HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
APPENDIX I: MANAGEMENT LETTER
The main purpose of a management letter is to provide helpful and constructive comments to
the client on inherent weaknesses in the control systems and also provide advice to the entity
on how to run the entity more effectively. The scope of the management letter, the legal and
professional responsibilities and the reliance and distribution of the letter should be covered in
the engagement letter.
1. Issues that can be covered
Management letters can in particular be used to highlight:
• Deficiencies in the accounting systems and records.
• Material deficiencies in the design or implementation of internal control (required by ISA
315).
• Material weaknesses in risk assessment.
• Areas where efficiency and profitability could be improved.
• Inappropriate accounting policies and practices.
• Non-compliance with legislation or financial reporting standards.
• Difficult areas for verification due to the client’s procedures or lack of audit trail.
• Other matters affecting the conduct of the audit.
• Points outstanding from previous management letters.
2. Preparation of management letters
Planning stage
At the planning stage, the following should be discussed with the entity:
• The best way of reporting audit findings.
• Procedures for discussing the form and content of the management letter.
• A timetable for issue and response.
• The distribution of the management letter.
Preparation of the draft letter
• During the audit, points for inclusion in the management letter should be noted as they
arise. The analysis of risk will often highlight points to be included.
• A management letter should only include material points. The entity's comments should
be obtained before the management letter is finalised. This is a key stage and the
engagement team should:
o Address its comments to appropriate personnel.
o Discuss observations in a factual manner.
o Enquire whether there are any additional relevant facts.
o Listen carefully to responses which may yield extra information.
o Consider the impact on all entity personnel.
o Enquire what actions will be taken to correct deficiencies.
27. Communication of Audit Matters with Those Charged with Governance Page 88 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
o Find out whether previous management letter points have been implemented, and if
not, why not.
o Revise as appropriate and consider the economic viability of suggestions made.
Final letter
• The final letter should normally be sent to the company chairman or the managing
director with a copy to the chair of the Audit Committee where one exists, with a
covering note requesting the letter be tabled at a board meeting.
• The contents of the covering letter are covered in Form 202 in Part I of the Manual.
• The bulk of the letter should be arranged so as to be of most benefit to the entity. For
larger clients, it may be useful to adopt a tiered structure, highlighting the most
significant points for the client’s attention. The letter may also be used to emphasise
points raised previously but not resolved. Whatever the format chosen, the engagement
letter should make clear:
o The auditor’s observations.
o The implications and risks.
o The auditor’s recommendations.
o The management comments received on the draft letter.
• The approach should be modified wherever there is a statutory duty to report on any
shortcomings in the systems.
Management’s response
• A reply should be requested to all of the points raised, indicating the action
management intends to take as a result of the comments made in the report. It should
be made clear that at least an acknowledgement is expected and the directors'
discussion of the report should be recorded in the board minutes.
Timing
• Management letters should often be drafted after an interim audit (if one was
performed) or as soon as possible after the audit field work has been completed.
Recommendations will be perceived as more valuable if reported on a timely basis.
• Other factors to consider when deciding timing include:
o Specific industry requirements.
o The risk of loss to the client.
o Seriousness of weaknesses.
o The possibility of avoiding an increase in audit time through prompt client action. In
such cases, it may be necessary to report critical issues as they arise pending the
issue of a draft management letter.
27. Communication of Audit Matters with Those Charged with Governance Page 89 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Filing
• The original draft management letter (with any client comments) and the final
management letter should be placed in the current audit file. A copy of the final letter
may also be placed in the client file or the permanent audit file.
3. Third parties
Any report to management should be regarded as confidential. Occasionally however,
management may provide third parties (such as banks or regulators) with copies of the
report. It needs to be clarified with the client whether this will be so. See the disclaimer in
the covering letter in form 202 in Part I of the manual.
4. Groups
If the firm audits all the companies in a group, the firm should obtain permission from the
management of subsidiaries to disclose the contents of their management letters to the
parent company.
If the firm audits a parent company but not some of the subsidiaries, the firm should seek to
obtain the reports made by other auditors of group companies. The firm’s request to
management should be made through the parent company, and the firm should obtain
agreement from both the management of subsidiaries and their auditors before disclosing
management letters from other auditors to the parent company.
27. Communication of Audit Matters with Those Charged with Governance Page 90 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
APPENDIX II Specific requirements in ISQC 1 and other ISAs that refer to
communications with those charged with governance
This appendix identifies paragraphs in ISQC 1 and other ISAs in effect for audits of financial
statements for periods beginning on or after December 15, 2009 that require communication of
specific matters with those charged with governance. The list is not a substitute for considering
the requirements and related application and other explanatory material in ISAs.
ISQC 1, “Quality Control for Firms that Perform Audits and Reviews of Financial
Statements, and Other Assurance and Related Services Engagements” – paragraph 30(a)
ISA 240, “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial
Statements” – paragraphs 21, 38(c)(i) and 40-42
ISA 250, “Consideration of Laws and Regulations in an Audit of Financial Statements” –
paragraphs 14, 19 and 22-24
ISA 265, “Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management” – paragraph 9
ISA 450, “Evaluation of Misstatements Identified during the Audit” – paragraphs 12-13
ISA 505, “External Confirmations” – paragraph 9
ISA 510, “Initial Audit Engagements – Opening Balances” – paragraph 7
ISA 550, “Related Parties” – paragraph 27
ISA 560, “Subsequent Events” – paragraphs 7(b)-(c), 10(a), 13(b), 14(a) and 17
ISA 570, “Going Concern” – paragraph 23
ISA 600, “Special Considerations – Audits of Group Financial Statements (Including the
Work of Component Auditors)” – paragraph 49
ISA 705, “Modifications to the Opinion in the Independent Auditor’s Report” – paragraphs
12, 14, 19(a) and 28
ISA 706, “Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent
Auditor’s Report” – paragraph 9DITING
ISA 710, “Comparative Information—Corresponding Figures and Comparative Financial
Statements” – paragraph 18
ISA 720, “The Auditor’s Responsibilities Relating to Other Information in Documents
Containing Audited Financial Statements” – paragraphs 10, 13 and 16
27. Communication of Audit Matters with Those Charged with Governance Page 91 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
APPENDIX III Qualitative aspects of accounting practices
The communication required by may include such matters as:
Accounting policies
The appropriateness of the accounting policies to the particular circumstances of the entity,
having regard to the need to balance the cost of providing information with the likely benefit
to users of the entity’s financial statements. Where acceptable alternative accounting
policies exist, the communication may include identification of the financial statement items
that are affected by the choice of significant accounting policies as well as information on
accounting policies used by similar entities.
The initial selection of, and changes in significant accounting policies, including the
application of new accounting pronouncements. The communication may include: the effect
of the timing and method of adoption of a change in accounting policy on the current and
future earnings of the entity; and the timing of a change in accounting policies in relation to
expected new accounting pronouncements.
The effect of significant accounting policies in controversial or emerging areas (or those
unique to an industry, particularly when there is a lack of authoritative guidance or
consensus).
The effect of the timing of transactions in relation to the period in which they are recorded.
Accounting estimates
For items for which estimates are significant, issues discussed in ISA 540 including, for
example:
• Management’s identification of accounting estimates.
• Management’s process for making accounting estimates.
• Risks of material misstatement.
• Indicators of possible management bias.
• Disclosure of estimation uncertainty in the financial statements.
Financial statement disclosures
The issues involved, and related judgments made, in formulating particularly sensitive
financial statement disclosures (for example, disclosures related to revenue recognition,
remuneration, going concern, subsequent events, and contingency issues).
The overall neutrality, consistency and clarity of the disclosures in the financial statements.
Related matters
The potential effect on the financial statements of significant risks, exposures and
uncertainties, such as pending litigation, that are disclosed in the financial statements.
The extent to which the financial statements are affected by unusual transactions, including
non-recurring amounts recognized during the period, and the extent to which such
transactions are separately disclosed in the financial statements.
The factors affecting asset and liability carrying values, including the entity’s bases for
determining useful lives assigned to tangible and intangible assets. The communication
may explain how factors affecting carrying values were selected and how alternative
selections would have affected the financial statements.
27. Communication of Audit Matters with Those Charged with Governance Page 92 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
The selective correction of misstatements, for example, correcting misstatements with the
effect of increasing reported earnings, but not those that have the effect of decreasing
reported earnings.
27. Communication of Audit Matters with Those Charged with Governance Page 93 of 102
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
28. COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED
WITH GOVERNANCE AND MANAGEMENT (INCORPORATING ISA 265)
28.1. Objectives
28.1.1 The objectives of the auditor are to communicate appropriately to those charged with
governance and management deficiencies in internal control that the auditor has identified
during the audit and that, in the auditor’s professional judgment, are of sufficient importance to
merit their respective attentions.
28.2. Definitions
28.2.1 ISA 265 provides the following definitions:
Deficiency in internal control – this exists when:
• a control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in the financial statements in a timely
basis; or
• a control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
Significant Deficiency in internal control – a deficiency or combination of deficiencies in
internal control, that in the auditor’s professional judgement, is of sufficient importance to
merit the attention of those charged with governance.
28.3. Identifying deficiencies in internal control
28.3.1 The auditor is required to obtain an understanding of internal control relevant to the
audit when identifying and assessing the risks of material misstatement. In making those risk
assessments, the auditor considers internal control in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an opinion on the
effectiveness of internal control. The auditor may identify deficiencies in internal control not
only during this risk assessment process but also at any other stage of the audit. This ISA
specifies which identified deficiencies the auditor is required to communicate to those charged
with governance and management. That is, the auditor is not required to conduct tests to
identify all deficiencies in internal control. ISA 265 does not impose additional responsibilities
on the auditor regarding obtaining an understanding of internal control and designing and
performing tests of controls over and above the requirements of ISA 315 and ISA 330.
28.4. Procedures
The auditor shall determine whether on the basis of the audit work performed the auditor has
identified one or more deficiencies in internal control.
28.4.1 If the auditor has identified one or more deficiencies in internal control, the auditor shall
determine, on the basis of the audit work performed, whether individually or in combination,
they constitute significant deficiencies.
28. Communicating deficiencies in Internal Control to those charged with governance Page 94 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
28.4.2 The significance of a deficiency or combination of deficiencies in internal control
depends on:
whether a misstatement has actually occurred, and
the likelihood that a misstatement could occur and the potential magnitude of the
misstatement.
28.4.3 Significant deficiencies may therefore exist even though the auditor has not identified
misstatements during the audit.
Determining whether a deficiency is significant
28.4.4 Examples of matters that the auditor may consider in determining whether a deficiency
or combination of deficiencies in internal control constitutes a significant deficiency include:
The likelihood of the deficiencies leading to material misstatements in the financial
statements in the future.
The susceptibility to loss or fraud of the related asset or liability.
The subjectivity and complexity of determining estimated amounts, such as fair value
accounting estimates.
The financial statement amount exposed to the deficiencies.
The volume of activity that has occurred or could occur in the account balance or class of
transactions exposed to the deficiency or deficiencies.
The cause and frequency of the exceptions detected as a result of the deficiencies in the
controls.
The interaction of the deficiency with other deficiencies in internal control.
Considerations specific to smaller entities
28.4.5 While the concepts underlying control activities in smaller entities are likely to be similar
to those in larger entities, the formality with which they operate will vary. Further, smaller
entities may find that certain types of control activities are not necessary because of controls
applied by management.
