Session 3

Corporate Governance

FOCUS
This session covers the following content from the ACCA Study Guide.

A. Audit Framework and Regulation

3. Corporate governance
a) Discuss the objective, relevance and importance of corporate governance.
b) Discuss the provisions of international codes of corporate governance
(such as OECD) that are most relevant to auditors.
c) Describe good corporate governance requirements relating to directors'
responsibilities (e.g. for risk management and internal control) and the
reporting responsibilities of auditors.
d) Analyse the structure and roles of audit committees and discuss their
benefits and limitations.
f) Discuss the need for auditors to communicate with those charged
with governance.
5. Internal audit and governance and the differences between
external audit and internal audit
b) Discuss the elements of best practice in the structure and operations
of internal audit with reference to appropriate international codes of
corporate governance.

Session 3 Guidance
Read section 1, which introduces corporate governance.
Learn the key elements of the UK Corporate Governance Code ("the Code") (s.2).
Note the vital role which audit committees play in corporate governance (s.3.1).
Understand the nature of audit committee requirements and responsibilities under
the Code (s.3.2–s.3.4).

(continued on next page)

F8 Audit and Assurance (INT) Becker Professional Education | ACCA Study System

Ali Niaz - [email protected]

VISUAL OVERVIEW
Objective: To explain the objective, relevance and importance of corporate governance.

CORPORATE GOVERNANCE
• Meaning
• Objective
• Relevance
• Importance

OECD AND UK CODES AUDIT COMMITTEES

• OECD Overview • Introduction
• OECD Principles • UK Corporate Governance Code
• UK Code Overview • Internal Audit
• UK Code Elements • External Audit
• Advantages
• Disadvantages

AUDITORS

COMMUNICATION REPORTING
• Responsibilities • Sarbanes-Oxley Act
• Form, Timing, Content • UK Corporate
• Communication of Findings Governance Code
• Independence
• Two-Way Communications

Session 3 Guidance
Understand the advantages and disadvantages of audit committees (s.3.5, s.3.6).
Understand the need for communication between auditors and those charged with
corporate governance (s.4) and learn the significant matters which are to be studied
in later sessions (s.4.3).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-1

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

1 Corporate Governance

1.1 Meaning
 Corporate governance has been defined as: "The system
by which business corporations are directed and controlled.
The corporate governance structure specifies the distribution Aspects of corporate
of rights and responsibilities among different participants in governance are
the corporation … and spells out the rules and procedures for examined on
making decisions on corporate affairs. By doing this, it also a regular basis
provides the structure through which the company objectives (especially audit
committees). Whilst
are set, and the means of attaining those objectives and
this may seem a lot
monitoring performance."
of theory, practical
—OECD questions also have
 Those charged with governance are individuals with been asked (e.g.
responsibility for overseeing the strategic direction of the explain, from a
entity and obligations related to the accountability of the given scenario, how
entity, including overseeing the financial reporting process. corporate governance
—ISA 260 Communication With Those Charged With could be improved).
Governance
 Management—individuals with executive responsibility
for the conduct of the entity's operations.
—ISA 260 Communication With Those Charged With
Governance

Example 1 Typical Stakeholders

For a typical business entity, identify FOUR stakeholders (participants), their relationship and needs.

Solution
1.

2.
3.

4.

3-2 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

1.2 Objective
 The ultimate objective of a business is increasing long-term
shareholder value by enhancing economic performance.
Corporate governance aims to achieve this through:
 the ethical and moral behaviour of corporate management;
 integrity, transparency and accountability in business
activity;
 compliance with laws and regulations; and
 securing reputation and confidence in attracting
inward investment.

 In general, governance responsibilities involve a number of

oversight activities, including matters relating to:
 entity strategy development and implementation;
 economic development, mergers and acquisitions;
 appointment of professional operating management executives;
 compensation of executives;
 formation of adequate risk and control systems over strategic
and operational activities, managerial and financial reporting
and compliance with laws and regulations; and
 engaging internal auditors and independent external auditors.

