4、You are a manager at Chennai & Co, a firm of Chartered Certified Accountants. One of the partners has asked you to investigate and respond to a number of issues which have arisen with two different companies.
(a) Delhi Co, a potential new client, is a privately owned and rapidly expanding company which currently operates below the audit threshold in the country in which it is based. The company’s management is currently considering having either a full audit or a limited assurance review of their financial statements. The partner would like you to assist the management of Delhi Co by writing a response to them in which you:
(i) Explain the difference between an audit of historical financial statements and a limited assurance review. (4 marks)
(ii) Discuss the relative advantages and disadvantages to Delhi Co of having an audit of their historical financial statements as opposed to a limited assurance review. (8 marks)
Delhi Co was incorporated in 2005, with founder and chief executive Mr Nimesh Dattani as the sole shareholder. After a period of rapid growth, Delhi Co took out a ten-year bank loan facility in June 2007 to finance Mr Dattani’s ambitious expansion plans. This was supported by a further injection of financial capital in 2014 through a new issue of shares in the company. The shares were sold to Mr Robert Hyland, an ex-business partner of Mr Dattani. The sale gave Mr Hyland a 40% shareholding in Delhi Co. He has no involvement in the management of the company.
Until recently Delhi Co operated with a small accounting department, comprising one full-time member of staff and one part-time employee. Due to the expansion of the company and Mr Dattani’s plans to expand the customer base internationally, it has been necessary to increase the size of the accounting function to include two new full-time members of staff. Both of the new recruits are part-qualified accountants and Mr Dattani has committed to sponsoring them through their remaining training and ACCA examinations.
Required:
Prepare the response to the management of Delhi Co as requested by the partner.
Note: The split of the mark allocation is shown against each of the issues above.
(b) The audit committee of another client, Mumbai Co, has asked the partner to consider whether it would be possible for the audit team to perform a review of the company’s internal control system. A number of recent incidents have raised concerns amongst the management team that controls have deteriorated and that this has increased the risk of fraud, as well as inefficient commercial practices. The audit report for the audit of the financial statements of Mumbai Co for the year ended 31 March 2016 was signed a few weeks ago. Mumbai Co is a listed company.
Required:
In respect of the request for Chennai & Co to review Mumbai Co’s internal control systems:
Identify and discuss the relevant ethical and professional issues raised, and recommend any actions necessary. (8 marks)
(a) (i) Difference between an audit and a limited assurance review
An audit is a mandatory requirement in most countries, although some small companies below a certain threshold may be exempted. Limited assurance reviews are not usually required by law.
The scope of and procedures performed during an audit are determined by the audit firm in accordance with the auditing standards adopted by the professional regulatory body. The scope of a limited review is agreed by the firm providing the services and the client, although this must be in accordance with any relevant standards on assurance and related services adopted by professional regulators.
In particular, an audit involves a wide range of procedures used to obtain evidence, including both tests of controls and substantive procedures. The latter include inspection of documents, recalculation, observation, enquiry and analytical procedures, amongst others. Limited reviews use a narrower range of procedures, focusing primarily on enquiry and analytical procedures.
Overall, the level of assurance provided by an audit is much higher than that provided by a limited review. In an audit the practitioner expresses reasonable levels of assurance, whereas in a review engagement the practitioner expresses moderate levels of assurance.
This has a significant impact on the wording of the respective reports. In an audit report the practitioner expresses an opinion as to the fair presentation of the financial statements. An example of this would be:
‘In our opinion the financial statements present fairly, in all material respects, the financial position of the company, its financial performance and its cash flows for the year ended in accordance with International Financial Reporting Standards.’
A review engagement report does not express any opinion on the fair presentation of the financial statements reviewed, instead the report expresses a conclusion based only upon the work performed. For example:
‘Based on the review performed, nothing has come to our attention which causes us to believe that the accompanying financial statements are not fairly presented in all material respects in accordance with International Financial Reporting Standards.’
The review engagement report is often referred to as a negative form of opinion, whereas the audit report is referred to as a positive statement regarding the fair presentation of the financial statements.
(ii) Advantages and disadvantages to Delhi Co of having an audit
Advantages
One of the key differences between an audit and a review engagement is that an audit provides a reasonable level of assurance, whereas a review only provides limited assurance. This means that an audit provides stronger assurances to users of the financial statements regarding their accuracy and credibility.
This would be significant for Delhi Co for a number of reasons. The first is that the company now has an external shareholder, Robert Hyland, who is not part of the executive management team. With this separation of ownership and control comes an increased need to hold the management of the company accountable to the external shareholders and having a full audit will provide a much stronger form of accountability.
Second, Delhi Co has a bank loan facility which is due to expire in 2017. Given the ambitious expansion plans of Delhi Co, it is likely that the company will want to renew this facility and they may even seek to obtain more loan finance. If this is the case, it is very likely that the bank will seek a reasonable level of assurance over the financial statements.
By electing to have an annual audit now, it may avoid delays in 2017 when the company comes to renegotiate terms with the bank.
Finally, the internal management team needs good quality information on which to base their operational and strategic decisions. As the business grows and the significance of those decisions increases, it becomes more important that the management team has information that they can rely on. Having fully audited financial statements, as opposed to a limited review, will increase the confidence of management in the accuracy of the information used.
Another benefit of having a full audit now is that, whilst the business is currently under the audit exemption threshold, it is rapidly expanding and may soon exceed the threshold and be subject to mandatory audit. One of the key problems of auditing a business for the first time is that there is no existing assurance over the opening balances and comparative figures. In this case the first audit is much more time consuming, and therefore expensive, as the audit team has to invest more time investigating prior year figures. The requirement to review the prior year would be much less onerous if the company began to have their financial statements audited now while they were still relatively small and this would lead to a more efficient audit in the future.