28.4.6 Also, smaller entities have fewer employees which may limit the extent to which
segregation of duties is practicable. However, in a small owner-managed entity, the owner-
manager may be able to exercise more effective oversight than in a larger entity. This higher
level of management oversight needs to be balanced against the potential for management
override of controls.
Indicators of significant deficiencies in internal control include, for example
Evidence of ineffective aspects of the control environment.
Absence of a risk assessment process within the entity where such a process would
ordinarily be expected to have been established.
Evidence of an ineffective risk assessment process.
Evidence of an ineffective response to identified significant risks (for example, an absence
of controls over such a risk).
28. Communicating deficiencies in Internal Control to those charged with governance Page 95 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Misstatements detected by the auditor’s procedures that were not prevented, or detected
and corrected, by the entity’s internal control.
Restatement of previously issued financial statements to reflect the correction of a material
misstatement due to fraud or error.
Evidence of management’s inability to oversee the preparation of the financial statements.
28.5. Communication of significant deficiencies in internal control to those charged
with governance
28.5.1 The auditor shall communicate in writing significant deficiencies in internal control
identified during the audit to those charged with governance on a timely basis. This process
assists those charged with governance in fulfilling their oversight responsibilities.
28.5.2 In determining whether to issue written communication, the auditor may consider
whether the receipt of such communication would be an important factor in enabling those
charged with governance to discharge their oversight responsibilities. In addition for listed
entities in certain jurisdictions, those charged with governance may need to receive the
auditor’s written communication before the date of approval of the financial statements in order
to discharge specific responsibilities in relation to internal control for regulatory or other
purposes.
28.5.3 In other entities the auditor may issue the written communication at a later date, the
written communication is however subject to the overriding requirement for the auditor to
complete the assembly of the final audit file on a timely basis. ISA 230 states that an
appropriate time limit within which to assemble the final audit file is ordinarily not more than 60
days after the date of the auditor’s report.
28.5.4 The auditor may communicate significant deficiencies orally in the first instance to
management and, when appropriate, to those charged with governance to assist them in
taking remedial action to minimise the risks of material misstatement. This does not relieve the
auditor of the responsibility to communicate the significant deficiencies on writing.
Content of written communication
28.5.5 The auditor shall include in the written communication of significant deficiencies in
internal control:
a description of the deficiencies,
an explanation of their potential effects, and
sufficient information to enable those charged with governance to understand the
context of the communication. In particular the auditor shall explain that:
• The purpose of the audit was for the auditor to express an opinion on the financial
statements;
• The audit included consideration of internal control relevant to the preparation of the
financial statements in order to design audit procedures that are appropriate to the
circumstances, but not for the purpose of expressing an opinion on the effectiveness
of internal control; and
28. Communicating deficiencies in Internal Control to those charged with governance Page 96 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
• The matters being reported are limited to those deficiencies that the auditor has
identified during the audit and that the auditor has concluded are of sufficient
importance to merit being reported to those charged with governance.
• An indication that such communication has been provided for the purposes of those
charged with governance, and that it may not be suitable for other purposes.
28.5.6 The auditor may also include in written communications:
suggestions for remedial action on the deficiencies,
management’s actual or proposed responses, and
a statement as to whether the auditor has undertaken any steps to verify whether
management’s responses have been implemented.
Detail of communication
28.5.7 The level of detail at which to communicate significant deficiencies is a matter of the
auditor’s professional judgment in the circumstances. Factors that the auditor may consider in
determining an appropriate level of detail for the communication include, for example:
The nature of the entity.
The size and complexity of the entity.
The nature of significant deficiencies that the auditor has identified.
The entity’s governance composition.
Legal or regulatory requirements regarding the communication of specific types of
deficiency in internal control.
28.5.8 Law and Regulation in some jurisdictions may establish a requirement (particularly for
audits of listed companies) for the auditor to communicate to those charged with governance
or to some other relevant parties (such as regulators) one or more specific types of deficiency
in internal control that the auditor has identified during the audit. In some of these instances
specific terms and definitions may have been established for the purposes of communicating
the deficiencies in internal control.
28.5.9 The responsibility for evaluating the costs and benefits of implementing remedial action
rests with management and those charged with governance.
Prior year deficiencies
28.5.10 The fact that the auditor has communicated a significant deficiency in internal control
to those charged with governance in a previous audit does not eliminate the need for the
auditor to repeat the communication if remedial action has not been taken. The auditor may
either repeat the description from the previous communication or simply reference the previous
communication.
28.5.11 The auditor may ask management or, where appropriate, those charged with
governance, why the significant deficiency has not yet been remedied. A failure to act, in the
absence of a rational explanation, may in itself represent a significant deficiency.
28. Communicating deficiencies in Internal Control to those charged with governance Page 97 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Considerations specific to smaller entities
28.5.12 In the case of smaller entities, the auditor may communicate in a less structured
manner with those charged with governance than in the case of larger entities.
Considerations specific to public sector entities
28.5.13 Public Sector auditors may have additional responsibilities to communicate
deficiencies in internal control that an auditor has identified during the audit, in ways, at a level
of detail and to parties not envisaged in ISA 265.
28.6. Communication of significant deficiencies in internal control to management
28.6.1 The auditor shall communicate in writing on a timely basis to management at an
appropriate level of responsibility significant deficiencies in internal control that the auditor has
communicated or intends to communicate to those charged with governance.
28.6.2 Certain significant deficiencies in internal control may call into question the integrity or
competence of management. Accordingly, it may not be appropriate to communicate such
deficiencies directly to management.
28.6.3 Chapter 9 notes that ISA 250 establishes requirements and provides guidance on the
reporting of identified or suspected non-compliance with laws and regulations, including when
those charged with governance are themselves involved in such non-compliance. Chapter 8
notes that ISA 240 establishes requirements and provides guidance regarding communication
to those charged with governance when the auditor has identified fraud or suspected fraud
involving management.
28.7. Communication of other deficiencies in internal control to management
28.7.1 During the audit the auditor may identify other deficiencies in internal control (that have
not been communicated to management by other parties) that are not significant deficiencies
but that may be of sufficient importance to merit management’s attention. The communication
of such deficiencies need not be in writing but may be oral.
28.7.2 If the auditor has communicated deficiencies in internal control other than significant
deficiencies to management in a prior period and management has chosen not to remedy
them for cost or other reasons, the auditor need not repeat the communication in the current
period, unless there has been a change of management, or if new information has come to the
auditor’s attention that alters the prior understanding of the auditor and management regarding
the deficiencies.
28.7.3 Nevertheless the failure of management to remedy other deficiencies in internal control
that were previously communicated may become a significant deficiency requiring
communication with those charged with governance. Whether this is the case depends on the
auditor’s judgment in the circumstances.
28. Communicating deficiencies in Internal Control to those charged with governance Page 98 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
28.7.4 In some cases those charged with governance may wish to be made aware of the
details of other deficiencies in internal control the auditor has communicated to management,
or to be briefly informed of the nature of the other deficiencies. Alternatively, the auditor may
consider it appropriate to inform those charged with governance of the communication of other
deficiencies to management. In either case, the auditor may report orally or in writing to those
charged with governance as appropriate.
28. Communicating deficiencies in Internal Control to those charged with governance Page 99 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
MANAGEMENT LETTER TEMPLATE
Date
The Chairman
NAME OF ENTITY
Dear Sir
201X AUDIT MANAGEMENT LETTER
We advise having completed our examination of NAME OF ENTITY for the year ended 31
December 201X. Our examination included a review of the accounting records and procedures
adopted by the ENTITY.
During the course of our examination we noted certain matters relating to procedures and
controls adopted by the ENTITY which we consider should be brought to your attention. These
matters are noted on the following pages.
You will appreciate that our normal audit procedures are designed primarily to enable us to
express an opinion on the financial statements of the ENTITY. Our audit included
consideration of internal control relevant to the preparation of the financial statements in order
to design audit procedures that are appropriate to the circumstances, but not for the purpose of
expressing an opinion on the effectiveness of internal control, and therefore our comments do
not include all possible improvements in internal control which might result from a special
review. The matters being reported are limited to those deficiencies which came to our
attention during the course of our audit and that we consider are of sufficient importance to
merit the attention of those charged with governance of NAME OF ENTITY.
Please note that during our audit we have not relied upon internal controls adopted by the
ENTITY, and have relied upon other audit evidence. DELETE IF NOT APPLICABLE.
All comments we have made are those where we consider improvements to systems and
processes will benefit the ENTITY.
The matters raised on the following pages have been discussed with management of the
ENTITY, and their comments on each matter raised have been included in this letter.
Please note that this letter has been provided for the purposes of those charged with
governance of NAME OF ENTITY, and therefore it may not be suitable for other purposes.
28. Communicating deficiencies in Internal Control to those charged with governance Page 100 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Finally, we would like to record our appreciation of the courtesy and co-operation extended to
us by you and your staff during our audit. We look forward to a continuing mutually beneficial
relationship with you.
Yours faithfully
NAME OF PARTNER
Partner
28. Communicating deficiencies in Internal Control to those charged with governance Page 101 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
1. IDENTIFY ISSUE
Observation
Potential effects
Recommendation
Management comment
28. Communicating deficiencies in Internal Control to those charged with governance Page 102 of 102
and management
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
29. USING THE WORK OF INTERNAL AUDITORS AND AUDITOR’S EXPERTS
(INCORPORATING ISA 610 and 620)
29.01 The auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the auditor’s use of the work of an auditor’s expert.
Nonetheless, if the auditor using the work of an auditor’s expert, having followed ISA 620,
concludes that the work of that expert is adequate for the auditor’s purposes, the auditor may
accept that expert’s findings or conclusions in the expert’s field as appropriate audit evidence.
29.1. Using the work of internal auditors
Objectives
29.1.1 The objectives of the auditor where the entity has an internal audit function that the
auditor has determined is likely to be relevant to the audit are:
To determine whether and to what extent, to use specific work of the internal auditors;
and
If using specific work of the internal auditors, to determine whether that work is adequate
for the purposes of the audit.
Definitions
29.1.2 Internal Audit Function – an appraisal activity established or provided as a service to the
entity. Its functions include, amongst other things, examining, evaluating and monitoring the
adequacy and effectiveness of internal control.
29.1.3 Internal Auditors – those individuals who perform the activities of the internal audit
function. Internal auditors may belong to an internal audit department or equivalent function.
Procedures
29.1.4 The external auditor shall determine the planned effect of the internal auditors on the
nature, timing or extent of the external auditor’s procedures.
29.1.5 The internal audit function is likely to be relevant to the audit if the nature of the internal
audit function’s responsibilities and activities are related to the entity’s financial reporting, and the
auditor expects to use the work of the internal auditors to modify the nature or timing, or reduce
the extent, of audit procedures to be performed.
29.1.6 The activities of internal control include one or more of the following:
Monitoring of internal control
Examination of financial and operating information.
Review of operating activities.
Review of compliance with laws and regulations.
Risk management.
Governance.
29. Using the work of internal auditors and auditor’s experts 1 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
29.1.7 In determining whether the work of the internal auditors is likely to be adequate for the
purposes of the audit, the external auditor shall evaluate:
The objectivity of the internal audit function;
The technical competence of the internal auditors;
Whether the work of the internal auditors is likely to be carried out with due professional
care; and
Whether there is likely to be effective communication between the internal auditors and
the external auditor.