1.3 Relevance
 Virtually all corporate governance regulations are aimed
at listed companies, where the separation of ownership
and control/management have, in a number of notorious
cases (e.g. Enron, Royal Bank of Scotland, Lehman
Brothers), caused serious losses to the shareholders through
mismanagement of company resources, missed opportunities
and poor decision-making or fraudulent activities (including
misleading and dishonest financial reporting).

1.4 Importance
Research has shown that entities which take good corporate
governance practice seriously are, over the long term, more
successful and more prosperous than entities which do not.
 Analysts and policymakers agree that improving corporate
governance is crucial to a company's ability to generate
sustainable growth in the future.
 There is a risk that weak corporate governance will lead to
financial losses, both for entities and shareholders. Strong
corporate governance helps reduce this risk.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-3

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

2 OECD and UK Codes

2.1 OECD Overview

 The mission of the Organisation for Economic Co-operation
and Development (OECD) is to promote policies designed to
improve the economic and social well-being of people around
the world.*
 In 1999, the OECD released its Principles of Corporate *34 countries are
Governance. The Principles are an international corporate currently members of
governance benchmark. The Principles were revised in 2004 the OECD.
and are undergoing review in 2014 to take into account recent
developments in the corporate sector and capital markets.
 The Principles focus on publicly traded companies, but can
be used to improve corporate governance in non-traded
companies.
 The Principles are non-binding and are meant to serve as a
reference point for the development of legal and regulatory
frameworks for corporate governance and for the development
of corporate governance policies by market participants.

2.2 OECD Principles

2.2.1 The Basis for an Effective Framework
 The corporate governance framework should:
 promote transparent and efficient markets;
 be consistent with the rule of law; and
 articulate the division of responsibilities among different
supervisory, regulatory and enforcement authorities.
2.2.2 Rights of Shareholders
 The framework should protect and facilitate the exercise of
shareholders' rights.
 Basic shareholder rights include the right to:
 secure methods of ownership registration;
*On a timely and
 convey or transfer shares; regular basis.
 obtain relevant and material information from the entity;*
 participate and vote in general shareholder meetings;
 elect and remove members of the board; and
 share in an incorporated entity's profits.
 Shareholders should be informed about and have the right to
participate in fundamental changes affecting the entity.
*All shareholders
2.2.3 Equitable Treatment of Shareholders should have the
 The framework should ensure the equitable treatment of all opportunity to obtain
redress for violation of
shareholders, including minority and foreign shareholders.*
their rights.
 Insider trading and self-dealing should be prohibited.

3-4 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

2.2.4 The Role of Stakeholders

 The framework should recognise the rights of stakeholders
(as established by law or through mutual agreements) and
encourage active cooperation between the entities and
shareholders in creating wealth, jobs and financially sound
entities.
 Shareholders should be able to freely communicate concerns
about illegal or unethical practices to the board.*

2.2.5 Disclosure and Transparency

 The framework should ensure that timely and accurate *Their rights should
disclosure is made on all material matters regarding the entity not be compromised
including financial performance, ownership and governance. for doing this.
 Information should be prepared and disclosed in accordance
with high-quality financial reporting standards.
 An annual audit should be conducted by an independent,
competent, qualified auditor.
 External auditors should be accountable to the shareholders
and owe a duty of professional care in the conduct of an audit.

2.2.6 Board Responsibilities

 The framework should ensure the strategic guidance of the
company, the effective monitoring of management by the
board, and the board's accountability to the company and the
shareholders.

2.3 Overview—UK Code

 The UK Corporate Governance Code is a primary example of
good corporate governance practice. The full code can be
downloaded from www.frc.org.uk.
 As with most governance codes, it applies only to listed
The UK Corporate
companies, but can be used by any entity (private or public)
Governance Code
as the basis for best practice.
is an examinable
 The Code explains the concept of comply or explain and document in that it is
contains 18 main principles covering leadership, effectiveness, an example of best
accountability, remuneration and relations with shareholders. practice. The Code
can be downloaded
 Supplemental guidance and good practice suggestions cover:
from the FRC website
 Board effectiveness (www.frc.org.uk).
 Role of audit committees
 Risk management and internal control
 Going concern.

