THE AUDITOR AND THE AUDIT ENVIRONMENT
The Statutory Audit
The Companies Acts depending on the applicable jurisdiction shall require that the majority of all companies must have an audit carried out. An exemption exists for small companies depending on the applicable jurisdiction.
In addition to qualifying as a small company the following would need consideration depending on the applicable jurisdiction:
- Company must be a private company
- Company must not be a bank or insurance entity
- Company must not be part of a group
- All filing requirements within the applicable jurisdiction are kept up to date.
AUDIT OPINION
The objective of an audit is for an independent auditor to express an opinion on a set of financial statements.
The key opinion is whether the accounts give a true and fair view. Unfortunately, there is no formal definition as it is not laid out in Company law. However, it is generally accepted that a set of accounts can only give a true and fair view if they are not factually incorrect and present information in an impartial way that is clearly understood by the reader.
It could also be argued that in order to ensure that a set of accounts gives a true and fair view, an auditor should have regard for Company Law and Accounting Standards pertaining to those financial statements and that he himself has carried out the audit in accordance with the relevant regulatory pronouncements, codes of ethics and Auditing Standards.
Aside from the key opinion, there are a number of other issues that the auditor needs to report on and these should be laid out by the companies’ acts.
These are matters of opinion and matters of fact.
Matters of opinion:
- Have proper accounting records been kept?
- Is the information in the directors’ report consistent with that given in the financial statements?
- Does a financial situation exist which may require an Special Meeting?
- Have the accounts been prepared in accordance with the provisions of the companies’ acts?
Matters of fact:
- Has the auditor received all the information and explanations he deems necessary for the purposes of his audit?
- Do the financial statements agree with the books of account?
The statutory audit opinion is given by way of a written standard audit report addressed to the shareholders of a company. The report should be signed and dated by the auditor.
THE ROLE OF THE AUDITOR
The auditor is the independent person that gives his opinion on a set of financial statements.
He does not provide absolute assurance. In other words he does not say the “accounts are correct”. Audits have their limitations.
However, this is often misunderstood by users of accounts who seem to wrongly accuse the auditor of shortcomings especially where there are infamous business failures or perceived wrong doing. This is known as the “expectation gap”.
The expectation gap exists because the role and duties of the auditor which are recommended to be laid out by the companies acts, codes of ethics and auditing standard could be different from the perceived role of the auditor by the general public and even company directors themselves. For example, it is believed that the auditor should find all errors whether unintentional or intentional such as fraud.
RELATIONSHIPS AND RESPONSIBILITIES
There are a number of stakeholders interested in financial statements from the shareholders to management, customers to suppliers, revenue authorities to bank managers, and even future investors.
The audit report is prepared by the auditor for the shareholders on the actions of the management (directors).
The auditor has no legal duty to report to management or anyone else in respect of the financial statements. However, in practice other parties do read the audit report and often rely on the assurance given by the auditors.
Key issues:
- Management are responsible for the preparation and presentation of the accounts
- Management are responsible for the prevention and detection of fraud within a company
- Management are responsible for safeguarding the assets of a company
- The auditor is responsible for expressing an opinion on a set of accounts prepared by management.
THE AUDIT PROFESSION
Depending on the jurisdiction it would be recommended to set up an Accounting Supervisory Authority together with an Auditing Authority. Its role would be to supervise the practice of auditing and accounting in the relevant country.
Previously, each professional accounting body supervised their own members, however more recently Independent Supervisory Authorities are being established in countries e.g. in Ireland (IAASA)
The main functions of an Auditing and Accounting Supervisory Authority would be:
- To supervise how each body regulates its own members
- To promote adherence to the highest possible professional standards
- To monitor the accounts of companies to ensure compliance with companies legislation.
Each professional body will regulate and monitor its own members. Each body will issue its own code of ethics. By and large the codes of ethics are very similar.
Persons carrying out audits must have the permission of the relevant authorities. It is strongly recommended that all auditors have to be registered. Members of recognised bodies such as CPA, ACCA and Chartered Accountants are registered auditors if they have practising and auditing certificates from their respective bodies.