29.1.8 In determining the planned effect of the work of the internal auditors on the nature, timing
and or extent of the external auditor’s procedures, the external auditor shall consider:
The nature and scope of specific work performed, or to be performed, by the internal
auditors;
The assessed risks of material misstatement at the assertion level for particular classes of
transactions, account balances, and disclosures; and
The degree of subjectivity involved in the evaluation of the audit evidence gathered by the
internal auditors in support of the relevant assertions.
Using specific work of the internal auditors
29.1.9 In order for the external auditor to use specific work of the internal auditors, the external
auditor shall evaluate and perform audit procedures on that work to determine its adequacy for
the external auditor’s purposes. The nature, timing and extent of the audit procedures performed
on specific work of the internal auditors will depend on the external auditor’s assessment of the
risk of material misstatement, the evaluation of the internal audit function, and the evaluation of
the specific work of the internal auditors. Such audit procedures may include:
Examination of items already examined by the internal auditors;
Examination of other similar items; and
Observation of procedures performed by the internal auditors.
29.1.10 To determine the adequacy of the specific work performed by the internal auditors for
the external auditor’s purposes, the external auditor shall evaluate whether:
The work was performed by internal auditors having adequate technical training and
proficiency;
The work was properly supervised, reviewed and documented;
Adequate audit evidence has been obtained to enable the internal auditors to draw
reasonable conclusions;
Conclusions reached are appropriate in the circumstances and any results prepared by
the internal auditors are consistent with the results of the work performed; and
Any exceptions or unusual matters disclosed by the internal auditors are properly
resolved.
Documentation
29.1.11 If the external auditor uses work of the internal auditors, the external auditor shall
include in the audit documentation the conclusions reached regarding the evaluation of the
29. Using the work of internal auditors and auditor’s experts 2 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
adequacy of the work of the internal auditors, and the audit procedures performed by the
external auditor on that work.
Form 511.2 - Understanding the entity and its internal control should be completed to assess
the extent of reliance that can be placed on the internal auditor’s work.
29.2. Using the work of an auditor’s expert
Objectives
29.2.1 The objectives of the auditor are:
To determine whether to use the work of an auditor’s expert; and
If using the work of an auditor’s expert, to determine whether that work is adequate for
the auditor’s purposes.
Definitions
29.2.2 Auditor’s expert – an individual or organization possessing expertise in a field other than
accounting or auditing, whose work in that field is used by the auditor to assist the auditor in
obtaining sufficient appropriate audit evidence. An auditor’s expert may be either an internal
expert or an auditor’s external expert.
29.2.3 Expertise – skills, knowledge and expertise in a particular field.
29.2.4 Management’s expert – an individual or organization possessing expertise in a field
other than accounting or auditing, whose work is used by the entity to assist the entity in
preparing the financial statements.
Determining a need
29.2.5 If expertise in a field other than accounting or auditing is necessary to obtain sufficient
appropriate audit evidence, the auditor shall determine whether to use the work of an auditor’s
expert.
29.2.6 Expertise in a field other than accounting or auditing may include expertise in relation to
such matters as:
The valuation of complex financial instruments, land or buildings, plant or machinery,
jewelry, works of art, antiques, intangible assets, assets acquired and liabilities
assumed in business combinations and assets that may be impaired.
The actuarial calculation of liabilities associated with insurance contracts or employee
benefit plans.
The estimation of oil and gas reserves.
The valuation of environmental liabilities, and site clean-up costs.
The interpretation of contracts, laws and regulations.
The analysis of complex or unusual tax compliance issues.
29.2.7 An auditor’s expert may be needed to assist the auditor in one or more of the following:
Obtaining an understanding of the entity and its environment.
29. Using the work of internal auditors and auditor’s experts 3 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Identifying and assessing the risks of material misstatement.
Determining and implementing overall responses to assessed risks at the financial
statement level.
Designing and performing further audit procedures to respond to risks assessed at the
assertion level, comprising tests of controls or substantive procedures.
Evaluating the sufficiency and appropriateness of audit evidence obtained in forming an
opinion on the financial statements.
29.3. Nature, timing and extent of auditor’s procedures
29.3.1 In determining the nature, timing and extent of the auditor’s procedures, the auditor
shall consider matters including:
The nature of the matter to which that expert’s work relates;
The risks of material misstatement in the matter to which that expert’s work relates;
The significance of the auditor’s work in the context of the audit;
The auditor’s knowledge of and experience with previous work performed by that expert;
and
Whether that expert is subject to the auditor’s firm’s quality control policies and
procedures.
29.4. Competence, capabilities and objectivity
29.4.1 The auditor shall evaluate whether the auditor’s expert has the necessary competence,
capabilities and objectivity for the auditor’s purposes. In the case of an auditor’s external
expert, the evaluation of objectivity shall include inquiry regarding interests and relationships
that may create a threat to that expert’s objectivity.
29.4.2 Information regarding the competence, capabilities and objectivity of an auditor’s expert
may come from a variety of sources such as:
Personal experience with previous work of that expert.
Discussions with that expert.
Discussions with other auditors or other who are familiar with that expert’s work.
Knowledge of that expert’s qualifications, membership of a professional body or industry
association, license to practice, or other forms of external recognition.
Published papers or books written by that expert.
The auditor’s firm’s quality control policies and procedures.
29.5. Understanding of the field of expertise
29.5.1 The auditor shall obtain a sufficient understanding of the field of expertise of the
auditor’s expert to enable the auditor to:
Determine the nature, scope and objectives of that expert’s work for the auditor’s
purposes; and
Evaluate the adequacy of that work for the auditor’s purposes.
29. Using the work of internal auditors and auditor’s experts 4 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
29.6. Agreement with the auditor’s expert
29.6.1 The auditor shall agree, in writing where appropriate, on the following matters with the
auditor’s expert;
The nature, scope and objectives of that expert’s work;
The respective roles and responsibilities of the auditor and that expert;
The nature, timing and extent of communication between the auditor and that expert,
including the form of any report to be provided by that expert; and
The need for the auditor’s expert to observe confidentiality requirements.
29.6.2 The agreement between the auditor and the auditor’s external expert is often in the form
of an engagement letter. When there is no written agreement evidence of the agreement may
be included in planning memoranda or related working papers such as the audit program. It
may often be relevant when agreeing the nature, scope and objectives of the auditor’s work to
include discussion of any relevant technical performance standards or industry requirements
that the expert will follow.
29.6.3 The agreement may also include details about access to, and retention of, each other’s
working papers.
29.6.4 It is necessary for the confidentiality provisions of relevant ethical requirements that
apply to the auditor also to apply to the auditor’s expert. Additional requirements may also be
imposed by law or regulation.
29.7. Evaluating the adequacy of the auditor’s expert’s work
29.7.1 The auditor shall evaluate the adequacy of the auditor’s expert work for the auditor’s
purposes, including;
The relevance and reasonableness of that expert’s findings or conclusions, and their
consistency with other audit evidence;
If that expert’s work involves use of significant assumptions and methods, the relevance
and reasonableness of those assumptions and methods in the circumstances; and
If that expert’s work involves the use of source data that is significant to that expert’s
work, the relevance, completeness and accuracy of that source data.
29.7.2 Specific procedures to evaluate the adequacy of the auditor’s expert’s work for the
auditor’s purposes may include:
Inquiries of the auditor’s expert.
Reviewing the auditor’s expert’s working papers and reports.
Corroborative procedures such as analytical procedures, re-performing calculations,
and observing the auditor’s expert’s work.
Discussion with another expert with relevant expertise when the findings are not
consistent with other audit evidence.
Discussing the auditor’s expert’s report with management.
29. Using the work of internal auditors and auditor’s experts 5 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
29.7.3 If the auditor determines that the use of the auditor’s work is not adequate for the
auditor’s purposes, the auditor shall:
Agree with that expert on the nature and extent of further work to be performed by that
expert; or
Perform additional audit procedures appropriate to the circumstances.
29.8. References to the auditor’s expert in the auditor’s report
29.8.1 The auditor shall not refer to the work of an auditor’s expert in an auditor’s report
containing an unqualified opinion unless required by law or regulation to do so. If such
reference is required by law or regulation, the auditor shall indicate in the auditor’s report that
the reference does not reduce the auditor’s responsibility for the auditor’s opinion.
29.8.2 If the auditor makes reference to the work of an auditor’s expert in the auditor’s report
because such reference is relevant to an understanding of a modification in the auditor’s
opinion, the auditor shall indicate in the auditor’s report that such reference does not reduce
the auditor’s responsibility for that opinion.
29. Using the work of internal auditors and auditor’s experts 6 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
30. SPECIAL CONSIDERATIONS - AUDITS OF GROUP FINANCIAL STATEMENTS
(INCORPORATING ISA 600)
30.1. Objectives
30.1.1 The objectives of the auditor are:
To determine whether to act as the auditor of the group financial statements; and
If acting as auditor of the group financial statements:
• To communicate clearly with component auditors about the scope and
timing of their work on financial information related to components and their
findings; and
• To obtain sufficient appropriate audit evidence regarding the financial
information of the components and the consolidation process to express an
opinion whether the group financial statements are prepared, in all material
respects, in accordance with the applicable financial reporting framework.
30.2. Definitions
Component – An entity or business activity for which group or component
management prepares financial information that should be included in the group
financial statements.
Component auditor – An auditor who, at the request of the group engagement team,
performs work on financial information related to a component for the group audit.
Component management – Management responsible for the preparation of the
financial information of a component
Component materiality – The materiality for a component determined by the group
engagement team.
Group – All the components whose financial information is included in the group
financial statements. A group always has more than one component.
Group audit – The audit of group financial statements.
Group audit opinion – The audit opinion on the group financial statements.
Group engagement partner – The partner or other person in the firm who is
responsible for the group audit engagement and its performance, and for the auditor’s
report on the group financial statements that is issued on behalf of the firm. Where
joint auditors conduct the group audit, the joint engagement partners and their
engagement teams collectively constitute the group engagement team.
Group engagement team – Partners, including the group engagement partner, and
staff who establish the overall group audit strategy, communicate with component
auditors, perform work on the consolidation process, and evaluate the conclusions
drawn from the audit evidence as the basis for forming an opinion on the group
financial statements.
Group financial statements – Financial statements that include the financial
information of more than one component. The term “group financial statements” also
refers to combined financial statements aggregating the financial information prepared
by components that have no parent but are under common control.
Group management – Management responsible for the preparation of the group
financial statements.
Group-wide controls – Controls designed, implemented and maintained by group
management over group financial reporting.
Significant component – A component indentified by the group engagement team (i)
that is of individual financial significance to the group, or (ii) that, due to its specific
30. Special considerations – audits of Group Financial Statements 7 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
nature or circumstances, is likely to include significant risks to material misstatement
of the group financial statements.
30.3. Procedures
Responsibility
30.3.1 The group engagement partner is responsible for the direction, supervision and
performance of the group audit engagement in compliance with professional standards and
applicable legal and regulatory requirements, and whether the auditor’s report that is issued
is appropriate in the circumstances. As a result the auditor’s report on the group financial
statements shall not refer to a component auditor, unless required by law or regulation to
include such reference. If such reference is required by law or regulation the auditor’s report
shall indicate that the reference does not diminish the group engagement partner’s or the
group engagement’s firm’s responsibility for the group audit opinion.
Acceptance and continuance
30.3.2 In applying ISA 220, the group engagement partner shall determine whether sufficient
appropriate audit evidence can reasonably be expected to be obtained in relation to the
consolidation process and the financial information of the components on which to base the
group audit opinion.