 All companies have to report on how they apply the principles

of the Code (extensive guidance is included in the Code on
what needs to be disclosed in the report) and either confirm
that they have complied throughout the financial year with
the code provisions or explain why they have not (i.e. "comply
or explain").
 In addition:
 the board must confirm that there is an ongoing process for
the identification, evaluation and monitoring of significant
risks; and
 summarise the process by which it has reviewed
the effectiveness of the internal control system
(see Sessions 8 and 9).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-5

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

2.4 UK Code Elements

2.4.1 Leadership
 Every company should be headed by an effective board which
is collectively responsible for the long-term success of the
company.
 A clear division of responsibilities, at the head of the company,
is needed between:
 the running of the board and ensuring its effectiveness
(independent non-executive chairman); and
 the executive responsibility for the running of the company's
business (chief executive officer—CEO).
 No one individual should have unfettered powers of
decision-making.
 Non-executive directors should constructively challenge and
help develop proposals on strategy.

The chairman and CEO should not be the same individual.

2.4.2 Effectiveness
 The board and its committees should have the appropriate
balance of skills, experience, independence and knowledge
of the company to enable them to discharge their respective
duties and responsibilities effectively.
 The board should comprise an appropriate combination
of directors (executive and non-executive) such that no
individual or small group of individuals can dominate the
decision-making.
 At least half the board, excluding the chairman, should
comprise independent non-executive directors.
 A formal, transparent and independent appointment process
for new directors and with all directors (including non-
executive) submitting themselves regularly for re-election.
 The search for board candidates should be conducted,
and appointments made, on merit, against objective criteria *The appointment
process is dealt with
with due regard for the benefits of diversity on the board,
through a nominations
including gender.* committee chaired by
 All directors should be able to allocate sufficient time to the the board chairman
company to discharge their responsibilities effectively. or an independent
 All directors should receive induction on joining the board and non-executive director.
The majority of the
should regularly update and refresh their skills and knowledge.
committee should be
 All members of the board should be supplied in a timely independent non-
manner with information in a form and of a quality appropriate executive directors.
to enable the board to effectively discharge its duties.

3-6 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

 The board should undertake a formal and rigorous annual

evaluation of its own performance and that of its committees
and individual directors.
 All directors should be submitted for re-election at regular
intervals, subject to continued satisfactory performance.
 No executive director should hold more than one non-
executive directorship with another company.

2.4.3 Accountability
 The board should:
 present a balanced and understandable assessment of
its position;
 determine the nature and extent of the significant risks it is
willing to take in achieving its strategic objectives;
 maintain a sound risk management and internal control
system;
 make formal and transparent arrangements for considering
how they should apply the corporate reporting, risk
management and internal control principles; and
 maintain an appropriate relationship with the company's
auditors. *The key to a "sound
system of internal
 An audit committee of at least three independent non-
control" under the UK
executive directors must be established, with at least one
Corporate Governance
member having recent, relevant financial experience. Code is the risk-
 The effectiveness of internal control (including financial, based approach (see
operational, compliance and risk management systems) Session 9).
must be reviewed at least once each year.*

2.4.4 Remuneration
 Levels of remuneration should be sufficient to attract, retain
and motivate directors of the quality required to run the
company successfully, but a company should avoid paying
more than is necessary for this purpose.
 A significant proportion of executive directors' remuneration *All aspects of
should be structured so as to link rewards to corporate and executive directors'
individual performance. remuneration and
 There should be formal and transparent procedures for compensation are
developing policy on executive remuneration and for fixing dealt with through
the remuneration packages of individual executive directors. a Remuneration
Committee,
No executive director should be involved in deciding his
comprising 100%
remuneration.*
independent non-
2.4.5 Relations With Shareholders executive directors.
The Remuneration
 There should be a dialogue with shareholders based on the Committee will also
mutual understanding of objectives. set the remuneration
of the chairman. The
 The board as a whole has responsibility for ensuring that a
remuneration of non-
satisfactory dialogue with shareholders takes place.
executive directors will
 The board should use the AGM to communicate with be set by the board.
investors and encourage their participation.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-7

