framework of prudent and effective controls to
assess and manage risk.
- Ensure that workforce policies and practices are consistent
with the company’s values and support its long-term success.
The workforce should be able to raise any matters of
concern.
 All directors must act with integrity, lead by example and
promote the desired culture.

Ex: Board Composition

The following is an extract from Tesco PLC Annual Report
and Financial Statements 2022:
The Group is led by an effective and committed Board,
with a culture of openness and transparency at Board
meetings. As at the date of this report, the Board comprises
13 Directors with a wide range of knowledge and
experience from a variety of sectors. Our values and
leadership behaviours are a vital part of our culture, helping
us ensure that through our conduct we do the right thing for
the business and our stakeholders.

Division of The CHAIR should be independent on appointment. For example:

Responsibilities
 not an employee (during the last five years);
 no material business relationship (during the last three
years);
 not a significant shareholder.
The chair:
 leads the board;
 is responsible for its overall effectiveness in directing the
company;
 should demonstrate objective judgment;
 should promote a culture of openness and debate;

13
  facilitates constructive board relations and the effective
contribution of all NEDs;
 ensures that directors receive accurate, timely and clear
information.
The board should include an appropriate combination of executive
directors and NEDs so that no one individual or small group of
individuals dominates the board’s decision-making.

There should be a clear division of responsibilities between the

THE CHAIR and the executive leadership of the company’s
business. No one individual should dominate decision making. This
means that the roles of CEO and chairman should not be
performed by one person as that concentrates too much power in
that person
NEDs should:

 have sufficient time to meet their board responsibilities;

 provide constructive challenge and strategic guidance, offer
specialist advice, and hold management to account.
The board, supported by the company secretary (the most senior
compliance officer), should ensure that it has the policies,
processes, information, time, and resources to function effectively
and efficiently.

Composition, There should be a formal, rigorous and transparent procedure for

Succession and board appointments and an effective succession plan for board and
Evaluation senior management.
A majority of members of a nomination committee should be
independent NEDs.
All directors should be subject to annual re-election.
The chair should not remain in the post for more than nine years.
Appointments and succession plans should be based on merit and
objective criteria and promote diversity of gender, social and
ethnic backgrounds, etc.
The board and its committees should have a combination of skills,
experience and knowledge. The length of service of the board as a
whole should be considered and membership regularly refreshed.

14
 An annual evaluation of the board should consider its
composition, diversity and how effectively members work together
to achieve objectives. Individual evaluation should demonstrate
whether each director continues to contribute effectively..

Exhibit 4 Composition, Succession and Evaluation

The following is an extract from Barclays PLC Annual Report
2021:
All Board and senior management appointments are viewed
through a diversity lens and are based on merit and objective
criteria, which focus on the skills and experience required for the
Board’s effectiveness and the delivery of the Group strategy.
Board appointments are made following a rigorous and
transparent process facilitated by the Nominations Committee,
with the aid of an external search consultancy firm.
The composition of the Board, Board Committees and the Group
Executive Committee (ExCo) is regularly reviewed by the
Nominations Committee. It frequently considers the skills
required for the Board, its Board Committees and the ExCo,
identifying the core competencies, diversity and experience
required. This, along with the annual effectiveness evaluation,
helps to refresh the thinking on Board, Board Committee and
ExCo composition and to determine a timeline for proposed new
appointments.

Audit, Risk and The board should:

Internal Control
 establish formal and transparent policies and procedures to
ensure the independence and effectiveness of internal and
external audit functions;
 satisfy itself on the integrity of financial and narrative
statements;
 present a fair, balanced and understandable assessment of the
company’s position and prospects;
 establish procedures to manage risk and oversee the internal
control framework;

15
  determine the nature and extent of the principal risks the
company is willing to take to achieve its long-term strategic
objectives.
These Principles should be met by establishing an audit committee
of independent NEDs.

Remuneration Remuneration policies and practices should support strategy and

promote long-term success. Executive remuneration should be:
 aligned to company purpose and values; and
 linked to the successful delivery of the company’s long-term
strategy.
A formal and transparent procedure for developing policy on
directors’ remuneration and senior management remuneration
should be established through a remuneration committee of
independent NEDs. (Again, with a minimum membership of
three, or only two for smaller companies.)
No director should be involved in deciding their remuneration
outcome.
Directors should exercise independent judgment and discretion
when authorising remuneration outcomes, considering company
and individual performance and wider circumstances.