30.3.3 In the case of a new engagement, the group’s engagement team’s understanding of
the group, its components and their environments may be obtained from:
Information provided by group management;
Communication with group management; and
Where applicable, communication with the previous group engagement team,
component management, or component auditors.
30.3.4 The group engagement team’s understanding may include matters such as the
following:
The group structure, including both the legal and organisational structure (that is, how
the group financial reporting system is organised).
Component’s business activities that are significant to the group, including the
industry and regulatory, economic and political environments in which those activities
take place.
The use of service organisations, including shared service centres.
A description of group-wide controls.
The complexity of the consolidation process.
Whether components that are not from the group engagement’s partner’s firm or
network will perform work on the financial information of any of the components, and
group management’s rationale for appointing more than one auditor.
Whether the group engagement team will have unrestricted access to those charged
with governance of the group, group management, those charged with governance of
the component, component management, component information and the component
auditors (including relevant audit documentation sought by the group engagement
team); and will be able to perform necessary work on the financial information of the
components.
30. Special considerations – audits of Group Financial Statements 8 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
30.3.5 In the case of a continuing engagement, the group engagement team’s ability to
obtain sufficient appropriate audit evidence may be affected by significant changes, for
example:
Changes in the group structure (for example, acquisitions, disposals, reorganisations
or changes in how the group financial reporting system is organised).
Changes in components’ business activities that are significant to the group.
Changes in the composition of those charged with governance of the group, group
management, or key management of significant components.
Concerns the group engagement team has with regard to the integrity and
competence of group or component management.
Changes in group wide-controls.
Changes in the applicable financial reporting framework
30.3.6 For this purpose, the group engagement team shall obtain an understanding of the
group, its components and their environments that is sufficient to identify components that
are likely to be significant components.
30.3.7 Where component auditors will perform work on the financial information of such
components, the group engagement partner shall evaluate whether the group engagement
team will be able to be involved in the work of those component auditors to the extent
necessary to obtain sufficient appropriate audit evidence.
30.3.8 If the group engagement partner concludes that:
It will not be possible for the group engagement team to obtain sufficient appropriate
audit evidence due to restrictions imposed by group management; and
The possible effect of this inability will result in a disclaimer of opinion on the group
financial statements,
30.3.9 The group engagement partner shall either:
In the case of a new engagement, not accept the assignment, or, in the case of a
continuing engagement, withdraw from the engagement, where withdrawal is possible
under applicable law or regulation; or
Where law or regulation prohibits an auditor from declining an engagement or where
withdrawal from an engagement is not otherwise possible, having performed the audit
of the group financial statements to the extent possible, disclaim an opinion on the
group financial statements.
30.3.10 The group engagement partner shall agree on the terms of the group audit
engagement in accordance with ISA 210.
Overall audit strategy and audit plan
30.3.11 The group engagement team shall establish an overall group audit strategy and shall
develop a group audit plan in accordance with ISA 300. The group engagement partner shall
review the overall group audit strategy and group audit plan.
30.3.12 In group audits, a group planning memorandum will be necessary to ensure an
efficient audit, review of consolidated financial statements and completion of group reporting
packages and supporting schedules. The group planning memorandum may include details
on:
Responsibilities of the client and of the auditor.
30. Special considerations – audits of Group Financial Statements 9 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Audit acceptance and continuation procedures at the group level and agreeing the
terms of engagement.
Identification of the additional scope of audit.
Internal responsibilities of the engagement partner and the engagement team.
Information about the group including its structure, activities and the operating
environment.
Group accounting policies.
Overall materiality.
Risk assessment at the group level including fraud risk.
Communications with other auditors involved in the audit of subsidiaries and
associates including issue of group audit instructions.
Timetables and budgets.
Consolidation procedures.
Audit programmes.
Understanding the group, Its components and their environments
30.3.13 The auditor is required to identify and assess the risks of material misstatement
through obtaining an understanding of the entity and its environment. The group engagement
team shall:
Enhance its understanding of the group, its components, and their environments,
including group-wide controls, obtained during the acceptance or continuance stage;
and
Obtain an understanding of the consolidation process, including the instructions
issued by group management to components.
30.3.14 To achieve uniformity and comparability of financial information, group management
ordinarily issues instructions to components. Such instructions specify the requirements for
financial information of the components to be included in the group financial statements and
often include financial reporting procedures manuals and a reporting package. A reporting
package ordinarily consists of standard formats for providing information for incorporation in
the group financial statements. Reporting packages generally do not however, take the form
of complete financial statements prepared and presented in accordance with the applicable
financial reporting framework.
30.3.15 The instructions ordinarily cover:
The accounting policies to be applied;
Statutory and other disclosure requirements applicable to the group financial
statements, including, segment information, related party information, intra-group
transactions and unrealised profits and Intra-group account balances; and
A reporting timetable.
30.3.16 The group engagement team’s understanding of the instructions may include the
following:
The clarity and practicality of the instructions for completing the reporting package.
Whether the instructions:
• Adequately describe the characteristics of the applicable financial reporting
framework;
• Provide for disclosures that are sufficient to comply with the requirements of
the applicable financial reporting framework, for example, disclosure of
related party relationships and transactions, and segment information;
30. Special considerations – audits of Group Financial Statements 10 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
• Provide for the identification of consolidation adjustments, for example,
intra-group transactions and unrealised profits, and intra- group balances;
and
• Provide for the approval of the financial information by component
management.
30.3.17 The auditor is required to identify and assess the risks of material misstatement of
the financial statements due to fraud, and to design and implement appropriate responses to
the assessed risks. Information used to identity the risks of material misstatement of the
group financial statements due to fraud may include the following:
Group management’s assessment of the risks that the group financial statements may
be materially misstated as a result of fraud.
Group management’s process for identifying and responding to the risks of fraud in
the group, including any specific fraud risks identified by group management, or
account balances, classes of transactions, or disclosures for which a risk of fraud is
likely.
Whether there are particular components for which a risk of fraud is likely.
How those charged with governance of the group monitor group management’s
processes for identifying and responding to the risks of fraud in the group, and the
controls group management has established to mitigate these risks.
Responses of those charged with governance of the group, group management,
internal audit (and if considered appropriate, component management, the component
auditors, and others) to the group engagement team’s inquiry whether they have
knowledge of any actual, suspected, or alleged fraud affecting a component or the
group.
30.3.18 The group engagement team shall obtain an understanding that is sufficient to:
Confirm or revise its initial identification of components that are likely to be significant;
and
Assess the risks of material misstatement of the group financial statements due to
fraud or error
30.3.19 The key members of the engagement team are required to discuss the susceptibility
of an entity to material misstatement of the financial statements due to fraud or error,
specifically emphasising the risks due to fraud. In a group audit, these discussions may also
include the component auditors. The group engagement partner’s determination of who to
include in the discussions, how and when they occur, and their extent, is affected by factors
such as prior experience with the group.
30.3.20 The discussions provide an opportunity to:
Share knowledge of the components and their environments, including group-wide
controls.
Exchange information about the business risks of the components or the group.
Exchange ideas about how and where the group financial statements may be
susceptible to material misstatement due to fraud or error, how group management
and component management could perpetuate and conceal fraudulent financial
reporting, and how assets of the components could be misappropriated.
Identify practices followed by group or component management that may be biased or
designed to manage earnings that could lead to fraudulent financial reporting, for
example, revenue recognition practices that do not comply with the applicable
financial reporting framework.
30. Special considerations – audits of Group Financial Statements 11 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Consider known external and internal factors affecting the group that may create an
incentive or pressure for group management, component management, or others to
commit fraud, provide the opportunity for fraud to be perpetrated, or indicate a culture
or environment that enables group management, component management, or others
to rationalise committing fraud.
Consider the risk that group or component management may override controls.
Consider whether uniform accounting policies are used to prepare the financial
information of the components for the group financial statements and, where not, how
differences in accounting policies are identified and adjusted.
Discuss fraud that has been identified in components, or information that indicates the
existence of a fraud in a component.
Share information that may indicate non-compliance with national laws or regulations,
for example, payments of bribes and improper transfer pricing policies.
Understanding the component auditor
30.3.21 If the group engagement team plans to request a component auditor to perform work
on the financial information of a component, the group engagement team shall obtain an
understanding of the following:
Whether the component auditor understands and will comply with the ethical
requirements that are relevant to the group audit and, in particular is independent.
The component auditor’s professional competence.
Whether the group engagement team will be able to be involved in the work of the
component auditor to the extent necessary to obtain sufficient appropriate audit
evidence.
Whether the component auditor operates in a regulatory environment that actively
oversees auditors.
30.3.22 If the component auditor does not meet the independence requirements that are
relevant to the group audit, or the engagement team has serious concerns about the other
matters listed above in (b) to (d), the group engagement team shall obtain sufficient
appropriate audit evidence relating to the financial information of the component without
requesting that component auditor to perform work on the financial information of that
component.
Materiality
30.3.23 The group engagement partner shall determine the following:
Materiality for the group financial statements as a whole when establishing the overall
group audit strategy.
If, in the specific circumstances of the group, there are particular classes of
transactions, account balances or disclosures in the group financial statements for
which misstatements of lesser amounts than materiality for the group financial
statements as a whole could reasonably be expected to influence the decisions of
users taken on the basis of the group financial statements, the materiality level or
levels to be applied to those particular classes of transactions, account balances or
disclosures.
Component materiality for those components where component auditors will perform
an audit or review for purposes of the group audit. Component materiality shall be
lower than materiality for the group financial statements as a whole to reduce to an
appropriately low level the probability that the aggregate of uncorrected and
30. Special considerations – audits of Group Financial Statements 12 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
undetected misstatements in the group financial statements exceeds materiality for
the group financial statements as a whole.
The threshold above which misstatements cannot be regarded as clearly trivial to the
group financial statements.
30.3.24 Where component auditors will perform an audit for the purposes of the group audit,
the group engagement team shall evaluate the appropriateness of performance materiality
determined at the component level.
30.3.25 If a component is subject to audit by statute, regulation or other reason, and the
group engagement team decided to use that audit to provide evidence for the group audit,
the group engagement team shall determine whether:
Materiality for the component financial statements as a whole; and
Performance materiality at the component level
meet the requirements of ISA 600.
Responding to assessed risks
30.3.26 The auditor is required to design and implement appropriate responses to address
the assessed risks of material misstatement of the financial statements. The group
engagement team shall determine the type of work to be performed by the group
engagement team, or the component auditors on its behalf, on the financial information of the
components. The group engagement team shall also determine the nature, timing and extent
of its involvement in the work of the component auditors.
30.3.27 If the nature, timing and extent of the work to be performed on the consolidation
process or the financial information of the components are based on the expectation that
group wide controls are operating effectively, or if substantive procedures alone cannot
provide sufficient appropriate audit evidence at the assertion level, the group engagement
team shall test, or request a component auditor to test, the operating effectiveness of those
controls.
Significant components
30.3.28 For a component that is significant due to its individual financial significance to the
group, the group engagement team, or a component auditor on its behalf, shall perform an
audit of the financial information of the component using component materiality.
30.3.29 For a component that is significant because it is likely to include significant risks of
material misstatement of the group financial statements due to its specific nature or
circumstances, the group engagement team, or a component auditor on its behalf, shall
perform one or more of the following:
An audit of the financial information for the component using component materiality.
An audit of one or more account balances, classes of transactions or disclosures
relating to the likely significant risks of material misstatement of the group financial
statements.