The Institute of Certified Public Accountants of Rwanda (ICPAR) is the Professional
Accountancy Organization (PAO) mandated by law number 11/2008 to regulate the Accounting profession in the Republic of Rwanda. ICPAR is the only authorized by law to register and grant practising certificates to Certified Public Accountants (CPAs) in Rwanda. Certified Public Accountant Certificate holders that are registered as members of ICPAR are entitled to the CPA( R ) designation.
The Institute operates in the public interest including promotion of financial reporting, auditing and ethical standards.
The practising audit firms in Rwanda are very small in size and need capacity building with respect to quality of audit.
INTERNATIONAL STANDARDS ON AUDITING
Readers of information need assurance as to the reliability of that information. In addition, they will want to know that this reliability will not vary from one set of company accounts to another. In order to ensure this, an auditor audits a set of accounts in accordance with common standards.
There is a need then for auditors to be regulated so that all auditors follow the same standards. One of the main points of IAS200 (objective and general principles governing an audit of financial statements) is that auditors must follow the international standards of auditing in the exercise of an audit.
The International standards of auditing (ISAs) are produced by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). The IFAC is a global organisation for the accounting profession.
The intention is that the standards issued will improve the degree of uniformity of auditing practices, both in a standardised approach to the audit and a standard reporting format.
Only in exceptional circumstances, can an auditor judge if it is necessary to depart from an auditing standard in order to achieve the objective of an audit. The auditor would need to be able to justify his actions.
ISAs need only be applied to material matters. What is material is not defined in law but it is generally accepted that something is material if its omission or misstatement could influence the economic decisions of users of financial statements. Materiality can be based on value, e.g. large amounts are more likely to be material than small ones, though sometimes they may also be material by nature, for example if it exposes inappropriate decision-making within an organisation possibly based on favouritism or personal bias.
ISAs are mandatory in some jurisdictions for the audit of company’s accounts.
Setting Standards – The Process:
- The IAASB identifies new developments,
- The IAASB appoints a task force to draft a standard,
- Consultation takes place,
- An “exposure draft” is produced, essentially a draft standard issued welcoming comments from the profession and any other interested party,
- The taskforce considers comments and may make amendments, The Standard is finalised and formally approved by the IAASB.
International standards of Auditing
| Glossary of terms | |
| ISQC 1 | |
| ISA 200
|
Objective and general principles governing an audit of financial statements |
| ISA 210 | Terms of audit engagements |
| ISA 220 | Quality control for audits of historical financial information |
| ISA 230 | (Revised) Audit Documentation |
| ISA 240 | The auditor’s responsibility to consider fraud in an audit of financial statements |
| ISA 250 | Consideration of laws and regulations in an audit of financial statements |
| ISA 260 | Communication of audit matters with those charged with governance |
| ISA 265 | Communicating deficiencies in internal control to those charged with governance |
| ISA 300 | Planning an audit of financial statements |
| ISA 315
|
Obtaining an understanding of the entity and its environment and assessing the risks of material misstatement |
| ISA 320 | Audit materiality |
| ISA 330 | The auditor’s procedures in response to assessed risks |
| ISA 402 | Audit considerations relating to entities using service organisations |
| ISA 450 | Evaluation of misstatements identified during the audit |
| ISA 500 | Audit evidence |
| ISA 501 | Audit evidence – additional considerations for specific items |
| ISA 505 | External confirmations |
| ISA 510
|
Initial engagements – opening balances and continuing engagements – opening balances |
| ISA 520 | Analytical procedures |
| ISA 530 | Audit sampling and other means of testing |
| ISA 540 | Audit of accounting estimates |
| ISA 545 | Auditing fair value measurements and disclosures |
| ISA 550 | Related parties |
| ISA 560 | Subsequent events |
| ISA 570 | Going concern |
| ISA 580 | Management Representations |
| ISA 600 | Using the work of another auditor |
| ISA 610 | Considering the work of internal audit |
| ISA 620 | Using the work of an expert |
| ISA 700 | The auditor’s report on financial statements |
| ISA 705 | Modifications to opinions in the Independent Auditor’s Report |
| ISA 706 | Emphasis of matter paragraphs and other matter paragraphs in the Independent Auditor’s Report |
| ISA 710 | Comparatives |
| ISA 720 | (Revised) Section A – Other Information in Documents Containing Audited Financial Statements; Section B – The Auditor’s Statutory Reporting Responsibility in Relation to Directors’ reports |
International Accounting Standards, International Financial Reporting Standards and International Public Sector Accounting Standards)
The auditor needs to express an opinion on a set of accounts as to whether they give a true and fair view. In order to give a true and fair view, a set of accounts should have regard for the provisions of company law and international accounting standards. Private sector standards are known as International Financial Reporting Standards (IFRSs). There are public sector equivalents, largely based on the IFRSs, known as International Public Sector Accounting Standards (IPSASs).