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

3 Audit Committees

3.1 Introduction
 The audit committee is now considered to be an integral
element of listed companies with the primary responsibility
of overseeing, on behalf of the board, the integrity of the
financial reporting controls, risk management and other
procedures implemented by management to protect the *The use of audit
interests of shareholders and other stakeholders.* committees is also
considered to be best
practice for unlisted
and other entities.

 Through the use of the audit committee, corporate governance

codes make it perfectly clear that external auditors are
responsible to and report to the shareholders, not the executive
management.
 They are effectively an additional element to enhance the
independence of the external auditor as well as providing greater
independence for the internal auditor.

 The committee should aim to be satisfied that management

has properly fulfilled its responsibilities. In doing so,
committee members must have a sound understanding of the
entity, the way it operates, the environment it operates in and
be independent of the company.
 The role of the audit committee considers not only the risks
and controls over the financial reporting process, but also the
tax, environmental, legal and other regulatory matters that
have a material effect on the financial statements.

3.2 UK Corporate Governance Code

 Of the four committees specifically mentioned by the
UK Corporate Governance Code—audit, nominations,
remuneration and risk—the audit committee is probably
the most central to the appropriate functioning of
corporate governance.
 The main role and responsibilities of the audit committee,
which must be set out in published written terms of
reference, are to:
 Monitor the integrity of the company's financial statements
(and any formal announcements relating to the company's
financial performance) and review significant financial
reporting judgements contained in them.

3-8 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

 To advise the board on whether the annual report is fair,

balanced and understandable and provides the information
necessary for users to assess the company's performance,
business model and strategy.
 Review the company's internal financial controls, internal
control and risk management systems (if no specific risk
committee).
 Monitor and review the effectiveness of the company's
internal audit function and, if there is no internal audit,
consider annually if there is a need for internal audit and
make that recommendation to the board.
 Make recommendations to the board, for it to put to the
shareholders for their approval in general meeting, in
relation to the appointment, re-appointment and removal of
the external auditor and to approve the remuneration and
terms of engagement of the external auditor.
 Review and monitor the external auditor's independence
and objectivity and the effectiveness of the audit process,
taking into consideration relevant UK professional and
regulatory requirements.
 Develop and implement policy on the engagement of the
external auditor to supply non-audit services, taking into
account relevant ethical guidance (see Session 4) regarding
the provision of non-audit services by the external audit
firm.
 Report to the board, identifying any matters in respect of
which it considers that action or improvement is needed and
making recommendations as to the steps to be taken.
 Review arrangements by which staff of the company may,
in confidence, raise concerns about possible improprieties
in matters of financial reporting or other matters and to
ensure that arrangements are in place for the proportionate
and independent investigation of such matters and for
appropriate follow-up action.*

*Raising concerns about the actions of managers is often referred

to as "whistle-blowing". There is the risk that the whistle-blower
may be directly or indirectly penalised in some way, and to go to an
external agency (e.g. the press) could be regarded as a breach of
confidentiality. Being able to discuss such matters with a member
of the audit committee provides confidentiality and confidence in
knowing that appropriate action will be taken.

 Report to the board on how it has discharged its

responsibilities.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-9

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

3.3 Internal Audit

 Audit committee responsibilities for internal audit include:
 Reviewing and approving the internal audit's remit, ensuring
that adequate resources and access to information are
made available to internal audit.
 Approving the appointment or termination of the head of
internal audit.
 Ensuring that the internal auditor has direct access to
the board chairman and to the audit committee and is
accountable to the audit committee.
 Reviewing and assessing the annual internal audit
work plan.
 Receiving a report on the results of the internal auditors'
work on a periodic basis.
 Reviewing and monitoring management's responsiveness to
the internal auditor's findings and recommendations.
 Meeting with the head of internal audit at least once a year
without the presence of management.
 Monitoring and assessing the role and effectiveness of
the internal audit function in the overall context of the
company's risk management system.