16
 Activity 1: Corporate Governance Deficiencies
During the audit of a new client, you listed the following corporate governance
practices used by your client.
Circumstances Deficiency Recommendation
Yes/No
The entity has a six- No, nó k phải là 1 deficiency
member board of directors,
including executive and
non-executive directors.
The CEO serves as the yes
chairman of the board of
directors.
The board includes two
independent NEDs.
New board members are
selected by a nominations
committee headed by the
chairman/CEO.
The audit committee
comprises two executive
directors and the two
NEDs.
One of the independent
non-executive audit
committee members
recently retired after
serving for ten years as the
CFO of a major
corporation.
The remuneration
committee comprises one
executive director and one
NED, and they decide the
remuneration of all board
members.
Management is required to
assess the effectiveness of
internal controls on an
annual basis

17
3.4. Audit committee
For a listed company, an audit committee is how the board establishes "formal and
transparent arrangements" to meet the corporate reporting and risk management and
internal control principles. It is also best practice for unlisted and other entities.
 An audit committee should comprise at least three independent NEDs (two
for a smaller company).
 At least one member must have recent and relevant financial experience.
 As a whole, the committee must have competence relevant to the sector in
which the company operates.
Key point:
 Through the audit committee, external auditors are responsible and report to
the shareholders, not the executive management.
 The audit committee enhances the external auditor's independence and
provides greater independence for the internal auditor.
 The audit committee’s role considers the risks and controls over the financial
reporting process and the tax environmental, legal and other regulatory
matters that have a material effect on the financial statements.

The main roles and responsibilities of the audit committee include the following:
- Monitoring and reviewing the effectiveness of internal audit. Companies don’t
have to have an internal audit department, but the need for one must be reviewed
annually.
- Monnitoring the integrity of the financial statements and reviewing significant
financial reporting judgements.
- Review the internal financial controls and risk management systems (unless there
is a separate risk committee or the board does this).
- Making recommendations to the board about the appointment, reappointment
and removal of the external auditors and agreeing the terms of engagement. (Note
that the external auditors are appointed by members in general meeting, but the board
puts forward the nomination.)
- Annually assessing the independence, objectivity and effectiveness the
external auditors including confirming that there are no self-interest or familiarity
issues and that partners and staff are rotated properly.
- Acting as a forum to link directors and auditors. Auditors will typically write
to the audit committee about any problems they may be having on the audit or
obtaining all the information they require. If the auditors are worried in some way
about the financial statements they will raise those concerns with the audit
committee.
- Developing and implementing policy on the engagement of the external
auditor to supply non-audit services: skills, approval and non-approval for certain

18
services, ensuring any threats to independence and objectivity are reduced to
acceptable levels and monitoring the fees for those services and the total fee for all
services provided by the external auditor.
Exhibit: Audit and Risk Committee Report
The following is an extract from the Annual Report and Accounts 2021 of The
Sage Group plc:
Role of the Committee
The Committee is an essential part of Sage’s overall governance framework. The
Board has delegated to the Committee the responsibility to oversee and assess the
integrity of the Group’s financial reporting, risk management and internal control
procedures, and the work of both the internal audit function and the external
auditor, EY. These responsibilities are defined in the Committee’s Terms of
Reference, which were reviewed and approved by the Committee and the Board in
May 2021.
Composition
The Code requires that at least one member of the Committee has recent and
relevant financial experience. The Disclosure Guidance and Transparency Rules
(DTRs) require that at least one member has competence in accounting and/or
auditing. The Board is satisfied that this requirement is met, with the Chair of the
Committee being a qualified chartered accountant and experienced Audit
Committee Chair following 25 years in financial services as a corporate finance
advisor in the investment banking sector.

****************END OF LECTURE 1*********

19
QUESTION BANK
1. MCQs
(link to question bank files for 2024)
[LO1 – the content of the assurance engagement]
1. Which two of the following are elements of an assurance engagement? (1) A
three-party relationship; (2) Suitable criteria; (3) Determination of
materiality ; (4) An engagement letter
A. (1) and (2) only
B. (1) and (3) only
C. (2) and (3) only
D. (1) and (4) only
2. Which of the following are the key elements of an assurance engagement: (1)
Three-party relationship; (2) A subject matter; (3) Suitable criteria; (4) An
assurance file
A. (1), (2), and (3)
B. (1), (2), (3), and (4)
C. (2), (3), and (4)
D. (2) and (3) only
3. In any assurance engagement, there are three parties involved: the
responsible party, the practitioner and the user. In respect of given subject
matter, which party determines suitable criteria?
A. User
B. Practitioner
C. Responsible party
4. In any assurance engagement, there are three parties involved: the
responsible party, the practitioner and the user. In respect of given subject
matter, which party provide an opinion on whether the subject matter
complies with the criteria?
A. User
B. Practitioner
C. Responsible party
5. Which of the following is NOT one of the five elements of an assurance
engagement?
A. Sufficient, appropriate evidence
B. A written report in the appropriate form
C. A three party relationship consisting of a responsible party, users and
subject matter
D. Suitable criteria