The IFRSs are shown below (older Standards which have not been replaced by a more recent IFRS are still called International Accounting Standards (IASs).
The private sector Standards in issue are shown below:
| IAS 1 | Presentation of Financial Statements |
| IAS 2 | Inventories |
| IAS 7 | Statement of Cash Flows |
| IAS 8 | Accounting Policies, changes in Accounting Estimates and Errors |
| IAS 10 | Events After the Reporting Period |
| IAS 11 | Construction contracts |
| IAS 12 | Income Taxes |
| IAS 16 | Property, Plant and Equipment |
| IAS 17 | Leases |
| IAS 18 | Revenue |
| IAS 19 | Employee Benefits |
| IAS 20 | Accounting of Government Grants and Disclosure of Assistance |
| IAS 21 | The Effects of Changes in Foreign Exchange Rates |
| IAS 23 | Borrowing Costs |
| IAS 24 | Related Party Disclosures |
| IAS 26 | Accounting and Reporting by Retirement Benefit Plans |
| IAS 27 | Consolidated and Separate Financial Statements |
| IAS 28 | Investments in Associates |
| IAS 31 | Interests in Joint Ventures |
| IAS 32 | Financial Instruments: Presentation |
| IAS 33 | Earnings per Share |
| IAS 34 | Interim Financial Reporting |
| IAS 36 | Impairment of Assets |
| IAS 37 | Provisions, Contingent Liabilities and Contingent Assets |
| IAS 38 | Intangible Assets |
| IAS 39 | Financial Instruments: Recognition and Measurement |
| IAS 40 | Investment Property |
| IAS 41 | Agriculture |
| IFRS 1 | First Time Adoption of International Financial Reporting Standards |
| IFRS 2 | Share – Based Payment |
| IFRS 3 | Business Combinations |
| IFRS 5 | Non-current Assets Held for Sale and Discontinued Operations |
| IFRS 7 | Financial Instruments: Disclosures |
| IFRS 8 | Operating Segments |
CORPORATE GOVERNANCE
A string of high profile scandals and frauds in the 1980’s and the 1990’s forced the adoption of voluntary codes of best practice in many countries (for example the UK) to enforce good practice by directors and to communicate the adherence to good practice by management to the shareholders. These Codes could be applied globally.
It was vital that companies were managed well i.e. there was good corporate governance.
It would be recommended to bring in many aspects of good corporate governance into company law.
For example: The Cadbury report defines Corporate Governance as:
“The system by which companies are directed and controlled”.
Why is good corporate governance important?
Shareholders and managers are usually separate in a company and it is important that the management of a company deals fairly with the investment made by the owners.
Corporate governance is about ensuring that public companies are managed effectively for the benefit of the company and its shareholders.
In smaller companies, generally, shareholders are fully informed about the management of the business as they are the directors themselves. However, in large companies the day to day running of a company is the responsibility of the directors. Shareholders only get a lookin at the Annual Meeting.
In addition, auditors only report on the truth and fairness of financial statements. They do not report on how the shareholders’ investment is being managed and whether their investment is subject to fraud.
Why does the need for good corporate governance come about?
- Unscrupulous management ignoring distinction between company’s money and their own,
- Management manipulating share price for personal gain,
- Management disguising poor results and mismanagement,
- Management extracting funds from company and raising finance fraudulently.
- Management inefficiencies in decision-making and internal control systems (these might not be deliberate but are still problematic for shareholders)
Authority
Good corporate governance can be enforced by law (Sarbanes Oxley in the US) and/or by agreement through codes of best practice. So what does good corporate governance entail?
- Effective management
- Support /oversight of management by non-exec directors with sufficient experience
- Fair appraisal of performance
- Fair remuneration and benefits
- Fair financial reporting
- Sound systems of internal control
- Constructive relationship with directors
CODES OF BEST PRACTICE
Two prominent codes have been formed in the UK and are considered best practice in modern times and could be applied internationally.