3.4 External Audit

 For external audit, the audit committee should:
 Annually assess and report to the board on:
— the qualification, expertise and resources, and
independence of the external auditors; and
— the effectiveness of the audit process.
 Consider, in the context of the entity's risk management,
the probability and impact of the auditor no longer being
operative.*
 Approve the terms of engagement and the remuneration to
be paid in respect of audit services provided, ensuring that an *The risk and effect
of this was clearly
appropriate audit can be carried out for the fee level paid.
demonstrated by
 Review and approve the annual engagement letter, ensuring it the demise of Arthur
has been updated to reflect changes in circumstances. Andersen as a Big Five
 Ensure that the external auditors are independent of the firm, resulting in the
"Big Four".
company, through, for example:
 discussion with, and written confirmation from, the auditors;
 review of all relationships between the entity and the
auditors;
 review of the auditor's policies and processes to maintain
independence;
 review of the safeguards put in place by the auditors to
maintain independence;
 review of the rotation policy for audit partners;
 comparing fee levels paid to the overall income of the
auditors; and
 obtaining written confirmation of compliance with
appropriate ethical guidelines.

3-10 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

 Ensure that appropriate plans are in place (at the start of each
annual audit cycle) for the audit (e.g. the overall strategy, risk
understanding and assessment, materiality, resources, and
work plans).
 Review, with the external auditors, the findings of their work,
for example:
— major issues that arose during the audit (both resolved
and unresolved);
— key accounting and audit judgements;
— levels of error identified during the audit; and
— reasons why certain errors remain unchanged.
 Review the audit representation letters (before signing
by management).
 Review the management letter and monitor management's
actions taken on its recommendations.
 Assess the effectiveness of the audit process, for example:
 consider whether the agreed audit plan was met and where
changes were made, understand the reasons for such
changes, including changes in perceived audit risks and the
work undertaken to address those risks;
 consider the robustness and perceptiveness of the
auditors in their handling of the key accounting and audit
judgements identified and in responding to questions from
the audit committees and in their commentary (where
appropriate) on the systems of internal control;*

*Following the banking crisis, one criticism levelled at the auditors of

banks was their general failure to sufficiently and robustly challenge
the fair value models used by the banks in valuing their derivative
assets and liabilities. This implied the failure of audit committees to
raise such matters with the auditors.

 obtain feedback about the conduct of the audit from key

people involved (e.g. the finance director and the head of
internal audit).
 Investigate why and consider what action, if any, should be
taken if the auditor resigns.
 If the audit committee recommends considering the selection
of possible new appointees as external auditors, it should
oversee the selection process. The committee should ensure
that all tendering firms have access, as necessary, to company
information and individuals (e.g. the audit committee, the
chairman of the board, CEO and CFO) during the tendering
process.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-11

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

 Develop (and recommend to the board) the company's policy

in relation to the provision of non-audit services by the
auditor. The objective should be to ensure that the provision
of such services does not impair the external auditor's
independence or objectivity. In this context, the committee
should consider:
 whether the skills and experience of the audit firm make it a
suitable supplier of the non-audit service;
 whether there are safeguards in place to ensure that there
is no threat to objectivity and independence in the conduct
of the audit resulting from the provision of such services by
the external auditor; and
 the nature of the non-audit services, the related fee
levels and the fee levels individually and in aggregate
relative to the audit fee; and the criteria which govern the
compensation of the individuals performing the audit.

3.5 Advantages of Audit Committees

Audit committees:
Provide effective and informed oversight in helping to ensure
market, public and stakeholder confidence in high-quality
financial reporting.*

*Effective audit committees need to be able to investigate issues on

their own initiative, rather than as directed by the CEO. They must
be clear about what they need to know and determined to receive
the information they require. Corporate governance codes will not
change the mindset of a CEO/CFO determined to carry out a fraud.
But an effective audit committee (together with effective internal and
external auditing) should act as a significant deterrent and minimise
the opportunities for destructive fraud to be carried out undetected
over a period of time.