20
 6. Rat LLP is the external auditor of Palm plc, a listed company. The directors
of Palm have requested that Rat LLP carry out a review engagement
assessing the effectiveness of its coporate governance policies against the UK
Corporate Goverance Code. For the above review engagement, which of the
following is the most appropriate statement regarding subject matter,
suitable criteria and responsible party:
A. The subject matter is Palm’s corporate governace code; The suitable
criteria is UK Corporate Goverance Code; The responsible party is Palm
plc.
B. The subject matter is UK Corporate Goverance Code; The suitable criteria
is Palm’s corporate governace code; The responsible party is Palm plc.
C. The subject matter is UK Corporate Goverance Code; The suitable criteria
is Palm’s corporate governace code; The responsible party is the directors
of Palm plc.
D. The subject matter is Palm’s corporate governace code; The suitable
criteria is UK Corporate Goverance Code; The responsible party is
thedirectors of Palm plc.
7. Which of the following are NOT benefit of an audit of financial statement?
A. An audit brings belief to interested users
B. Audited information seem to be more reliable for users to make
appropriate decisions
C. An audit improves a company’s activities including reducing risks
management and enhancing effectiveness of governance and internal
control system.
D. An audit ensure the correctness of financial statement for users
8. There are ___________ elements of an assurance engagement.

A. Three
B. Five
C. Seven
D. None

[LO2 – assurace engagements: audit and review comparision]

The level of assurance provided by an assurance engagement will depend on the
type of engagement. Which of the following type of engagemeent will give the level
of reasonable assruance?
A. Review of financial information
B. Report on profit and cashflow forcast
C. Internal audit reviews
D. Statutory audit

21
Which one of the following statements best describes the evidence obtained and the
opinion given in a reasonable assurance engagement?
A. Sufficient appropriate evidence and a negatively worded opinion
B. Sufficient appropriate evidence and a positively worded opinion
C. A lower level of evidence and a negatively worded opinion
D. A lower level of evidence and a positively worded opinion
Which of the following is true regarding assurance engagement?
A. A statutory audit gives reasonable assurance that financial statements give a true
and fair view.
B. A negative assurance conclusion gives a high level of assurance.
C. Reasonable assurance is absolute assurance of the correctness of the subject
matter.
D. The practitioner’s conclusion in a review engagement is expressed in positive
form of assurance
The level of assurance provided by an assurance will depend on the type of
engagement. Which of the following level of assurance that a statutory audit
engagement would give?
A. Absolute assurance
B. Negative assurance
C. Reasonable assurance
D. Limited assurance
The level of assurance provided by an assurance will depend on the type of
engagement. Which of the following level of assurance that a “review of financial
information” engagement would give?
A. Absolute assurance
B. Reasonable assurance
C. Limited assurance
The level of assurance provided by an assurance will depend on the type of
engagement. Which of the following level of assurance that a “report on profit and
cashflow forcast” engagement would give?
A. Absolute assurance
B. Reasonable assurance
C. Limited assurance
Which of the following statements is TRUE regarding assurance: (1) Auditors are
required to express an opinion as to whether the financial statements give a true
and fair view; (2) An audit is a type of reasonable assurance engagement.
A. Both statements are true
B. Both statements are false

22
 C. Statement 1 is false
D. Statement 2 is false
What sort of assurance does a reasonable assurance engagement give?
A. High level of assurance
B. Low level of assurance
C. Limited level of assurance
Which of the following statements is TRUE regarding assurance: (1) An audit
report give positive assurance; (2) A review engagement gives negative assurance.
A. Both statements are true
B. Both statements are false
C. Statement (1) is false
D. Statement (2) is false
The following is an extract from an independent auditor’s unmodified report on a
profit forecast: “Based on our examination of the evidence supporting the
assumptions, nothing has come to our attention which causes us to believe that
these assumptions do not provide a reasonable basis for the forecast”. Which one
of the following best describes the types of assurance provided by this statement?
A. Positive assurance expressed negatively
B. Negative assurance expressed positively
C. High level of assurance expressed negatively
D. Limited level of assurance expressed negatively
The following conclusions have been reported on two engagements:
(1) “The insurance claim presents a true and fair estimate of the amount of
inventory lost in the warehouse fire”
(2) “The cash flow forecast contains no assumptions that appear
unreasonable”
Which of the following describes the level of assurance expressed in these conclusions:

A. (1) negative assurance; (2) No assurance

B. (1) Positive assurance; (2) No assurance
C. (1) Negative assurance; (2) Negative assurance
D. (1) Positive assurance; (2) Negative assurance

In Reasonable assurance engagements the practitioner:

A. Gathers sufficient appropriate evidence to be able to draw reasonable

conclusions by Performing very thorough procedures – tests of controls
and substantive procedures.
B. Gives a negatively worded assurance conclusion

23
 C. Concludes that the subject matter conforms in all material respects with
identified suitable criteria
D. Gives a positively worded assurance opinion
E. Gives a moderate or lower level of assurance than that of an audit
F. Gives a high (but not absolute) level of assurance (confidence)

[LO3 – Responsibilities of managements and the assurance providers]

[ISA 240 - Frauds]
Which of the following are the responsibilities of the external auditor in auditing
financial statements? (1) Maintaining internal controls and preparing financial
report; (2) Providing internal assurance on internal control and financial reports;
(3) Providing internal oversight of the reporting process
A. All of the above
B. None of the above
C. (1) and (2)
D. (2) and (3)
Which of the following is a general principle for the auditor to follow?: (1)
Compliance with applicable ethical principles; (2) Compliance with International
Standard on Auditing; (3) Keeping an attitude of professional scepticism when
planning and performing the audit
A. (1) and (2)
B. (1) and (3)
C. (2) and (3)
D. (1) and (2) and (3)
Who is ultimately responsible for ensuring that the annual financial statements of
a listed company are prepared in accordance with IFRS and relevant legislation?
A. The auditor
B. The board of directors
C. The company secretary
D. The listing exchange

Who is responsible for the prevention and detection of fraud?

A. Internal auditors
B. External auditors
C. Directors
D. The audit committee
The primary responsibility for the prevention and detection of fraud rests with
those charged with governance and the management of an entity. This is achieved
by:
24
 A. Implementing an effective system of internal control, reducing
opportunities for fraud to take place and increasing the likelihood of
detection (and punishment)
B. Creating a culture of honesty, ethical behaviour, and active oversight by
those charged with governance.
C. Both A&B
D. None

Which of the following is correct?

A. There is an unavoidable risk that some material misstatements may not be

detected even if properly planned in accordance with ISAs as fraud is
likely to be concealed.
B. The ability to detect fraud depends on the skill of the perpetrator,
collusion, relative size of amounts manipulated, and the seniority of the
people involved.
C. Both A&B
D. None

[ISA 250 – Laws and regulations]

1. Which of the following procedures is NOT likely to result in the discovery of
possible non-compliance with laws and regulations?
A. Enquiring of management or the entity’s lawyer
B. Reviewing internal control questionnaires
C. Undertaking tests of details on classes of transactions
D. Reading minutes of board meetings
2. An auditor has discovered a $1 million wages fraud by a director of a listed
company. The amount is not material in relation to the company’s financial
statements and the auditor has determined that the fraud does not constitute
money laundering.
To whom does the auditor have a primary duty to report this matter?
A. Those charged with governance
B. The company’s shareholders
C. The tax authorities
D. The auditor’s professional body
3. Primary responsibility for the detection of fraud lies with which of the
following?
1. Management and those charged with governance
2. The external auditor
3. Internal audit
A. A.1 only
B. B.2 only

25
 C. C.3 only
D. D.1, 2 and 3
4. What are the responsibilities of MANAGEMENT regarding the non-
compliance with laws and regulations?

A. To ensure that the entity’s operations are conducted in accordance with

relevant laws and regulations
B. Identify non-compliance with laws and regulations that may have a
material impact on the financial statements.
C. Both A&B
D. None

What are the responsibilities of the AUDITOR regarding the non-compliance with
laws and regulations?