For example: The Rwandan Stock Exchange commenced operations in January 2008 and has presently four listed companies, namely:-
- Balirwa
- KCB
- NMG
- BOK
In Rwanda these codes could be applied as “Codes of Best Practice”
- The Cadbury report
- The Combined code
The Cadbury Report
The Cadbury report was issued in 1992. Its terms of reference considered:
- The responsibilities of executive and non-executive directors and the frequency, clarity and form in which information should be provided to shareholders.
- The case for audit committees, their composition and role.
- The responsibilities of auditors and the extent and value of the audit.
- The links between auditors, shareholders and the directors.
The Cadbury report was aimed at directors of all UK PLCs, however directors of all companies are encouraged to apply the code. Directors should state in the financial statements, normally through the director’s report, whether they comply with the code and must give any reasons for non-compliance.
The Cadbury report covered a number of areas including the board of directors, nonexecutive directors, executive directors and the audit function. Some of the provisions include:
Board of Directors
- They should meet on a regular basis.
- They should have clearly accepted divisions of responsibilities, so no one person has complete power.
- The posts of chairman and CEO should be separate.
- Decisions which require a single signature or several signatures need to be laid out in a formal schedule and procedures must be put in place to ensure that the schedule is followed.
Non-executive directors
- They are not involved in the day to day running of the company and should bring their independent judgment to bear in the affairs of the company. Such affairs may include key appointments and standards of conduct.
- There should be no business or financial connection between the company and the nonexecutive directors other than fees and a shareholding.
- Their fees should reflect the time they spend on the business.
- They should not participate in share option schemes or pension schemes.
- Appointments of non-executive directors should be for a specific term and automatic re-appointment is discouraged.
- Procedures should exist whereby they may take independent advice.
- A remuneration committee consisting of non-executive directors should decide on the level of pay for executive directors.
Executive directors
- They run the company on a day to day basis and should have service contracts in place of not more than three years in length, unless approved by the shareholders.
- Directors’ emoluments should be fully disclosed in the accounts and should be analysed between salary and performance based pay.
Audit
- The code states that the audit is the cornerstone of corporate governance. It is an objective and external check on the stewardship of management.
- Some flaws exist in the framework for auditing, such as choices in accounting treatments, poor links between shareholders and auditors, price competition between audit firms and the “expectations gap” between auditors and the public.
- Disclosing fees for audit in the financial statements should safeguard against the threat of objectivity where auditors offer other services to their audit clients.
- Formal guidelines concerning audit rotation should be drawn up by the accounting profession.
- The accountancy profession should be involved in setting criteria for the evaluation of internal control.
- There is a need for auditors to report on going concern. This is now reflected in auditing standards.
The Combined Code
For example the UK stock exchange issues guidance on a regular basis. In 1998 it issued the combined code. This combined key guidance from various reports including the Cadbury report into the one code.
Some of its principles included which can be adopted globally are:
- Every company should have an effective board.
- There should be clear divisions of responsibilities at board level.
- There should be an appropriate balance of executive and non-executive directors.
- A formal procedure for appointments to the board should exist.
- The board should receive timely information in order to discharge its duties.
- All directors should maintain and upgrade their skills and knowledge.
- There should be an annual evaluation of its own performance.
- All directors should be submitted to re-election at appropriate time intervals.
- There should be appropriate levels of remuneration that are sufficient to attract, retain and motivate individuals of the necessary quality required.
- A significant portion of pay should be performance related.
- A formal procedure for the fixing of pay levels should exist and no director should have a hand in fixing his/her own pay.
- The board should present a balanced assessment of the company’s performance.
- The board should implement a good system of internal control.
- The board should have meaningful communication with the shareholders and should use the Annual Meeting to communicate with investors.
For example, the UK Stock exchange rules require that the annual report includes a statement of how a company has applied the principles of the combined code and must disclose whether there has been compliance with those principles. Auditors should review this statement.
Although the UK stock exchange rules require the code to be complied with, there is no statutory duty for companies to do so. It is in fact a voluntary code.
This allows for flexibility in its application although shareholders will be aware of the position due to the disclosure requirements.