Enable the board to delegate a thorough and detailed review

of audit matters, both internal and external, to enhance *It is of particular
external confidence in the entity. importance that the
Enable non-executive directors to contribute independent chief executive of
judgement on matters of critical importance in running the the entity and the
enterprise (e.g. investment decisions, risk analysis) and chairman of the audit
play a positive role in areas for which their skills are committee are able to
develop a respected,
particularly fitted.*
transparent, trusted
Offer the external and internal auditors a direct, formal and professional
link with non-executive directors. Also results in informal working relationship.
communications with the NEDs.

3-12 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

3.6 Disadvantages of Audit Committees

Audit committees may be seen as an unnecessary legal or
regulatory burden placed upon the board: "We know how to
run the company without anybody else trying to tell us what
to do."
The demands and expectations now placed by, for example,
the UK Corporate Governance Code and the Sarbanes-
Oxley Act, on the time and expertise of NEDs (who form the
audit committee) are such that suitable candidates (e.g. by
experience and qualification) are harder to find.*

*The audit committee is expected to meet regularly, with the

committee chairman (at least) expected to "keep in touch" with
the key people (CEO, board chairman, CFO, external audit lead
partner, head of internal audit). The committee provides a high
level oversight function that may lead to detailed work. For example,
where there is unease about management's interpretation of a
complex IFRS and use of estimates, the committee will need to fully
understand the detail and possibly seek external advice.

The risks and burden of responsibility placed on audit

committee members may result in a sense that the "reward
is not worth the effort" or rather that the risks are too high.
This may result in the overall ability of the audit committee
being less than what is required.*

*The recent banking crisis, in particular the Royal Bank of Scotland

(RBS) debacle in the UK, clearly showed that many NEDs did not
have a sufficient understanding of the complexities of banking and
failed to provide effective oversight. The entire board (executive
and non-executive directors) were sued by the bank's shareholders
for the loss in share value (some 75%) following effective
"nationalisation" by the UK government.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-13

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

Audit committees place an additional cost burden on the

entity. The advantages offered by having an audit committee
must be effectively utilised to ensure appropriate cost
benefit (e.g. to enhance public credibility, or to provide an
experienced "sounding board" for the executive directors).
Audit committees will only be effective where they are able
to operate as intended by the various governance codes.
Anything less than respect and understanding of the role of
the audit committee by the main board executive directors,
together with unfettered access to all information, will
diminish that effectiveness.*

*Not so much a disadvantage, more a fact of life, is this: What the

audit committee does not know, or is unable to find out, remains
unknown—these are the "unknown unknowns". Although the audit
committee should be kept informed of all relevant matters by
executive directors and key managers and have unrestricted access
to any information required (as when dealing with the auditors), if
a CEO is sufficiently determined to withhold information from the
auditors, other directors and the audit committee, it may be difficult
for such information to be uncovered and determined.

3-14 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

4 Auditor's Communication With Those Charged

With Governance (ISA 260)

Under ISA 260, the auditor's objectives should be to:*

 communicate clearly with those charged with governance the
auditor's responsibilities for the financial statement audit, and an
overview of the planned scope and timing of the audit;
*An overview of each
 obtain from those charged with governance information relevant
key point is given
to the audit;
below to place them
 provide those charged with governance with timely observations into the context of
arising from the audit that are significant and relevant to the communications with
auditor's responsibility to oversee the financial reporting process; those charged with
and governance. Full
 promote effective two-way communication between themselves details are given in the
and those charged with governance. sessions referred to.

4.1 Responsibilities
The auditor's responsibilities will usually be communicated
through the letter of engagement (see Session 5). Clarification
of management's responsibilities will also be made in the
engagement letter. The detail of the engagement letter should
be discussed with those charged with governance and signed by
them as accepting and understanding its contents.

