Briefing notes
To: Vincent Vega, audit engagement partner
From: Audit engagement manager
Subject: Audit planning – ZCG
Introduction
These briefing notes have been prepared to assist in the audit planning of ZCG, and contain an evaluation of audit risk and a discussion of the matters to be considered in determining whether to place reliance on the Group’s internal audit department. The notes also include the recommended audit procedures to be performed on the classification of the investment in WTC and on the measurement of a licence acquired on 1 January 2015.
(a)    Evaluation of audit risks
Recognition of 50% equity shareholding in WTC
The 50% equity shareholding is likely to give rise to a joint venture under which control of WTC is shared between ZCG and Wolf Communications Co. IFRS 11 Joint Arrangements requires that an investor which has joint control over a joint venture should recognise its investment using the equity method of accounting. Audit risk arises in that despite owning 50% of the equity shares of WTC, ZCG may not actually share control with Wolf Communications, for example, if Wolf Communications retains a right to veto decisions or if ZCG cannot appoint an equal number of board members in order to make joint decisions with board members appointed by Wolf Communications. If ZCG does not have joint control, then WTC should not be treated as a joint venture.
Assuming that there is shared control, an audit risk arises in that ZCG may not have correctly applied equity accounting, thereby potentially over or understating ZCG’s investment and resulting in incorrect presentation in the consolidated statement of financial position and statement of profit or loss. The cost of the investment in WTC represents 7·5% of ZCG’s total assets at 31 August 2016, thus the investment is material to the Group.
Amortisation of licence to operate in Farland
The licence acquired on 1 January 2015 should be recognised as an intangible asset and amortised on a systematic basis over its useful life. According to IAS 38 Intangible Assets, the amortisation method should reflect the pattern of benefits, or if the pattern cannot be determined reliably, the straight-line method of amortisation should be used. Amortisation should begin when the asset is available for use, meaning when it is in the location and condition necessary for it to be capable of operating in the manner which management intends. ZCG therefore should begin to amortise the licence on 1 July 2016 and amortise over the remaining licence period of eight and a half years. The audit risk is that amortisation did not commence at the right point in time or that it has been determined using an inappropriate useful life, leading to over or understatement of the amortisation charge to profit as well as the carrying value of the intangible asset.
Assuming that it is appropriate to use the straight-line method, amortisation for the year to 31 December 2016 should be $3·8 million (65/8·5 x 6/12). This represents 1·3% of extrapolated revenue for the year of $297 million (198 x 12/8) and is therefore material, and the amortisation will be more material next year when a full year’s charge to profit is made.
Impairment of the Farland licence
IAS 38 does not require an annual impairment review to be conducted for all intangible assets. However, management should consider whether there are indicators of impairment and if necessary perform an impairment review on the licence. The competitor’s actions which appear to have reduced customer demand to a level below that anticipated is an indicator of potential impairment, so management must calculate the recoverable amount of the licence and compare to its carrying value in order to determine if the asset is impaired. Therefore there is a risk that the licence is overstated in value, and operating profit also overstated if any necessary impairment has not been recognised.
Revenue recognition
Revenue recognition is complex and is a significant accounting issue with the risk of error increased by the fact that the Group is implementing the new requirements of IFRS 15 Revenue from Contracts with Customers for the first time this year. With the adoption of any new financial reporting standard, there is an audit risk in that the new requirements are unfamiliar to the preparers of the financial statements. There may be errors in the understanding and application of the new rules, especially in areas of judgement, and controls may not have been sufficiently robust over any necessary systems changes. Further, it is surprising that there are no comments in the latest internal audit report on the new controls which should have been implemented during the year in relation to the new requirements of IFRS 15. It is anticipated that internal audit should have been involved in testing the newly implemented controls for effectiveness. This may imply that the controls may not be fit for purpose and again increases control risk and therefore audit risk in this area. We will need to ensure that we document the systems and controls in place and evaluate the significance of any control risk in order that we respond appropriately to any risks of material misstatement which are identified.
The audit team members themselves may be unfamiliar with the new requirements, creating a detection risk. Any necessary changes in accounting policy may not have been appropriately accounted for and disclosed in accordance with IAS 8
Accounting Policies, Changes in Accounting Estimate and Errors. Given the significance of revenue recognition to the Group’s financial statements, the potential misapplication of IFRS 15 and IAS 8 gives rise to a significant audit risk.
ZCG is supplying customers with a multiple-element contract and is providing access to a mobile phone network and a fixed landline and broadband service. The key audit risk arises in relation to whether ZCG accounts for the elements of the contract separately in accordance with IFRS 15 which requires the revenue to be derived from the contract to be allocated to each component. ZCG should have robust systems in place to ensure that contracts can be ‘unbundled’, enabling the revenue from each part of the contract to be separately determined, otherwise there is a significant risk that the revenue element attributable to each component of the customer contracts will be over or understated.
There is also a risk that the timing of revenue recognition will not be in line with ZCG meeting its performance obligations, also a requirement of IFRS 15. Contracts vary in length, lasting two or three years, and there is an audit risk that the timing of revenue recognition is not appropriate. The fact that total revenue, when extrapolated for the 12-month period, is expected to increase by 35% could indicate that revenue is being recognised too early. This could indicate a misapplication of IFRS 15, possibly changes to accounting policies which have been made on adoption of IFRS 15 are not appropriate.
IFRS 15 contains significant disclosure requirements and there is a risk that ZCG fails to provide sufficient disclosure on a range of matters relevant to its contracts with customers, including the significant judgements made in applying IFRS 15 to those contracts and sufficient disaggregation of the necessary disclosures.
Given the significant volume of individual customer contracts and the complexity of the accounting treatment, revenue recognition is a significant audit risk.
Right to use network capacity
The payment of $17·8 million to acquire access to network capacity represents 3% of total assets and 6% of extrapolated revenue for the year, thus the amount is material. It seems that risk and reward does not pass to ZCG in respect of the assets being used and the seller retains control over the use of its network assets. Therefore the network capacity should not be recognised as an intangible asset of ZCG and the Group is currently adopting an inappropriate accounting treatment which has resulted in intangible assets being overstated. The accounting treatment for these rights should be discussed with ZCG as soon as possible. The most appropriate accounting treatment would seem to be for ZCG to record the cost of the right to use the network capacity as a prepayment and recognise the cost in profit or loss on a straight-line basis over the term of the agreements and this accounting treatment should be reflected in the financial statements as soon as possible. The audit team will need to be made aware of the risk that prepayments and operating expenses are over or understated if the cost has not been treated as a prepayment and/or is not released to profit or loss over an appropriate period.
A further risk is the payment to the network provider is for a specified amount of access to the network provider’s network. There is a risk is that ZCG has exceeded the allocated allowance and that any necessary additional payment due for excess usage is not recognised in the financial statements.
Internal controls and fraud risk
The internal audit department has reported that internal controls are ‘working well’. This statement will need to be substantiated but gives the impression that control risk is likely to be low. The work of the internal control department will be discussed in more detail in the next section of the briefing notes.
However, it is worth noting that two frauds have been found to be operating during the year, giving rise to audit risk. Although the total monetary amount attributable to the frauds is less than 1% of revenue, therefore immaterial, the fact that the frauds have occurred indicates that there are significant internal control deficiencies which could mean that other frauds are operating. We will need to carefully plan our audit approach to expenses and payroll in light of the increased fraud risk.
The lack of approval and authorisation of expenses discovered by internal audit is concerning as this appears to involve higher level management and may call into question management integrity. We should review the work of internal audit to establish if this is an area where controls have been overridden or if there are current gaps within the control framework. We should review and update our systems notes to identify where reliance can potentially be placed on controls and where there are deficiencies.
The issue uncovered by internal audit in relation to payroll suggests that there is inadequate control over the Group’s IT system. Access controls, which form part of the Group’s general IT controls, are weak which means that other areas of the system may be vulnerable. This significantly increases control risk and as a result presents a significant area of audit risk. We will need to ensure that we carefully plan our approach as this may mean that there are areas of the system where no reliance can be placed on internal controls and appropriate alternative procedures will need to be applied.
Segmental reporting
Being a listed entity, ZCG should provide segmental information in the notes to the financial statements in accordance with IFRS 8 Operating Segments. The audit risk is that the segmental information provided is not sufficiently detailed and/or not based on the information reported internally to the Group’s chief operating decision maker. There are some unusual trends in the segmental revenue figures from the management accounts. For example, revenue from south east Asia appears to have increased significantly – if the 2016 revenue figure is extrapolated to a 12-month period, the projected revenue from that segment is $49·5 million, an increase of 65% compared to 2015. There is a risk that revenues have been misallocated between segments and that the disclosure is inaccurate.
(b)    Matters which should be considered in determining the amount of reliance, if any, which can be placed on the work of ZCG’s internal audit department.
According to ISA 610 Using the Work of Internal Auditors, the external auditor may decide to use the work of the audit client’s internal audit function to modify the nature or timing, or reduce the extent, of audit procedures to be performed directly by the external auditor. Note that in some jurisdictions the external auditor may be prohibited, or restricted to some extent, by law or regulation from using the work of the internal audit function. Therefore Tarantino & Co should consider whether it is prohibited by the law or regulations which it must adhere to from relying on the work of ZCG’s internal audit department or using the internal auditors to provide direct assistance.
Tarantino & Co must evaluate the internal audit department to determine whether its work is suitable by evaluating:
– The extent to which the internal audit function’s organisational status and relevant policies and procedures support the objectivity of the internal auditors;
– The level of competence of the internal audit function; and
– Whether the internal audit function applies a systematic and disciplined approach, including quality control.
One of the key issues to be evaluated is objectivity – the internal audit department should be unbiased in their work and be able to report their findings without being subject to the influence of others. The fact that the latest internal audit report is addressed to ZCG’s finance director could indicate that there is a conflict of interest, as the internal audit department should report directly to the audit committee or to those charged with governance in order to maintain their independence.
The internal audit team is managed by a qualified accountant who is presumably technically competent, though the nature and status of his qualification should be determined. Tarantino & Co should consider whether the rest of the internal audit department is staffed by professional accountants, whether ZCG has a training programme in place for the internal auditors, for example, to ensure that they are up to date with new IFRS requirements such as IFRS 15, and whether there are sufficient resources for the internal auditors to carry out their duties in a large multi-national organisation.
When assessing competency, consideration must also be given to the overall findings which were reported regarding the deficiencies in the current internal control system. The internal audit department has concluded that controls are working well despite there being two instances of fraud in the year which may have more serious ramifications than first suggested. The scope of work carried out in this area and the resultant recommendations will need to be reviewed. This may further suggest that the internal audit department is not free to investigate or report their findings due to the current reporting chains.
If there are doubts over either the objectivity or the competence of the internal audit department, then Tarantino & Co should not rely on their work.
In order to determine whether the internal audit department works in a systematic and disciplined way, Tarantino & Co should consider matters including the nature of documentation which is produced by the department and whether effective quality control procedures are in place such as direction, supervision and review of work carried out.
If Tarantino & Co wants to use the internal audit function to provide direct assistance, then the firm should:
– obtain written agreement from an authorised representative of the entity that the internal auditors will be allowed to follow the external auditor’s instructions, and that the entity will not intervene in the work the internal auditor performs for the external auditor; and
– obtain written agreement from the internal auditors that they will keep confidential specific matters as instructed by the external auditor and inform the external auditor of any threat to their objectivity.
If these confirmations cannot be obtained, then the internal auditors should not be used to provide direct assistance.
(c)    (i) Audit procedures on the classification of the 50% shareholding in WTC
– Obtain the legal documentation supporting the investment and agree the details of the investment including:
The date of the investment
Amount paid
Number of shares purchased
The voting rights attached to the shares
The nature of the profit sharing arrangement between ZCG and Wolf Communications
The nature of access to WTC’s assets under the terms of the agreement
Confirmation that there is no restriction of ZCG’s shared control of WTC
– Read board minutes to confirm the approval of the investment and to understand the business rationale for the investment.
– Read minutes of relevant meetings between ZCG and Wolf Communications to confirm that control is shared between the two companies and to understand the nature of the relationship and the decision-making process.
– Obtain documentation such as WTC’s organisational structure to confirm that ZCG has successfully appointed members to the board of WTC and that those members have equal power to the members appointed by Wolf Communications.
(ii) Audit procedures on the measurement of the operating licence to operate in Farland
– Obtain the licence agreement and confirm the length of the licence period to be 10 years from the date it was granted.
– Confirm whether the licence can be renewed at the end of the 10-year period, as this may impact on the estimated useful life and amortisation.
– Re-perform management’s calculation of the amortisation charged as an expense in 2016.
– Discuss with management the process for identifying an appropriate amortisation method and where relevant, how the pattern of future economic benefits associated with the licence have been determined.
– Confirm with management that the Farland network became operational on 1 July 2016.
– Review a sample of contracts with customers in Farland to verify that contracts commenced from the operational date of 1 July 2016.
– Enquire with management on the existence of any factors indicating that a shorter useful life is appropriate, for example, the stability of market demand in Farland or possible restrictions on the network capacity in Farland.
– Review management accounts and cash flow forecasts to confirm that Farland is generating an income stream and is predicted to continue to generate cash.
– Obtain a written representation from management confirming that there are no indications of impairment of the licence of which management is aware.
Conclusion
These briefing notes highlight that there are a number of audit risks to be addressed, in particular revenue recognition, and fraud risks appear to be significant issues requiring a robust response from the audit team. We will need to carefully consider whether it is appropriate to receive direct assistance from the internal audit department.