In addition, being a voluntary code allows companies to opt out to the detriment of their shareholders and there are companies while unlisted companies should be encouraged to apply the codes.
Making the code obligatory may create an excessive burden of requirement especially for smaller companies.
Audit Committees
Audit committees are generally made up of non-executive directors. They are perceived to increase confidence in financial reports.
A number of recommendations contained in the combined code are:
- Audit committee should comprise at least three non-executive directors (two for smaller companies).
- Its main role and responsibilities should be clearly set out in written terms of reference.
- The committee should be provided with sufficient resources to undertake its duties.
Role and responsibilities
- To monitor the integrity of the financial statements and other formal announcements.
- To review the internal financial controls and the company’s control and risk management systems.
- To monitor and review the effectiveness of the internal audit function.
- To make recommendations regarding the appointment of external auditors and their remuneration.
- To monitor and review the external auditor’s independence and objectivity.
- To develop and implement policy on the engagement of the external auditor in other non-assurance services.
Advantages of an audit committee
- Provides an independent point of contact for the external auditor, particularly in the event of disagreements.
- Can create a climate of discipline and control.
- Increased confidence in the credibility and objectivity of financial reports, by increasing the quality of the financial reporting and enabling the non-executive directors to contribute an independent judgment.
- Internal auditors can report directly to the committee thereby providing a greater degree of independence from management.
- The existence of such a committee should make the executive directors more aware of their duties and responsibilities.
- Can act as a deterrent to fraud or illegal acts by executive directors.
Disadvantages of an audit committee
- Can be difficult to source sufficient non-executive directors with the necessary competence to be effective.
- Auditors may not raise issues of judgment where there are formalised reporting procedures.
- Costs may increase.
- Findings are generally not made public, so it is not always clear what they actually do.
Internal control effectiveness
Internal control is an essential tool in having good corporate governance and impacts significantly on the audit approach that might be taken.
The directors of a company are responsible for putting in place an effective system of internal control. An effective system of internal control will help management safeguard the assets of a company, prevent and detect fraud and therefore, safeguard the shareholders’ investment.
In addition, it helps ensure reliability of reporting and compliance with laws. The use of the word ‘help’ denotes the fact that there are inherent limitations in any system of internal controls and as such there can be no such thing as absolute assurance.
The directors need to set up internal control procedures and need to monitor these to ensure that they are operating effectively.
The system of internal control will reflect the control environment which depends a lot on the attitude of the directors towards risk.
The combined code recommends that the board of directors report on their review of internal controls. This assessment should cover the changes in risks which the company faces and its ability to respond to these changes, the scope and quality of management’s monitoring of risk and internal control and the extent and frequency of reports to the board. It should also assess the significant controls, failings and weaknesses that might have a material impact on the accounts.
Auditors should assess the review carried out by the directors. They should assess whether the company’s summary of the process of review is supported by documentation prepared by the directors and that it reflects that process.
This review is not as defined as an audit. Therefore, it is only possible to give limited assurance. For this reason, the auditors are not expected to assess whether the director’s review covers all risks and controls and whether the risks are satisfactorily addressed by the internal controls.
In order to avoid any misunderstandings, a paragraph is inserted into the audit report setting out the scope of the auditor’s role.
Auditors should bring to the attention of directors any material weaknesses they find in the system of internal control.
In order to monitor and assess the system of internal controls as to their reliability and effective operation, a company may set up an internal audit department to carry out the internal audit function.
There are significant differences between the external audit and internal audit functions.
- An internal auditor is an employee of the company. Therefore, under applicable company law, the internal auditor is precluded from acting as the external auditor of a company.
- External auditors are required by appropriate laws to belong to a recognised body, which guarantees their appropriate qualification, adherence to technical standards and overall competence. The internal auditor on the other hand requires no formal training.
- Unlike the external auditors, who are appointed at the Annual Meeting by the shareholders of a company, the internal auditor is hired by the management of the company. In turn this means he can be dismissed by the directors or other senior managers, subject only to normal employment rights.
- The primary objective of the external auditor is laid down by the applicable companies’ acts, whereas the internal auditor’s objectives are dictated by the management of the company. As a result, management can place limitations on the scope of the internal auditor’s work. While some of his work may be similar to that of the external auditor, more of it could relate to areas such as value for money.