Specified audit procedures relating to the likely significant risks of material
misstatement of the group financial statements.
30. Special considerations – audits of Group Financial Statements 13 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Components that are not significant components
30.3.30 For components that are not significant components the group engagement team
shall perform analytical procedures at group level.
30.3.31 If the group engagement team does not consider that sufficient appropriate audit
evidence on which to base the group audit opinion, additional audit evidence may be
obtained from:
The work performed on the financial information of significant components;
The work performed on group-wide controls and the consolidation process; and
The analytical procedures performed at group level, the group engagement team shall
select components that are not significant components and shall perform, or request a
component auditor to perform, one or more of the following on the financial
information of the individual components selected:
• An audit of the financial information of the component using component
materiality.
• An audit of one or more account balances, classes of transactions or
disclosures.
• A review of the financial information of the component using component
materiality.
• Specified procedures.
30.3.32 The group engagement team shall vary the selection of the components over a
period of time.
Significant components – Risk assessment
30.3.33 If the component auditor performs an audit of the financial information of a significant
component, the group engagement team shall be involved in the component’s auditor’s risk
assessment to identify significant risks of material misstatement of the group financial
statements. The nature, timing and extent of this involvement are affected by the group
engagement’s team understanding of the component auditor, but at a minimum shall include:
Discussing with the component auditor or component management those of the
component’s business activities that are significant to the group;
Discussing with the component auditor the susceptibility of the component to material
misstatement of the financial information due to fraud or error; and
Reviewing the component’s auditor’s documentation of identified significant risks of
material misstatement of the group financial statements. Such documentation may
take the form of a memorandum that reflects the component’s auditor’s conclusion
with regard to the identified significant risks.
30.3.34 If significant risks of material misstatements of the group financial statements have
been identified in a component on which a component auditor performs the work, the group
engagement team shall evaluate the appropriateness of the further audit procedures to be
performed to respond to the identified significant risk of material misstatement of the group
financial statements. Based on its understanding of the component auditor the group
engagement team shall determine whether it is necessary to be involved in the further audit
procedures.
30. Special considerations – audits of Group Financial Statements 14 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Consolidation process
30.3.35 The group auditor obtains an understanding of group wide controls and the
consolidation process, including the instructions issued by group management to
components. The group engagement team, or the component auditor at the request of the
group engagement team, tests the operating effectiveness of group-wide controls if the
nature, timing and extent of the work to be performed on the consolidation process are based
on an expectation that group- wide controls are operating effectively, or if substantive
procedures alone cannot provide sufficient appropriate evidence at the assertion level.
30.3.36 The group engagement team shall design and perform further audit procedures on
the consolidation process to respond to the assessed risks of material misstatement of the
group financial statements arising from the consolidation process. These shall include
evaluating whether all components have been included in the group financial statements.
30.3.37 The group engagement team shall evaluate the appropriateness, completeness and
accuracy of consolidation adjustments and reclassifications, and shall evaluate whether fraud
risk factors or indicators of possible management bias exist.
30.3.38 If the financial statements of a component have not been prepared in accordance
with the same accounting policies applied to the group financial statements, the group
engagement team shall evaluate whether the financial information of that component has
been appropriately adjusted for purposes of preparing the group financial statements.
30.3.39 The group engagement team shall determine whether the financial information
identified in the component’s auditor’s communication is the financial information that is
incorporated in the group financial statements.
30.3.40 If the group financial statements include the financial statements of a component with
a financial reporting period-end that differs from that of the group, the group engagement
team shall evaluate whether appropriate adjustments have been made to those financial
statements in accordance with the applicable financial reporting framework.
Subsequent events
30.3.41 When the group engagement team or component auditors perform audits on the
financial information of components, the group engagement team or the component auditors
shall perform procedures designed to identify events at those components that occur
between the dates of the financial information of the components and the date of the
auditor’s report on the group financial statements, and that may require adjustment to or
disclosure in the group financial statements.
30.3.42 Where component auditors perform work other than audits of the financial
information of components, the group engagement team shall request the component
auditors to notify the group engagement team if they become aware of subsequent events
that may require an adjustment to or disclosure in the group financial statements.
Communication with the component auditor
30.3.43 The group engagement team shall communicate its requirements to the component
auditor on a timely basis. The communication shall set out the work to be performed, the use
30. Special considerations – audits of Group Financial Statements 15 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
to be made of that work, and the form and content of the component’s communication with
the group engagement team. It shall also include the following:
A request that the component auditor, knowing the context in which the group
engagement team will use the work of the component auditor, confirms that the
component auditor will cooperate with the group engagement team.
The ethical requirements that are relevant to the group audit and, in particular, the
independence requirements.
In the case of an audit or review of the financial information of the component,
component materiality (and, if applicable the materiality level or levels for particular
classes of transactions, account balances or disclosures) and the threshold above
which misstatements cannot be regarded as clearly trivial to the group financial
statements.
Identified significant risks of material misstatement of the group financial statements,
due to fraud or error, that are relevant to the work of the component auditor. The
group engagement team shall request the component auditor to communicate on a
timely basis any other significant risks of material misstatement of the group financial
statements due to fraud or error, in the component, and the component auditor’s
responses to such risks.
A list of related parties prepared by group management, and any other related parties
of which the group engagement team is aware. The group engagement team shall
request the component auditor to communicate on a timely basis related parties not
previously identified by group management or the group engagement team. The
group engagement team shall determine whether to identify such additional related
parties to other component auditors.
30.3.44 The group engagement team shall request the component auditor to communicate
matters relevant to the group engagement’s team conclusion with regard to the group audit.
Such communication shall include:
Whether the component auditor has complied with ethical requirements that are
relevant to the group audit, including independence and professional competence;
Whether the component auditor has complied with the group engagement’s team
requirements;
Identification of the financial information of the component on which the component
auditor is reporting;
Information on instances of non-compliance with laws or regulations that could give
rise to a material misstatement of the group financial statements;
A list of uncorrected misstatements of the financial information of the component (the
list need not include misstatements that are below the threshold for clearly trivial
misstatements communicated by the group engagement team.
Indicators of possible management bias;
Description of any significant deficiencies in internal control at the component level;
Other significant matters that the component auditor communicated or expects to
communicate to those charged with governance of the component, including fraud or
suspected fraud involving component management, employees who have significant
roles in internal control at the component level or others where the fraud resulted in a
material misstatement of the financial information of the component;
Any other matters that may be relevant to the group audit, or that the component
auditor wishes to draw to the attention of the group engagement team, including
exceptions noted in the written representations that the component auditor has
requested from component management; and
The component auditor’s overall findings, conclusions or opinion.
30. Special considerations – audits of Group Financial Statements 16 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Please refer to the Group Audit Instructions in Part L of this manual for model instructions
that can be tailored to individual audits.
30.4. Evaluating the sufficiency and appropriateness of audit evidence obtained
Evaluating the component’s auditor’s communication and adequacy of their work
30.4.1 The group engagement team shall evaluate the component auditor’s communication
and shall:
Discuss significant matters arising from that evaluation with the component auditor,
component management or group management, as appropriate; and
Determine whether it is necessary to review other relevant parts of the component
auditor’s audit documentation.
30.4.2 If the group engagement team concludes that the work of the component auditor is
insufficient, the group engagement team shall determine what additional procedures are to
be performed, and whether they are to be performed by the component auditor or by the
group engagement team.
Sufficiency and appropriateness of audit evidence
30.4.3 The group auditor shall evaluate whether sufficient appropriate audit evidence has
been obtained from the audit procedures performed on the consolidation process and the
work performed by the group engagement team and the component auditors on the financial
information of the components, on which to base the group audit opinion.
30.4.4 The group engagement partner shall evaluate the effect on the group audit opinion of
any uncorrected misstatements (either identified by the group engagement team or
communicated by component auditors) and any instances where there has been an inability
to obtain sufficient appropriate audit evidence.
Communication with group management
30.4.5 The group engagement team shall determine which identified deficiencies in internal
control to communicate to those charged with governance and group management in
accordance with ISA 265. In making this determination, the group engagement team shall
consider:
Deficiencies in group-wide internal control that the group engagement team has
identified;
Deficiencies in internal control that the group engagement team has identified in
internal controls at components; and
Deficiencies in internal control that component auditors have brought to the attention
of the group engagement team.
30.4.6 If fraud has been identified by the group engagement team or brought to its attention
by a component auditor, or information indicates that a fraud may exist, the group
engagement team shall communicate this on a timely basis to the appropriate level of group
management in order inform those with primary responsibility for the prevention and
detection of fraud of matters relevant to their responsibilities.
30.4.7 A component auditor may be required by statute, regulation or for another reason, to
express an audit opinion on the financial statements of a component. In that case, the group
30. Special considerations – audits of Group Financial Statements 17 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
engagement team shall request group management to inform component management of
any matter of which the group engagement team becomes aware that may be significant to
the financial statements of the component, but of which component management may be
unaware.
30.4.8 If group management refuses to communicate the matter to component management,
the group engagement team shall discuss the matter with those charged with governance of
the group. If the matter remains unresolved, the group engagement team, subject to legal
and professional confidentiality considerations, shall consider whether to advise the
component auditor not to issue the auditor’s report on the financial statements of the
component until the matters is resolved.
Communication with those charged with governance of the group
30.4.9 The group engagement team shall communicate the following matters with those
charged with governance of the group, in addition to those required by ISA 260 and other
ISAs:
An overview of the type of work to be performed on the financial information of the
components.
An overview of the nature of the group engagement team’s planned involvement in the
work to be performed by the component auditors on the financial information of
significant components.
Instances where the group’s engagement team’s evaluation of the work of a
component auditor gave a rise to a concern about the quality of that auditor’s work.
Any limitations on the group audit, for example, where the group engagement team’s
access to information may have been restricted.
Fraud or suspected fraud involving group management, component management,
employees who have significant roles in group wide controls or others where the fraud
resulted in a material misstatement of the group financial statements.
Documentation
30.4.10 The group engagement team shall include in the audit documentation the following
matters:
An analysis of components, indicating those which are significant, and the type of
work performed on the financial information of the components.
The nature, timing and extent of the group engagement’s team involvement in the
work performed by the component auditors on significant components including where
applicable, the group engagement’s team review of relevant parts of the component
auditor’s audit documentation and conclusions thereon.
Written communications between the group engagement team and the component
auditors about the group engagement team’s requirements.
30.5. Audit report
30.5.1 A principal auditor may require a secondary auditor to provide an audit report on the
group reporting package which has been prepared to facilitate the group consolidation. An
auditor of a subsidiary company may be asked to complete such an audit report. Such
reports are often required before the completion of the statutory audit. It is important that
opinions are carefully phrased and reflect only the views which can be properly expressed,
based on the evidence so far received.
30. Special considerations – audits of Group Financial Statements 18 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
30.5.2 Where the auditor of a subsidiary company is asked to report on a set of financial
statements prepared for a group consolidation where no separate audit report is to be
issued on the financial report of the subsidiary company, the work of the subsidiary
company’s auditor may be limited, as compared to the work required to be performed to
enable an opinion to be issued on the financial report of a subsidiary company. In such
circumstances, the report to the principal auditor must refer to any such limitations of
scope, for example, that the subsidiary auditor may not have examined the collectability of
inter-company balances; as such balances will be eliminated on consolidation.