4.2 Form, Timing and General Content

of the Audit
 Matters to discuss with those charged with
governance include:*
 the consequences of the auditor's work;
 the entity's business, environment, objectives and strategies *Although it is
(and changes since the last audit) (Sessions 8, 9); important for the
 significant financial statement risk and materiality auditor to have good
(Sessions 8, 9, 10); communication with
 approach to and reliance on internal control, including risk
those charged with
governance, it is
management; the auditor's sole
 oversight and monitoring of internal control, including responsibility to
reports from management and internal audit; establish the scope
 working in a constructive and complementary way with and timing of the
internal audit (Session 33); audit; this cannot be
dictated by others.
 detection or possibility of fraud (including whistle-blowing
reports) and breaches of laws and regulations (Session 11);
 changes in laws and regulations (e.g. IFRS, governance
practice, listing rules) and any effect; and
 significant communications with regulators (if any).

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-15

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

4.3 Communication of Significant Findings

From the Audit
 The auditor should communicate any views about significant
qualitative aspects of the entity's accounting practices,
including accounting policies, accounting estimates and
disclosures, for example:*
 if any practice is considered inappropriate, the reasons why
and any alternatives that are available;
 changes made by management that the auditor considers to
be inappropriate;
 the effect in controversial or emerging areas;
 indicators of possible management bias (e.g. aggressive
application of accounting policies or estimates that may be
considered as financial statement manipulation).

*"Significant" is not defined in the standard. IAASB does not

expect the auditor to undertake an elaborate evaluation exercise to
make this determination. It is simply a matter of whether, having
considered the relevant facts and circumstances, the auditor believes
that the matter (or the combination of matters) is sufficiently
important that it should be brought to the attention of those charged
with governance. Professional judgement is therefore a key factor.

 Significant difficulties, if any, encountered during the audit,

for example:
delays in management providing required information;
time and other pressure exerted by management;
unavailability of expected information;
restrictions placed on the auditors by management
(limitation on scope/insufficient evidence); and
management's unwillingness to co-operate with the auditors
(e.g. refusal to communicate).
 Significant matters arising from the audit that were discussed,
or subject to correspondence, with management, for example:
 control weakness letters (Session 13);
 subsequent events and going concern (Sessions 29 and 31);
 possible or actual modifications to the auditor's report
(Session 30);
 adjusted and unadjusted errors (Session 29);
 doubts on management's integrity (Sessions 5 and 7);
 second opinions secured by management (Session 4);
 doubts on continuing appointment (Sessions 5 and 7); and
 written representations (Session 20).

3-16 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

F8 Audit and Assurance (INT) Session 3 • Corporate Governance

4.4 Auditor Independence

 Where the entity is listed, those charged with governance
must be satisfied that the auditors have complied with
relevant ethical requirements (see s.3).
 This will normally take the form of a statement from the
auditors that:
 the engagement team, the firm (and network firms) have
complied with relevant ethical requirements;
 identifies all matters that, in the auditor's professional
judgement, may reasonably be thought to bear on
independence; and
 the related safeguards that have been applied to eliminate
identified threats to independence or reduce them to an
acceptable level.

4.5 Two-Way Communication

 ISA 260 places significant emphasis on the need for the
auditor to promote effective two-way communication with
those charged with governance, as this:*
 assists in developing a constructive working relationship
between the auditor and those charged with governance;
 sets clear expectations between the auditor and those
charged with governance regarding communication of
matters of audit relevance;
 recognises that those charged with governance are an
important element in the control environment;
 assists those charged with governance in fulfilling their
oversight responsibility for the risk management and
financial reporting process; and
 recognises that those charged with governance are
an important source of information for conduct of an
effective audit.

*ISA 260 does not mandate two-way communication, as those

charged with governance cannot be required to communicate with
the auditor. However, the auditor is required to evaluate whether
two-way communication has been adequate. If not, this may affect:
 the auditor's assessment of risks of material misstatement.
 the auditor's ability to obtain sufficient appropriate audit evidence.
 the auditor's consideration of modification to the auditor's report.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-17

Ali Niaz - [email protected]

Session 3 • Corporate Governance F8 Audit and Assurance (INT)

5 Auditor's Reporting Requirements

5.1 Sarbanes-Oxley Act (SOX)

 In addition to the audit report, Sarbanes-Oxley requires that
auditors issue a separate assurance report on an entity's
internal control and its operation for the reporting period.

5.2 UK Corporate Governance Code

 In the UK, requirements placed on external auditors are
significantly less onerous than under SOX. The auditors are
only required to review internal control (i.e. discuss, assess
and appraise documents and reports) if the directors have
carried out specific actions as required by a limited number of
the UK Corporate Governance Code sections and the rules of
the London Stock Exchange.
 Auditors are not required to carry out tests or form an opinion
on internal control, but are expected to:
 draw on their knowledge of the client, its environment and
internal control;
 consider the results of their audit testing of the
effectiveness of internal controls;
 review the information disclosed by the requirements of
the UK Corporate Governance Code and listing rules for
consistency with the financial statements as required by ISA
720 Other Information in Documents Containing Audited
Financial Statements (Session 29); and
 report any non-compliance with the specific requirements of
the UK Corporate Governance Code/listing rules (e.g. where
no explanation is given when required) in their audit report
as an "other matter" modification rather than an opinion
modification (Session 30).

3-18 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

 Session 3

Summary
 Corporate governance includes oversight of an entity's strategy, economic development,
executives, risk and control activities, and auditors.
 The five main principles of the UK Corporate Governance Code concern:
 Leadership

 Effectiveness

 Accountability

 Remuneration

 Relations with shareholders.

 An audit committee of at least three independent non-executive directors is an integral

element of corporate governance for listed companies and is considered to be best practice
for unlisted entities.
 The audit committee is responsible for monitoring the integrity of the financial statements
and financial reporting controls, monitoring and reviewing the internal audit function,
overseeing the appointment of the external auditor and reviewing and monitoring the
relationship with the external auditor, including the provision of non-audit services.
 The auditor's communication with those charged with governance should include the
auditor's responsibilities for the financial statements, the form and timing of the audit,
any significant findings and a statement of auditor independence.
 Significant findings include matters related to accounting policies, estimates, disclosures,
significant difficulties encountered during the audit and significant matters discussed with
management.
 The auditor should promote effective two-way communication with those charged
with governance.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-19

Ali Niaz - [email protected]

 Session 3 Quiz
Estimated time: 30 minutes

1. Explain how "corporate governance" is defined by the OECD. (1.1)

2. Describe the ultimate objective of a business. (1.2)
3. True or false? Corporate governance provides a means to exercise greater oversight of an
entity's board of directors. (1.4)
4. Discuss the elements of the UK Corporate Governance Code. (2.2)
5. List the requirements for an audit committee under the UK Corporate Governance Code. (3.2)
6. Describe SIX responsibilities of the audit committee with respect to the external audit. (3.4)
7. List THREE advantages and THREE disadvantages of audit committees. (3.5, 3.6)
8. Describe the FOUR auditor objectives under ISA 260. (4)

Study Question Bank

Estimated time: 40 minutes

Priority Estimated Time Completed

Q3 Audit committee 40 minutes

3-20 © 2014 DeVry/Becker Educational Development Corp. All rights reserved.

Ali Niaz - [email protected]

EXAMPLE SOLUTION
Solution 1—Typical Stakeholders
1. Shareholders make an equity investment in the enterprise and
expect share investment growth and dividend distributions.
2. Banks provide loans and expect to be repaid.
3. Executive management and employees provide services to an
entity and expect to be paid for the services and to receive various
employee benefits.
4. Suppliers provide goods and services and expect to be paid
for them.
5. Other companies have crossholding interests, have a vested
interest in the entity and can significantly influence the corporate
behaviour of the entity.
6. National and local governments provide services to the entity
and to society and need to receive revenue through taxation.

© 2014 DeVry/Becker Educational Development Corp. All rights reserved. 3-21

Ali Niaz - [email protected]