Delhi Co also plans to expand its customer base. Trading internationally usually adds extra complications due to the added complexity in the supply chain, foreign exchange and simple lack of familiarity with the company. Customers may want assurances that any company they sign a trading agreement with has the resources to satisfy their contractual obligations. For this reason, having fully audited accounts, as opposed to accounts which have had a limited review, may give potential customers increased confidence in the financial position of Delhi Co and may improve their chances of forming new trade partnerships.
There has also been a recent change in the accounting department of Delhi Co. This is normal in a rapidly expanding business but it creates new challenges. Often the accounting systems of small companies are unsophisticated but as the company grows the systems soon become outdated and less effective. An audit incorporates a review of effectiveness of the internal control systems relevant to the production of the financial statements and any deficiencies identified by the auditor would be reported to management. Given the changes Delhi Co has experienced, a full audit may help them assess the effectiveness of their internal systems and make changes where necessary. The systems would not be assessed with a limited review.
The change in staff in the accounts department also increases the risk of misstatement of the financial statements due to their lack of familiarity with the company and the accounting systems. The fact that the new recruits are both part qualified further increases the risk of misstatement of the financial statements because the trainees may not be fully able to process all of the transactions and events relevant to the business. An audit is a more thorough investigation of the financial statements than a review and would be much more likely to identify misstatements, providing management with more reliable figures upon which to base their decisions.
Disadvantages
While an audit is a more thorough investigation, it is also more expensive than a review. For a small company an audit may be prohibitively expensive, whereas a review may be more affordable.
As the company is currently exempt, an audit may also be an unnecessary cost. Delhi Co already managed to raise a loan without the need for audited accounts. The external shareholder is also an ex-business partner of Mr Dattani and it is likely that they have a good working relationship. If Mr Hyland needs assurances, it is possible that Mr Dattani could satisfy this on an informal basis without the need to incur the costs of an audit. Mr Hyland also decided to invest knowing that the company was not subject to audit, so it may not be a concern of his.
An audit is also more invasive than a limited review and would require the staff of Delhi Co to provide more information to the auditor and give up more of their time than would be the case with a limited review. Given the relative inexperience of the accounts team, Mr Dattani may prefer to choose the less invasive limited review now and perform a full audit in the future when the team is more knowledgeable of the business.
(b) Mumbai Co
Review of internal controls
Reviewing the internal controls of an audit client which are relevant to the financial reporting system would create a self-review threat as the auditor would consequently assess the effectiveness of the control system during the external audit.
The design, implementation and maintenance of internal controls are also management responsibilities. If the auditor were to assist in this process, it may be considered that they were assuming these management responsibilities. The IESBA Code of Ethics for Professional Accountants (‘the Code’) identifies this as a potential self-review, self-interest and familiarity threat. The latter arises because the audit firm could be considered to be aligning their views and interests to those of management.
The Code states that the threats caused by adopting management responsibilities are so significant that there are no safeguards which could reduce the threats to an acceptable level.
The only effective measures which could be adopted would be those which ensured the audit firm did not adopt a management responsibility, such as ensuring that the client has assigned competent personnel to be responsible at all times for reviewing internal control review reports and for determining which of the recommendations from the report are to be implemented.
Furthermore, the Code stipulates that if the client is listed and also an audit client, then the audit firm shall not provide internal audit services which relate to a significant part of the internal controls relevant to financial reporting. Given that this is the main expertise of the audit firm, it is likely that they will be required to perform some work in this area and this service would therefore not be appropriate.
If Mumbai Co would like the firm to perform a review of internal controls not related to the financial reporting system, Chennai Co would need to consider whether they have the professional competencies to complete the engagement to the necessary standard of quality.
Concerns regarding deterioration in controls
One of the responsibilities of the auditor is to evaluate the design and implementation of the client’s controls relevant to the audit in order to assist with the identification of risks of material misstatement. This includes the specific requirement to consider the risk of material misstatement due to fraud.
If deficiencies in internal controls are identified, the auditor has to assess the potential impact on the financial statements and design a suitable response in order to reduce audit risk to an acceptable level. The auditor is also responsible for communicating significant deficiencies in internal control to those charged with governance on a timely basis.
The audit committee has suggested that a number of internal control deficiencies have recently been identified which they were not previously aware of. This suggests that these were not issues identified or reported to those charged with governance by the auditor.
If these internal control deficiencies relate to systems relevant to the audit, it may suggest that the audit firm’s consideration of the internal control system failed to detect these potential problems, which may indicate ineffective audit planning. If so, this increases the risk that the audit procedures designed were inappropriate and that there is a heightened risk that the audit team failed to detect material misstatements during the audit. In the worst case scenario this could mean that Chennai & Co issued an inappropriate audit opinion.
The circumstances are not clear though; the audit committee of Mumbai Co has not specified which controls appear to have deteriorated and whether these are related to the audit or not. There is also no indication of the potential scale of any fraud or inefficient commercial practice. It is possible that the risks resulting from the deficiencies are so small that they did not lead to a risk of material misstatement. In these circumstances, the audit team may have identified the deficiencies as not being significant and reported them to an appropriate level of operating management.
In order to assess this further, the manager should examine the audit file and review the documentation in relation to the evaluation of the internal controls of Mumbai Co and assess any subsequent communications to management and those charged with governance. The concerns raised by the audit committee should be noted as points to take forward into next year’s audit, when they should be reviewed and evaluated as part of planning the audit for the 2017 year end.
Additionally, Chennai & Co should contact the audit committee of Mumbai Co to seek further clarification on the nature and extent of the deficiencies identified and whether this has resulted in any actual or suspected acts of fraud.