30.6. Audit of the consolidation working papers
30.6.1 In addition to co-ordinating and reviewing the work of the auditor of the subsidiaries,
the parent company auditor will need to audit the consolidation working papers. This is
likely to involve:
Checking that the data in respect of each entity has been correctly extracted from
the underlying reporting package or financial statements.
Checking that the data for entities with a functional currency different from the
presentation currency of the group has been correctly translated in accordance with
IAS 21.
Ensuring goodwill on consolidation is correctly computed and that the investment in
each subsidiary has been correctly eliminated against the equity of the respective
subsidiary and also ensuring that any fair value adjustments made at the time of the
acquisition have been properly reflected.
Establishing whether or not any provision for impairment of goodwill is necessary.
Ensuring that all intra-group transactions, balances and profits have been eliminated.
30. Special considerations – audits of Group Financial Statements 19 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Appendix I
SPECIAL CONSIDERATIONS – AUDITS OF GROUP FINANCIAL STATEMENTS
(INCLUDING THE WORK OF COMPONENT AUDITORS)
Is the component of YES Audit of the
individual financial component’s financial
significance to the group? information* (Para. 26)
(Para. 26)
N YES Audit of the component’s
O financial information; *or
Audit of one or more
Is the component likely to account balances, classes
include significant risks of of transactions or
material misstatement of disclosures relating to the
the group financial likely significant risks; or
statements due to its Specified audit procedures
specific nature or relating to the likely
significant risks (Para. 27)
N
O
Analytical procedures performed at group level
for components that are not significant
components (Para. 28)
Is the planned scope YES Communication
such that sufficient with component
appropriate audit auditors (Para. 40)
evidence on which to
base the group audit
opinion can be
obtained? (Para. 29)
NO * Performed using
component
For further selected components: Audit of the materiality
component’s financial information; * or Audit of one or
more accounts balances, classes of transactions or
disclosures; or Review of the component’s financial
information; or Specified procedures (Para. 29)
30. Special considerations – audits of Group Financial Statements 20 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Appendix II
Examples of matters about which the group engagement team
obtains an understanding
The examples provided cover a broad range of matters; however, not all matters are
relevant to every group audit engagement and the list of examples is not necessarily
complete.
Group-wide controls
Group-wide controls may include a combination of the following:
• Regular meetings between group and component management to discuss business
developments and to review performance.
• Monitoring of components’ operations and their financial results, including regular
reporting routines, which enables group management to monitor components’
performance against budgets, and to take appropriate action.
• Group management’s risk assessment process, that is, the process for identifying,
analyzing and managing business risks, including the risk of fraud, that may result in
material misstatement of the group financial statements.
• Monitoring, controlling, reconciling, and eliminating intra-group transactions and
unrealized profits, and intra-group account balances at group level.
• A process for monitoring the timeliness and assessing the accuracy and
completeness of financial information received from components.
• A central IT system controlled by the same general IT controls for all or part of the
group.
• Control activities within an IT system that is common for all or some components.
• Monitoring of controls, including activities of internal audit and self assessment
programs.
• Consistent policies and procedures, including a group financial reporting procedures
manual.
• Group-wide programs, such as codes of conduct and fraud prevention programs.
• Arrangements for assigning authority and responsibility to component management.
Internal audit may be regarded as part of group-wide controls, for example, when the
internal audit function is centralized. ISA 610 deals with the group engagement team’s
evaluation of the competence and objectivity of the internal auditors where it plans to
use their work.
Consolidation process
The group engagement team’s understanding of the consolidation process may include
matters such as the following:
Matters relating to the applicable financial reporting framework:
• The extent to which component management has an understanding of the applicable
financial reporting framework.
• The process for identifying and accounting for components in accordance with the
applicable financial reporting framework.
• The process for identifying reportable segments for segment reporting in accordance
with the applicable financial reporting framework.
30. Special considerations – audits of Group Financial Statements 21 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
• The process for identifying related party relationships and related party transactions
for reporting in accordance with the applicable financial reporting framework.
• The accounting policies applied to the group financial statements, changes from
those of the previous financial year, and changes resulting from new or revised
standards under the applicable financial reporting framework.
• The procedures for dealing with components with financial year-ends different from
the group’s year-end.
Matters relating to the consolidation process:
• Group management’s process for obtaining an understanding of the accounting
policies used by components, and, where applicable, ensuring that uniform
accounting policies are used to prepare the financial information of the components
for the group financial statements, and that differences in accounting policies are
identified, and adjusted where required in terms of the applicable financial reporting
framework. Uniform accounting policies are the specific principles, bases,
conventions, rules, and practices adopted by the group, based on the applicable
financial reporting framework, that the components use to report similar transactions
consistently. These policies are ordinarily described in the financial reporting
procedures manual and reporting package issued by group management. TING
• Group management’s process for ensuring complete, accurate and timely financial
reporting by the components for the consolidation.
• The process for translating the financial information of foreign components into the
currency of the group financial statements.
• How IT is organized for the consolidation, including the manual and automated
stages of the process, and the manual and programmed controls in place at various
stages of the consolidation process.
• Group management’s process for obtaining information on subsequent events.
• Matters relating to consolidation adjustments:
o The process for recording consolidation adjustments, including the
preparation, authorization and processing of related journal entries, and the
experience of personnel responsible for the consolidation.
o The consolidation adjustments required by the applicable financial reporting
framework.
o Business rationale for the events and transactions that gave rise to the
consolidation adjustments.
o Frequency, nature and size of transactions between components.
o Procedures for monitoring, controlling, reconciling and eliminating intra-group
transactions and unrealized profits, and intra-group account balances.
o Steps taken to arrive at the fair value of acquired assets and liabilities,
procedures for amortizing goodwill (where applicable), and impairment testing
of goodwill, in accordance with the applicable financial reporting framework.
o Arrangements with a majority owner or minority interests regarding losses
incurred by a component (for example, an obligation of the minority interest to
make good such losses).
30. Special considerations – audits of Group Financial Statements 22 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Appendix II
Examples of conditions or events that may indicate risks of material misstatement of
the group financial statements
The examples provided cover a broad range of conditions or events; however, not all
conditions or events are relevant to every group audit engagement and the list of examples
is not necessarily complete.
A complex group structure, especially where there are frequent acquisitions, disposals
or reorganizations.
Poor corporate governance structures, including decision-making processes, that are
not transparent.
Non-existent or ineffective group-wide controls, including inadequate group
management information on monitoring of components’ operations and their results.
Components operating in foreign jurisdictions that may be exposed to factors such as
unusual government intervention in areas such as trade and fiscal policy, and
restrictions on currency and dividend movements; and fluctuations in exchange rates.
Business activities of components that involve high risk, such as long-term contracts or
trading in innovative or complex financial instruments.
Uncertainties regarding which components’ financial information require incorporation in
the group financial statements in accordance with the applicable financial reporting
framework, for example, whether any special-purpose entities or non-trading entities
exist and require incorporation.
Unusual related party relationships and transactions.
Prior occurrences of intra-group account balances that did not balance or reconcile on
consolidation.
The existence of complex transactions that are accounted for in more than one
component.
Components’ application of accounting policies that differ from those applied to
the group financial statements.
Components with different financial year-ends, which may be utilized to manipulate
the timing of transactions.
Prior occurrences of unauthorized or incomplete consolidation adjustments.
Aggressive tax planning within the group, or large cash transactions with entities
in tax havens.
Frequent changes of auditors engaged to audit the financial statements of components.
30. Special considerations – audits of Group Financial Statements 23 of 23
1st July 2010
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
31. REVIEW ENGAGEMENTS (INCORPORATING ISRE 2400 revised and 2410)
31.1.Introduction
31.1.1 An entity may require a level of independent assurance about a financial report,
however it may not require the level of assurance provided by an audit.
31.1.2 An audit provides an opinion whether financial information gives a true and fair view, or
presents fairly in all material respects in accordance with an applicable financial reporting
framework. This is sometimes referred to as a “positive” opinion, and is said to provide a
“reasonable” level of assurance.
31.1.3 A “Review” engagement provides a level of assurance less than an audit.
31.1.4 The objective of an engagement to review an interim financial report or other historical
financial information is to enable the auditor to express a conclusion whether anything has
come to the auditor’s attention that causes the auditor to believe that the interim financial
report is not prepared in accordance with an applicable financial reporting framework. This
differs greatly from an audit conducted in accordance with Auditing Standards, and is
sometimes referred to as a “negative assurance” conclusion, and is said to provide a
“moderate” level of assurance.
31.1.5 The International Auditing and Assurance Standards Board has published two
standards to provide guidance in the conduct of a Review engagement:
ISRE 2410 Review of Interim Financial Information Performed by the Independent Auditor
of the Entity, or
ISRE 2400 (revised) Engagement to Review Financial Statements
31.1.6 ISRE 2410 is directed towards a review of interim financial information by an entity’s
auditor. Interim financial information is financial information that is prepared and presented in
accordance with an applicable financial reporting framework and comprises either a complete
or a condensed set of financial statements for a period that is shorter than the entity’s financial
year. However, it is to be applied when an entity’s auditor undertakes a review of historical
financial information other than interim financial information of an audit client e.g. a full-year
financial report.
31.1.7 An auditor of an entity who is engaged to review historical financial information should
conduct the review in accordance with ISRE 2410, and the requirements of this Manual.
31.1.8 A person other than the auditor of an entity should conduct a review of historical
financial information in accordance with ISRE 2400. The review of historical financial
statements is a limited assurance engagement. Limited assurance engagements other than
reviews of historical financial information are performed under International Standard on
Assurance Engagements (“ISAE”) 3000.
31. Review Engagements 1 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
Review of Historical
Financial Information
By the Auditor: By a Practitioner who is
not the Auditor:
ISRE 2410 ISRE 2400
31.1.9 The main difference between these two standards is that ISRE 2410 recognises that an
auditor of an entity, through performing an audit, has obtained an understanding of the entity
and its environment including its internal control.
31.1.10 ISRE 2400 recognises that a practitioner who is not the auditor of an entity will not
ordinarily have the same understanding of the entity and its environment, including its internal
control, as an auditor of the entity and the practitioner needs to obtain a level of understanding
of these matters.
31.1.11 ISRE 2400 has been revised for accounting periods ending on or after 31 December
2013. ISRE 2410 has not yet been revised. However best practice would be to comply with
some of the new requirements of ISRE 2400 in respect of using ISRE 2410.
31.1.12 In performing a review of financial statements, the practitioner may be required to
comply with legal or regulatory requirements, which may differ from the requirements
established in ISRE 2400. While the practitioner may find aspects of ISRE 2400 helpful in
these circumstances, it is the responsibility of the practitioner to ensure compliance with all
relevant legal, regulatory and professional obligations.
31.1.13 Review engagements in accordance with ISRE 2400 may be requested for component
entities by the auditor of the financial statements of a group of entities. Such a review
engagement performed in accordance with ISRE 2400 may be accompanied by a request from
the group auditor to undertake additional work or procedures as needed in the circumstances
of the group audit engagement.
31.1.14 Reviews of financial statements may be performed for a wide range of entities that
vary by type or size, or by the level of complexity in their financial reporting. In some
jurisdictions, the review of financial statements of certain types of entity may also be the
subject of local laws or regulations and related reporting requirements.
31.1.15 Reviews may be performed in a variety of circumstances. For example, they may be
required for entities that are exempt from requirements specified in law or regulation for
mandatory audit. Reviews may also be requested on a voluntary basis, such as in connection
with financial reporting undertaken for arrangements under the terms of a private contract, or
to support funding arrangements.