A. The auditor must perform audit procedures to help identify non-

compliance with laws and regulations that may have a material impact on
the financial statements.
B. The auditor must obtain sufficient, appropriate evidence regarding
compliance with laws and regulations generally recognised to have a
direct effect on the determination of material amounts and disclosures in
the financial statements
C. Both A&B
D. None

AUDIT PROCEDURES to identify instances of non-compliance include:

A. Obtaining a general understanding of the legal and regulatory framework

applicable to the entity and the industry
B. Enquiring of the management and those charged with governance as to
whether the entity is in compliance with such laws and regulations
C. Inspecting correspondence with relevant licensing or regulatory
authorities.
D. Obtaining written representation
E. All of the above

When the AUDITOR BECOMES AWARE of information concerning a

POSSIBLE instance of non-compliance with laws or regulations, they should:

A. Understand the nature of the act and circumstances in which it has

occurred.
B. Obtain further information to evaluate the possible effect on the financial
statements.
C. Both A&B
D. None

26
Audit procedures WHEN NON-COMPLIANCE IS IDENTIFIED include:

A. Enquire of management of the penalties to be imposed.

B. Inspect correspondence with the regulatory authority to identify the
consequences.
C. Enquire of the company’s legal department as to the possible impact of
the non-compliance.
D. All of the above

The ethical standard, Responding to Non-compliance with Laws and Regulations

(NOCLAR), provides guidance to accountants as to the actions that should be
taken if they become aware of an illegal act committed by a client or employer.

A. The above statement is correct

B. The above statement is incorrect

[ISA 550 – Related parties]

The approach required by IAS 24 Related party disclosures is to disclose:

A. the relevant amounts of related party transactions

B. the nature of the related party relationships
C. Both A&B
D. None

The objectives of the auditor with regard to ISA 550 are to obtain:

A. an understanding of the entity’s related party relationships and

transactions
B. sufficient appropriate audit evidence about whether related party
relationships and transactions have been appropriately identified,
accounted for and disclosed in the financial statements.
C. Both A&B
D. None

Most material misstatements linked to related party transactions arise from failure
by the management of the client company to disclose related party relationships
and transactions to the auditor.

A. True
B. False

What procedures the auditor is required to perform in order to understand the

entity’s related party relationships and transactions:

27
 A. Make inquiries of management in respect of the identity of related parties,
the nature of relationships and the nature of any transactions entered into
with those parties during the period.
B. Obtain an understanding of the internal controls in operation over the
identification of, accounting for and disclosure of related party
relationships and transactions, the authorisation and approval of
significant transactions with related party and outside the normal course
of business
C. Both A&B
D. None

2. Scenario questions
Question 1 (non-compliance with laws and regulations)
You are audit manager of Button Auditing Company. One of your audit clients is PE
LLP, a company operating in coal mining industry. Under the National Regulation, PE
is required to comply with strict health and safety regulations.
In Sep 20X1, there was an accident in one mine that the Company is operating, where
several of the tunnels in the mine collapsed, causing other tunnels to become flooded.
This has resulted in one-third of the mine becoming inaccessible and for safety reasons,
the tunnels will be permanently closed. However, PE’s management thinks that the rest
of the mine can remain operational, as long as improvements are made to ensure that the
mine meets health and safety regulations. Luckily, no employees were injured in the
accident, therefore Dasset Co’s management has decided not to report the accident to
the National Coal Mining Authority.
Required:
Discuss PE’s responsibilities and recommend the actions which should be taken by
the firm, in relation to management’s decision not to report the accident to the
Authority. (10 marks)
Question 2 (Corporate governance)
ABB Co has been trading for over 20 years and obtained a listing on a stock exchange
five years ago. It provides specialist training in accounting and finance.
The listing rules of the stock exchange require compliance with corporate governance
principles, and the directors are fairly confident that they are following best practice in
relation to this. However, they have recently received an email from a significant
shareholder, who is concerned that ABB Co does not comply with corporate governance
principles.
ABB Co’s board is comprised of six directors; there are four executives who originally
set up the company and two non-executive directors who joined ABB Co just prior to

28
the listing. Each director has a specific area of responsibility and only the finance
director reviews the financial statements and budgets.
The chief executive officer, Daniel Brown, set up the audit committee and he sits on this
sub-committee along with the finance director and the non-executive directors. As the
board is relatively small, and to save costs, Daniel Brown has recently taken on the role
of chairman of the board. It is the finance director and the chairman who make decisions
on the appointment and remuneration of the external auditors. Again, to save costs, no
internal audit function has been set up to monitor internal controls.
The executive directors’ remuneration is proposed by the finance director and approved
by the chairman. They are paid an annual salary as well as a generous annual revenue
related bonus.
Since the company listed, the directors have remained unchanged and none have been
subject to re-election by shareholders.
Required:
Describe SIX corporate governance weaknesses faced by ABB Co and provide
recommendations to address each weakness, to ensure compliance with corporate
governance principles.

29