31.2 Objectives
31.2.1 The practitioner’s objectives in a review of financial statements are to:
(a) Obtain limited assurance, primarily by performing enquiry and analytical procedures, about
whether the financial statements as a whole are free from material misstatement, thereby
31. Review Engagements 2 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
enabling the practitioner to express a conclusion on whether anything has come to the
practitioner’s attention that causes the practitioner to believe the financial statements are not
prepared, in all material respects, in accordance with an applicable
financial reporting framework; and
(b) Report on the financial statements as a whole and communicate, as required by the ISREs
31.2.2 In all cases when limited assurance cannot be obtained and a qualified conclusion in
the practitioner’s report is insufficient in the circumstances, ISRE 2400 requires that the
practitioner either disclaim a conclusion in the report issued for the engagement or, where
appropriate, withdraw from the engagement if withdrawal is possible under applicable law or
regulation.
31.2.3 ISRE 2400 requires the practitioner to disclaim a conclusion on the financial statements
if:
(a) The practitioner issues a report, or is required to issue a report for the engagement; and
(b) The practitioner is unable to form a conclusion on the financial statements due to inability to
obtain sufficient appropriate evidence, and the practitioner concludes that the possible effects
on the financial statements of undetected misstatements, if any, could be both material and
pervasive.
31.2.4 The situation of being unable to obtain sufficient appropriate evidence in a review
engagement (referred to as a scope limitation) may arise from:
(a) Circumstances beyond the control of the entity;
(b) Circumstances relating to the nature or timing of the practitioner’s work; or
(c) Limitations imposed by management or those charged with governance of the entity.
31.2.5 ISRE 2400 sets out requirements and guidance for the practitioner when the practitioner
encounters a scope limitation, either prior to accepting a review engagement, or during the
engagement.
31.2.6 ISRE 2400 contains the objectives of the practitioner in following the ISRE which
provide the context in which the requirements of this ISRE are set, and are intended to assist
the practitioner in understanding what needs to be accomplished in a review engagement.
31.2.7 ISRE 2400 contains requirements, expressed using “shall,” that are designed to enable
the practitioner to meet the stated objectives.
31.2.8 ISRE 2400 contains introductory material, definitions, and application and other
explanatory material, that provide context relevant to a proper understanding of the ISRE.
31.2.9 The application and other explanatory material in ISRE 2400 provides further
explanation of the requirements and guidance for carrying them out. While such guidance does
not itself impose a requirement, it is relevant to the proper application of the requirements. The
application and other explanatory material may also provide background information on
matters addressed in ISRE 2400 that assists in the application of the requirements.
31.2.10 The practitioner’s objectives in a review of financial statements under ISRE 2400 are
to:
31. Review Engagements 3 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
(a) Obtain limited assurance, primarily by performing enquiry and analytical procedures, about
whether the financial statements as a whole are free from material misstatement, thereby
enabling the practitioner to express a conclusion on whether anything has come to the
practitioner’s attention that causes the practitioner to believe the financial statements are not
prepared, in all material respects, in accordance with an applicable financial reporting
framework; and
(b) Report on the financial statements as a whole and communicate, as required by ISRE
2400.
31.2.11 Sufficient appropriate evidence is required to obtain limited assurance to support the
practitioner’s conclusion. Evidence is cumulative in nature and is primarily obtained from the
procedures performed during the course of the review.
31.2.12 ISRE 2400 does not override laws and regulations that govern a review of financial
statements. In the event that those laws and regulations differ from the requirements of ISRE
2400, a review conducted only in accordance with laws and regulations will not automatically
comply with ISRE 2400.
31.2.13 In all cases when limited assurance cannot be obtained and a qualified conclusion in
the practitioner’s report is insufficient in the circumstances, this ISRE requires that the
practitioner either disclaim a conclusion in the report issued for the engagement or, where
appropriate, withdraw from the engagement if withdrawal is possible under applicable law or
regulation.
31.3 Definitions
31.3.1 Analytical procedures―Evaluations of financial information through analysis of plausible
relationships among both financial and nonfinancial data. Analytical procedures also
encompass such investigation as is necessary of identified fluctuations or relationships that are
inconsistent with other relevant information or that differ from expected values by a significant
amount.
31.3.2 Engagement risk―The risk that the practitioner expresses an inappropriate conclusion
when the financial statements are materially misstated.
31.3.3 General purpose financial statements―Financial statements prepared in accordance
with a general purpose framework.
31.3.4 General purpose framework―A financial reporting framework designed to meet the
common financial information needs of a wide range of users. The financial reporting
framework may be a fair presentation framework or a compliance framework.
31.3.5 Enquiry―Enquiry consists of seeking information of knowledgeable persons from within
or outside the entity.
31.3.6 Limited assurance―The level of assurance obtained where engagement risk is reduced
to a level that is acceptable in the circumstances of the engagement, but where that risk is
greater than for a reasonable assurance engagement, as the basis for expressing a conclusion
in accordance with this ISRE. The combination of the nature, timing and extent of evidence
31. Review Engagements 4 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
gathering procedures is at least sufficient for the practitioner to obtain a meaningful level of
assurance. To be meaningful, the level of assurance obtained by the practitioner is likely to
enhance the intended users’ confidence about the financial statements.
31.3.7 Practitioner―A professional accountant in public practice. The term includes the
engagement partner or other members of the engagement team, or, as applicable, the firm.
Where this ISRE expressly intends that a requirement or responsibility be fulfilled by the
engagement partner, the term “engagement partner” rather than “practitioner” is used.
“Engagement partner” and “firm” are to be read as referring to their public sector equivalents
where relevant.
31.3.8 Professional judgement―The application of relevant training, knowledge and
experience, within the context provided by assurance, accounting and ethical standards, in
making informed decisions about the courses of action that are appropriate in the
circumstances of the review engagement.
31.3.9 Relevant ethical requirements―Ethical requirements the engagement team is subject to
when undertaking review engagements. These requirements ordinarily comprise Parts A and B
of the International Ethics Standards Board for Accountants’ Code of Ethics for Professional
Accountants (IESBA Code), together with national requirements that are more restrictive.
31.3.10 Special purpose financial statements―Financial statements prepared in accordance
with a special purpose framework.
31.3.11 Special purpose framework―A financial reporting framework designed to meet the
financial information needs of specific users. The financial reporting framework may be a fair
presentation framework or a compliance framework.
31.3.12 The respective responsibilities of management and those charged with governance
will differ between jurisdictions, and between entities of various types. These differences affect
the way the practitioner applies the requirements of ISRE 2400 in relation to management or
those charged with governance Accordingly, the phrase “management and, where appropriate,
those charged with governance” used in various places throughout ISRE 2400 is intended to
alert the practitioner to the fact that different entity environments may have different
management and governance structures and arrangements.
31.3.13 Various responsibilities relating to preparation of financial information and external
financial reporting will fall to either management or those charged with governance according
to factors such as:
The resources and structure of the entity; and
The respective roles of management and those charged with governance within the entity
as set out in relevant law or regulation or, if the entity is not regulated, in any formal
governance or accountability arrangements established for the entity (for example, as
recorded in contracts, a constitution or other type of establishment documents of the
entity). For example, in small entities there is often no separation of the management and
governance roles. In larger entities, management is often responsible for execution of the
business or activities of the entity and reporting thereon, while those charged with
governance oversee management. In some jurisdictions, the responsibility for preparation
31. Review Engagements 5 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
of financial statements for an entity is the legal responsibility of those charged with
governance, and in some other jurisdictions it is a management responsibility.
31.4 Review by the auditor of an entity
Introduction
31.4.1. The auditor shall plan and perform the review by exercising professional judgement
and with an attitude of professional scepticism, recognising that circumstances may exist that
cause the interim financial report to require a material adjustment for it to be prepared, in all
material respects, in accordance with the applicable financial reporting framework.
General principles
Quality control
31.4.2. The auditor shall comply with the ethical requirements relevant to the audit of the
financial report of the entity, as per chapter 4.1, and shall implement quality control procedures
that are applicable to the individual engagement as per chapter 4.2. Refer to ISA 220 Quality
Control for an Audit of Financial Statements. ISRE 2400 notes that the provisions of this ISRE
regarding quality control at the level of individual review engagements are premised on the
basis that the firm is subject to ISQC 1 or requirements that are at least as demanding. ISRE
2410 notes that the relevant elements of quality control for a review engagement include:
Leadership quality on the engagement
Relevant ethical requirements
Acceptance and continuance of client relationships and specific engagements
Human resources
Assignment of engagement teams
Engagement performance, and
Monitoring
31.4.3 The practitioner shall comply with relevant ethical requirements, including those
pertaining to independence.
31.4.4 Part A of the IESBA Code establishes the fundamental principles of professional ethics
practitioners must comply with, and provides a conceptual framework for applying those
principles. The fundamental principles are:
(a) Integrity;
(b) Objectivity;
(c) Professional competence and due care;
(d) Confidentiality; and
(e) Professional behaviour.
Part B of the IESBA Code illustrates how the conceptual framework is to be applied in specific
situations. In complying with the IESBA Code, threats to the practitioner’s compliance with
relevant ethical requirements are required to be identified and appropriately addressed.
31.4.5 In the case of an engagement to review financial statements, the IESBA Code requires
that the practitioner be independent of the entity whose financial statements are reviewed. The
31. Review Engagements 6 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
IESBA Code describes independence as comprising both independence of mind and
independence in appearance. The practitioner’s independence safeguards the practitioner’s
ability to form a conclusion without being affected by influences that might otherwise
compromise that conclusion. Independence enhances the practitioner’s ability to act with
integrity, to be objective and to maintain an attitude of professional scepticism.
31.4.6 The practitioner shall plan and perform the engagement with professional scepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.
31.4.7 Professional scepticism is necessary for the critical assessment of evidence in a review.
This includes questioning inconsistencies and investigating contradictory evidence, and
questioning the reliability of responses to enquiries and other information obtained from
management and those charged with governance. It also includes consideration of the
sufficiency and appropriateness of evidence obtained in the light of the engagement
circumstances.
31.4.8 Professional scepticism includes being alert to, for example:
Evidence that is inconsistent with other evidence obtained.
Information that calls into question the reliability of documents and responses to enquiries
to be used as evidence.
Conditions that may indicate possible fraud.
Any other circumstances that suggest the need for additional procedures.
31.4.9 Maintaining professional scepticism throughout the review is necessary if the
practitioner is to reduce the risks of:
Overlooking unusual circumstances.
Over-generalizing when drawing conclusions from evidence obtained.
Using inappropriate assumptions in determining the nature, timing, and extent of the
procedures performed in the review, and evaluating the results thereof.
31.4.10 The practitioner cannot be expected to disregard past experience of the honesty and
integrity of the entity’s management and those charged with governance. Nevertheless, a
belief that management and those charged with governance are honest and have integrity
does not relieve the practitioner of the need to maintain professional scepticism or allow the
practitioner to be satisfied with evidence that is inadequate for the purpose of the review.
31.4.11 The practitioner shall exercise professional judgement in conducting a review
engagement.
31.4.12 Professional judgement is essential to the proper conduct of a review engagement.
This is because interpretation of relevant ethical requirements and the requirements of this
ISRE, and the need for informed decisions throughout the performance of a review
engagement, require the application of relevant knowledge and experience to the facts and
circumstances of the engagement. Professional judgement is necessary, in particular:
Regarding decisions about materiality, and the nature, timing, and extent of procedures
used to meet the requirements of this ISRE, and to gather evidence.
31. Review Engagements 7 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
When evaluating whether the evidence obtained from the procedures performed reduces
the engagement risk to a level that is acceptable in the engagement circumstances.
When considering management’s judgements in applying the entity’s applicable financial
reporting framework.
When forming the conclusion on the financial statements based on the evidence
obtained, including considering the reasonableness of the estimates made by
management in preparing the financial statements.
31.4.13 The distinguishing feature of the professional judgement expected of the practitioner is
that it is exercised by a practitioner whose training, knowledge and experience, including in the
use of assurance skills and techniques, have assisted in developing the necessary
competencies to achieve reasonable judgements. Consultation on difficult or contentious
matters during the course of the engagement, both within the engagement team and between
the engagement team and others at the appropriate level within or outside the firm, assists the
practitioner in making informed and reasonable judgements.
31.4.14 The exercise of professional judgement in individual engagements is based on the
facts and circumstances that are known by the practitioner throughout the engagement,
including:
Knowledge acquired from engagements carried out with respect to the entity’s financial
statements in prior periods, where applicable.
The practitioner’s understanding of the entity and its environment, including its accounting
system, and of the application of the applicable financial reporting framework in the
entity’s industry.
The extent to which the preparation and presentation of the financial statements require
the exercise of management judgement.
31.4.15 Professional judgement can be evaluated based on whether the judgement reached
reflects a competent application of assurance and accounting principles, and is appropriate in
the light of, and consistent with, the facts and circumstances that were known to the
practitioner up to the date of the practitioner’s report.
31.4.16 Professional judgement needs to be exercised throughout the engagement. It also
needs to be appropriately documented in accordance with the requirements of ISRE 2400.
Professional judgement is not to be used as the justification for decisions that are not
otherwise supported by the facts and circumstances of the engagement, or the evidence
obtained.
31.4.17 The engagement partner shall possess competence in assurance skills and
techniques, and competence in financial reporting, appropriate to the engagement
circumstances.
31.4.18 The engagement partner shall take responsibility for:
(a) The overall quality of each review engagement to which that partner is assigned;
(b) The direction, supervision, planning and performance of the review engagement in
compliance with professional standards and applicable legal and regulatory requirements;
(c) The practitioner’s report being appropriate in the circumstances; and
31. Review Engagements 8 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
(d) The engagement being performed in accordance with the firm’s quality control policies,
including the following:
(i) Being satisfied that appropriate procedures regarding the acceptance and
continuance of client relationships and engagements have been followed, and that
conclusions reached are appropriate, including considering whether there is information
that would lead the engagement partner to conclude that management lacks integrity;
(ii) Being satisfied that the engagement team collectively has the appropriate
competence and capabilities, including assurance skills and techniques and expertise in
financial reporting, to:
a. Perform the review engagement in accordance with professional standards
and applicable legal and regulatory
requirements; and
b. Enable a report that is appropriate in the circumstances to be issued; and
(iii) Taking responsibility for appropriate engagement documentation being maintained.
31.4.19 An effective system of quality control for a firm includes a monitoring process designed
to provide the firm with reasonable assurance that the firm’s policies and procedures relating to
the system of quality control are relevant, adequate and operate effectively. The engagement
partner shall consider the results of the firm’s monitoring process as evidenced in the latest
information circulated by the firm and, if applicable, other network firms and whether
deficiencies noted in that information may affect the review engagement.
31.4.20 Assurance skills and techniques include:
Applying professional scepticism and professional judgement to planning and performing
an assurance engagement, including obtaining and evaluating evidence;
Understanding information systems and the role and limitations of internal control;
Linking the consideration of materiality and engagement risks to the nature, timing and
extent of procedures for the review;
Applying procedures as appropriate to the review engagement, which may include other
types of procedures in addition to enquiry and analytical procedures (such as inspection,
re-calculation, reperformance, observation and confirmation);
Systematic documentation practices; and
Application of skills and practices relevant for writing reports for assurance engagements.
31.4.21 Under ISQC 1, the firm has an obligation to establish and maintain a system of quality
control to provide it with reasonable assurance that:
(a) The firm and its personnel comply with professional standards and applicable legal and
regulatory requirements; and
(b) Reports issued by the firm or engagement partners are appropriate in the circumstances.
31.4.22 Within the context of the firm’s system of quality control, engagement teams have a
responsibility to implement quality control procedures applicable to the engagement, and
provide the firm with relevant information to enable the functioning of that part of the firm’s
system of quality control relating to independence.
31.4.23 The actions of the engagement partner and appropriate messages to the other
members of the engagement team, in the context of the engagement partner taking
responsibility for the overall quality on each review engagement, emphasise the fact that
31. Review Engagements 9 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
quality is essential in performing a review engagement, and the importance to the quality of the
review engagement of:
(a) Performing work that complies with professional standards and regulatory and legal
requirements.
(b) Complying with the firm’s quality control policies and procedures as applicable.
(c) Issuing a report for the engagement that is appropriate in the circumstances.
(d) The engagement team’s ability to raise concerns without fear of reprisals.
31.4.24 Unless information provided by the firm or other parties suggests otherwise, the
engagement team is entitled to rely on the firm’s system of quality control. For example, the
engagement team may rely on the firm’s system of quality control in relation to:
Competence of personnel through their recruitment and formal training.
Independence through the accumulation and communication of relevant independence
information.
Maintenance of client relationships through acceptance and continuance systems.
Adherence to regulatory and legal requirements through the monitoring process.
In considering deficiencies identified in the firm’s system of quality control that may affect the
review engagement, the engagement partner may consider measures taken by the firm to
rectify those deficiencies.
31.4.25 A deficiency in the firm’s system of quality control does not necessarily indicate that a
review engagement was not performed in accordance with professional standards and
applicable legal and regulatory requirements, or that the practitioner’s report was not
appropriate.
31.4.26 When considering the appropriate competence and capabilities expected of the
engagement team as a whole, the engagement partner may take into consideration such
matters as the team’s:
Understanding of, and practical experience with, review engagements of a similar nature
and complexity through appropriate training and participation.
Understanding of professional standards and applicable legal and regulatory
requirements.
Technical expertise, including expertise with relevant information technology and
specialised areas of accounting or assurance.
Knowledge of relevant industries in which the client operates.
Ability to apply professional judgement.
Understanding of the firm’s quality control policies and procedures.
31.4.27 ISQC 1 requires the firm to obtain information as it considers necessary in the
circumstances before accepting an engagement with a new client, when deciding whether to
continue an existing engagement, and when considering acceptance of a new engagement
with an existing client. Information that assists the engagement partner in determining whether
acceptance and continuance of client relationships and review engagements are appropriate
may include information concerning:
The integrity of the principal owners, key management and those charged with
governance; and
Significant matters that have arisen during the current or a previous review engagement,
and their implications for continuing the relationship.
31. Review Engagements 10 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
31.4.28 If the engagement partner has cause to doubt management’s integrity to a degree that
is likely to affect proper performance of the review, it is not appropriate under ISRE 2400 to
accept the engagement, unless required by law or regulation, as doing so may lead to the
practitioner being associated with the entity’s financial statements in an inappropriate manner.
31.4.29 National requirements that deal with the firm’s responsibilities to establish and
maintain a system of quality control are at least as demanding as ISQC 1 when they address
all the following elements
Quality control system; and
Related policies designed to achieve the objective of the quality control system and the
firm’s procedures to implement and monitor compliance with those policies, including
policies and procedures that address each of the following elements:
• Leadership responsibilities for quality within the firm.
• Relevant ethical requirements.
• Acceptance and continuance of client relationships and
• specific engagements.
• Human resources.
• Engagement performance.
• Monitoring.
and impose obligations on the firm that achieve the aims of the requirements set out in ISQC
1.
Understanding the entity
31.4.30 Through performing the audit of the financial report, the auditor obtains an
understanding of the entity and its environment, including its internal controls. The auditor is
required to update this understanding through enquiries made in the course of the review, to
assist the auditor in focusing the enquiries to be made and the analytical and other review
procedures to be applied.
Scope
31.4.31 The practitioner shall have an understanding of the entire text of the ISREs, including
their application and other explanatory material, to understand their objectives and to apply
their requirements properly.
31.4.32 The practitioner shall comply with each requirement of the ISREs, unless a
requirement is not relevant to the review engagement. A requirement is relevant to the review
engagement when the circumstances addressed by the requirement exist.
31.4.33 The practitioner shall not represent compliance with ISRE 2400 in the practitioner’s
report unless the practitioner has complied with all the requirements of this ISRE relevant to
the review engagement.
31.4.34 In conducting a Review an auditor makes enquiries and performs analytical and other
procedures, to reduce to a moderate level the risk of expressing an inappropriate conclusion.
31. Review Engagements 11 of 70
1st September 2015
HLB INTERNATIONAL AUDIT AND ASSURANCE MANUAL
31.4.35 For further information in relation to planning refer to chapter 6 of the Manual and ISA
300 Planning an Audit of Financial Statements.
31.5 Accepting a review engagement
31.5.1 Unless required by law or regulation, the practitioner shall not accept a review
engagement if:
(a) The practitioner is not satisfied:
(i) That there is a rational purpose for the engagement; or
(ii) That a review engagement would be appropriate in the circumstances;
(b) The practitioner has reason to believe that relevant ethical requirements, including
independence, will not be satisfied;
(c) The practitioner’s preliminary understanding of the engagement circumstances indicates
that information needed to perform the review engagement is likely to be unavailable or
unreliable;
(d) The practitioner has cause to doubt management’s integrity such that it is likely to affect
proper performance of the review; or
(e) Management or those charged with governance impose a limitation on the scope of the
practitioner’s work in the terms of a proposed review engagement such that the practitioner
believes the limitation will result in the practitioner disclaiming a conclusion on the financial
statements.
31.5.2 Prior to accepting a review engagement, the practitioner shall:
(a) Determine whether the financial reporting framework applied in the preparation of the
financial statements is acceptable including, in the case of special purpose financial
statements, obtaining an understanding of the purpose for which the financial statements are
prepared and of the intended users; and
(b) Obtain the agreement of management that it acknowledges and understands its
responsibilities:
(i) For preparation of the financial statements in accordance with the applicable financial
reporting framework, including, where relevant, their fair presentation;
(ii) For such internal control as management determines is necessary to enable the
preparation of financial statements that are free from material misstatement, whether
due to fraud or error; and
(iii) To provide the practitioner with:
a. Access to all information of which management is aware that is relevant to the
preparation of the financial statements, such as records, documentation and
other matters;
b. Additional information that the practitioner may request from management for
the purpose of the review; and
c. Unrestricted access to persons within the entity from whom the practitioner
determines it necessary to obtain evidence.
31.5.3 If the practitioner is not satisfied as to any of the matters set out above as preconditions
for accepting a review engagement, the practitioner shall discuss the matter with management
or those charged with governance. If changes cannot be made to satisfy the practitioner as to
those matters, the practitioner shall not accept the proposed engagement unless required by
law or regulation to do so. However, an engagement conducted under such circumstances
31. Review Engagements 12 of 70
1st September 2015
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Audit Manual Part1
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Audit Manual Part1
- 1 - 50
- 51 - 100
- 101 - 150
- 151 - 200
- 201 - 250
- 251 - 300
- 301 - 350
- 351 - 400
- 401 - 450
- 451 - 500
- 501 - 550
- 551 - 565
Pages: