eu project n° markt/2007/15/f lot...

EU Project N° MARKT/2007/15/F LOT 2

Evaluation of the differences between InternationalStandards on Auditing (ISA) and the standards of

the US Public Company Accounting Oversight Board(PCAOB):

Appendix

Maastricht Accounting, Auditing andInformation Management Research Center (MARC)

20 July 2009

2

Preface

This appendix provides a comparative analysis containing differences between

ISAs issued by IAASB and US PCAOB Auditing and Interim Standards. The

analysis of differences is structured around the following nine topics:

1. General principles and responsibilities with respect to an audit of financial

statements (including initial engagement, terms of engagement, auditor

appointment, engagement letters, general independence issues, reference

to applicable standards, quality control).

2. Internal control over financial reporting (including reporting on internal

control).

3. Risk assessment and use of analytical procedures.

4. Nature of management assertions and documentation requirements;

management representations; comparative information; other information

in documents containing financial statements.

5. Audit risk model, audit planning, materiality and sampling.

6. Fraud and illegal acts; compliance with laws and regulations; related

parties.

7. Specific tests and evidence (confirmations, and tests of inventory,

subsequent events, estimates and fair value).

8. Special topics relating to the audit process (including reliance on service

organizations, communications with predecessor auditors, going concern

tests, use of internal auditors, use of specialists, inquiry of a client’s

lawyer).

9. Audit communications (including audit reports and audit committees).

For each topic, our discussion starts with an overview of the different subjects

discussed and the relevant ISAs and PCAOB standards that are compared.

Subsequently, we include a table presenting the most relevant differences

between the ISAs and PCAOB standards for each topic. This table contains 6

columns:

-Column 1 contains an identification number of the difference, which is numbered

continuously across topics and subjects.

3

-Column 2 contains the relevant excerpts from the requirements of the ISAs.

-Column 3 contains the relevant excerpts from the application and other

explanatory material of the ISAs.

-Column 4 contains the relevant excerpts from the PCAOB standards.

-Column 5 contains the comparative analysis excluding the ISA application and

other explanatory material.

-Column 6 contains additional comments to the comparative analysis when

including the ISA application and other explanatory material.

When reading the comparisons, please keep the following issues in mind:

1. The comparative analysis relates to all clarified ISAs, which will come into

effect on or after December 15, 2009. We note that the PCAOB released a

proposed standard on engagement quality review in February 2008 and March

2009, and proposed auditing standards related to the auditor’s assessment of

and response to risk in October 2008. Since the proposed PCAOB standards

are still subject to change before final adoption, we do not integrate them in

the comparative analysis. However, the PCAOB included an appendix in its

proposed risk assessment standards on auditor’s assessment of and response

to risk with a comparison between these proposed standards and the ISAs. To

give some indication how our comparative analysis would be affected if these

proposed risk assessment standards are adopted, we include footnotes in our

comparative analysis referring to the PCAOB’s document. If the PCAOB adopts

its proposed standards, this is likely to reduce the number of differences

between the two sets of standards, although it may also create some new

differences. As stated in the press release of the PCAOB accompanying the

release of its proposed risk assessment standards: “The proposed standards

reflect the Board’s effort to reduce unnecessary differences with the risk

assessment standards of other auditing standard setters. (…). While many of

the procedures described in the IAASB standards appear to be generally

suitable for audits of issuers, the Board believes that certain changes to those

standards would be necessary for the Board to adopt them as standards of the

PCAOB. Accordingly, there is a degree of commonality between the proposed

standards and the IAASB’s recently updated risk assessment standards,

though they do not mirror them word-for-word”.

4

2. It is important to note that ISA 200 states that the application and other

explanatory material included within an ISA is an integral part of the

standard. Consequently, we include this material in our comparative analysis

even though such material is not intended to impose a requirement on

auditors. However, we do make a distinction between ISA requirements and

ISA application and other explanatory material in our analysis. PCAOB

Auditing and Interim Auditing Standards do not make such a distinction so we

rely on the official codification within the AU sections of the standards (for the

interim standards). Other sources of practice guidance used in the US are not

included in our analysis. Further, we exclude IAPSs (International Auditing

Practice Statements). These distinctions should be taken into account when

interpreting the differences in the detailed standards.

3. ISA 800-899 (Specialized areas), AU Section 600 (Other types of reports), AU

700 (Special topics), AU 800 (Compliance auditing), AU 900 (Special reports

of the committee on auditing procedures) as well as rules of independence

embodied into the different national laws and regulations are beyond the

scope of the study.

4. We exclude ISAs for smaller entities and additional guidance for public sector

entities.

5. We note that there are clear differences in language and wording used in the

standards (e.g. use of shall, must, should or may). However, we did not

express an opinion in our comparative analysis on the practical implications of

semantic differences between the two sets of standards even though the use

of different terms may have legal implications in some jurisdictions.

6. In the discussion of differences, reference is sometimes made to other laws or

regulations. The reason for doing so is to put the differences in context, not to

minimize them.

7. To facilitate finalization of this report, February 1, 2009 was the agreed-upon

cutoff for considering changes to PCAOB and ISA standards to be included in

the analysis. Consequently, this report incorporates the final version of the

clarified ISAs issued in December 2008. It does not incorporate efforts by the

IAASB to improve the consistency of language across standards and other

conforming changes that were made subsequent to the release of the clarified

standards.

5

8. The differences presented in this appendix are not intended to be a

comprehensive list of all differences. They only contain differences that

according to the research team may be relevant as they meet one of the

following three pre-defined criteria:

o The difference could have an impact on the audit (in terms of activities,

procedures, process, or outcome).

o The difference is a formal but substantive difference even though it may

not have an impact on the conduct of the audit.

o The difference arises due to the different context of the US or international

audit market, i.e., it may apply to the US or the international arena even

though it may not apply to the other.

9. The differences and discussion included in this appendix are solely the views

of the research team.

6

Key

AU Refers to AICPA codification of auditing standards

HB IFAC Handbook 2008

ISQC International Standard on Quality Control

AS PCAOB Auditing Standard

QC Statement on Quality Control Standard (issued by the Auditing

Standards Board)

ISA Final ISA Final refers either to a “Final” International Standard on

Auditing or a “Final IAASB-Approved Draft”, which is the text

approved by the IAASB and submitted to the PIOB for approval of

due process applied.

7

Topic 1: General principles and responsibilities with respect to an audit of financial statements (including initial engagement, terms of engagement, auditorappointment, engagement letters, general independence issues, reference to applicable standards)

Subject ISANumber

ISATitle

PCAOB standardNumber

PCAOB standardTitle

AUDITOR RESPONSIBILITIES ISA 200 Final “Overall Objectives of the Independent Auditorand the Conduct of an Audit in Accordance withInternational Standards on Auditing”

AU 110 “Responsibilities and Functions of the IndependentAuditor”

AU 150 “Generally Accepted Auditing Standards”AU 201 “Nature of the General Standards”AU 210 “Training and Proficiency of the Independent

Auditor”AU 220 “Independence”AU 230 “Due Professional Care in the Performance of Work”AS 1 “References in Auditor’s Reports to the Standards of

the Public Company Accounting Oversight Board”TERMS OF ENGAGEMENT ISA 210 Final “Agreeing the Terms of Audit Engagements” AU 310 “Appointment of the Independent Auditor”

INITIAL AUDIT ENGAGEMENTS ISA 510 Final “Initial Audit Engagements – Opening Balances” AU 420 “Consistency of Application of Generally AcceptedAccounting Principles”

AU 315.12-.13 “Communications Between Predecessor andSuccessor Auditors”

AS 6 “Evaluating Consistency of Financial Statements”QUALITY CONTROL ISA 220 Final “Quality Control for an Audit of Financial

Statements”QC section 20 “System of Quality Control for a CPA Firm’s

Accounting and Auditing Practice”ISQC 1Final “Quality Control for Firms that Perform Audits and

Reviews of Financials Statements, and OtherAssurance and Related Services Engagements”

AU 161 “The Relationship of Generally Accepted AuditingStandards to Quality Control Standards”

8

AUDITOR RESPONSIBILITIESISA 200 Final “Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with International Standards on Auditing”

AU 110 “Responsibilities and Functions of the Independent Auditor”AU 150 “Generally Accepted Auditing Standards”

AU 201 “Nature of the General Standards”AU 210 “Training and Proficiency of the Independent Auditor”

AU 220 “Independence”AU 230 “Due Professional Care in the Performance of Work”

AS 1 “References in Auditor’s Reports to the Standards of Public Company Accounting Oversight Board”1

No. ISA 200 FinalRequirements

ISA 200 FinalApplicaton Material

AU 110/ AU 150/ AU 201/ AU 210/AU 220/ AU 230/ AS 1

Comparative analysis:Analysis excluding ISA applicationand other explanatory material

Comparative analysis:Additional comments when ISAapplication and other explanatorymaterial is included

1 Reference to applicable standards

20. The auditor shall not representcompliance with ISAs in the auditor’sreport unless the auditorhas complied with the requirementsof this ISA and all other ISAs relevantto the audit.

A55. In performing an audit, theauditor may be required to complywith legal or regulatoryrequirements in addition to the ISAs.The ISAs do not override laws andregulations thatgovern an audit of financialstatements. In the event that thoselaws and regulations differfrom the ISAs, an audit conductedonly in accordance with laws andregulations will notautomatically comply with ISAs.

AS 1. 3. Accordingly, in connectionwith any engagement performed inaccordance withthe auditing and related professionalpractice standards of the PCAOB,whenever theauditor is required by the interimstandards to make reference in areport to generally acceptedauditing standards, U.S. generallyaccepted auditing standards,auditing standards generallyaccepted in the United States ofAmerica, or standards established bythe AICPA, the auditor must insteadrefer to "the standards of the PublicCompany Accounting OversightBoard (United States)." An auditor

AS 1: when required, the auditormust refer in his report to the“standards of the Public CompanyAccounting Oversight Board (UnitedStates)”.

ISA 200 Final, para. 20: the auditorshall not represent compliance withISAs unless the auditor has compliedwith all of the ISAs relevant to theaudit.

We note that this difference isinherent to the character of thestandards (i.e. national law versusinternational regulation).

ISA 200 Final, para. A55 indicatesthat ISAs do not override laws andregulations that govern an audit offinancial statements.

1 On October 21, 2008, the PCAOB proposed seven new risk assessment standards (see PCAOB Release 2008-006). An overview of any differences between ISA 200 and the proposed auditing standard on“Audit Risk in an Audit of Financial Statements”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of the issuesin the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).

http://www.pcaob.org/Rules/Docket_026/Comments/All.pdf

9

must also include the city and state(or city and country, in the case ofnon-U.S. auditors) from which theauditor's report has been issued.

10

TERMS OF ENGAGEMENTISA 210 Final “Agreeing the Terms of Audit Engagements”

AU 310 “Appointment of the Independent Auditor”


ISA 210 FinalApplication and other explanatorymaterial

AU 310 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


2 Acceptance of a Change in theTerms of the Audit Engagement

14. The auditor shall not agree to achange in the terms of the auditengagement where there is noreasonable justification for doing so.(Ref: Para. A29-A31)

15. If, prior to completing the auditengagement, the auditor isrequested to change the auditengagement to an engagement thatconveys a lower level of assurance,the auditor shall determine whetherthere is reasonable justification fordoing so. (Ref: Para. A32-A33)

16. If the terms of the auditengagement are changed, theauditor and management shall agreeon and record the new terms of theengagement in an engagementletter or other suitable form ofwritten agreement.

17. If the auditor is unable to agreeto a change of the terms of the auditengagement and is not permitted bymanagement to continue theoriginal audit engagement, the

Request to Change the Terms of theAudit Engagement (Ref: Para. 13)A29. A request from the entity forthe auditor to change the terms ofthe audit engagement may resultfrom a change in circumstancesaffecting the need for the service, amisunderstanding as to the natureof an audit as originally requested ora restriction on the scope of theaudit engagement, whetherimposed by management or causedby other circumstances. The auditor,as required by paragraph 14,considers the justification given forthe request, particularly theimplications of a restriction on thescope of the audit engagement.

A30. A change in circumstances thataffects the entity’s requirements ora misunderstanding concerning thenature of the service originallyrequested may be considered areasonable basis for requesting achange in the audit engagement.

A31. In contrast, a change may not

Unlike AU 310, ISA 210 Finaladdresses circumstances wherethere is a request by the client tochange the terms of theengagement. AU 310 does notaddress such circumstances as this isgenerally not applicable in the U.S.public company environment.

11

auditor shall:(a) Withdraw from the auditengagement where possible underapplicable law or regulation; and(b) Determine whether there is anyobligation, either contractual orotherwise, to report thecircumstances to other parties, suchas those charged with governance,owners or regulators.

be considered reasonable if itappears that the change relates toinformation that is incorrect,incomplete or otherwiseunsatisfactory. An example might bewhere the auditor is unable toobtain sufficient appropriate auditevidence regarding receivables andthe entity asks for the auditengagement to be changed to areview engagement to avoid aqualified audit opinion or adisclaimer of opinion.

3 Scope Limitation Prior toAcceptance

7. If management or those chargedwith governance impose a limitationon the scope of the auditor’s work inthe terms of a proposed auditengagement such that the auditorbelieves the limitation will result inthe auditor disclaiming an opinionon the financial statements, theauditor shall not accept such alimited engagement as an auditengagement, unless required by lawor regulation to do so.

Although PCAOB standards (i.e. AU508.22-.34) discuss scope limitationsduring the engagement, it does notcontain direction in case there is ascope limitation prior to theacceptance of the engagement, asISA 210 Final does.

4 Documentation

10. Subject to paragraph 11, theagreed terms of the auditengagement shall be recorded in anaudit engagement letter or othersuitable form of written agreementand shall include: (Ref: Para. A22-A25)…

Documentation

05. … The auditor should documentthe understanding in the workingpapers, preferably through a writtencommunication with the client. …

Both standards require the auditorto document the understanding withthe client regarding the services tobe performed for each engagement.ISA 210.10 Final requires a writtenagreement, unless law or regulationprescribes the terms of theengagement in sufficient detail (ISA210.11). AU 310 requires the auditor

12

11. If law or regulation prescribes insufficient detail the terms of theaudit engagement referred to inparagraph 10, the auditor need notrecord them in a written agreement,except for the fact that such law orregulation applies and thatmanagement acknowledges andunderstands its responsibilities asset out in paragraph 6(b). (Ref: ParaA22, A26, A27)

to document the understanding inthe working papers, and suggests(but does not impose) a “preferable”method to do so, i.e. through awritten communication with theclient.

We have to note however that,although not explicitly required bythe American auditing standards,auditors in the U.S. public companyenvironment generally obtainwritten agreements and obtainthose written agreements annuallyin order to comply with theSarbanes-Oxley Act of 2002 and SECRelease No. 33-8183, Strengtheningthe Commission’s RequirementsRegarding Auditor Independence.

5 Recurring Audits

12. On recurring audits, the auditorshall assess whether circumstancesrequire the terms of the auditengagement to be revised andwhether there is a need to remindthe entity of the existing terms ofthe audit engagement. (Ref: Para.A28)

ISA 210 Final specifically requires theauditor to consider whether theterms of the engagement inrecurring audits should be revised.There is no direction in AU 310 onrecurring audits. Note that thisdifference relates specifically to theinternational versus US context.

6 Allowing for variations in theregulatory framework

For example:11. If law or regulation prescribes insufficient detail the terms of theaudit engagement referred to inparagraph 10, the auditor need notrecord them in a written agreement,…

Unlike the PCAOB standards, ISAsare applicable to numerousjurisdictions with differing laws. Forthis reason, unlike AU 310, ISA 210Final’s direction to the auditorallows for variation in the financial

13

reporting frameworks. For example,in some countries the objective andscope of the audit are established bylaw. Nevertheless the auditor maystill decide to use an engagementletter.

14

INITIAL AUDIT ENGAGEMENTSISA 510 Final “Initial Audit Engagements – Opening Balances”

AU 420 “Consistency of Application of Generally Accepted Accounting Principles”AS 6 “Evaluating Consistency of Financial Statements”

AU 315.12-.13 “Communications Between Predecessor and Successor Auditors”



AS 6/ AU 315.12-.13 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


7 Relevant Information in thePredecessor Auditor’s Report

9. If the prior period’s financialstatements were audited by apredecessor auditor and there was amodification to the opinion, theauditor shall evaluate the effect ofthe matter giving rise to themodification in assessing the risks ofmaterial misstatement in the currentperiod’s financial statements inaccordance with ISA 315(Redrafted).

AU 31512 … The audit evidence used inanalyzing the impact of the openingbalances on the current-yearfinancial statements and consistencyof accounting principles is a matterof professional judgment. Such auditevidence may … , the predecessorauditor's report thereon, fn 8 …

In case the predecessor auditor’sreport was modified, ISA 510 Finalrequires the auditor to consider theeffect of the matter giving rise to themodification. AS 6 and AU 315 donot have such an explicitrequirement. However, AU 315.12states that the audit evidence usedin analyzing opening balances andconsistency of accounting policies isa matter of professional judgmentand that it may include thepredecessor auditor’s report. AlsoAU 311.04 (a) states that proceduresan auditor may consider in planningthe audit usually involve reviewingcorrespondence files, prior year’sworking papers, permanent files,financial statements, and auditor’sreports2.

2 AU 311 will be superseded by the newly proposed risk assessment standards of the PCAOB, if adopted (see PCAOB release 2008-006, p. 10). An overview of the significant differences between the ISAsand the proposed risk assessment standards of the PCAOB can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of the issues in thecomparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


15

8 Audit Conclusions and ReportingOpening Balances

10. If the auditor is unable to obtainsufficient appropriate audit evidenceregarding the opening balances, theauditor shall express a qualifiedopinion or a disclaimer of opinion, asappropriate, in accordance with ISA705 (Revised and Redrafted).5 (Ref:Para. A8)

11. If the auditor concludes that theopening balances contain amisstatement that materially affectsthe current period’s financialstatements, and the effect of themisstatement is not properlyaccounted for or not adequatelypresented or disclosed, the auditorshall express a qualified opinion oran adverse opinion, as appropriate,in accordance with ISA 705 (Revisedand Redrafted).Consistency of Accounting Policies

AU 315.12 The successor auditor mustobtain sufficient competentevidential matter to afford areasonable basis for expressing anopinion on the financial statementshe or she has been engaged to audit,including evaluating the consistencyof the application of accountingprinciples. The audit evidence usedin analyzing the impact of theopening balances on the current-year financial statements andconsistency of accounting principlesis a matter of professional judgment.…

AU 508.22 … Restrictions on the scope ofthe audit, whether imposed by theclient or by circumstances, such asthe timing of his or her work, theinability to obtain sufficientcompetent evidential matter, or aninadequacy in the accountingrecords, may require the auditor toqualify his or her opinion or todisclaim an opinion. In suchinstances, the reasons for theauditor's qualification of opinion ordisclaimer of opinion should bedescribed in the report. …

ISA 510.10 Final requires the auditorto express a qualified opinion or adisclaimer of opinion if he is unableto obtain sufficient competent auditevidence regarding the openingbalances. This issue is not addressedby AS 6, but AU 315.12 implicitlyrequires the auditor to disclaim anopinion in the absence of sufficientcompetent evidence. The issue ofbeing unable to obtain sufficientcompetent evidence in general, isaddressed by AU 508.22-.34.

ISA 510.11 Final requires the auditorto express a qualified or adverseopinion in case the opening balancescontain misstatements thatmaterially affect the current period’sfinancial statements and the effect isnot properly accounted for orpresented and disclosed. AlthoughAU 508 discusses the auditor’sreport concerning inadequatefinancial statement presentation anddisclosure, it does not do so in thespecific context of opening balances.

16

AU 315.13 The successor auditor's review ofthe predecessor auditor's workingpapers may affect the nature,timing, and extent of the successorauditor's procedures with respect tothe opening balances andconsistency of accounting principles.However, the nature, timing, andextent of audit work performed andthe conclusions reached in boththese areas are solely theresponsibility of the successorauditor. In reporting on the audit,the successor auditor should notmake reference to the report orwork of the predecessor auditor asthe basis, in part, for the successorauditor's own opinion.

Unlike ISA 510 Final, AU 315explicitly states that the successorauditor should not make referenceto the report or work of thepredecessor auditor, as thesuccessor’s auditor conclusions withrespect to opening balances andconsistency of accounting principlesis the sole responsibility of thesuccessor auditor.

17

QUALITY CONTROLISA 220 Final « Quality Control for an Audit of Financial Statements »

ISQC 1 Final “Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements”QC Section 20 «System of Quality Control for a CPA Firm’s Accounting and Auditing Practice »3

AU 161 “The Relationship of Generally Accepted Auditing Standards to Quality Control Standards”

No. ISQC 1 Final and ISA 220 FinalRequirements

ISQC 1 Final and ISA 220 FinalApplication and other explanatorymaterial

QC Section 20 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


9 System of quality control

ISQC 1 Final3. A system of quality controlconsists of policies designed toachieve the objective set outin paragraph 11 and the proceduresnecessary to implement and monitorcompliance with those policies.

11. The objective of the firm is toestablish and maintain a system ofquality control to provide it withreasonable assurance that:(a) The firm and its personnelcomply with professional standardsand regulatory and legalrequirements; and(b) Reports issued by the firm orengagement partners areappropriate in the circumstances.

System of Quality Control

QC Section 20

.03 A firm fn 3 has a responsibility toensure that its personnel fn 4 complywith the professional standardsapplicable to its accounting andauditing practice. A system of qualitycontrol is broadly defined as aprocess to provide the firm withreasonable assurance that itspersonnel comply with applicableprofessional standards and thefirm's standards of quality. fn 5 Thepolicies and procedures designed toimplement the system in onesegment of a firm's practice may bethe same as, different from, orinterrelated with the policies andprocedures designed for anothersegment, but the purpose of thesystem is the same for all segmentsof a firm's practice.

QC Section 20 discusses aspects of aQC system that ISQC 1 Final doesnot, such as differences in policiesand procedures across segments(para. .03), the limitations of a QCsystem (para. .05), and factors thatinfluence the nature, extent andformat of quality control (para. .04).QC 20 also provides that “Thesystem of quality control shouldprovide the firm with reasonableassurance that the segments of thefirm's engagements performed by itsforeign offices or by its domestic orforeign affiliates or correspondentsare performed in accordance withprofessional standards in the UnitedStates when such standards areapplicable.” There appears not to bea comparable requirement in ISQC 1Final.

3 As of March 4, 2009, the PCAOB has proposed a new auditing standard on engagement quality review, that would supersede the Board's interim concurring partner review requirement (PCAOB ReleaseNo. 2009-001).

18

.04 A firm's system of quality controlencompasses the firm'sorganizational structure and thepolicies adopted and proceduresestablished to provide the firm withreasonable assurance of complyingwith professional standards. Thenature, extent, and formality of afirm's quality control policies andprocedures should be appropriatelycomprehensive and suitablydesigned in relation to the firm'ssize, the number of its offices, thedegree of authority allowed itspersonnel and its offices, theknowledge and experience of itspersonnel, the nature andcomplexity of the firm's practice,and appropriate cost-benefitconsiderations.

.05 Any system of quality control hasinherent limitations that can reduceits effectiveness. Variance in anindividual's performance andunderstanding of (a) professionalrequirements or (b) the firm'squality control policies andprocedures affects the degree ofcompliance with a firm's prescribedquality control policies andprocedures and, therefore, theeffectiveness of the system.

.06 The system of quality controlshould provide the firm withreasonable assurance that thesegments of the firm's engagements

19

For example:ISA 220 Final19. For audits of financialstatements of listed entities, andthose other audit engagements forwhich an engagement qualitycontrol review is performed, theengagement partner shall:(a) Determine that an engagementquality control reviewer has beenappointed;(b) Discuss significant matters arisingduring the audit engagement,including those identified during theengagement quality control review,with the engagement quality controlreviewer; and(c) Not date the auditor’s reportuntil the completion of theengagement quality controlreview.

24. Where differences of opinionarise within the engagement team,with those consulted or, whereapplicable, between theengagement partner and theengagement quality controlreviewer, the engagement teamshall follow the firm’s procedures fordealing with and resolvingdifferences of opinion.

performed by its foreign offices orby its domestic or foreign affiliatesor correspondents are performed inaccordance with professionalstandards in the United States whensuch standards are applicable.

Section 1000.08(f) – ConcurringPartner Review of the Audit Reportand the Financial Statements ofCommission RegistrantsEstablish policies and proceduresthat meet the requirements setforth in Appendix E, SECPS §1000.39,for a concurring review by a partnerother than the audit partner incharge of an SEC engagement beforeissuance of an audit report on thefinancial statements of an SECengagement and before thereissuance of such an audit reportwhere the performance ofsubsequent events procedures isrequired by professional standards.

Unlike QC Section 20, ISA 220 Finaland ISQC 1 contain detailedguidance on engagement qualitycontrol review (ISA 220 Final, para.19-23 and ISQC 1 Final para. 41-49)and the resolution of differences ofopinion within the engagementteam (ISA 220 Final para. 24 andISQC 1 Final para. 50-51).However, it should be noted thatSECPS Section §1000.08(f), whichincludes SECPS §1000.39, AppendixE, provides requirements for andguidance on engagement qualityreview. Further, the PCAOB hasproposed a new standard onengagement quality review (PCAOBRelease No. 2009-001).

20

ISQC 1 Final41. The firm shall establish policiesand procedures requiring, forappropriate engagements,an engagement quality controlreview and setting out the nature,timing and extent of thereview. Such policies and proceduresshall: …

50. The firm shall establish policiesand procedures for dealing with andresolving differences ofopinion within the engagementteam, with those consulted and,where applicable, between theengagement partner and theengagement quality controlreviewer. (Ref: Para. A48-A49)

10 Leadership Responsibilities withinthe firm

ISQC 1 Final18. The firm shall establish policiesand procedures designed topromote an internal culturerecognizing that quality is essentialin performing engagements. Suchpolicies and procedures shall requirethe firm’s chief executive officer (orequivalent) or, if appropriate, thefirm’s managing board of partners(or equivalent), to assume ultimate

ISQC 1 FinalA5. Of particular importance inpromoting an internal culture basedon quality is the need for the firm’sleadership to recognize that thefirm’s business strategy is subject tothe overriding requirement for thefirm to achieve quality in all theengagements that the firmperforms. Promoting such aninternal culture includes:

Unlike QC Section 20, ISQC 1 Finalexplicitly requires audit firms toestablish policies and proceduresdesigned to promote an internalculture based on quality.

ISQC 1 Final provides clear directionon how to promote an internalculture based on quality.

21

responsibility for the firm’s systemof quality control. (Ref: Para. A4-A5)

(a) Establishment of policies andprocedures that addressperformance evaluation,compensation, and promotion(including incentive systems) withregard to itspersonnel, in order to demonstratethe firm’s overriding commitment toquality;(b) Assignment of managementresponsibilities so that commercialconsiderationsdo not override the quality of workperformed; and(c) Provision of sufficient resourcesfor the development,documentation andsupport of its quality control policiesand procedures.

.

11 Documentation of Compliance &Retention of Documentation

ISQC 1 Final57. The firm shall establish policiesand procedures requiringappropriate documentation toprovide evidence of the operation ofeach element of its system of qualitycontrol. (Ref: Para. A73-A75)

58. The firm shall establish policiesand procedures that requireretention of documentation for aperiod of time sufficient to permitthose performing monitoringprocedures to evaluate the firm’scompliance with its system of qualitycontrol, or for a longer period ifrequired by law or regulation.

Documentation of Compliance &Retention of Documentation

QC Section 20.25 A firm should prepareappropriate documentation todemonstrate compliance with itspolicies and procedures for thequality control system discussedherein. The form and content ofsuch documentation is a matter ofjudgment and depends on a numberof factors, such as the size of a firm,the number of offices, the degree ofauthority allowed its personnel andits offices, the nature andcomplexity of the firm's practice, itsorganization, and appropriate cost-benefit considerations.Documentation should be retained

ISQC 1 Final requires the audit firmto establish policies and proceduresrequiring appropriatedocumentation and retention ofdocumentation, whereas QC Section20 requires the audit firm to preparedocumentation to demonstratecompliance with its policies andprocedures, and to retain thatdocumentation.

Both ISQC 1 Final and QC Section 20require the auditor to retaindocumentation for a sufficientperiod of time to allow monitoring.ISQC 1 Final indicates that the period

22

17. The firm shall document itspolicies and procedures andcommunicate them to thefirm’s personnel. (Ref: Para. A2-A3)

A2. In general, communication ofquality control policies andprocedures to firm personnelincludes a description of the qualitycontrol policies and procedures andthe objectives they are designed toachieve, and the message that eachindividual has a personalresponsibility for quality and isexpected to comply with thesepolicies and procedures.Encouraging firm personnel tocommunicate their views orconcerns on quality control mattersrecognizes the importance ofobtaining feedback on the firm’ssystem of quality control.

for a period of time sufficient toenable those performing monitoringprocedures and a peer review toevaluate the extent of the firm'scompliance with its quality controlpolicies and procedures.

.24 The size, structure, and nature ofthe practice of the firm should beconsidered in determining whetherdocumentation of establishedquality control policies andprocedures is required for effectivecommunication and, if so, the extentof such documentation. Forexample, documentation ofestablished quality control policiesand procedures would generally beexpected to be more extensive in alarge firm than in a small firm and ina multioffice firm than in a single-office firm. Although communicationordinarily is enhanced if it is inwriting, the effectiveness of a firm'ssystem of quality control is notnecessarily impaired by the absenceof documentation of establishedquality control policies andprocedures.

Section 1000.08(l) – Communicationby Written Statement to all

of retention of documentation maybe longer if required by law orregulation. AS 3, paragraph 14,provides that the auditor mustretain audit documentation forseven years from the date theauditor grants permission to use theauditor’s report in connection withthe issuance of the company’sfinancial statements (report releasedate), unless a longer period of timeis required by law.

ISQC 1 Final requires that the firmdocuments its quality controlpolicies and procedures, whereas QCSection 20 implicitly allows theauditor to assess himself whetherdocumentation of quality controlpolicies and procedures is requiredfor effective communication.However, it should be noted thatSEC Practice Section 1000.08(l)provides that firms communicatethrough a written statement to allprofessional firm personnel thebroad principles that influence thefirm’s quality control.

23

Professional Personnel of FirmPolicies and Procedures on theRecommendation and Approval ofAccounting Principles, Present andPotential Client Relationships, andthe Types of Services Provided

Communicate through a writtenstatement to all professional firmpersonnel the broad principles thatinfluence the firm's quality controland operating policies andprocedures on, as a minimum,matters related to therecommendation and approval ofaccounting principles, present andpotential client relationships, andthe types of services provided, andinform professional firm personnelperiodically that compliance withthose principles is mandatory.3

(Appendix H, SECPS §1000.42 is anillustration of such a statement.)

24

Topic 2: Internal control over financial reporting (including reporting on internal control)

Subject ISANumber

ISATitle


PCAOB standardTitle

INTERNAL CONTROLS ISA 265 Final “Communicating Deficiencies in Internal Controlto Those Charged With Governance andManagement”

AU 325 “Communicating Internal Control Related MattersIdentified in an Audit”

AU 319 “Consideration of Internal Control in a FinancialStatement Audit”

AS 4 “Reporting on Whether a Previously ReportedMaterial Weakness Continues to Exist”

AS 5 “An Audit of Internal Control Over FinancialReporting That is Integrated with an Audit ofFinancial Statements”

AU 508 “Reports on Audited Financial Statements”

25

INTERNAL CONTROLSISA 265 Final “Communicating Deficiencies in Internal Control to Those Charged With Governance and Management”

AU 325 “Communicating Internal Control Related Matters Identified in an Audit”AU 319 “Consideration of Internal Control in a Financial Statement Audit”4

AS 4 “Reporting on Whether a Previously Reported Material Weakness Continues to Exist”AS 5 “An Audit of Internal Control Over Financial Reporting That is Integrated with an Audit of Financial Statements”




AU325/AS 4/ AS 5

Comparative analysis:Analysis excluding ISA applicationand other explanatory material


12 AU 3252. A significant deficiency is adeficiency, or a combination ofdeficiencies, in internal control overfinancial reporting, that is less severethan a material weakness yetimportant enough to merit attentionby those responsible for oversight ofthe company's financial reporting.3. A material weakness is adeficiency, or a combination ofdeficiencies, in internal control overfinancial reporting, such that there isa reasonable possibility that amaterial misstatement of thecompany's annual or interimfinancial statements will not beprevented or detected on a timelybasis. …

Unlike ISA 265 Final, AU 325 makes adistinction between materialweaknesses and significantdeficiencies. Material weaknessesare deficiencies such that there is areasonable possibility that a materialmisstatement of the company’sannual or interim financialstatements will not be prevented ordetected on a timely basis.

4 AU 319 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significant differencesbetween the ISAs and the proposed risk assessment standards of the PCAOB can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of theissues in the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


26

9. The auditor shall communicate inwriting significant deficiencies ininternal control identified during theaudit to those charged withgovernance in writing on a timelybasis. (Ref: Para. A12-A18, A27)

10. The auditor shall alsocommunicate to management at anappropriate level of responsibility ona timely basis: (Ref: Para. A19, A27)(a) In writing, significant deficienciesin internal control that the auditorhas communicated or intends tocommunicate to those charged withgovernance, unless it would beinappropriate to communicatedirectly to management in thecircumstances; and (Ref: Para. A14,A20-A21)(b) Other deficiencies in internalcontrol identified during the auditthat have not been communicatedto management by other parties andthat, in the auditor’s professionaljudgment, are of sufficientimportance to merit management’sattention. (Ref: Para. A22-A26)

A20. Certain identified significantdeficiencies in internal control maycall into question the integrity orcompetence of management. Forexample, there may be evidence offraud or intentional non-compliancewith laws and regulations bymanagement, or management mayexhibit an inability to oversee thepreparation of adequate financialstatements that raise doubt aboutmanagement’s competence.Accordingly, it may not beappropriate to communicate suchdeficiencies directly to management.

A13. In determining when to issuethe written communication , theauditor may consider whetherreceipt of such communication

4. The auditor must communicate inwriting to management and theaudit committee all significantdeficiencies and materialweaknesses identified during theaudit. The written communicationshould be made prior to the issuanceof the auditor's report on thefinancial statements. The auditor'scommunication should distinguishclearly between those mattersconsidered significant deficienciesand those considered materialweaknesses, as defined inparagraphs 2 and 3. …

Whereas AU 325 requires that theauditor communicates all significantdeficiencies and materialweaknesses in writing to bothmanagement and the auditcommittee, ISA 265 Final requiresthat the significant deficiencies shallbe communicated to those chargedwith governance, and that bothsignificant deficiencies and otherdeficiencies that meritmanagement’s attention and werenot communicated to managementby other parties are alsocommunicated to management.

Unlike AU 325, ISA 265 Final para. 10(a) recognizes that the auditor doesnot have to communicate directly tomanagement when it would beinappropriate in the circumstances.

AU 325 is more specific about thetiming of the communication thanISA 265 Final. AU 325 requires thatthe written communication tomanagement and the auditcommittee should be made prior tothe issuance of the auditor’s reporton the financial statements. ISA 265Final only requires the auditor tocommunicate to management andthose charged with governance on atimely basis.

ISA 265 Final, para. A20 elaborateson the circumstances in which it maybe inappropriate to directlycommunicate to management.

ISA 265 Final, para. A13 and A14elaborate more on the timing ofcommunication to management andthose charged with governance. This

27

would be an important factor inenabling those charged withgovernance to discharge theiroversight responsibilities. Inaddition, for listed entities in certainjurisdictions, those charged withgovernance may need to receive theauditor’s written communicationbefore the date of approval of thefinancial statements in order todischarge specific responsibilities inrelation to internal control forregulatory or other purposes. Forother entities, the auditor may issuethe written communication at a laterdate. Nevertheless, in the lattercase, as the auditor’s writtencommunication of significantdeficiencies forms part of the finalaudit file, the writtencommunication is subject to theoverriding requirement8 for theauditor to complete the assembly ofthe final audit file on a timely basis.ISA 230 (Redrafted) states that anappropriate time limit within whichto complete the assembly of thefinal audit file is ordinarily not morethan 60 days after the date of theauditor’s report.9

A14. Regardless of the timing of thewritten communication of significantdeficiencies, the auditor maycommunicate these orally in the firstinstance to management and, whenappropriate, to those charged withgovernance to assist them in takingtimely remedial action to minimize

6. These written communicationsshould include:…c. A statement that thecommunication is intended solely forthe information and use of the boardof directors, audit committee,management, and others within the

Unlike ISA 265 Final, AU 325, para. 6(c) requires that the auditor’scommunications include “astatement that the communication isintended solely for the informationand use of the board of directors,audit committee, management, andothers within the organization… ”

does not change the fact that AU325 is more precise about the timingof the communication.

28

the risks of material misstatement.Doing so, however, does not relievethe auditor of the responsibility tocommunicate the significantdeficiencies in writing, as this ISArequires.

organization. When there arerequirements established bygovernmental authorities to furnishsuch written communications,specific reference to such regulatoryauthorities may be made.

8. The auditor should not report inwriting that no significantdeficiencies were discovered duringan audit of financial statementsbecause of the potential that thelimited degree of assuranceassociated with such a report will bemisunderstood.

9. When timely communication isimportant, the auditor shouldcommunicate the preceding mattersduring the course of the audit ratherthan at the end of the engagement.The decision about whether to issuean interim communication should bedetermined based on the relativesignificance of the matters notedand the urgency of corrective follow-up action required. …

Unlike ISA 265 Final, AU 325, para. 8explicitly states that the auditorshould not report in writing that nosignificant deficiencies werediscovered during an audit offinancial statements.

Unlike ISA 265 Final, AU 325, para. 9explicitly requires that, when timelycommunication is important, theauditor communicates during thecourse of the audit rather than atthe end of the audit.

13 ISA 265 FinalA17. The fact that the auditorcommunicated a significantdeficiency to those charged withgovernance and management in aprevious audit does not eliminatethe need for the auditor to repeatthe communication if remedialaction has not yet been taken. …

AS 581. The auditor also shouldcommunicate to management, inwriting, all deficiencies in internalcontrol over financial reporting …When making this communication, itis not necessary for the auditor torepeat information about suchdeficiencies that has been includedin previously issued writtencommunications, whether thosecommunications were made by the

Unlike ISA 265, AS 5 states that it isnot necessary for the auditor torepeat information aboutdeficiencies that have been includedin previously issued writtencommunication.

Following AS 4, the auditor is notrequired to undertake anengagement to report on whether apreviously reported material

The application and otherexplanatory material of ISA 265 Final(i.e. para. A 17) states that the factthat the auditor communicated asignificant deficiency to thosecharged with governance andmanagement in a previous auditdoes not eliminate the need for theauditor to repeat thecommunication if remedial actionhas not yet taken place.

29

auditor, internal auditors, or otherswithin the organization.

AS 44. The engagement described by thisstandard is voluntary. The standardsof the PCAOB do not require anauditor to undertake an engagementto report on whether a previouslyreported material weaknesscontinues to exist.

weakness continues to exist.

In the U.S context, the auditor is required to make an assessment of the effectiveness of internal control over financial reporting (“the audit of internal control overfinancial reporting”). Such audits of internal control over financial reporting have to be integrated with the audit of the financial statements (AS5, para.6). AS 5establishes direction for such “integrated audits”. There is no comparable direction on integrated audits in the International Standards on Auditing (ISAs). Reportingon internal control under the ISAs is incidental to the audit of the financial statements and mainly carried out for the purpose of assessing the risk of materialmisstatement. We provide some examples of the PCAOB direction specific to integrated audits below.

No. ISARequirements

ISAApplication and other explanatorymaterial

AS 4/ AS 5/ AU 508 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


14 AS 59. The auditor should properly planthe audit of internal control overfinancial reporting and properlysupervise any assistants. Whenplanning an integrated audit, theauditor should evaluate whether thefollowing matters are important tothe company's financial statementsand internal control over financialreporting and, if so, how they willaffect the auditor's procedures – …

AS 5, para. 9 provides direction withrespect to planning integratedaudits.

15 AS 593. Changes in internal control overfinancial reporting or other factors

Paragraphs 93-98 of AS 5 relate tothe work of the auditor when

30

that might significantly affectinternal control over financialreporting might occur subsequent tothe date as of which internal controlover financial reporting is beingaudited but before the date of theauditor's report. The auditor shouldinquire of management whetherthere were any such changes orfactors and obtain writtenrepresentations from managementrelating to such matters, asdescribed in paragraph 75h.

94. To obtain additional informationabout whether changes haveoccurred that might affect theeffectiveness of the company'sinternal control over financialreporting and, therefore, theauditor's report, the auditor shouldinquire about and examine, for thissubsequent period, the following – …

95. The auditor might inquire aboutand examine other documents forthe subsequent period. …

96. If the auditor obtains knowledgeabout subsequent events thatmaterially and adversely affect theeffectiveness of the company'sinternal control over financialreporting as of the date specified inthe assessment, the auditor should…

97. The auditor may obtainknowledge about subsequent events

auditing internal controls.

Under AS 5, paragraphs 93-99, theauditor is required to inquire aboutchanges in internal control overfinancial reporting which may haveoccurred after the balance sheetdate but before the auditor’s reportdate. In case there are changes ininternal control, the auditorevaluates their impact on his report.

Additionally, AS 4, Reporting onWhether a Previously ReportedMaterial Weakness Continues toExist, describes the steps to be usedby auditors when a companyvoluntarily engages them to reporton whether a material weakness,previously identified in the annualSection 404 report, no longer exists.At its option, at any time during theyear, management may seek toengage the auditor to report on oneor more previously reportedmaterial weaknesses.

31

with respect to conditions that didnot exist at the date specified in theassessment but arose subsequent tothat date and before issuance of theauditor's report. …

98. After the issuance of the reporton internal control over financialreporting, the auditor may becomeaware of conditions that existed atthe report date that might haveaffected the auditor's opinion had heor she been aware of them. …

16 AS 5C8. … only the principal auditor of thefinancial statements can be theprincipal auditor of internal controlover financial reporting. In thiscircumstance, the principal auditorof the financial statements mustparticipate sufficiently in the audit ofinternal control over financialreporting to provide a basis forserving as the principal auditor ofinternal control over financialreporting.

C9. When serving as the principalauditor of internal control overfinancial reporting, the auditorshould decide whether to makereference in the report on internalcontrol over financial reporting tothe audit of internal control overfinancial reporting performed by theother auditor. In thesecircumstances, the auditor's decisionis based on factors analogous tothose of the auditor who uses the

AS 5 relates to the work of the otherauditor in integrated audits. Para. C8states that only the principal auditorof the financial statements can bethe principal auditor of internalcontrol over financial reporting.

Para. C9 states that the principalauditor of internal control overfinancial reporting should decidewhether to refer to the work of theother auditor in the internal controlreport. However, para. C10 statesthat sometimes this decision isdifferent from the decision relatingto the audit of the financialstatements. Finally, paragraph C11gives direction on the format of theinternal control report when the

32

work and reports of otherindependent auditors whenreporting on a company's financialstatements as described in AU 543.

C10. The decision about whether tomake reference to another auditorin the report on the audit of internalcontrol over financial reportingmight differ from the correspondingdecision as it relates to the audit ofthe financial statements.

C11. When the auditor decides tomake reference to the report of theother auditor as a basis, in part, forhis or her opinion on the company'sinternal control over financialreporting, the auditor should refer tothe report of the other auditor whendescribing the scope of the audit andwhen expressing the opinion.

auditor decides to refer to work ofthe other auditor.

17 AS 516. The auditor should evaluate theextent to which he or she will usethe work of others to reduce thework the auditor might otherwiseperform himself or herself. AU sec.322, The Auditor's Consideration ofthe Internal Audit Function in anAudit of Financial Statements,applies in an integrated audit of thefinancial statements and internalcontrol over financial reporting.

17. For purposes of the audit ofinternal control, however, theauditor may use the work performedby, or receive direct assistance from,

AS 5 provides direction on usinginternal auditor’s work on integratedaudits of the financial statementsand internal control over financialreporting.

33

internal auditors, … In an integratedaudit of internal control overfinancial reporting and the financialstatements, the auditor also may usethis work to obtain evidencesupporting the auditor's assessmentof control risk for purposes of theaudit of the financial statements.

18. The auditor should assess thecompetence and objectivity of thepersons whose work the auditorplans to use to determine the extentto which the auditor may use theirwork. … The auditor should applyparagraphs .09 through .11 of AUsec. 322 to assess the competenceand objectivity of internal auditors.…

19. The extent to which the auditormay use the work of others in anaudit of internal control alsodepends on the risk associated withthe control being tested. As the riskassociated with a control increases,the need for the auditor to performhis or her own work on the controlincreases.

18 AU 508.08 The auditor's standard reportidentifies the financial statementsaudited in an opening (introductory)paragraph, describes the nature ofan audit in a scope paragraph, andexpresses the auditor's opinion in aseparate opinion paragraph. Thebasic elements of the report are thefollowing:

AU 508, para. .08 (k) explicitly statesthe paragraph the auditor has toinclude in the report whenperforming an integrated audit overfinancial reporting, and if the auditorissues separate reports on thefinancial statements, and on internalcontrol over financial reporting.

34

…k. When performing an integratedaudit of financial statements andinternal control over financialreporting, if the auditor issuesseparate reports on the company'sfinancial statements and on internalcontrol over financial reporting, thefollowing paragraph should beadded to the auditor's report on thecompany's financial statements:We also have audited, in accordancewith the standards of the PublicCompany Accounting OversightBoard (United States), theeffectiveness of X Company'sinternal control over financialreporting as of December 31, 20X3,based on [identify control criteria]and our report dated [date of report,which should be the same as thedate of the report on the financialstatements] expressed [includenature of opinions].

35

Topic 3: Risk assessment and use of analytical procedures

Subject ISANumber

ISATitle


PCAOB standardTitle

RISK ASSESSMENT ISA 315 HB 2008 “Identifying and Assessing the Risks of MaterialMisstatement Through Understanding the Entityand Its Environment”

AU 312 “Audit Risk and Materiality in Conducting an Audit”

AU 316 “Consideration of Fraud in a Financial StatementAudit”

AU 329 “Analytical Procedures”

ANALYTICAL PROCEDURES ISA 520 Final “Analytical Procedures” AU 329 “Analytical Procedures”

ISA 315 HB 2008 “Identifying and Assessing the Risks of MaterialMisstatement through Understanding the Entityand its Environment”

ISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks”

36

RISK ASSESSMENTISA 315 HB 2008 “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”

AU 312 “Audit Risk and Materiality in Conducting an Audit”5

AU 316 “Consideration of Fraud in a Financial Statement Audit”AU 329 “Analytical Procedures”

No. ISA 315 HB 2008Requirements

ISA 315 HB 2008Application and other explanatorymaterial

AU 312/AU 316/AU 329 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


19 For example:7. The auditor shall considerwhether information obtained fromthe auditor’s client acceptance orcontinuance process is relevant toidentifying risks of materialmisstatement.

9. When the auditor intends to useinformation obtained from theauditor’s previous experience withthe entity and from auditprocedures performed in previousaudits, the auditor shall determinewhether changes have occurredsince the previous audit that mayaffect its relevance to the currentaudit. (Ref: Para. A10-A11)

Overall, ISA 315 HB 2008 providesmore direction on how an auditoridentifies risks compared to PCAOBstandards (such as AU 312, AU 316,and AU 329). For example, for someprovisions in ISA 315 HB 2008concerning risk assessment, nocorresponding provisions can befound in PCAOB standards.We elaborate on this point in ourreport (see Chapter 5, section 5.2).

2026. As part of the risk assessment asdescribed in paragraph 24, theauditor shall determine whether anyof the risks identified are, in the

AU 31216. … In considering audit risk, theauditor should specifically assess therisk of material misstatement of thefinancial statements due to

Unlike ISA 315 HB 2008, the PCAOBstandards do not use the termsignificant risk. ISA 315 stipulateswhat the auditor shall minimally

5 AU 312 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significant differencesbetween ISA 315 HB 2008 and the proposed auditing standard on “Identifying and Assessing Risks of Material Misstatement”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release2008-006. We note that Staff of IAASB has a different view on some of the issues in the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


37

auditor’s judgment, a significantrisk. In exercising this judgment, theauditor shall exclude the effects ofidentified controls related to therisk.

27. In exercising judgment as towhich risks are significant risks, theauditor shall consider at least thefollowing:(a) Whether the risk is a risk offraud;(b) Whether the risk is related torecent significant economic,accounting or other developmentsand, therefore, requires specificattention;(c) The complexity of transactions;(d) Whether the risk involvessignificant transactions with relatedparties;(e) The degree of subjectivity in themeasurement of financialinformation related to the risk,especially those measurementsinvolving a widerange of measurement uncertainty;and(f) Whether the risk involvessignificant transactions that areoutside the normal course ofbusiness for the entity, or thatotherwise appear to be unusual.(Ref: Para. A112-A116)

28. When the auditor hasdetermined that a significant riskexists, the auditor shall obtain anunderstanding of the entity’s

fraud. fn 11 The auditor shouldconsider the effect of theseassessments on the overall auditstrategy and the expected conductand scope of the audit.

consider in determining which risksare significant, and lists significantrisks beyond fraud.

ISA 315 HB 2008, para. 28, explicitlyrequires that the auditor obtains anunderstanding of the internalcontrols that are relevant to the

38

controls, including control activities,relevant to that risk. (Ref: Para.A117-A119)

identified significant risks.

39

ANALYTICAL PROCEDURESISA 520 Final “Analytical Procedures”6

ISA 315 HB 2008 “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment”ISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks” (Redrafted)

AU 329 “Analytical Procedures”

No. ISA 520 Final /ISA 315 HB 2008/ISA330 HB 2008Requirements

ISA 520 Final /ISA 315 HB 2008/ISA330 HB 2008Application and other explanatorymaterial



21 General

ISA 330 HB 200822. When the auditor hasdetermined that an assessed risk ofmaterial misstatement at theassertion level is a significant risk,the auditor shall performsubstantive procedures that arespecifically responsive to that risk. …

ISA 315 HB 2008A7. Analytical procedures may helpidentify the existence of unusualtransactions or events, andamounts, ratios, and trends thatmight indicate matters that haveaudit implications. Unusual orunexpected relationships that areidentified may assist the auditor inidentifying risks of materialmisstatement, especially risks ofmaterial misstatement due to fraud.

General

AU 32904. Analytical procedures are usedfor the following purposes: (a) toassist the auditor in planning thenature, timing, and extent of otherauditing procedures (b) as asubstantive test to obtain evidentialmatter about particular assertionsrelated to account balances orclasses of transactions (c) as anoverall review of the financialinformation in the final review stageof the audit

Unlike ISA 330 HB 2008, AU 329,para. 04, states that analyticalprocedures are also used to assistthe auditor in planning the nature,timing and extent of other auditprocedures

Unlike AU 329, ISA 330.22 HB 2008discusses the use of substantivetests (i.e. analytical procedures andtests of details) as a response to anassessed risk of materialmisstatement.

Guidance on the use of analyticalprocedures to assist the auditor inplanning comparable to that in AU329 can be found in the applicationand other explanatory material ofISA 315 HB 2008 (i.e. para. A7), butnot in the requirements.

22 Analytical Procedures asSubstantive Tests

ISA 520 FinalA13. The auditor may considertesting the operating effectivenessof controls, if any, over the entity’spreparation of information used by

Analytical Procedures asSubstantive Tests

10. When designing substantiveanalytical procedures, the auditoralso should evaluate the risk ofmanagement override of controls.

AU 329 places two additionalrequirements on the auditor whenperforming analytical procedures assubstantive tests compared to ISA

Although ISA 520 Final does notrequire testing the operatingeffectiveness of control, theapplication and other explanatory

6 On October 21, 2008, the PCAOB proposed seven new risk assessment standards (see PCAOB Release 2008-006). An overview of any differences between ISA 520 Final and the proposed auditingstandard on “Evaluating Audit Results”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of the issues in thecomparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


40

the auditor in performingsubstantive analytical procedures inresponse to assessed risks… .

16. Before using the results obtainedfrom substantive analyticalprocedures, the auditor shouldeither test the design and operatingeffectiveness of controls overfinancial information used in thesubstantive analytical procedures orperform other procedures tosupport the completeness andaccuracy of the underlyinginformation.

520 Final: (1) evaluate the risk ofmanagement overriding controlsand (2) test the design and operatingeffectiveness of controls overfinancial reporting (unless theauditor has performed otherprocedures to support thecompleteness and accuracy of theunderlying information).

material of ISA 520 Final (i.e. para.A13) suggests that the auditor mayconsider testing the operatingeffectiveness of controls.

41

Topic 4: Nature of management assertions and documentation requirements; management representations; comparative information; other information indocuments containing financial statements

Subject ISANumber

ISATitle


PCAOB standardTitle

AUDIT DOCUMENTATION ISA 230 HB 2008 “Audit Documentation” AS 3 “Audit Documentation”ISQC 1 Final “Quality Control for Firms that Perform Audits and

Reviews of Financials Statements, and OtherAssurance and Related Services Engagements”

WRITTEN REPRESENTATIONS ISA 580 Final “Written Representations” AU 333 “Management Representations”COMPARATIVE INFORMATION ISA 710 Final “Comparative Information – Corresponding

Figures and Comparative Financial Statements”AU 508paragraphs .64-.74

“Reports on Audited Financial Statements”

OTHER INFORMATION ISA 720 HB 2008 “The Auditor’s Responsibility in Relation to OtherInformation in Documents Containing AuditedFinancial Statements”

AU 550 “Other Information in Documents ContainingAudited Financial Statements”

AU 558 “Required Supplementary Information”

42

AUDIT DOCUMENTATIONISA 230 HB 2008 « Audit Documentation »

ISQC 1 Final “Quality Control for Firms that Perform Audits and Reviews of Financials Statements, and Other Assurance and Related Services Engagements”AS 3 « Audit Documentation »



AS 3 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


23 7. The auditor shall prepare auditdocumentation on a timely basis.(Ref: Para. A1)

14. The auditor shall assemble theaudit documentation in an audit fileand complete the administrativeprocess of assembling the final auditfile on a timely basis after the dateof the auditor’s report. (Ref: Para.A21-A22)

A21. ISQC 1 … requires firms toestablish policies and procedures forthe timely completion of theassembly of audit files. … Anappropriate time limit within whichto complete the assembly of thefinal audit file is ordinarily not morethan 60 days after the date of theauditor’s report.

15. Prior to the report release date,the auditor must have completed allnecessary auditing procedures andobtained sufficient evidence tosupport the representations in theauditor's report. A complete andfinal set of audit documentationshould be assembled for retentionas of a date not more than 45 daysafter the report release date(documentation completion date). Ifa report is not issued in connectionwith an engagement, then thedocumentation completion dateshould not be more than 45 daysfrom the date that fieldwork wassubstantially completed. If theauditor was unable to complete theengagement, then thedocumentation completion dateshould not be more than 45 daysfrom the date the engagementceased.

ISA 230 HB 2008, para. 7 requiresthe auditor to prepare auditdocumentation on a timely basis.And ISA 230 HB 2008, para. 14requires the auditor to assemble theaudit documentation in an audit fileon a timely basis. AS 3, para. 15 ismore specific than ISA 230 HB 2008in that it requires the auditor toassemble a complete and final set ofaudit documentation not more than45 days after the report releasedate.

Also, in contrast to ISA 230 HB 2008,AS 3, para. 15 contains specificrequirements on documentationcompletion dates in case a report isnot issued in connection with anengagement or if the auditor wasunable to complete theengagement.

Although the requirements of ISA230 HB 2008 are not specific onwhat is “a timely basis”, theapplication and other explanatorymaterial of ISA 230 HB 2008 is. Morespecifically, ISA 230 HB 2008, para.A21 states that an appropriate timelimit is ordinarily not more than 60days after the date of the auditor’sreport.

Note that the 60 days start from thedate of the auditor’s report, whileunder AS 3 the 45 days start fromthe report release date(documentation completion date).

24 A23. ISQC 1 … requires firms toestablish policies and procedures forthe retention of engagementdocumentation… . The retentionperiod for audit engagementsordinarily is no shorter than fiveyears from the date of the auditor’s

14. The auditor must retain auditdocumentation for seven years fromthe date the auditor grantspermission to use the auditor'sreport in connection with theissuance of the company's financialstatements (report release date),

Unlike ISA 230 HB 2008, AS 3, para.14 explicitly requires that theauditor retains audit documentationfor seven years from the date theauditor grants permission to use theauditor’s report, unless a longertime is required by law. Further,

Although the requirements in ISA230 HB 2008 do not include anyspecifics about the retention period,the application and otherexplanatory material does. Morespecifically, para. A23 states that theretention period is ordinarily no

43

report, or, if later, the date of thegroup auditor’s report.

unless a longer period of time isrequired by law. If a report is notissued in connection with anengagement, then the auditdocumentation must be retained forseven years from the date thatfieldwork was substantiallycompleted. If the auditor was unableto complete the engagement, thenthe audit documentation must beretained for seven years from thedate the engagement ceased.

unlike ISA 203 HB 2008, AS 3contains specific requirementsabout retention in case no report isissued in connection with anengagement, or if the auditor isunable to complete theengagement.

shorter than five years from the dateof the auditor’s report.

25 13. If, in exceptional circumstances,the auditor performs new oradditional audit procedures or drawsnew conclusions after the date ofthe auditor’s report, the auditorshall document: (Ref: Para. A20)(a) The circumstances encountered;(b) The new or additional auditprocedures performed, auditevidence obtained, and conclusionsreached, and their effect on theauditor’s report; and(c) When and by whom the resultingchanges to audit documentationwere made and reviewed.

16. In circumstances other thanthose envisaged in paragraph 13where the auditor finds it necessaryto modify existing auditdocumentation or add new auditdocumentation after the assemblyof the final audit file has beencompleted, the auditor shall,regardless of the nature of themodifications or additions,document: (Ref: Para. A24)

A5. Oral explanations by the auditor,on their own, do not representadequate support for the work theauditor performed or conclusionsthe auditor reached, but may beused to explain or clarify informationcontained in the auditdocumentation.

9. If, after the documentationcompletion date (defined inparagraph 15), the auditor becomesaware, as a result of a lack ofdocumentation or otherwise, thataudit procedures may not have beenperformed, evidence may not havebeen obtained, or appropriateconclusions may not have beenreached, the auditor mustdetermine, and if so demonstrate,that sufficient procedures wereperformed, sufficient evidence wasobtained, and appropriateconclusions were reached withrespect to the relevant financialstatement assertions. To accomplishthis, the auditor must havepersuasive other evidence. Oralexplanation alone does notconstitute persuasive otherevidence, but it may be used toclarify other written evidence.• If the auditor determines anddemonstrates that sufficientprocedures were performed,sufficient evidence was obtained,

AS 3, para. 9 requires the auditor toobtain persuasive other evidence if,after the documentation completiondate he becomes aware that auditprocedures may not have beenperformed, evidence may not havebeen obtained, or appropriateconclusions may not have beenreached. This is more implicit in ISA230, para. 13 and para. 16.

44

(a) The specific reasons for makingthem; and(b) When and by whom they weremade and reviewed.

and appropriate conclusions werereached, but that documentationthereof is not adequate, then theauditor should consider whatadditional documentation is needed.In preparing additionaldocumentation, the auditor shouldrefer to paragraph 16.• If the auditor cannot determine ordemonstrate that sufficientprocedures were performed,sufficient evidence was obtained, orappropriate conclusions werereached, the auditor should complywith the provisions of AU sec. 390,Consideration of Omitted ProceduresAfter the Report Date.

26 ISQC 1 Final46. The firm shall establish policiesand procedures designed tomaintain the confidentiality, safecustody, integrity, accessibility andretrievability of engagementdocumentation. (Ref: Para. A56-A59)

47. The firm shall establish policiesand procedures for the retention ofengagement documentation for aperiod sufficient to meet the needsof the firm or as required by law orregulation. (Ref: Para. A60-A63)

11. Certain matters, such as auditorindependence, staff training andproficiency and client acceptanceand retention, may be documentedin a central repository for the publicaccounting firm ("firm") or in theparticular office participating in theengagement. If such matters aredocumented in a central repository,the audit documentation of theengagement should include areference to the central repository.Documentation of matters specificto a particular engagement shouldbe included in the auditdocumentation of the pertinentengagement.

Unlike AS 3, para. 11, ISAs do notmention that some items can bedocumented in a central repositorywhile others should be included inthe documentation of theengagement.

45

ISA 230 HB 2008A8. Judging the significance of amatter requires an objective analysisof the facts and circumstances.Examples of significant mattersinclude:…

A11. The auditor may consider ithelpful to prepare and retain as partof the audit documentation asummary (sometimes known as acompletion memorandum) thatdescribes the significant mattersidentified during the audit and howthey were addressed, or thatincludes cross-references to otherrelevant supporting auditdocumentation that provides suchinformation. …

12. … . Significant findings or issuesare substantive matters that areimportant to the proceduresperformed, evidence obtained, orconclusions reached, and include,but are not limited to, the following:…

13. The auditor must identify allsignificant findings or issues in anengagement completion document.This document may include either allinformation necessary tounderstand the significant findings,issues or cross-references, asappropriate, to other availablesupporting audit documentation.This document, along with anydocuments cross-referenced, shouldcollectively be as specific asnecessary in the circumstances for areviewer to gain a thoroughunderstanding of the significantfindings or issues.Note: The engagement completiondocument prepared in connectionwith the annual audit should includedocumentation of significantfindings or issues identified duringthe review of interim financialinformation.

AS 3, para, 12 defines significantfindings or issues, while ISA 230leaves this determination to theprofessional judgment of theauditor.

Unlike ISA 230, para. 13, AS 3requires that an engagementcompletion memorandum beprepared and maintained in theaudit documentation.

Although ISA 230 HB 2008 does notdefine significant matters as doesAS 3, para. 12, the application andother explanatory material of ISA230 HB 2008, i.e. para. A8, includessome examples of significantmatters.

Although ISA 230 HB 2008 does notinclude a requirement on thepreparation of an engagementcompletion document theapplication and other explanatorymaterial includes some guidance onthe topic (i.e. ISA 230 HB 2008, para.A11).

27 18. The office of the firm issuing theauditor's report is responsible forensuring that all auditdocumentation sufficient to meetthe requirements of paragraphs 4-13of this standard is prepared andretained. Audit documentation

Unlike ISA 230 HB 2008, AS 3, para.18 states very clearly that the officeof the firm issuing the auditor’sreport is responsible for ensuringthat audit documentation isretained. Also documentationsupporting the work of other

46

supporting the work performed byother auditors (including auditorsassociated with other offices of thefirm, affiliated firms, or non-affiliated firms), must be retained byor be accessible to the office issuingthe auditor's report..4/

19. In addition, the office issuing theauditor's report must obtain, andreview and retain, prior to thereport release date, the followingdocumentation related to the workperformed by other auditors(including auditors associated withother offices of the firm, affiliatedfirms, or non-affiliated firms): …

auditors must be retained oraccessible to the office issuing theauditor’s report. Moreover, AS 3,para. 19 requires the office whoissues the report to obtain, review,and retain specific documentationrelated to the work performed byother auditors, unless he decides tomake reference in the report to theaudit of the other auditor.

47

WRITTEN REPRESENTATIONSISA 580 Final “Written Representations”AU 333 “Management Representations”





28 1. This International Standard onAuditing (ISA) deals with theauditor’s responsibility to obtainwritten representations frommanagement and, whereappropriate, those charged withgovernance.

.01 This section establishes arequirement that the independentauditor obtain writtenrepresentations from managementas a part of an audit of financialstatements performed in accordancewith generally accepted auditingstandards and provides guidanceconcerning the representations tobe obtained.

There is a difference in scopebetween ISA 580 and AU 333 in thatISA 580 requires writtenrepresentations from management,and where appropriate, thosecharged with governance, whereasAU 333 requires writtenrepresentations from management.

29 14. The date of the writtenrepresentations shall be as near aspracticable to, but not after, thedate of the auditor’s report on thefinancial statements. The writtenrepresentations shall be for allfinancial statements and period(s)referred to in the auditor’s report.(Ref: Para. A17-A20)

A17. Because writtenrepresentations are necessary auditevidence, the auditor’s opinioncannot be expressed, and theauditor’s report cannot be dated,before the date of the writtenrepresentations. Furthermore,because the auditor is concernedwith events occurring up to the dateof the auditor’s report that mayrequire adjustment to or disclosurein the financial statements, thewritten representations are dated asnear as practicable to, but not after,the date of the auditor’s report onthe financial statements.

.09 … The written representationsshould be addressed to the auditor.Because the auditor is concernedwith events occurring through thedate of his or her report that mayrequire adjustment to or disclosurein the financial statements, therepresentations should be made asof the date of the auditor's report.[If the auditor "dual dates" his or herreport, the auditor should considerwhether obtaining additionalrepresentations relating to thesubsequent event is appropriate.See section 530, Dating of theIndependent Auditor's Report,paragraph .05]. The letter should besigned by those members ofmanagement with overallresponsibility for financial andoperating matters whom the auditor

ISA 580, para. 14 and AU 333, para..09 differ with respect to whenrepresentations are to be obtained.ISA 580, para. 14 states that theserepresentations are to be obtained“as near as practicable to the dateof the auditor’s report” whereas AU333, para. 09 states that therepresentations should be made “asof the date of the auditor’s report”.

Unlike AU 333, the application andother explanatory material of ISA580 explicitly states that theauditor’s report cannot be datedbefore the date of the writtenrepresentations.

48

believes are responsible for andknowledgeable about, directly orthrough others in the organization,the matters covered by therepresentations. Such members ofmanagement normally include thechief executive officer and chieffinancial officer or others withequivalent positions in the entity.

49

COMPARATIVE INFORMATIONISA 710 Final « Comparative Information – Corresponding Figures and Comparative Financial Statements »

AU 508 paragraphs .65-.74 « Reports on Audited Financial Statements »



AU 508 paragraphs .65-.74 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


30 2. The nature of the comparativeinformation that is presented in anentity’s financial statementsdepends on the requirements of theapplicable financial reportingframework. There are two differentbroad approaches to the auditor’sreporting responsibilities in respectof such comparative information:corresponding figures andcomparative financial statements.The approach to be adopted is oftenspecified by law or regulation butmay also be specified in the terms ofengagement.

ISA 710 Final (see, for example para.2) makes a clear distinction betweenauditor reporting on two differenttypes of comparative information,i.e. (1) corresponding figures, and (2)comparative financial statements.Since corresponding figures are notapplicable in the U.S. publiccompany reporting environment(see AS 6, and Regulation S-X Section210.3-01 and Section 210.3-02), AU508, paragraphs .65-.74, does notcover corresponding figures . In theU.S. (e.g., under SEC requirements)the model is comparative financialstatements whereby the auditorexpresses an opinion on each periodincluded in the financial statementsseparately. This difference shouldbe taken into account whenconsidering the discussion on thecomparative information below.

31 10. When corresponding figures arepresented, the auditor’s opinionshall not refer to the correspondingfigures except in the circumstancesdescribed in paragraphs 11, 12, and14. (Ref: Para. A2)

ISA 710 Final, para. 10 requires theauditor not to refer to thecorresponding figures in his reportunless under certain specificcircumstances. Since correspondingfigures are not applicable in the U.S.public company reportingenvironment (see AS 6, andRegulation S-X Section 210.3-01 and

50

Section 210.3-02), AU 508 does notinclude such a requirement.

32 .70 A predecessor auditor ordinarilywould be in a position to reissue hisor her report on the financialstatements of a prior period at therequest of a former client if he orshe is able to make satisfactoryarrangements with the former clientto perform this service and if he orshe performs the proceduresdescribed in paragraph .71. fn 27

[Paragraph renumbered by theissuance of Statement on AuditingStandards No. 79, December 1995.]

.71 Before reissuing (or consentingto the reuse of) a report previouslyissued on the financial statements ofa prior period, when those financialstatements are to be presented on acomparative basis with auditedfinancial statements of a subsequentperiod, a predecessor auditor shouldconsider whether his or her previousreport on those statements is stillappropriate. …

.72 A predecessor auditor who hasagreed to reissue his or her reportmay become aware of events ortransactions occurring subsequentto the date of his or her previousreport on the financial statements ofa prior period that may affect his orher previous report (for example,the successor auditor might indicatein the response that certain mattershave had a material effect on the

Unlike ISA 710 Final, AU 508, para..70-.73 includes detailedrequirements and guidance for thepredecessor auditor on thecircumstances in which he/ she canreissue his/her report on thefinancial statements of a priorperiod, and on what he/ she shoulddo before reissuing or revising areport.

51

prior-period financial statementsreported on by the predecessorauditor). In such circumstances, thepredecessor auditor should …

.73 A predecessor auditor'sknowledge of the current affairs ofhis former client is obviously limitedin the absence of a continuingrelationship. Consequently, whenreissuing the report on prior-periodfinancial statements, a predecessorauditor should …

3319. If the prior period financialstatements were not audited, theauditor shall state in an OtherMatter paragraph that thecomparative financial statementsare unaudited. Such a statementdoes not, however, relieve theauditor of the requirement to obtainsufficient appropriate audit evidencethat the opening balances do notcontain misstatements thatmaterially affect the current period’sfinancial statements.7

AU 504.05 When an accountant isassociated with the financialstatements of a public entity, buthas not audited or reviewed fn 4 suchstatements, the form of report to beissued is as follows:The accompanying balance sheet ofX Company as of December 31,19X1, and the related statements ofincome, retained earnings, and cashflows for the year then ended werenot audited by us and, accordingly,we do not express an opinion onthem.

(Signature and date)This disclaimer of opinion is themeans by which the accountantcomplies with the fourth standard ofreporting when associated withunaudited financial statements inthese circumstances. The disclaimermay accompany the unauditedfinancial statements or it may beplaced directly on them. In addition,each page of the financial

If the prior period financialstatements are not audited, ISA 710Final, para. 19 requires the auditorto perform appropriate auditprocedures regarding openingbalances. By contrast AU 504, para..05, states that when the auditor isassociated with unaudited financialstatements of a public company, theauditor has no responsibility to applyany procedures beyond reading thefinancial statements for obviousmaterial misstatements. In addition,AU 504, para. 5 explicitly requiresthe auditor to disclaim the opinion.

Note however that, since an annualaudit is required by SEC filingguidelines, direction for instances inwhich prior year financialstatements are not audited isgenerally not applicable.

52

statements should be clearly andconspicuously marked as unaudited.When an accountant issues this formof disclaimer of opinion, he has noresponsibility to apply anyprocedures beyond reading thefinancial statements for obviousmaterial misstatements. Anyprocedures that may have beenapplied should not be described,except in the limited circumstancesset forth in paragraphs .18-.20.Describing procedures that mayhave been applied might cause thereader to believe the financialstatements have been audited orreviewed.

34 15. When comparative financialstatements are presented, theauditor’s opinion shall refer to eachperiod for which financialstatements are presented and onwhich an audit opinion is expressed.(Ref: Para. A8-A9)

A8. Because the auditor’s report oncomparative financial statementsapplies to the financial statementsfor each of the periods presented,the auditor may express a qualifiedopinion or an adverse opinion,disclaim an opinion, or include anEmphasis of Matter paragraph withrespect to one or more periods,while expressing a differentauditor’s opinion on the financialstatements of the other period.

.67 Since the auditor's report oncomparative financial statementsapplies to the individual financialstatements presented, an auditormay express a qualified or adverseopinion, disclaim an opinion, orinclude an explanatory paragraphwith respect to one or more financialstatements for one or more periods,while issuing a different report onthe other financial statementspresented. Following are examplesof reports on comparative financialstatements (excluding the standardintroductory and scope paragraphs,where applicable) with differentreports on one or more financialstatements presented. … .

Unlike the requirements of ISA 710Final, AU 508, para. 67 explicitlystates that the auditor may issuedifferent opinions on prior periodand current period financialstatements, and provides variousexamples of such reports oncomparative financial statements.

Although not included in the ISA 710requirements, the application andother explanatory material of ISA710, more specifically, para. A8,explicitly states that the auditor’sopinion for one period may differfrom the opinion of the otherperiod.

53

OTHER INFORMATIONISA 720 HB 2008 « The Auditor’s Responsibility in Relation to Other Information in Documents Containing Audited Financial Statements »

AU 550 « Other Information in Documents Containing Audited Financial Statements »AU 558 « Required Supplementary Information »



AU 550/ AU 558 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


No substantive differences No substantive differences

54

Topic 5: Audit risk model, audit planning, materiality, and sampling

Subject ISANumber

ISATitle


PCAOB standardTitle

MATERIALITY ISA 320 Final “Materiality in Planning and Performing an Audit” AU 312 “Audit Risk and Materiality in Conducting an Audit”ISA 450 Final “Evaluation of Misstatements Identified During

the Audit”AS 5, paragraph20

“An Audit of Internal Control over FinancialReporting that is Integrated with An Audit ofFinancial Statements”

PLANNING ISA 300 HB 2008 “Planning an Audit of Financial Statements” AU 311 “Planning and Supervision”ISA 220 Final “Quality Control for An Audit of Financial

Statements”AS 5, paragraph9

“Planning the Audit”


ISQC 1 Final “Quality Control for Firms that Perform Audits andReviews of Financials Statements, and OtherAssurance and Related Services Engagements”

RESPONSES TO RISKS ISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks” AU 312 “Audit Risk and Materiality in Conducting an Audit”

AU 313 “Substantive Tests Prior to the Balance Sheet Date”SAMPLING ISA 530 Final “Audit Sampling” AU 350 “Audit Sampling”

55

MATERIALITYISA 320 Final “Materiality in Planning and Performing an Audit”

ISA 450 Final “Evaluation of Misstatements Identified During the Audit”AU 312 “Audit Risk and Materiality in Conducting an Audit”7 and AS 5, paragraph 20

No. ISA 320 Final/ ISA 450 FinalRequirements

ISA 320 Final/ ISA 450 FinalApplication and other explanatorymaterial



35

ISA 450 FinalA6. The auditor may requestmanagement to examine a class oftransactions, account balance or

Analytical procedures and sampling

.35 When the auditor tests anaccount balance or a class oftransactions and related assertionsby an analytical procedure, he or sheordinarily would not specificallyidentify misstatements but wouldonly obtain an indication of whethermisstatement might exist in thebalance or class and possibly itsapproximate magnitude. If theanalytical procedure indicates that amisstatement might exist, but not itsapproximate amount, the auditorordinarily would have to employother procedures to enable him orher to estimate the likelymisstatement in the balance or class.

When an auditor uses auditsampling to test an assertion for anaccount balance or a class of

Unlike ISA 320 Final and ISA 450Final, AU 312 explicitly discusses therelationship between analyticalprocedures and misstatements.(Further direction on performinganalytical procedures can be foundin AU 329.)

Unlike the requirements under ISA320 Final and ISA 450 Final, AU 312discusses sampling and projected

The application and otherexplanatory material of ISA 450Final, i.e. para. A6, discusses

7 AU 312 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significant differencesbetween ISA 450 Final and the proposed auditing standard on “Evaluating Audit Results”, and between ISA 320 Final and the proposed auditing standard on “Consideration of Materiality in Planning andPerforming an Audit”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of the issues in the comparativeanalysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


56

disclosure in order for managementto understand the cause of amisstatement identified by theauditor, perform procedures todetermine the amount of the actualmisstatement in the class oftransactions, account balance ordisclosure, and to make appropriateadjustments to the financialstatements. Such a request may bemade, for example, based on theauditor’s projection ofmisstatements identified in an auditsample to the entire populationfrom which it was drawn.

transactions, he or she projects theamount of known misstatementsidentified in the sample to the itemsin the balance or class from whichthe sample was selected. Thatprojected misstatement, along withthe results of other substantivetests, contributes to the auditor'sassessment of likely misstatement inthe balance or class. [fn 15], [fn 16] …

misstatements. sampling and projectedmisstatements.

57

PLANNINGISA 300 HB 2008 “Planning an Audit of Financial Statements”

ISA 220 Final “Quality Control for an Audit of Financial Statements”ISA 315 HB 2008 “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment”

ISQC 1 Final “Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements”AU 311 “Planning and Supervision”8

AS 5, Paragraph 9 “Planning the Audit”

No. ISA 300 HB 2008/ ISA 220 Final / ISA315 HB 2008/ ISQC 1FinalRequirements

ISA 300 HB 2008/ ISA 220 Final / ISA315 HB 2008/ ISQC 1FinalApplication and other explanatorymaterial



36 SupervisionISA 300 HB 2008A15. The nature, timing and extentof the direction and supervision ofengagement team members andreview of their work vary dependingon many factors, including:…

ISA 220 FinalA13. Direction of the engagementteam involves informing themembers of the engagement teamof matters such as:• Their responsibilities, including theneed to comply with relevant ethicalrequirements, and to plan andperform an audit with professionalskepticism as required by ISA 200(Revised and Redrafted).9• Responsibilities of respective

SupervisionAU 311.11 Supervision involves directingthe efforts of assistants who areinvolved in accomplishing theobjectives of the audit anddetermining whether thoseobjectives were accomplished.Elements of supervision includeinstructing assistants, keepinginformed of significant problemsencountered, reviewing the workperformed, and dealing withdifferences of opinion among firmpersonnel. The extent of supervisionappropriate in a given instancedepends on many factors, includingthe complexity of the subject matterand the qualifications of personsperforming the work. [Paragraphrenumbered by the issuance of

Unlike the requirements under theISAs, AU 311.11 provides directionon supervision: the nature ofsupervision, the elements ofsupervision and the factors thataffect the extent of supervision.

The application and otherexplanatory material of ISA 300, i.e.para. A15 provides some directionon the level of supervision.And the application and otherexplanatory material of ISA 220, i.e.para A13 and A15, and ISA 315,para. A12, provide some directionon explaining the responsibilities ofassistants, the objectives of auditprocedures, and supervision.

8 AU 311 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significant differencesbetween ISA 300 HB 2008 and the proposed auditing standard on “Audit Planning and Supervision”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staffof IAASB has a different view on some of the issues in the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


58

partners where more than onepartner is involved in the conduct ofan audit engagement.• The objectives of the work to beperformed.• The nature of the entity’s business.• Risk-related issues.• Problems that may arise.• The detailed approach to theperformance of the engagement.Discussion among members of theengagement team allows lessexperienced team members to raisequestions with more experiencedteam members so that appropriatecommunication can occur within theengagement team.

A15. Supervision includes matterssuch as:• Tracking the progress of the auditengagement.• Considering the competence andcapabilities of individual members ofthe engagement team, includingwhether they have sufficient time tocarry out their work, whether theyunderstand their instructions, andwhether the work is being carriedout in accordance with the plannedapproach to the audit engagement.• Addressing significant mattersarising during the audit engagement,considering their significance andmodifying the planned approachappropriately.• Identifying matters forconsultation or consideration bymore experienced engagement

Statement on Auditing StandardsNo. 48, July 1984.]

12. Assistants should be informed oftheir responsibilities and theobjectives of the procedures thatthey are to perform. They should beinformed of matters that may affectthe nature, extent, and timing ofprocedures they are to perform,such as the nature of the entity'sbusiness as it relates to theirassignments and possible accountingand auditing problems. The auditorwith final responsibility for the auditshould direct assistants to bring tohis attention significant accountingand auditing questions raised duringthe audit so that he may assess theirsignificance.

.13 The work performed by eachassistant should be reviewed todetermine whether it wasadequately performed and toevaluate whether the results areconsistent with the conclusions tobe presented in the auditor's report.[Paragraph renumbered by theissuance of Statement on AuditingStandards No. 48, July 1984.]

Unlike the requirements under theISAs, under AU 311 there is directionwith respect to the matters thatassistants should be informed about(i.e. their responsibilities, theobjectives of the procedures, andmatters that may affect the nature,extent, and timing of procedures,and matters that they have to bringto the auditor’s attention).

Unlike the requirements under theISAs, AU 311.13 explicitly states thatthe work performed by eachassistant should be reviewed, andexplicitly states the purpose of suchreviews.

59

team members during the auditengagement.

ISA 315HB 2008A12. The discussion among theengagement team about thesusceptibility of the entity’s financialstatements to materialmisstatement:• Provides an opportunity for more

experienced engagement teammembers, including theengagement partner, to sharetheir insights based on theirknowledge of the entity.

• Allows the engagement teammembers to exchange informationabout the business risks to whichthe entity is subject and abouthow and where the financialstatements might be susceptibleto material misstatement due tofraud or error.

• Assists the engagement teammembers to gain a betterunderstanding of the potential formaterial misstatement of thefinancial statements in the specificareas assigned to them, and tounderstand how the results of theaudit procedures that theyperform may affect other aspectsof the audit including the decisionsabout the nature, timing, andextent of further audit procedures.

Provides a basis upon whichengagement team memberscommunicate and share newinformation obtained throughout

60

ISA 220 Final22. If differences of opinion arisewithin the engagement team, withthose consulted or, whereapplicable, between theengagement partner and theengagement quality controlreviewer, the engagement teamshall follow the firm’s policies andprocedures for dealing with andresolving differences of opinion.

ISQC 1 Final43. The firm shall establish policiesand procedures for dealing with andresolving differences of opinionwithin the engagement team, withthose consulted and, whereapplicable, between theengagement partner and theengagement quality controlreviewer. (Ref: Para. A52-A53)

the audit that may affect theassessment of risks of materialmisstatement or the auditprocedures performed to addressthese risks.

Considerations Specific to SmallerEntitiesA16. When an audit is carried outentirely by the engagement partner,questions of direction andsupervision of engagement teammembers and review of their workdo not arise. In such cases, theengagement partner, havingpersonally conducted all aspects ofthe work, will be aware of all

14. The auditor with finalresponsibility for the audit andassistants should be aware of theprocedures to be followed whendifferences of opinion concerningaccounting and auditing issues existamong firm personnel involved inthe audit. Such procedures shouldenable an assistant to document hisdisagreement with the conclusionsreached if, after appropriateconsultation, he believes itnecessary to disassociate himselffrom the resolution of the matter. Inthis situation, the basis for the finalresolution should also bedocumented.

Although ISA 220.22 and ISQC 1 Finalrefer to the firms policies andprocedures to deal with differencesof opinion they do not suggest thatthose procedures should enable anassistant to document hisdisagreement with the conclusionsreached as AU 311 does. Moreover,unlike ISA 220 and ISQC 1 Final, AS 3,para. 12(d) requires thedocumentation of disagreementsduring the audit engagement.

ISA 300, para. A16 notes that, whenan audit is carried out entirely by theengagement partner, consultationon unusual or complex issues maybe desirable.

61

material issues. Forming anobjective view on theappropriateness of the judgmentsmade in the course of the audit canpresent practical problems when thesame individual also performs theentire audit. When particularlycomplex or unusual issues areinvolved, and the audit is performedby a sole practitioner, it may bedesirable to consult with othersuitably-experienced auditors or theauditor’s professional body.

62

RESPONSES TO RISKSISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks”AU 312 “Audit Risk and Materiality in Conducting an Audit”9

AU 313 “Substantive Tests Prior to the Balance Sheet Date”





375. The auditor shall design andimplement overall responses toaddress the assessed risks ofmaterial misstatement at thefinancial statement level. (Ref:Para. A1-A3)

6. The auditor shall design andperform further audit procedureswhose nature, timing, and extentare based on and are responsive tothe assessed risks of materialmisstatement at the assertion level.(Ref: Para. A4-A8)

AU 312.17 Whenever the auditor hasconcluded that there is significantrisk of material misstatement of thefinancial statements, the auditorshould consider this conclusion indetermining the nature, timing, orextent of procedures; assigning staff;or requiring appropriate levels ofsupervision. The knowledge, skill,and ability of personnel assignedsignificant engagementresponsibilities should becommensurate with the auditor'sassessment of the level of risk forthe engagement. Ordinarily, higherrisk requires more experiencedpersonnel or more extensivesupervision by the auditor with finalresponsibility for the engagementduring both the planning and theconduct of the engagement. Higherrisk may cause the auditor to expand

In general, ISA 330 HB 2008 is morecomprehensive in addressing howthe auditor responds to identifiedrisks than AU 312. ISA 330 HB 2008requires the auditor to determinethe overall response at the financialstatement level as well as responsesto assessed risk at the assertionlevel, whereas AU 312 does notrequire (at least explicitly) an overallresponse but provides direction onresponses at the assertion level.

9 AU 312 and AU 313 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significantdifferences between ISA 330 HB 2008 and the proposed auditing standards on “The Auditor’s Responses to the Risks of Material Misstatement” and on “Evaluating Audit Results”, as assessed by thePCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB has a different view on some of the issues in the comparative analysis prepared by the PCAOB (seewww.pcaob.org/Rules/Docket_026/Comments/All.pdf).


63

the extent of procedures applied,apply procedures closer to or as ofyear end, particularly in critical auditareas, or modify the nature ofprocedures to obtain morepersuasive evidence. [Paragraphadded, effective for audits offinancial statements for periodsending on or after December 15,1997, by Statement on AuditingStandards No. 82.]

26. The auditor needs to consideraudit risk at the individual account-balance or class-of-transactions levelbecause such consideration directlyassists in determining the scope ofauditing procedures for the balanceor class and related assertions. Theauditor should seek to restrict auditrisk at the individual balance or classlevel in such a way that will enablehim or her, at the completion of theaudit, to express an opinion on thefinancial statements taken as awhole at an appropriately low levelof audit risk.

38A52. Performing substantiveprocedures at an interim datewithout undertaking additionalprocedures at a later date increasesthe risk that the auditor will notdetect misstatements that may existat the period end. This risk increasesas the remaining period islengthened. Factors such as thefollowing may influence whether toperform substantive procedures at

AU 313.04 Before applying principalsubstantive tests to the details ofasset or liability accounts at aninterim date, the auditor shouldassess the difficulty in controllingthe incremental audit risk.Paragraphs .05 through .07 discussconsiderations that affect thatassessment. In addition, the auditorshould consider the cost of thesubstantive tests that are necessary

Unlike the requirements of ISA 330HB 2008, AU 313 lists factors that anauditor should consider whendeciding to perform substantiveprocedures at an interim date.

Like AU 313, the application andother explanatory material of ISA330 HB 2008 (see para. A52-A53)lists factors that may influence thedecision to perform substantiveprocedures at an interim date. Thefactors listed in the application andother explanatory material of ISA330 HB 2008 differ to some extentfrom the factors listed in AU 313. Forexample, AU 313 explicitly mentions

64

an interim date:• The control environment andother relevant controls.• The availability at a later date ofinformation necessary for theauditor’s procedures.• The purpose of the substantiveprocedure.• The assessed risk of materialmisstatement.• The nature of the class oftransactions or account balance andrelated assertions.• The ability of the auditor toperform appropriate substantiveprocedures or substantiveprocedures combined with tests ofcontrols to cover the remainingperiod in order to reduce the riskthat misstatements that may exist atthe period end will not be detected.

A53. Factors such as the followingmay influence whether to performsubstantive analytical procedureswith respect to the period betweenthe interim date and the period end:• Whether the period end balancesof the particular classes oftransactions or account balances arereasonably predictable with respectto amount, relative significance, andcomposition.• Whether the entity’s proceduresfor analyzing and adjusting suchclasses of transactions or accountbalances at interim dates and forestablishing proper accountingcutoffs are appropriate.

to cover the remaining period in away that will provide theappropriate audit assurance at thebalance-sheet date. Applyingprincipal substantive tests to thedetails of asset and liability accountsat an interim date may not be cost-effective if substantive tests to coverthe remaining period cannot berestricted due to the assessed levelof control risk.

.05 Assessing control risk at belowthe maximum is not required inorder to have a reasonable basis forextending audit conclusions from aninterim date to the balance-sheetdate; however, if the auditorassesses control risk at themaximum during the remainingperiod, he should consider whetherthe effectiveness of certain of thesubstantive tests to cover thatperiod will be impaired. …

.06 The auditor should considerwhether there are rapidly changingbusiness conditions orcircumstances that might predisposemanagement to misstate financialstatements in the remainingperiod. fn 2 …

.07 The auditor should considerwhether the year-end balances ofthe particular asset or liabilityaccounts that might be selected forinterim examination are reasonablypredictable … He should also

to consider rapidly changingbusiness conditions orcircumstances that might predisposemanagement to misstate financialstatements in the remaining period.

65

• Whether the information systemrelevant to financial reporting willprovide information concerning thebalances at the period end and thetransactions in the remaining periodthat is sufficient to permitinvestigation of:(a) Significant unusual transactionsor entries (including those at or nearthe period end);(b) Other causes of significantfluctuations, or expectedfluctuations that did not occur; and(c) Changes in the composition ofthe classes of transactions oraccount balances.

consider whether the entity'sproposed procedures for analyzingand adjusting such accounts atinterim dates and for establishingproper accounting cutoffs areappropriate. In addition, the auditorshould consider whether theaccounting system will provideinformation concerning the balancesat the balance-sheet date and thetransactions in the remaining periodthat is sufficient to permitinvestigation of (a) significantunusual transactions or entries(including those at or near year-end); (b) other causes of significantfluctuations, or expectedfluctuations that did not occur; and(c) changes in the composition of theaccount balances. If the auditorconcludes that evidential matterrelated to the above would not besufficient for purposes of controllingaudit risk, the account should beexamined as of the balance-sheetdate.

39 ISA 200 FinalA48. The matter of difficulty, time,or cost involved is not in itself a validbasis for the auditor to omit an auditprocedure for which there is noalternative or to be satisfied withaudit evidence that is less thanpersuasive. Appropriate planningassists in making sufficient timeand resources available for theconduct of the audit.Notwithstanding this, the relevanceof information, and thereby its

AU 313.04 … the auditor should considerthe cost of the substantive tests thatare necessary to cover the remainingperiod in a way that will provide theappropriate audit assurance at thebalance-sheet date. Applyingprincipal substantive tests to thedetails of asset and liability accountsat an interim date may not be cost-effective if substantive tests to coverthe remaining period cannot berestricted due to the assessed level

Unlike the requirements under ISA330 HB 2008, AU 313 requires theauditor to consider the cost ofperforming substantive tests tocover the remaining period (i.e. theperiod between the interim dateand the balance-sheet date).

Although ISAs do not have arequirement comparable to AU 313para. 4, the application and otherexplanatory material of ISA 200 Finaladdresses the general principle ofcost versus benefit.

66

value, tends to diminish over time,and there is a balance to be struckbetween the reliability ofinformation and its cost. This isrecognized in certain financialreporting frameworks (see, forexample, the IASB’s “Framework forthe Preparation and Presentation ofFinancial Statements”). Therefore,there is an expectation byusers of financial statements thatthe auditor will form an opinion onthe financial statements within areasonable period of time and at areasonable cost, recognizing that itis impracticable to address allinformation that may exist or topursue every matter exhaustivelyon the assumption that informationis in error or fraudulent until provedotherwise.

of control risk.

67

SAMPLINGISA 530 Final “Audit Sampling”

AU 350 “Audit Sampling”





40 13. In the extremely rarecircumstances when the auditorconsiders a misstatement ordeviation discovered in a sample tobe an anomaly the auditor shallobtain a high degree of certaintythat such misstatement or deviationis not representative of thepopulation. The auditor shall obtainthis degree of certainty byperforming additional auditprocedures to obtain sufficientappropriate audit evidence that themisstatement or deviation does notaffect the remainder of thepopulation.

Unlike AU 350, ISA 530 Final (para.13) provides specific direction incase the auditor discovers ananomalous deviation ormisstatement, by imposing to obtaina high degree of certainty that suchmisstatement or deviation is notrepresentative of the population.

68

Topic 6: Fraud; illegal acts and compliance with laws and regulations; and related parties

Subject ISANumber

ISATitle


PCAOB standardTitle

FRAUD ISA 240 HB 2008 “The Auditor’s Responsibilities Relating to Fraudin an Audit of Financial Statements”

AU 316 “Consideration of Fraud in a Financial StatementAudit”


ISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks”ILLEGAL ACTS ISA 250 Final “Consideration of Laws and Regulations in an

Audit of Financial Statements”AU 317 “Illegal Acts by Clients”

RELATED PARTIES ISA 550 Final “Related Parties” AU 334 “Related Parties”

69

FRAUDISA 240 HB 2008 “The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements”10

ISA 315 HB 2008 “Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment”ISA 330 HB 2008 “The Auditor’s Responses to Assessed Risks” (Redrafted)

AU 316 “Consideration of Fraud in a Financial Statement Audit”

No. ISA 240 HB 2008/ ISA 315 HB 2008/ISA 330 HB 2008Requirements

ISA 240 HB 2008/ ISA 315 HB 2008/ISA 330 HB 2008Application and other explanatorymaterial



41 Engagement Team Discussion

ISA 240 HB 200815. ISA 315 (Redrafted) requires adiscussion among the engagementteam members and a determinationby the engagement partner of whichmatters are to be communicated tothose team members not involved inthe discussion.5 This discussion shallplace particular emphasis on howand where the entity’s financialstatements may be susceptible tomaterial misstatement due to fraud,including how fraud might occur.The discussion shall occur settingaside beliefs that the engagementteam members may have thatmanagement and those chargedwith governance are honest andhave integrity. (Ref: Para. A10-A11)

ISA 240 HB 2008A10. Discussing the susceptibility ofthe entity’s financial statements tomaterial misstatement due to fraudwith the engagement team:• Provides an opportunity for more

experienced engagement teammembers to share their insightsabout how and where the financialstatements may be susceptible tomaterial misstatement due tofraud.

• Enables the auditor to consider anappropriate response to suchsusceptibility and to determinewhich members of theengagement team will conductcertain audit procedures.

• Permits the auditor to determinehow the results of auditprocedures will be shared among

Engagement Team Discussion

AU 316.14 Prior to or in conjunction withthe information-gatheringprocedures described in paragraphs.19 through .34 of this section,members of the audit team shoulddiscuss the potential for materialmisstatement due to fraud. Thediscussion should include: …

.15 The discussion among the auditteam members … should include aconsideration of the known externaland internal factors affecting theentity that might (a) createincentives/pressures formanagement and others to commitfraud, (b) provide the opportunityfor fraud to be perpetrated, and (c)indicate a culture or environmentthat enables management to

AU 316 is more detailed and stricterthan ISA 240 HB 2008, in that itincludes more requirementsregarding the discussion among theaudit/ engagement team members.In particular, AU 316.14-.15specifically require the auditor todiscuss (1) fraud risk factors, (2) howmanagement could conceal andperpetrate fraudulent financialreporting and assets could bemisappropriated and (3) the risk ofmanagement override of controls.

Although the requirements on thediscussion among the audit/engagement team in ISA 240 HB2008 are less detailed than in AU316, ISA 240 HB includes applicationand other explanatory material (seeISA 240 HB 2008, para. A10 and A11)on this issue.

10 On October 21, 2008, the PCAOB proposed seven new risk assessment standards (see PCAOB Release 2008-006). An overview of any differences between ISA 240 HB 2008 and the proposed auditingstandards on “Identifying and Assessing Risks of Material Misstatement” and on “Evaluating Audit Results”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We notethat Staff of IAASB has a different view on some of the issues in the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


70

the engagement team and how todeal with any allegations of fraudthat may come to the auditor’sattention.

A11. The discussion may includesuch matters as:• An exchange of ideas amongengagement team members abouthow and where they believe theentity’s financial statements may besusceptible to materialmisstatement due to fraud, howmanagement could perpetrate andconceal fraudulent financialreporting, and how assets of theentity could be misappropriated.• A consideration of circumstancesthat might be indicative of earningsmanagement and the practices thatmight be followed by managementto manage earnings that could leadto fraudulent financial reporting.• A consideration of the knownexternal and internal factorsaffecting the entity that may createan incentive or pressure formanagement or others to commitfraud, provide the opportunity forfraud to be perpetrated, andindicate a culture or environmentthat enables management or othersto rationalize committing fraud.• A consideration of management’sinvolvement in overseeingemployees with access to cash orother assets susceptible tomisappropriation.• A consideration of any unusual or

rationalize committing fraud. Thediscussion should occur with anattitude that includes a questioningmind … the discussion shouldinclude a consideration of the risk ofmanagement override of controls.fn 8 Finally, the discussion shouldinclude how the auditor mightrespond to the susceptibility of theentity's financial statements tomaterial misstatement due to fraud.

.16 The discussion among the auditteam members should emphasizethe need to maintain a questioningmind and to exercise professionalskepticism in gathering andevaluating evidence throughout theaudit, …

.17 Although professional judgmentshould be used in determining whichaudit team members should beincluded in the discussion, thediscussion ordinarily should involvethe key members of the audit team.A number of factors will influencethe extent of the discussion and howit should occur. … Another factor toconsider in planning the discussionsis whether to include specialistsassigned to the audit team. …

.18 Communication among the auditteam members about the risks ofmaterial misstatement due to fraudalso should continue throughout theaudit…

71

unexplained changes in behavior orlifestyle of management oremployees which have come to theattention of the engagement team.• An emphasis on the importance ofmaintaining a proper state of mindthroughout the audit regarding thepotential for material misstatementdue to fraud.• A consideration of the types ofcircumstances that, if encountered,might indicate the possibility offraud.• A consideration of how an elementof unpredictability will beincorporated into the nature, timingand extent of the audit procedures tobe performed.• A consideration of the auditprocedures that might be selected torespond to the susceptibility of theentity’s financial statement tomaterial misstatement due to fraudand whether certain types of auditprocedures are more effective thanothers.• A consideration of any allegationsof fraud that have come to theauditor’s attention.• A consideration of the risk ofmanagement override of controls.

42 Risk Assessment Procedures

ISA 240 HB 2008Unusual Relationships (in data):22. The auditor shall evaluatewhether unusual or unexpectedrelationships that have beenidentified in performing analytical

Risk Assessment Procedures

AU 316Unusual Relationships (in data):.28 Section 329, AnalyticalProcedures, paragraphs .04 and .06,requires that analytical proceduresbe performed in planning the

AU 316 gives more directionregarding the use of analyticalprocedures, and the inherentlimitations of such procedures inidentifying the risks of material

72

procedures, including those relatedto revenue accounts, may indicaterisks of material misstatement dueto fraud.

ISA 315 HB 2008 6. The risk assessment proceduresshall include the following:…(b) Analytical procedures. (Ref: Para.A7-A8)

…

ISA 315 HB 2008A7. Analytical procedures may helpidentify the existence of unusualtransactions or events, and amounts,ratios, and trends that mightindicate matters that have auditimplications. Unusual or unexpectedrelationships that are identified mayassist the auditor in identifying risksof material misstatement, especiallyrisks of material misstatement dueto fraud.

A8. However, when such analyticalprocedures use data aggregated at ahigh level (which may be thesituation with analytical proceduresperformed as risk assessmentprocedures), the results of thoseanalytical procedures only provide abroad initial indication aboutwhether a material misstatementmay exist. Accordingly, in such cases,consideration of other information

audit...In performing analyticalprocedures in planning the audit,the auditor develops expectationsabout plausible relationships thatare reasonably expected to exist,based on the auditor’sunderstanding of the entity and itsenvironment. When comparison ofthose expectations with recordedamounts or ratios developed fromrecorded amounts yields unusual orunexpected relationships, theauditor should consider thoseresults in identifying the risks ofmaterial misstatement due to fraud.

.29 In planning the audit, the auditoralso should perform analyticalprocedures relating to revenue withthe objective of identifying unusualor unexpected relationshipsinvolving revenue accounts that mayindicate a material misstatementdue to fraudulent financialreporting. …

.30 Analytical procedures performedduring planning may be helpful inidentifying the risks of materialmisstatement due to fraud.However, because such analyticalprocedures generally use dataaggregated at a high level, theresults of those analyticalprocedures provide only a broadinitial indication about whether amaterial misstatement of thefinancial statements may exist.Accordingly, the results of analytical

misstatement due to fraud than ISA240 HB 2008 does.

The application and otherexplanatory material of ISA 315, inparticular para. A7 and A8, providessimilar direction as AU 316, para. 29-30.

73

that has been gathered whenidentifying the risks of materialmisstatement together with theresults of such analytical proceduresmay assist the auditor inunderstandingand evaluating the results of theanalytical procedures. [Proposed]ISA 520 (Redrafted)3 establishesrequirements and provides guidanceon the use of analytical procedures.

procedures performed duringplanning should be considered alongwith other information gathered bythe auditor in identifying the risks ofmaterial misstatement due to fraud.

43 Risk Assessment Procedures

ISA 240 HB 2008Fraud Risk Factors:11. For purposes of the ISAs, thefollowing terms have the meaningsattributed below:…(b) Fraud risk factors – Events orconditions that indicate an incentiveor pressure to commit fraud orprovide an opportunity to commitfraud.

24. The auditor shall evaluatewhether the information obtainedfrom the other risk assessmentprocedures and related activitiesperformed indicates that one ormore fraud risk factors are present.While fraud risk factors may notnecessarily indicate the existence offraud, they have often been presentin circumstances where frauds haveoccurred and therefore may indicaterisks of material misstatement dueto fraud. (Ref: Para. A23-A27)

ISA 240 HB 2008

A25. Examples of fraud risk factorsrelated to fraudulent financialreporting and misappropriation ofassets are presented in Appendix 1.These illustrative risk factors areclassified based on the threeconditions that are generally presentwhen fraud exists:• An incentive or pressure to commitfraud;• A perceived opportunity to commitfraud; and• An ability to rationalize thefraudulent action.Risk factors reflective of an attitudethat permits rationalization of thefraudulent action may not besusceptible to observation by theauditor. Nevertheless, the auditormay become aware of the existenceof such information. Although thefraud risk factors described inAppendix 1 cover abroad range of

Risk Assessment Procedures

AU 316Fraud Risk Factors:.31 Because fraud is usuallyconcealed, material misstatementsdue to fraud are difficult to detect.Nevertheless, the auditor mayidentify events or conditions thatindicate incentives/pressures toperpetrate fraud, opportunities tocarry out the fraud, orattitudes/rationalizations to justify afraudulent action. Such events orconditions are referred to as "fraudrisk factors." Fraud risk factors donot necessarily indicate theexistence of fraud; however, theyoften are present in circumstanceswhere fraud exists.

.32 When obtaining informationabout the entity and itsenvironment, the auditor shouldconsider whether the informationindicates that one or more fraud riskfactors are present. The auditor

The definition of fraud risk factors isdifferent under ISA 240 HB 2008 andAU 316. The definition of fraud riskfactors in AU 316, para. .31 includesattitudes/ rationalizations to justify afraudulent action. This is notincluded in the definition of fraudrisk factors in ISA 240 HB 2008, para.11.

Although ISAs do not includeattitudes/ rationalizations to justify afraudulent action in the definition offraud risk factors, ISA 240 HB 2008,para. A25 describes rationalizationsas one of the three conditions thatare generally present when fraudexists, and as one of the “classes” offraud risk factors. ISA 240 HB 2008,para. A25 further notes that those“rationalizations” may not besusceptible to observation by theauditor.

74

situations that may be faced byauditors, they are only examples andother risk factors may exist.

should use professional judgment indetermining whether a risk factor ispresent and should be considered inidentifying and assessing the risks ofmaterial misstatement due to fraud.

.33 Examples of fraud risk factorsrelated to fraudulent financialreporting and misappropriation ofassets are presented in theAppendix [paragraph .85]. Theseillustrative risk factors are classifiedbased on the three conditionsgenerally present when fraud exists:… Although the risk factors cover abroad range of situations, they areonly examples and, accordingly, theauditor may wish to consideradditional or different risk factors.Not all of these examples arerelevant in all circumstances, andsome may be of greater or lessersignificance in entities of differentsize or with different ownershipcharacteristics or circumstances.Also, the order of the examples ofrisk factors provided is not intendedto reflect their relative importanceor frequency of occurrence.

44 ISA 240 HB 200832. Irrespective of the auditor’sassessment of the risks ofmanagement override ofcontrols, the auditor shall designand perform audit procedures to:(a) Test the appropriateness ofjournal entries recorded in thegeneral ledger and otheradjustments made in the

AU 316.58 … Material misstatements offinancial statements due to fraudoften involve the manipulation ofthe financial reporting process by (a)recording inappropriate orunauthorized journal entriesthroughout the year or at periodend, or (b) making adjustments toamounts reported in the financial

AU 316.58 requires the auditor toobtain an understanding of theentity's financial reporting processand the controls over journal entriesand other adjustments, and then toidentify and select journal entriesand other adjustments for testingand to determine the timing of thetesting. Then, AU 316.58 requires

75

preparation of the financialstatements. In designing andperforming audit procedures forsuch tests, the auditor shall:(i) Make inquiries of individualsinvolved in the financial reportingprocess about inappropriate orunusual activityrelating to the processing of journalentries and other adjustments;(ii) Select journal entries and otheradjustments made at the end of areporting period; and(iii) Consider the need to test journalentries and other adjustmentsthroughout the period. (Ref: Para.A41-A44)(b) Review accounting estimates forbiases and evaluate whether thecircumstances producing the bias, ifany, represent a risk of materialmisstatement due to fraud. Inperforming this review, the auditorshall:(i) Evaluate whether the judgmentsand decisions made by managementin making the accounting estimatesincluded in the financial statements,even if they are individuallyreasonable, indicate a possible biason the part of the entity’smanagement that may represent arisk of material misstatement due tofraud. If so, the auditor shallreevaluate the accounting estimatestaken as a whole; and(ii) Perform a retrospective review ofmanagement judgments andassumptions related to significant

statements that are not reflected informal journal entries, such asthrough consolidating adjustments,report combinations, andreclassifications. Accordingly, theauditor should design procedures totest the appropriateness of journalentries recorded in the generalledger and other adjustments (forexample, entries posted directly tofinancial statement drafts) made inthe preparation of the financialstatements. More specifically, theauditor should:a. Obtain an understanding of theentity's financial reporting processfn 23 and the controls over journalentries and other adjustments. (Seeparagraphs .59 and .60.)b. Identify and select journalentries and other adjustments fortesting. (See paragraph .61.)c. Determine the timing of thetesting. (See paragraph .62.)d. Inquire of individuals involved inthe financial reporting process aboutinappropriate or unusual activityrelating to the processing of journalentries and other adjustments.

the auditor to inquire of individualsinvolved in the financial reportingprocess about inappropriate orunusual activity relating to theprocessing of journal entries andother adjustments.Conversely, the requirements in ISA240.32 start with the auditor makinginquiries of individuals involved inthe financial reporting process aboutinappropriate or unusual activityrelating to the processing of journalentries and other adjustments. Afterthese inquiries, the auditor selectsjournal entries and otheradjustments made at the end of thereporting period, and considers theneed to test journal entries andother adjustments throughoutthe period. The requirement toobtain an understanding of theinformation system relevant tofinancial reporting is included in ISA315 para. 18.

76

accounting estimates reflected inthe financial statements of the prioryear. (Ref: Para. A45-A46)(c) For significant transactions thatare outside the normal course ofbusiness for the entity, or thatotherwise appear to be unusualgiven the auditor’s understanding ofthe entity and its environment andother information obtained duringthe audit, the auditor shall evaluatewhether the business rationale (orthe lack thereof) of the transactionssuggests that they may have beenentered into to engage in fraudulentfinancial reporting or toconceal misappropriation of assets.(Ref: Para. A47)

ISA 315 HB 200818. The auditor shall obtain anunderstanding of the informationsystem, including the relatedbusiness processes, relevant tofinancial reporting, including thefollowing areas:(a) The classes of transactions in theentity’s operations that aresignificant to the financialstatements;(b) The procedures, within bothinformation technology (IT) andmanual systems, by which thosetransactions are initiated, recorded,processed, corrected as necessary,transferred to the general ledgerand reported in the financialstatements;(c) The related accounting records,

77

supporting information and specificaccounts in the financial statementsthat are used to initiate, record,process and report transactions; thisincludes the correction of incorrectinformation and how information istransferred to the general ledger.The records may be in either manualor electronic form;(d) How the information systemcaptures events and conditions,other than transactions, that aresignificant to the financialstatements;(e) The financial reporting processused to prepare the entity’s financialstatements, including significantaccounting estimates anddisclosures;and(f) Controls surrounding journalentries, including non-standardjournal entries used to record non-recurring, unusual transactions oradjustments. (Ref: Para. A77-A81)

45 Evaluation of Audit Evidence

ISA 315 HB 200830. The auditor’s assessment of therisks of material misstatement at theassertion level may change duringthe course of the audit as additionalaudit evidence is obtained. Incircumstances where the auditorobtains audit evidence fromperforming further auditprocedures, or if new information isobtained, either of which isinconsistent with the audit evidence

ISA 240 HB 2008A48. ISA 330 (Redrafted) requiresthe auditor, based on the auditprocedures performed and the auditevidence obtained, to evaluatewhether the assessments of the risksof material misstatement at theassertion level remainappropriate.17 This evaluation isprimarily a qualitative matter basedon the auditor’s judgment. Such anevaluation may provide further

Evaluation of Audit Evidence

AU 316.68 Assessing risks of materialmisstatement due to fraudthroughout the audit. The auditor'sassessment of the risks of materialmisstatement due to fraud shouldbe ongoing throughout the audit.Conditions may be identified duringfieldwork that change or support ajudgment regarding the assessmentof the risks, such as the following: …

AU 316 explicitly requires that theassessment of the risks of materialmisstatement due to fraud shouldbe ongoing “throughout the audit”(see para. 68) and evaluation shouldbe “at or near the completionfieldwork” (see para. 74, see below).ISA 315 HB 2008, para. 30 and ISA330 HB 2008, para. 26 includesimilar guidance, however notspecifically with respect to the risk

The application and otherexplanatory material of ISA 240 HB2008 (i.e. para. A48) suggests thatfurther insight about the risks ofmaterial misstatements due to fraudis obtained through the auditor’sevaluation of whether theassessments of the risks of materialmisstatement at the assertion levelremain appropriate, as required byISA 330 HB 2008.

78

on which the auditor originallybased the assessment, the auditorshall revise the assessment andmodify the further planned auditprocedures accordingly. (Ref: Para.A123)

ISA 330 HB 200826. Based on the audit proceduresperformed and the audit evidenceobtained, the auditor shall evaluatebefore the conclusion of the auditwhether the assessments of the risksof material misstatement at theassertion level remain appropriate.(Ref: Para. A56-57)

insight about the risks of materialmisstatement due to fraud andwhether there is a need to performadditional or different auditprocedures. Appendix 3 contains,examples of circumstances that mayindicate the possibility of fraud.

ISA 315 HB 2008A123. During the audit, informationmay come to the auditor’s attentionthat differs significantly from theinformation on which the riskassessment was based. For example,the risk assessment may be based onan expectation that certaincontrols are operating effectively. Inperforming tests of those controls,the auditor may obtain auditevidence that they were notoperating effectively at relevanttimes during the audit. Similarly, inperforming substantive proceduresthe auditor may detectmisstatements in amounts orfrequency greater than is consistentwith the auditor’s risk assessments.In such circumstances, the riskassessment may not appropriatelyreflect the true circumstances of theentity and the further planned auditprocedures may not be effective indetecting material misstatements.See ISA 330 (Redrafted) for furtherguidance.

.74 Evaluating the risks of materialmisstatement due to fraud at ornear the completion of fieldwork. Ator near the completion of fieldwork,the auditor should evaluate whetherthe accumulated results of auditingprocedures and other observations(for example, conditions andanalytical relationships noted inparagraphs .69 through .73) affectthe assessment of the risks ofmaterial misstatement due to fraudmade earlier in the audit. Thisevaluation primarily is a qualitativematter based on the auditor'sjudgment. Such an evaluation mayprovide further insight about therisks of material misstatement dueto fraud and whether there is a needto perform additional or differentaudit procedures. As part of thisevaluation, the auditor with finalresponsibility for the audit shouldascertain that there has beenappropriate communication with theother audit team membersthroughout the audit regardinginformation or conditions indicativeof risks of material misstatementdue to fraud. fn 28

of material misstatement due tofraud.

Unlike ISA 240 HB 2008, AU 316explicitly requires that the auditorwith final responsibility for the auditshould ascertain that there has beenappropriate communication with theother audit team membersthroughout the audit.

79

ISA 330 HB 2008A56. An audit of financial statementsis a cumulative and iterative process.As the auditor performs plannedaudit procedures, the audit evidenceobtained may cause the auditor tomodify the nature, timing, or extentof other planned audit procedures.Information may come to theauditor’s attention that differssignificantly from the information onwhich the risk assessment wasbased. For example, …In such circumstances, the auditormay need to reevaluate the plannedaudit procedures, based on therevised consideration of assessedrisks for all or some of the classes oftransactions, account balances, ordisclosures and related assertions.ISA 315 (Redrafted) contains furtherguidance on revising the auditor’srisk assessment.8

A57. The auditor cannot assume thatan instance of fraud or error is anisolated occurrence. Therefore, theconsideration of how the detectionof a misstatement affects theassessed risks of materialmisstatement is important indetermining whether theassessment remains appropriate.

46 Documentation

ISA 240 HB 200844. The auditor’s documentation ofthe understanding of the entity andits environment and the assessment

Documentation

AU 316.83 The auditor should documentthe following:• The discussion among engagement

ISA 240 HB 2008 requires theauditor to document the significantdecisions reached during the

80

of the risks of material misstatementrequired by ISA 315 (Redrafted) shallinclude:10(a) The significant decisions reachedduring the discussion among theengagement team regarding thesusceptibility of the entity’s financialstatements to materialmisstatement due to fraud; and… .

ISA 315 HB 200833. The auditor shall document:…(b) Key elements of theunderstanding obtained regardingeach of the aspects of the entity andits environment specified inparagraph 11 and of each of theinternal control componentsspecified in paragraphs 14- 23; thesources of information from whichthe understanding was obtained;and the risk assessment proceduresperformed;(c) The identified and assessed risksof material misstatement at thefinancial statement level and at theassertion level as required byparagraph 24; and …

personnel in planning the auditregarding the susceptibility of theentity's financial statements tomaterial misstatement due tofraud, including how and when thediscussion occurred, the auditteam members who participated,and the subject matter discussed(See paragraphs .14 through .17.)

• The procedures performed toobtain information necessary toidentify and assess the risks ofmaterial misstatement due tofraud (See paragraphs .19 through.34.)

• …• …

• Other conditions and analyticalrelationships that caused theauditor to believe that additionalauditing procedures or otherresponses were required and anyfurther responses the auditorconcluded were appropriate, toaddress such risks or otherconditions (See paragraphs .68through .73.)

• …

discussion among the engagementteam, whereas AU 316 requires theauditor to document the discussionitself.

Unlike ISA 240 HB 2008, AU 316specifically requires the auditor todocument the proceduresperformed to identify and assessrisks of material misstatement dueto fraud. Although ISA 315 alsorequires the auditor to documentthe risk assessment proceduresperformed, this requirement doesnot specifically relate to theprocedures performed to identifythe risks of material misstatementdue to fraud.

Unlike ISA 240 HB 2008, AU 316requires that the auditor documentsthe conditions and analyticalrelationships that caused the auditorto believe that additional responseswere required and also documentsthe responses.

81

ILLEGAL ACTSISA 250 Final “Consideration of Laws and Regulations in an Audit of Financial Statements”

AU 317 “Illegal Acts by Clients”





47 Response to non-compliance withlaws and regulations

ISA 250 Final19. If the auditor suspects there maybe non-compliance, the auditor shalldiscuss the matter withmanagement and, whereappropriate, those charged withgovernance. If management or, asappropriate, those charged withgovernance do not provide sufficientinformation that supports that theentity is in compliance with laws andregulations and, in the auditor’sjudgment, the effect of thesuspected non-compliance may bematerial to the financial statements,the auditor shall consider the needto obtain legal advice. (Ref: Para.A15-A16)

21. The auditor shall evaluate theimplications of non-compliance inrelation to other aspects of theaudit, including the auditor’s risk

Response to possible illegal acts

AU 317.10 … If management does notprovide satisfactory information thatthere has been no illegal act, theauditor should—a. Consult with the client's legalcounsel or other specialists ..b. Apply additional procedures, ifnecessary, to obtain furtherunderstanding of the nature of theacts.

.11 The additional audit proceduresconsidered necessary, if any, mightinclude procedures such as thefollowing: …

.12 When the auditor concludes,based on information obtained and,if necessary, consultation with legalcounsel, that an illegal act has or is

Note that AU 317 uses the term“illegal acts” whereas ISA 250 Finaluses the term “non-compliance withlaws and regulations”.

Unlike ISA 250 Final, AU 317 requiresthe auditor to apply additionalprocedures, and gives examples ofsuch procedures.

AU 317 explicitly requires theauditor to consider the effect of a(potential) illegal act on the financialstatements whereas this is implicit in

82

assessment and the reliability ofwritten representations, and takeappropriate action. (Ref: Para. A17-A18)

20. If sufficient information aboutsuspected non-compliance cannotbe obtained, the auditor shallevaluate the effect of the lack ofsufficient appropriate audit evidenceon the auditor’s opinion.

ISA 250 FinalA16. If management or, asappropriate, those charged withgovernance do not provide sufficientinformation to the auditor that theentity is in fact in compliance withlaws and regulations, the auditormay consider it appropriate toconsult with the entity’s in-houselegal counsel or external legalcounsel about the application of thelaws and regulations to thecircumstances, including the

likely to have occurred, the auditorshould consider the effect on thefinancial statements as well as theimplications for other aspects of theaudit.

.19 If the auditor is precluded by theclient from obtaining sufficientcompetent evidential matter toevaluate whether an illegal act thatcould be material to the financialstatements has, or is likely to have,occurred, the auditor generallyshould disclaim an opinion on thefinancial statements.

.21 The auditor may be unable todetermine whether an act is illegalbecause of limitations imposed bythe circumstances rather than by theclient or because of uncertaintyassociated with interpretation ofapplicable laws or regulations orsurrounding facts. In thesecircumstances, the auditor shouldconsider the effect on his report. fn 2

ISA 250 Final (see para. 19)

AU 317 para. 19 and para. 21 arespecific in their direction concerningwhat opinion to issue when theauditor is unable to determinewhether an illegal act has occurredbecause of limitations imposed bythe client or by other circumstances,whereas ISA 250 Final is moregeneral in describing what theauditor has to do if sufficientinformation cannot be obtained. AU508 gives further direction onauditor reporting.

If the auditor does not get sufficientinformation that the entity is incompliance with laws andregulations, the application materialof ISA 250 para. A16 explicitlyrecommends the auditor to consultwith the entity’s legal counsel aboutthe possibility of fraud.

83

possibility of fraud, and the possibleeffects on the financial statements.When it is not consideredappropriate to consult with theentity’s legal counsel or when theauditor is not satisfied with the legalcounsel’s opinion, the auditor mayconsider it appropriate to consultthe auditor’s own legal counsel as towhether a contravention of a law orregulation is involved, the possiblelegal consequences, including thepossibility of fraud, and what furtheraction, if any, the auditor wouldtake.

48 Communication of non-compliancewith laws and regulations tomanagement or audit committee

Communication of Illegal acts tomanagement or audit committee

AU 317.17 … The communication shoulddescribe the act, the circumstancesof its occurrence, and the effect onthe financial statements. Seniormanagement may wish to have itsremedial actions communicated tothe audit committee simultaneously.Possible remedial actions includedisciplinary action against involvedpersonnel, seeking restitution,adoption of preventive or correctivecompany policies, and modificationsof specific control activities.

If senior management is involved inan illegal act, the auditor shouldcommunicate directly with the auditcommittee.

Unlike ISA 250 Final, AU 317 is veryspecific about the content of thecommunication to the auditcommittee. AU 317 also specifiesthat the auditor may simultaneouslycommunicate senior management’sremedial actions and lists variousexamples of such remedial actions.

84

ISA 250 Final23. If, in the auditor’s judgment, thenon-compliance referred to inparagraph 22 is believed to beintentional and material, the auditorshall communicate the matter tothose charged with governance assoon as practicable.

ISA 250 Final24. If the auditor suspects thatmanagement or those charged withgovernance are involved in non-compliance, the auditor shallcommunicate the matter to the nexthigher level of authority at theentity, if it exists, such as an auditcommittee or supervisory board.Where no higher authority exists, orif the auditor believes that thecommunication may not be actedupon or is unsure as to the person towhom to report, the auditor shallconsider the need to obtain legaladvice.

AU 317The communication may be oral orwritten. If the communication isoral, the auditor should document it.

ISA 250 Final is very specific aboutwhat the auditor has to do in casethe non-compliance is intentional,management is involved, or thosecharged with governance areinvolved. AU 317 has similarrequirements in case seniormanagement is involved in theillegal act but does not discuss whatthe auditor has to do in case thosecharged with governance areinvolved. We note that footnotes 3and 4 of AU 317 refer to Section10A(b)(1) of the Securities ExchangeAct of 1934 which outlines specificprocedures for the auditor to followwhen fraud is identified, including incases when the Board of Directorshas not taken appropriate remedialaction.

Unlike ISA 250 Final, AU 317explicitly mentions that thecommunication may be oral orwritten.

49 Communication to EnforcementAgencies

ISA 250 Final28. If the auditor has identified orsuspects non-compliance with lawsand regulations, the auditor shalldetermine whether the auditor hasa responsibility to report theidentified or suspected non-compliance to parties outside theentity. (Ref: Para. A19-A20)

ISA 250 FinalA19. The auditor’s professional dutyto maintain the confidentiality ofclient information may precludereporting identified or suspectednon-compliance with laws andregulations to a party outside theentity. However, the auditor’s legalresponsibilities vary by jurisdictionand, in certain circumstances, the

Communication to Other Parties

AU 317.23 Disclosure of an illegal act toparties other than the client's seniormanagement and its auditcommittee or board of directors isnot ordinarily part of the auditor'sresponsibility, and such disclosurewould be precluded by the auditor'sethical or legal obligation ofconfidentiality, unless the matter

AU 317 explicitly lists circumstancesin which a duty to report to partiesoutside the entity may exist,whereas ISA 250 only requires theauditor to determine whether hehas a responsibility to report toparties outside the entity. Moreover,as noted in footnotes 3 and 4 of AU317, Section 10A of the Securities

As concerns a duty to report outsidethe entity, the application and otherexplanatory material of ISA 250 Finalrefers to differences acrossjurisdictions.

85

duty of confidentiality may beoverridden by statute, the law orcourts of law. In some jurisdictions,the auditor of a financial institutionhas a statutory duty to report theoccurrence, or suspectedoccurrence, of non-compliance withlaws and regulations to supervisoryauthorities. Also, in somejurisdictions, the auditor has a dutyto report misstatements toauthorities in those cases wheremanagement and, where applicable,those charged with governance failto take corrective action. Theauditor may consider it appropriateto obtain legal advice to determinethe appropriate course of action.

Considerations Specific to PublicSector EntitiesA20. A public sector auditor may beobliged to report on instances ofnon-compliance to governingauthorities or to report them in theauditor’s report.

affects his opinion on the financialstatements. The auditor shouldrecognize, however, that in thefollowing circumstances a duty tonotify parties outside the client mayexist: fn 3

a. When the entity reports anauditor change under theappropriate securities law on Form8-K fn 4

b. To a successor auditor when thesuccessor makes inquiries inaccordance with section 315,Communications BetweenPredecessor and SuccessorAuditorsfn 5

c. In response to a subpoenad. To a funding agency or otherspecified agency in accordance withrequirements for the audits ofentities that receive financialassistance from a governmentagencyBecause potential conflicts with theauditor's ethical and legalobligations for confidentiality maybe complex, the auditor may wish toconsult with legal counsel beforediscussing illegal acts with partiesoutside the client.

Footnote 3: Auditors may berequired, under certaincircumstances, pursuant to thePrivate Securities Litigation ReformAct of 1995 (codified in section10A(b)1 of the Securities ExchangeAct of 1934) to make a report to theSecurities and Exchange Commission

Exchange Act outlines specificprocedures for the auditor to followwhen an illegal act has or may haveoccurred and the Board of Directorshas not taken appropriate remedialaction. In certain circumstances, if areport is provided to the Board ofDirectors and, that report is notprovided to the Securities andExchange Commission on a timelybasis, Section 10A requires theauditor to resign from theengagement and/or furnish itsreport directly to the Securities andExchange Commission.

86

relating to an illegal act that has amaterial effect on the financialstatements.

Footnote 4: Disclosure to theSecurities and Exchange Commissionmay be necessary if, among othermatters, the auditor withdrawsbecause the board of directors hasnot taken appropriate remedialaction. Such failure may be areportable disagreement on Form 8-K.

50 Withdrawing from the Engagement

ISA 250 FinalA18. In exceptional cases, theauditor may consider whether,unless prohibited by law orregulation, withdrawal from theengagement is necessary whenmanagement or those charged withgovernance do not take theremedial action that the auditorconsiders appropriate in thecircumstances, even when the non-compliance is not material to thefinancial statements. When decidingwhether withdrawal from theengagement is necessary, theauditor may consider seeking legaladvice. If withdrawal from theengagement is prohibited, theauditor may consider alternativeactions, including describing thenon-compliance in an OtherMatter(s) paragraph in the auditor’sreport.10

Withdrawing from the Engagement

AU 317.20 If the client refuses to accept theauditor's report as modified for thecircumstances described inparagraphs .18 and .19, the auditorshould withdraw from theengagement and indicate thereasons for withdrawal in writing tothe audit committee or board ofdirectors.

.22 In addition to the need towithdraw from the engagement, asdescribed in paragraph .20, theauditor may conclude thatwithdrawal is necessary when theclient does not take the remedialaction that the auditor considersnecessary in the circumstances evenwhen the illegal act is not materialto the financial statements. Factorsthat should affect the auditor'sconclusion include the implicationsof the failure to take remedial

Unlike ISA 250 Final, AU 317requires the auditor to withdrawif the client refuses to accept theauditor’s report as modified.Moreover, AU 317 suggests thatthat the auditor may considerwithdrawing from theengagement when the clientdoes not take remedial action,even when non-compliance isnon-material.

As noted in footnotes 3 & 4 ofAU 317, Section 10A(b)(1) of theSecurities and Exchange Actoutlines specific procedures forthe auditor to follow when fraudis identified, including in caseswhen the Board of Directors hasnot taken appropriate remedialaction.

The application and otherexplanatory material of ISA 250Final suggests that the auditormay consider withdrawing fromthe engagement when the clientdoes not take remedial action,even when non-compliance isnon-material.

87

action, which may affect theauditor's ability to rely onmanagement representations, andthe effects of continuing associationwith the client. In reaching aconclusion on such matters, theauditor may wish to consult with hisown legal counsel.

88

RELATED PARTIESISA 550 Final “Related Parties”

AU 334 “Related Parties“





51 Determining the existence of &identifying transactions withrelated parties

13. The auditor shall inquire ofmanagement regarding:(a) The identity of the entity’srelated parties, including changesfrom the prior period; (Ref: Para.A11-A14)...(c) Whether the entity entered intoany transactions with these relatedparties during the period and, if so,the type and purpose of thetransactions.

14. The auditor shall inquire ofmanagement and others within theentity, and perform other riskassessment procedures consideredappropriate, to obtain anunderstanding of the controls, ifany, that management hasestablished to: (Ref: Para. A15-A20)...

17. The auditor shall share relevantinformation obtained about theentity’s related parties with theother members of the engagementteam. (Ref: Para. A28)

Determining the existence ofidentifying transactions withrelated parties

.07 The auditor should placeemphasis on testing materialtransactions with parties he knowsare related to the reporting entity.Certain relationships, such asparent-subsidiary or investor-investee, may be clearly evident.Determining the existence of othersrequires the application of specificaudit procedures, which mayinclude the following:a. Evaluate the company'sprocedures for identifying andproperly accounting for relatedparty transactions.b. Request from appropriatemanagement personnel the namesof all related parties and inquirewhether there were anytransactions with these partiesduring the period.c. Review filings by the reportingentity with the Securities andExchange Commission and otherregulatory agencies for the names ofrelated parties and for otherbusinesses in which officers and

In comparison to AU 334, ISA 550Final expands more on managementinquiries to be made , but its focus isnot limited to this. Moreover, unlikeAU 334, ISA 550 Final discusses theneed to remain alert to thepossibility of related partytransactions throughout the auditand the appendix expands on thepossibility of fraud using relatedparty transactions.

The comparison of ISA 550 Final andAU 334 clearly illustrates theobservation that ISAs are more risk-based than the PCAOB standardsare (see Chapter 5, section 5.2 ofour report). The risk-basedapproach of the ISAs is, for example,clearly reflected in ISA 550, para. 14.

Unlike ISA 550 Final, AU 334 gives aseparate list of procedures fordetermining the existence of relatedparties and for identifying materialtransactions with related parties.Although AU 334 does not really add

89

16. If the auditor identifiessignificant transactions outside theentity’s normal course of businesswhen performing the auditprocedures required by paragraph15 or through other auditprocedures, the auditor shall inquireof management about: (Ref: Para.A24-A25)(a) The nature of these transactions;and (Ref: Para. A26)(b) Whether related parties could beinvolved. (Ref: Para. A27)

15. During the audit, the auditorshall remain alert, when inspectingrecords or documents, forarrangements or other informationthat may indicate the existence ofrelated party relationships ortransactions that management hasnot previously identified ordisclosed to the auditor. (Ref: Para.A22-A23)In particular, the auditor shallinspect the following for indicationsof the existence of related partyrelationships or transactions thatmanagement has not previouslyidentified or disclosed to theauditor:(a) Bank and legal confirmationsobtainedas part of the auditor’s procedures;(b) Minutes of meetings ofshareholders and of those chargedwith governance; and

A22. During the audit, the auditormay inspect records or documentsthat may provide information aboutrelated party relationships andtransactions, for example:Third-party confirmations obtainedby the auditor (in addition to bankand legal confirmations).Entity income tax returns.Information supplied by the entityto regulatory authorities.Shareholder registers to identify theentity’s principal shareholders.Statements of conflicts of interestfrom management and thosecharged with governance.Records of the entity’s investmentsand those of its pension plans.Contracts and agreements with keymanagement or those charged withgovernance.Significant contracts andagreements not in the entity’s

directors occupy directorship ormanagement positions.d. Determine the names of allpension and other trusts establishedfor the benefit of employees andthe names of their officers andtrustees. fn 4

e. Review stockholder listings ofclosely held companies to identifyprincipal stockholders.f. Review prior years' workingpapers for the names of knownrelated parties.g. Inquire of predecessor,principal, or other auditors ofrelated entities concerning theirknowledge of existing relationshipsand the extent of managementinvolvement in materialtransactions.h. Review material investmenttransactions during the periodunder audit to determine whetherthe nature and extent ofinvestments during the periodcreate related parties.

.08 The following procedures areintended to provide guidance foridentifying material transactionswith parties known to be relatedand for identifying materialtransactions that may be indicativeof the existence of previouslyundetermined relationships:a. Provide audit personnelperforming segments of the audit orauditing and reporting separately onthe accounts of related components

more in terms of different types ofprocedures to determine existence,its focus is particularly on“reviewing” different documents.

The application and otherexplanatory material of ISA 550Final, i.e. para. A22, expands on the“inspection” of records ordocuments that may provideinformation about related partyrelationships and transactions.

90

(c) Such other records or documentsas the auditor considers necessaryin the circumstances of the entity.

21. If the auditor identifiesarrangements or information thatsuggests the existence of relatedparty relationships or transactionsthat management has notpreviously identified or disclosed tothe auditor, the auditor shalldetermine whether the underlyingcircumstances confirm the existenceof those relationships ortransactions.

ordinary course of business.Specific invoices andcorrespondence from the entity’sprofessional advisors.Life insurance policies acquired bythe entity.Significant contracts re-negotiatedby the entity during the period.Internal auditors’ reports.Documents associated with theentity’s filings with a securitiesregulator (e.g, prospectuses).

of the reporting entity with thenames of known related parties sothat they may become aware oftransactions with such partiesduring their audits.b. Review the minutes of meetingsof the board of directors andexecutive or operating committeesfor information about materialtransactions authorized or discussedat their meetings.c. Review proxy and other materialfiled with the Securities andExchange Commission andcomparable data filed with otherregulatory agencies for informationabout material transactions withrelated parties.d. Review conflict-of-interestsstatements obtained by thecompany from its management. fn 5

e. Review the extent and nature ofbusiness transacted with majorcustomers, suppliers, borrowers,and lenders for indications ofpreviously undisclosed relationships.f. Consider whether transactionsare occurring, but are not beinggiven accounting recognition, suchas receiving or providing accounting,management or other services at nocharge or a major stockholderabsorbing corporate expenses.g. Review accounting records forlarge, unusual, or nonrecurringtransactions or balances, payingparticular attention to transactionsrecognized at or near the end of thereporting period.

91

h. Review confirmations ofcompensating balancearrangements for indications thatbalances are or were maintained foror by related parties.i. Review invoices from law firmsthat have performed regular orspecial services for the company forindications of the existence ofrelated parties or related partytransactions.j. Review confirmations of loansreceivable and payable forindications of guarantees. Whenguarantees are indicated, determinetheir nature and the relationships, ifany, of the guarantor.

52 12. The engagement teamdiscussion that ISA 315 (Redrafted)and ISA 240 (Redrafted) requireshall include specific considerationof the susceptibility of the financialstatements to materialmisstatement due to fraud or errorthat could result from the entity’srelated party relationships andtransactions. (Ref: Para. A9-A10)

.06 In the absence of evidence tothe contrary, transactions withrelated parties should not beassumed to be outside the ordinarycourse of business. The auditorshould, however, be aware of thepossibility that transactions withrelated parties may have beenmotivated solely, or in largemeasure, by conditions similar tothe following:a. Lack of sufficient working capitalor credit to continue the businessb. An urgent desire for a continuedfavorable earnings record in thehope of supporting the price of thecompany's stockc. An overly optimistic earningsforecastd. Dependence on a single orrelatively few products, customers,or transactions for the continuing

There is a difference in emphasisbetween ISA 550 Final and AU 334as to the fraud implications ofrelated party transactions. WhereasISA 550 Final requires the auditor topay particular attention to thesusceptibility of financial statementsto fraud or error that results fromrelated party transactions, AU 334only requires the auditor to beaware of the possibility that relatedparty transactions may bemotivated by conditions outside theordinary course of business.

92

success of the venturee. A declining industrycharacterized by a large number ofbusiness failuresf. Excess capacityg. Significant litigation, especiallylitigation between stockholders andmanagementh. Significant obsolescencedangers because the company is in ahigh-technology industry

53 22. If the auditor identifies relatedparties or significant related partytransactions that management hasnot previously identified ordisclosed to the auditor, the auditorshall:(a) Promptly communicate therelevant information to the othermembers of the engagement team;(Ref: Para. A35)(b) Where the applicable financialreporting framework establishesrelated party requirements:(i) Request management to identifyall transactions with the newlyidentified related parties for theauditor’s further evaluation; and(ii) Inquire as to why the entity’scontrols over related partyrelationships and transactions failedto enable the identification ordisclosure of the related partyrelationships or transactions;(c) Perform appropriate substantiveaudit procedures relating to suchnewly identified related parties orsignificant related partytransactions; (Ref: Para. A36)

Unlike AU 334, ISA 550 Finalrequires the auditor to performspecific procedures when theauditor has identified related partiesor significant related partytransactions that management hasnot previously identified ordisclosed to the auditor.

93

(d) Reconsider the risk that otherrelated parties or significant relatedparty transactions may exist thatmanagement has notpreviously identified or disclosed tothe auditor, and perform additionalaudit procedures as necessary; and(e) If the non-disclosure bymanagement appears intentional(and therefore indicative of a risk ofmaterial misstatement due tofraud), evaluate the implications forthe audit. (Ref: Para. A37)

54 24. When management has madean assertion in the financialstatements to the effect that arelated party transaction wasconducted on terms equivalent tothose prevailing in an arm’s lengthtransaction, the auditor shall obtainsufficient appropriate auditevidence about the assertion. (Ref:Para. A42-A45)

A42. Although audit evidence maybe readily available regarding howthe price of a related partytransaction compares to that of asimilar arm’s length transaction,there are ordinarily practicaldifficulties that limit the auditor’sability to obtain audit evidence thatall other aspects of the transactionare equivalent to those of the arm’slength transaction. For example, …Accordingly, there may be a risk thatmanagement’s assertion that arelated party transaction wasconducted on terms equivalent tothose prevailing in an arm’s lengthtransaction may be materiallymisstated.

A43. Management is responsible forthe substantiation of an assertionthat a related party transaction wasconducted on terms equivalent tothose prevailing in an arm’s lengthtransaction. Management’s supportfor the assertion may include: …

Unlike AU 334, ISA 550 Finalrequires the auditor to obtainsufficient appropriate auditevidence regarding any assertionthat management makes that arelated party transactions wasconducted at arm’s length.

94

A44. Evaluating management’ssupport for this assertion mayinvolve one or more of thefollowing:…A45. Some financial reportingframeworks require the disclosureof related party transactions notconducted on terms equivalent tothose prevailing in arm’s lengthtransactions. In thesecircumstances, if management hasnot disclosed a related partytransaction in the financialstatements, there may be animplicit assertion that thetransaction was conducted on termsequivalent to those prevailing in anarm’s length transaction.

95

55 Related Parties with DominantInfluence

A6. Related parties, by virtue oftheir ability to exert controlor significant influence, may be in aposition to exert dominant influenceover the entity or its management.Consideration of suchbehavior is relevant whenidentifying and assessing the risks ofmaterial misstatement due to fraud,as further explained in paragraphsA29-A30.

Special-Purpose Entities as RelatedPartiesA7. In some circumstances, aspecial-purpose entity17 may be arelated party of the entity becausethe entity may in substance controlit, even if the entity owns little ornone of the special-purpose entity’sequity.

A29. Domination of management bya single person or small group ofpersons without compensatingcontrols is a fraud risk factor.23Indicators of dominant influenceexerted by a related party include:The related party has vetoedsignificant business decisions takenby management or those chargedwith governance.Significant transactions are referredto the related party for finalapproval.

Unlike AU 334, the application andother explanatory material of ISA550 Final provides guidanceregarding the related partyimplications of parties withdominant influence and special-purpose entities.

96

There is little or no debate amongmanagement and those chargedwith governance regarding businessproposals initiated by the relatedparty.Transactions involving the relatedparty (or a close family member ofthe related party) are rarelyindependently reviewed andapproved.Dominant influence may also existin some cases if the related partyhas played a leading role in foundingthe entity and continues to play aleading role in managing the entity.

A30. In the presence of other riskfactors, the existence of a relatedparty with dominant influence mayindicate significant risks of materialmisstatement due to fraud. Forexample:An unusually high turnover of seniormanagement or professionaladvisors may suggest unethical orfraudulent business practices thatserve the related party’s purposes.The use of business intermediariesfor significant transactions for whichthere appears to be no clearbusiness justification may suggestthat the related party could have aninterest in such transactionsthrough control of suchintermediaries for fraudulentpurposes.Evidence of the related party’sexcessive participation in orpreoccupation with the selection of

97

accounting policies or thedetermination of significantestimates may suggest thepossibility of fraudulent financialreporting.

98

Topic 7: Specific tests and evidence(including confirmations, and tests of inventory, subsequent events, estimates and fair value)

Subject ISANumber

ISATitle


PCAOB standardTitle

INVENTORIES ISA 501 Final “Audit Evidence – Specific Considerations forSelected Items”

AU 331 “Inventories”

CONFIRMATIONS ISA 505 Final “External Confirmations” AU 330 “The Confirmation Process”ESTIMATES AND FAIR VALUE ISA 540 HB 2008 “Auditing Accounting Estimates, Including Fair

Values Accounting Estimates, and RelatedDisclosures”

AU 342 “Auditing Accounting Estimates”

AU 328 “Auditing Fair Value Measurements andDisclosures”

SUBSEQUENT EVENTS ISA 560 Final “Subsequent Events” AU 560 “Subsequent Events”AU 561 “Subsequent Discovery of Facts Existing at the Date

of the Auditor’s Report”AS 5, paragraphs93-98

“Subsequent Events”

AU 530 “Dating of the Independent Auditor’s Report”AUDIT EVIDENCE ISA 500 Final “Audit Evidence” AU 326 “Evidential Matter”

99

INVENTORIESISA 501 Final “Audit Evidence – Specific Considerations for Selected Items”

AU 331 “Inventories”





56 5. If physical inventory counting isconducted at a date other than thedate of the financial statements, theauditor shall, in addition to theprocedures required by paragraph 4,perform audit procedures to obtainaudit evidence about whetherchanges in inventory between thecount date and the date of thefinancial statements are properlyrecorded. (Ref: Para. A911-A11)

A9. For practical reasons, thephysical inventory counting may beconducted at a date, or dates, otherthan the date of the financialstatements. This may be doneirrespective of whethermanagement determines inventoryquantities by an annual physicalinventory counting or maintains aperpetual inventory system. Ineither case, the effectiveness of thedesign, implementation andmaintenance of controls overchanges in inventory determineswhether the conduct of physicalinventory counting at a date, ordates, other than the date of thefinancial statements is appropriatefor audit purposes. ISA 330(Redrafted) establishesrequirements and provides guidanceon substantive proceduresperformed at an interim date.1

A10. Where a perpetual inventorysystem is maintained, managementmay perform physical counts orother tests to ascertain the reliabilityof inventory quantity informationincluded in the entity’s perpetualinventory records. In some cases,

11. In recent years, some companieshave developed inventory controlsor methods of determininginventories, including statisticalsampling, which are highly effectivein determining inventory quantitiesand which are sufficiently reliable tomake unnecessary an annualphysical count of each item ofinventory. In such circumstances theindependent auditor must satisfyhimself that the client's proceduresor methods are sufficiently reliableto produce results substantially thesame as those which would beobtained by a count of all items eachyear. The auditor must be present toobserve such counts as he deemsnecessary and must satisfy himselfas to the effectiveness of thecounting procedures used. Ifstatistical sampling methods areused by the client in the taking ofthe physical inventory, the auditormust be satisfied that the samplingplan is reasonable and statisticallyvalid, that it has been properlyapplied, and that the results arereasonable in the circumstances.

Unlike AU 331, ISA 501 Final doesnot specifically provide direction incases when clients inventorycontrols are highly effective,although it states more generally(para. 4) that if physical inventorycounting is conducted at a dateother than the date of the financialstatements, the auditor is requiredto perform procedures to obtainaudit evidence about whetherchanges in inventory between thecount date and the date of thefinancial statements are properlyrecorded.

100

management or the auditor mayidentify differences between theperpetual inventory records andactual physical inventory quantitieson hand; this may indicate that thecontrols over changes in inventoryare not operating effectively.

A11. Relevant matters forconsideration when designing auditprocedures to obtain audit evidenceabout whether changes in inventoryamounts between the count date, ordates, and the final inventoryrecords are properly recordedinclude:• Whether the perpetual inventoryrecords are properly adjusted.• Reliability of the entity’s perpetualinventory records.• Reasons for significant differencesbetween the information obtainedduring the physical count and theperpetual inventory records.

57 6. If the auditor is unable to attendphysical inventory counting due tounforeseen circumstances, theauditor shall make or observe somephysical counts on an alternativedate, and perform audit procedureson intervening transactions.

7. If attendance at physical inventorycounting is impracticable, theauditor shall perform alternativeaudit procedures to obtain sufficientappropriate audit evidenceregarding the existence andcondition of inventory. If it is not

12. When the independent auditorhas not satisfied himself as toinventories in the possession of theclient through the proceduresdescribed in paragraphs .09 through.11, tests of the accounting recordsalone will not be sufficient for him tobecome satisfied as to quantities; itwill always be necessary for theauditor to make, or observe, somephysical counts of the inventory andapply appropriate tests ofintervening transactions. This shouldbe coupled with inspection of therecords of any client's counts and

In contrast to AU 331, ISA 501 Finalpermits an exception to observinginventory if “attendance at theentity’s physical inventory count isimpracticable”.

101

possible to do so, the auditor shallmodify the opinion in the auditor’sreport in accordance with ISA 705(Revised and Redrafted). (Ref: Para.A12-A14)

procedures relating to the physicalinventory on which the balance-sheet inventory is based.

58 8. When inventory under thecustody and control of a third partyis material to the financialstatements, the auditor shall obtainsufficient appropriate audit evidenceregarding the existence andcondition of that inventory byperforming one or both of thefollowing:(a) Request confirmation from thethird party as to the quantities andcondition of inventory held onbehalf of the entity. (Ref: Para. A15)(b) Perform inspection or other auditprocedures appropriate in thecircumstances. (Ref: Para. A16)

A16. Depending on thecircumstances, for example, whereinformation is obtained that raisesdoubt about the integrity andobjectivity of the third party, theauditor may consider it appropriateto perform other audit proceduresinstead of, or in addition to,confirmation with the third party.Examples of other audit proceduresinclude:• Attending, or arranging foranother auditor to attend, the thirdparty’s physical counting ofinventory, if practicable.• Obtaining another auditor’sreport, or a service auditor’s report,on the adequacy of the third party’sinternal control for ensuring thatinventory is properly counted andadequately safeguarded.• Inspecting documentationregarding inventory held by thirdparties, for example, warehousereceipts.• Requesting confirmation fromother parties when inventory hasbeen pledged as collateral.

14. If inventories are in the hands ofpublic warehouses or other outsidecustodians, the auditor ordinarilywould obtain direct confirmation inwriting from the custodian. If suchinventories represent a significantproportion of current or total assets,to obtain reasonable assurance withrespect to their existence, theauditor should apply one or more ofthe following procedures as heconsiders necessary in thecircumstances. (a) Test the owner'sprocedures for investigating thewarehouseman and evaluating thewarehouseman's performance. (b) Obtain an independentaccountant's report on thewarehouseman's control proceduresrelevant to custody of goods and, ifapplicable, pledging of receipts, orapply alternative procedures at thewarehouse to gain reasonableassurance that information receivedfrom the warehouseman is reliable.(c) Observe physical counts of thegoods, if practicable and reasonable.(d) If warehouse receipts have beenpledged as collateral, confirm withlenders pertinent details of thepledged receipts (on a test basis, ifappropriate).

AU 331 states that the auditorordinarily would obtain direct thirdparty confirmation in writing. Wheninventory under third party custodyis material, AU 331 requires theauditor to perform one or more ofsome specified procedures to obtainreasonable assurance with respectto their existence, however this(these) procedure(s) is (are) notnecessarily done in addition toconfirmation. When inventory heldby custodian is material, ISA 501Final requires the auditor to obtainsufficient appropriate evidenceregarding the existence andcondition of that inventory eitherthrough confirmation or inspectionor other audit procedures, or both.Under ISA 501 Final, when inventoryunder custody is material,confirmation alone can be sufficientappropriate audit evidence, whereasunder AU 331 more procedures arenecessary.

The application and otherexplanatory material of ISA 501(para. A16) stresses that in somecircumstances the auditor mayconsider it appropriate to performother audit procedures (thanconfirmation).

102

CONFIRMATIONSISA 505 Final “External Confirmations”

AU 330 “The Confirmation Process”





59 The Confirmation Process

8. If management refuses to allowthe auditor to send a confirmationrequest, the auditor shall:(a) Inquire as to management’sreasons for the refusal, and seekaudit evidence as to their validityand reasonableness; (Ref: Para.A8)(b) Evaluate the implications ofmanagement’s refusal on theauditor’s assessment of therelevant risks of materialmisstatement, including the risk offraud, and on the nature, timingand extent of other auditprocedures; and (Ref: Para. A9)(c) Perform alternative auditprocedures designed to obtainrelevant and reliable auditevidence. (Ref: Para. A10)

9. If the auditor concludes thatmanagement’s refusal to allow theauditor to send a confirmationrequest is unreasonable, or theauditor is unable to obtain relevantand reliable audit evidence fromalternative audit procedures, theauditor shall communicate

The Confirmation Process

Unlike AU 330, ISA 505 Finalprovides clear instructions toauditors who have been refusedpermission by management tosend confirmation requests. It alsorequires the auditor to determinethe reasonability formanagement’s refusal and theimplications on the assessment ofthe risks of material misstatement.Although AU 508.24 and footnote14 discuss scope limitationsimposed by the client, those donot explicitly require the auditor toevaluate the reasonableness ofmanagement’s refusal, to evaluatethe implications of management’srefusal on the assessment of therelevant risks of materialmisstatement, or to communicatespecific issues to those chargedwith governance.

103

with those charged with governancein accordance with ISA 260 (Revisedand Redrafted).13 The auditor alsoshall determine the implications forthe audit and theauditor’s opinion in accordancewith ISA 705 (Revised andRedrafted).14

60 Communication

ISA 230 HB 20088. The auditor shall prepare auditdocumentation that is sufficient toenable an experienced auditor,having no previous connection withthe audit, to understand: (Ref: Para.A2-A5, A16-A17)…(b) The results of the auditprocedures performed, and theaudit evidence obtained;…

Communication

29. There may be situations in whichthe respondent, because oftimeliness or other considerations,responds to a confirmation requestother than in a writtencommunication mailed to theauditor. When such responses arereceived, additional evidence maybe required to support their validity.In addition, the auditor shouldconsider requesting the purportedsender to mail the originalconfirmation directly to the auditor.Oral confirmations should bedocumented in the workpapers. Ifthe information in the oralconfirmations is significant, theauditor should request the partiesinvolved to submit writtenconfirmation of the specificinformation directly to the auditor.30. When using confirmationrequests other than the negativeform, the auditor should generallyfollow up with a second andsometimes a third request to thoseparties from whom replies have notbeen received.

Unlike ISA 505 Final, AU 330explicitly requires that oralconfirmation should bedocumented in the workingpapers. It should be noted thoughthat ISA 230.8(b) requiresdocumentation to indicate theresults of audit procedures.

104

61 Accounts Receivable

34. Confirmation of accountsreceivable is a generally acceptedauditing procedure. Thus, there isa presumption that the auditor willrequest the confirmation ofaccounts receivable during anaudit unless one of the following istrue: (a) Accounts receivable areimmaterial to the financialstatements; (b) The use ofconfirmations would beineffective; (c) The auditor'scombined assessed level ofinherent and control risk is low.35. An auditor who has notrequested confirmations in theexamination of accountsreceivable should document howhe or she overcame thispresumption.

Unlike ISA 505 Final, AU 330requires the confirmation ofaccounts receivable, except incertain circumstances. Also, notethat AU 330 requires that anauditor who does not confirmaccounts receivable has todocument his reasoning for doingso.

62 Alternative Procedures

12. In the case of each non-response, the auditor shallperform alternative auditprocedures to obtain relevant andreliable audit evidence. (Ref: ParaA18-A19)

14. The auditor shall investigateexceptions to determine whetheror not they are indicative ofmisstatements. (Ref: Para. A21-A22)

11. If the auditor determines that

A5. A positive external confirmationrequest asks the confirming party toreply to the auditor in all cases,either by indicating the confirmingparty’s agreement with the giveninformation, or by asking theconfirming party to provideinformation. A response to apositive confirmation requestordinarily is expected to providereliable audit evidence. There is arisk, however, that a confirmingparty may reply to the confirmationrequest without verifying that the

Alternative Procedures

20. The auditor should considerperforming other substantiveprocedures to supplement the useof negative confirmations.

19.… the use of blank confirmationrequests may provide a greaterdegree of assurance about theinformation confirmed… However,blank forms might result in lowerresponse rates… consequently, theauditor may have to perform morealternative procedures.27. If information about the

AU 330 provides more detaileddirection on alternativeprocedures than ISA 505 Final does(e.g. negative confirmations, blankconfirmation requests, problemswith respondent’s competenceand objectivity, and nonresponseon positive confirmation requests).

Although AU 330 provides morediscussion on alternativeprocedures, note that theapplication and explanatorymaterial of ISA 505, i,e, para. A5also provides some direction onthe use of blank confirmationrequests.

105

a response to a confirmationrequest is not reliable, the auditorshall evaluate the implications onthe assessment of the relevantrisks of material misstatement,including the risk of fraud, and onthe related nature, timing andextent of other audit procedures.(Ref: Para. A17)

information is correct. The auditormay reduce this risk by usingpositive confirmation requests thatdo not state the amount (or otherinformation) on the confirmationrequest, and ask the confirmingparty to fill in the amount or furnishother information. On the otherhand, use of this type of “blank”confirmation request may result inlower response rates becauseadditional effort is required of theconfirming parties.

respondent's competence,knowledge, motivation, ability, orwillingness to respond, or aboutthe respondent's objectivity andfreedom from bias with respect tothe audited entity comes to theauditor's attention, the auditorshould consider the effects of suchinformation on designing theconfirmation requests andevaluating the results, includingdetermining whether otherprocedures are necessary.

31. When the auditor has notreceived replies to positiveconfirmation requests, he or sheshould apply alternativeprocedures to the nonresponses toobtain the evidence necessary toreduce audit risk to an acceptablylow level. However, the omissionof alternative procedures may beacceptable (a) when the auditorhas not identified unusualqualitative factors or systematiccharacteristics related to thenonresponses, such as that allnonresponses pertain to year-endtransactions, and (b) when testingfor overstatement of amounts, thenonresponses in the aggregate,when projected as 100 percentmisstatements to the populationand added to the sum of all otherunadjusted differences, would notaffect the auditor's decision aboutwhether the financial statementsare materially misstated.

While ISA 505 Final para. 12 andAU 330.31 requires alternativeprocedures in the case of eachnon-response, AU 330.31 alsoprovides an exception.

106

ESTIMATES AND FAIR VALUEISA 540 HB 2008 “Auditing Accounting Estimates, Including Fair Values Accounting Estimates, and Related Disclosures”

AU 342 “Auditing Accounting Estimates”AU 328 “Auditing Fair Value Measurements and Disclosures”





63 Process

15. For accounting estimates thatgive rise to significant risks, inaddition to other substantiveprocedures performed to meet therequirements of ISA 330(Redrafted),7 the auditor shallevaluate the following: (Ref: Para.A102)(a) How management hasconsidered alternative assumptionsor outcomes, and why it hasrejected them, or how managementhas otherwise addressed estimationuncertainty in making theaccounting estimate. (Ref: Para.A103-A106)…For accounting estimates that giverise to significant risks, the auditorshall also evaluate the adequacy ofthe disclosure of their estimationuncertainty in the financialstatements in the context of theapplicable financial reportingframework. (Ref: Para. A122-A123)

ProcessAU 342.11 Review and test management'sprocess. In many situations, theauditor assesses the reasonablenessof an accounting estimate byperforming procedures to test theprocess used by management tomake the estimate. The followingare procedures the auditor mayconsider performing when using thisapproach:...c. Consider whether there areadditional key factors or alternativeassumptions about the factors....

The risk assessment approach of ISA315 is reflected in ISA 540 (forexample in paragraph 15).

For accounting estimates that giverise to significant risks, ISA 540 HB2008 requires the auditor toevaluate whether management hasconsidered alternative assumptionsand why it has rejected them (seeparagraph 15). Although PCAOBstandards suggest that auditors mayconsider alternative assumptionswhen testing the reasonableness ofthe accounting estimate (AU 342para. 11(c)), evaluating whethermanagement has consideredalternative assumptions is notexplicitly required.

107

22. The auditor shall obtain writtenrepresentations from managementwhether management believessignificant assumptions used by it inmaking accounting estimates arereasonable. (Ref: Para. A126-A127)

In addition to other evidentialmatter about the estimate, incertain instances, the auditor maywish to obtain writtenrepresentation from managementregarding the key factors andassumptions.

ISA 540 HB 2008 requires that theauditor obtains writtenrepresentation from managementon the reasonableness ofassumptions (para. 22). The PCAOBstandards do not explicitly requirewritten representations on thereasonableness, but state that theauditor may wish to obtain writtenrepresentations regarding the keyfactors and assumptions (AU 342,footnote 4).

6410. In identifying and assessing therisks of material misstatement, asrequired by ISA 315 (Redrafted),5the auditor shall evaluate the degreeof estimation uncertainty associatedwith an accounting estimate. (Ref:Para. A45-A46)

11. The auditor shall determinewhether, in the auditor’s judgment,any of those accounting estimatesthat have been identified as havinghigh estimation uncertainty give riseto significant risks. (Ref: Para. A47A51)

A47. Examples of accountingestimates that may have highestimation uncertaintyinclude the following:• Accounting estimates that arehighly dependent upon judgment,for example, judgments about theoutcome of pending litigation or theamount and timing of future cashflows dependent on uncertainevents many years in the future.• Accounting estimates that are notcalculated using recognizedmeasurement techniques.• Accounting estimates where theresults of the auditor’s review ofsimilar accounting estimates madein the prior period financialstatements indicate a substantialdifference between the originalaccounting estimate and the actualoutcome.• Fair value accounting estimates forwhich a highly specialized entitydeveloped model is used or forwhich there are no observable

AU 328.13 The auditor uses his or herunderstanding of the entity’sprocess, including its complexity,and of the controls when assessingthe risk of material misstatement.Based on that risk assessment, theauditor determines the nature,timing, and extent of the auditprocedures. The risk of materialmisstatement may increase as theaccounting and financial reportingrequirements for fair valuemeasurements become morecomplex.

Unlike AU 328, ISA 540 HB 2008explicitly requires the auditor toassess the degree of estimationuncertainty, and, for estimates withhigh estimation uncertainty, todetermine whether they give rise tosignificant risks.

ISA 540 HB 2008, para. A.47 gives asan example of an estimate that mayhave high estimation uncertainty“fair value accounting estimates forwhich a highly specialized entity-developed model is used or forwhich there are no observableinputs”.

108

inputs.65 8. When performing risk assessment

procedures and related activities toobtain an understanding of theentity and its environment, includingthe entity’s internal control, asrequired by ISA 315 (Redrafted),4the auditor shall obtain anunderstanding of the following inorder to provide a basis for theidentification and assessment of therisks of material misstatement foraccounting estimates: (Ref: Para.A12)…(b) How management identifiesthose transactions, events andconditions that may give rise to theneed for accounting estimates to berecognized or disclosed in thefinancial statements. In obtainingthis understanding, the auditor shallmake inquiries of managementabout changes in circumstances thatmay give rise to new, or the need torevise existing, accountingestimates. (Ref: Para. A16-A21)(c) How management makes theaccounting estimates, and anunderstanding of the data on whichthey are based, including: (Ref: Para.A22-A23)(i) The method, including whereapplicable the model, used inmaking the accounting estimate;(Ref: Para. A24-A26)(ii) Relevant controls; (Ref: Para.A27-A28)(iii) Whether management has used

.10 In evaluating reasonableness,the auditor should obtain anunderstanding of how managementdeveloped the estimate. …

ISA 540 HB 2008 is more detailedthan AU 342 in the requirementswith respect to the risk assessmentprocedures and related activitieswith respect to accountingestimates.

109

an expert; (Ref: Para. A29-A30)(iv) The assumptions underlying theaccounting estimates; (Ref: Para.A31-A36)(v) Whether there has been or oughtto have been a change from theprior period in the methods formaking the accounting estimates,and if so, why; and (Ref: Para. A37)(vi) Whether and, if so, howmanagement has assessed the effectof estimation uncertainty. (Ref: Para.A38)

9. The auditor shall review theoutcome of accounting estimatesincluded in the prior periodfinancial statements, or, whereapplicable, their subsequent re-estimation for the purpose of thecurrent period. The nature andextent of the auditor’s review takesaccount of the nature of theaccounting estimates, and whetherthe information obtained from thereview would be relevant toidentifying and assessing risks ofmaterial misstatement of accountingestimates made in the currentperiod financial statements.However, the review is notintended to call into question thejudgments made in the prior periodsthat were based on informationavailable at the time. (Ref: Para.A39-A44)

110

66 12. Based on the assessed risks ofmaterial misstatement, the auditorshall determine: (Ref: Para.A52)(a) Whether management hasappropriately applied therequirements of the applicablefinancial reporting frameworkrelevant to the accounting estimate;and (Ref: Para. A53-A56)(b) Whether the methods for makingthe accounting estimates areappropriate and havebeen applied consistently, andwhether changes, if any, inaccounting estimates or inthe method for making them fromthe prior period are appropriate inthe circumstances. (Ref: Para. A57-A58)

Unlike AU 342, ISA 540 HB 2008explicitly requires that the auditordetermines whether the methodsfor making accounting estimates areapplied consistently and determineswhether changes in the methods areappropriate.

67 16. If, in the auditor’s judgment,management has not adequatelyaddressed the effects of estimationuncertainty on the accountingestimates that give rise to significantrisks, the auditor shall, if considerednecessary, develop a range withwhich to evaluate thereasonableness of the accountingestimate. (Ref: Para. A111-A112)

Unlike AU 342, in case managementhas not adequately addressed theeffects of estimation uncertainty onthe accounting estimates that giverise to significant risks, ISA 540 HB2008 requires the auditor to developa range with which to evaluate thereasonableness of the accountingestimate.

6820. For accounting estimates thatgive rise to significant risks, theauditor shall also evaluate theadequacy of the disclosure of theirestimation uncertainty in thefinancial statements in the context

AU 342.07 The auditor's objective whenevaluating accounting estimates is toobtain sufficient competentevidential matter to providereasonable assurance that—

ISA 540 HB 2008, para. 20 is moreexplicit than AU 342 in that itrequires the auditor to evaluate theadequacy of the disclosure of theestimation uncertainty of accountingestimates that give rise to significant

111

of the applicable financial reportingframework. (Ref: Para. A122-A123) ...

c. The accounting estimates are ...and are properly disclosed. fn 3

risks. AU 342 is more general in thatit only requires the auditor to“provide reasonable assurance thatthe accounting estimates … areproperly disclosed” (AU 342.07), andrefers in footnote to AU 431,Adequacy of Disclosure in FinancialStatements, which discusses theauditor's responsibility to considerwhether the financial statementsinclude adequate disclosures ofmaterial matters in light of thecircumstances and facts of which heis aware.

112

SUBSEQUENT EVENTSISA 560 Final “Subsequent Events”

AU 560 “Subsequent Events”AU 561”Subsequent Discovery of Facts Existing at the Date of the Auditor’s Report”

AU 530 “Dating of the Independent Auditor’s Report”AS 5, paragraphs 93-98 “Subsequent Events”



AU 560/ AU 561/ AU 530/ AS 5 Comparative analysis:Analysis excluding ISA applicationand other explanatory material



113

AUDIT EVIDENCEISA 500 Final “Audit Evidence”AU 326 « Evidential Matter»11






11 AU 326 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10). An overview of the significant differencesbetween ISA 500 Final and the proposed auditing standard on “Audit Evidence”, as assessed by the PCAOB, can be found in Appendix 10 of PCAOB Release 2008-006. We note that Staff of IAASB hasa different view on some of the issues in the comparative analysis prepared by the PCAOB (see www.pcaob.org/Rules/Docket_026/Comments/All.pdf).


114

Topic 8: Special topics relating to the audit process (including reliance on service organizations, going concern tests, group audit, use of internal auditors, use ofspecialists, inquiry of client’s lawyer)

Subject ISANumber

ISATitle


PCAOB standardTitle

RELIANCE ON SERVICEORGANIZATIONS

ISA 402 Final “Audit Considerations Relating to an Entity Usinga Service Organization”

AU 324 “Service Organizations”

AS 5, paragraphsB17-B27

“Special Topics”

GOING CONCERN ISA 570 Final “Going Concern” AU 341 “The Auditor’s Consideration of an Entity’s Ability toContinue as a Going Concern”

AU 333 “Management Representations”OTHER AUDITORS ISA 600 HB 2008 “Special Considerations- Audits of Group Financial

Statements”AU 543 “Part of Audit Performed by Other Independent

Auditors”AS 5, AppendixC, C8-C11

“Special Reporting Situations”

WORK OF INTERNAL AUDITORS ISA 610 Final “Using the Work of Internal Auditors” AU 322 “The Auditor’s Consideration of the Internal AuditFunction in an Audit of Financial Statements”

AS 5, paragraphs16-19

Using the Work of Others”

USE OF SPECIALISTS ISA 620 Final “Using the Work of an Auditor’s Expert” AU 336 “Using the Work of a Specialist”ISA 500 Final “Audit Evidence”

INQUIRY OF CLIENT’S LAWYER ISA 501 Final “Audit Evidence – Specific Considerations forSelected Items”

AU 337 “Inquiry of a Client’s Lawyer Concerning Litigation,Claims, and Assessments”

115

RELIANCE ON SERVICE ORGANIZATIONSISA 402 Final “Audit Considerations Relating to an Entity Using a Service Organization”

AU 324 “Service Organizations”AS 5, paragraphs B17-B27 “Special Topics”





69 Reference to Work of a ServiceAuditor

21. The user auditor shall not referto the work of a service auditor inthe user auditor’s report containingan unmodified opinion unlessrequired by law or regulation to doso. If such reference is required bylaw or regulation, the user auditor’sreport shall indicate that thereference does not diminish the userauditor’s responsibility for the auditopinion. (Ref: Para. A43)

22. If reference to the work of aservice auditor is relevant to anunderstanding of a modification tothe user auditor’s opinion, the userauditor’s report shall indicate thatsuch reference does not diminishthe user auditor’s responsibility forthat opinion. (Ref: Para. A44)

Reference to Work of a ServiceAuditor

21. The user auditor should notmake reference to the report of theservice auditor as a basis, in part, forhis or her own opinion on the userorganization's financial statements.The service auditor's report is usedin the audit, but the service auditoris not responsible for examining anyportion of the financial statementsas of any specific date or for anyspecified period. Thus, there cannotbe a division of responsibility for theaudit of the financial statements.

ISA 402 Final is more flexible thanAU 324 in that it allows the auditorto make reference to the work of aservice auditor when required bylaw or regulation or when the userauditor’s opinion is modified. In bothinstances the auditor has to makeclear that the reference does notdiminish the user auditor’sresponsibility for the audit opinion.AU 324 does not allow any form ofreference. Both ISA 402 Final and AU324 make clear that only the userauditor is responsible for theopinion.

116

GOING CONCERNISA 570 Final “Going Concern”

AU 341 “The Auditor’s Consideration of an Entity’s Ability to Continue as a Going Concern”AU 333 “Management Representations”





706. The auditor’s responsibility is toobtain sufficient appropriate auditevidence about the appropriatenessof management’s use of the goingconcern assumption in thepreparation and presentation of thefinancial statements and to concludewhether there is a materialuncertainty about the entity’s abilityto continue as a going concern. Thisresponsibility exists even if thefinancial reporting framework usedin the preparation of the financialstatements does not include anexplicit requirement formanagement to make a specificassessment of the entity’s ability tocontinue as a going concern.

9. The objectives of the auditor are:(a) To obtain sufficient appropriateaudit evidence about theappropriateness of management’suse of the going concern assumptionin the preparation and presentationof the financial statements;(b) To conclude, based on the auditevidence obtained, whether amaterial uncertainty exists related to

AU 34101. This section provides guidance tothe auditor in conducting an audit offinancial statements in accordancewith generally accepted auditingstandards with respect to evaluatingwhether there is substantial doubtabout the entity's ability to continueas a going concern.

03.The auditor should evaluatewhether there is substantial doubtabout the entity's ability to continueas a going concern for a reasonableperiod of time in the followingmanner.a) The auditor considers whetherthe results of his proceduresperformed in planning, gatheringevidential matter relative to thevarious audit objectives, andcompleting the audit identifyconditions and events that, whenconsidered in the aggregate,indicate there could be substantialdoubt about the entity's ability tocontinue as a going concern for areasonable period of time. It may benecessary to obtain additionalinformation about such conditions

Under ISA 570 Final (para. 6, 9-12),the auditor is responsible to obtainsufficient appropriate evidenceabout management’s appropriateuse of the going concern assumptionwhereas under AU 341, (para. 03)the auditor should make his ownevaluation (and not assessmanagement’s evaluation) onwhether there is substantial doubtabout an entity’s ability to continueas a going concern. Continuation ofan entity as a going concern isassumed in financial reporting in theabsence of significant information tothe contrary.

Note however that this difference isprobably due to the fact that AU341 was developed in the absence ofan accounting standard onmanagement’s responsibility toevaluate going concern. To datethere is no accounting standard ongoing concern in generally acceptedaccounting principles established bythe Financial Accounting StandardsBoard. Furthermore, the PCAOBrequirement is consistent with

117

events or conditions that may castsignificant doubt on the entity’sability to continue as a goingconcern; and(c) To determine the implications forthe auditor’s report.

10. When performing riskassessment procedures as requiredby ISA 315 (Redrafted),3 the auditorshall consider whether there areevents or conditions that may castsignificant doubt on the entity’sability to continue as a goingconcern. In so doing, the auditorshall determine whethermanagement has already performeda preliminary assessment of theentity’s ability to continue as a goingconcern, and: (Ref: Para. A2-A5)(a) If such an assessment has beenperformed, the auditor shall discussthe assessment with managementand determine whethermanagement has identified eventsor conditions that, individually orcollectively, may cast significantdoubt on the entity’s ability tocontinue as a going concern and, ifso, management’s plans to addressthem; or(b) If such an assessment has not yetbeen performed, the auditor shalldiscuss with management the basisfor the intended use of the goingconcern assumption, and inquire ofmanagement whether events orconditions exist that, individually orcollectively, may cast significant

and events, as well as theappropriate evidential matter tosupport information that mitigatesthe auditor's doubt.b) If the auditor believes there issubstantial doubt about the entity'sability to continue as a goingconcern for a reasonable period oftime, he should (1) obtaininformation about management'splans that are intended to mitigatethe effect of such conditions orevents, and (2) assess the likelihoodthat such plans can be effectivelyimplemented.c) After the auditor has evaluatedmanagement's plans, he concludeswhether he has substantial doubtabout the entity's ability to continueas a going concern for a reasonableperiod of time. If the auditorconcludes there is substantial doubt,he should (1) consider the adequacyof disclosure about the entity'spossible inability to continue as agoing concern for a reasonableperiod of time, and (2) include anexplanatory paragraph (followingthe opinion paragraph) in his auditreport to reflect his conclusion. Ifthe auditor concludes thatsubstantial doubt does not exist, heshould consider the need fordisclosure.

Section 10A of the SecuritiesExchange Act, which requires “anevaluation of whether there issubstantial doubt about the abilityof the issuer to continue as a goingconcern during the ensuing fiscalyear.”

118

doubt on the entity’s ability tocontinue as a going concern.

11. The auditor shall remain alertthroughout the audit for auditevidence of events or conditionsthat may cast significant doubt onthe entity’s ability to continue as agoing concern. (Ref: Para. A6)

12. The auditor shall evaluatemanagement’s assessment of theentity’s ability to continue as a goingconcern. (Ref: Para. A7-A9; A11-A12)

7113. In evaluating management’sassessment of the entity’s ability tocontinue as a going concern, theauditor shall cover the same periodas that used by management tomake its assessment as required bythe applicable financial reportingframework, or by law or regulation ifit specifies a longer period. Ifmanagement’s assessment of theentity’s ability to continue as a goingconcern covers less than twelvemonths from the date of thefinancial statements as defined inISA 560 (Redrafted),4 the auditorshall request management to extendits assessment period to at leasttwelve months from that date. (Ref:Para. A10-A12)

15. The auditor shall inquire ofmanagement as to its knowledge ofevents or conditions beyond the

AU 34102. The auditor has a responsibilityto evaluate whether there issubstantial doubt about the entity’sability to continue as a goingconcern for a reasonable period oftime, not to exceed one year beyondthe date of the financial statementsbeing audited (hereinafter referredto as a reasonable period of time).

The time period over which theauditor has a responsibility isdifferent between ISA 570 Final andAU 341.ISA 570 Final, para. 13 requires theauditor to consider the same periodas that used by management inmaking its assessment, a period of atleast (but not limited to) 12 monthsfrom the date of the financialstatements (as defined in ISA 560).AU 341.02 requires the auditor toevaluate whether there issubstantial doubt for a reasonableperiod of time, not to exceed oneyear beyond the date of the financialstatements being audited.

Unlike AU 341, ISA 570 Finalrequires the auditor to make inquiryof management as to its knowledge

119

period of management’s assessmentthat may cast significant doubt onthe entity’s ability to continue as agoing concern. (Ref: Para. A13-A14)

of events or conditions beyond theperiod of assessment used bymanagement that may castsignificant doubt on the entity’sability to continue as a goingconcern.

72 Further Audit Procedures whenEvents or Conditions are Identified

16. When events or conditions havebeen identified that may castsignificant doubt on the entity’sability to continue as a goingconcern, the auditor shall obtainsufficient appropriate audit evidenceto determine whether or not amaterial uncertainty exists throughperforming additional auditprocedures, including considerationof mitigating factors. Theseprocedures shall include: (Ref: Para.A15)(a) When management has not yetperformed an assessment of theentity’s ability to continue as a goingconcern, requesting management tomake its assessment.(b) Evaluating management’s plansfor future actions in relation to itsgoing concern assessment, whetherthe outcome of these plans is likelyto improve the situation andwhether management’s plans arefeasible in the circumstances. (Ref:Para. A16)(c) When the entity has prepared acash flow forecast, and analysis of

A16. Evaluating management’s plansfor future actions may includeinquiries of management as to itsplans for future action, including, forexample, its plans to liquidateassets, borrow money or restructuredebt, reduce or delay expenditures,or increase capital.

Consideration of Conditions andEvents; Consideration ofManagement’s Plan

AU 34107. If, after considering theidentified conditions and events inthe aggregate, the auditor believesthere is substantial doubt about theability of the entity to continue as agoing concern for a reasonableperiod of time, he should considermanagement's plans for dealing withthe adverse effects of the conditionsand events. The auditor shouldobtain information about the plansand consider whether it is likely theadverse effects will be mitigated fora reasonable period of time and thatsuch plans can be effectivelyimplemented. The auditor'sconsiderations relating tomanagement plans may includeplans to: dispose of assets … , borrowmoney … , reduce or delayexpenditures … , increase ownershipequity … .

.08 When evaluating management'splans, the auditor should identifythose elements that are particularlysignificant to overcoming theadverse effects of the conditions and

ISA 570 Final (para. 16) and AU 341(para. . 07 and .08) deal with thosecases when the auditor believesthere is doubt about the entity’sability to continue as a goingconcern. ISA 570 Final and AU 341both require the auditor to evaluatemanagement plans for dealing withthe adverse effects, but AU 341provides more detailed direction onconsiderations of management plans(see para 08-09) than ISA 570 Finaldoes.

The application and otherexplanatory material of ISA 570Final, i.e. para. A16, containsguidance concerning evaluatingmanagement plans but norequirements as under AU 341.

120

the forecast is a significant factor inconsidering the future outcome ofevents or conditions in theevaluation of management’s plansfor future action: (Ref: Para. A17-A18)(i) Evaluating the reliability of theunderlying data generated toprepare the forecast; and(ii) Determining whether there isadequate support for theassumptions underlying theforecast.(d) Considering whether anyadditional facts or information havebecome available since the date onwhich management made itsassessment.

(e) Requesting writtenrepresentations from managementor, where appropriate, thosecharged with governance, regardingtheir plans for future action and thefeasibility of these plans.

events and should plan and performauditing procedures to obtainevidential matter about them.

.09 When prospective financialinformation is particularly significantto management's plans, the auditorshould request management toprovide that information and shouldconsider the adequacy of supportfor significant assumptionsunderlying that information. … If theauditor becomes aware of factors,the effects of which are notreflected in such prospectivefinancial information, he shoulddiscuss those factors withmanagement and, if necessary,request revision of the prospectivefinancial information.

AU 333.07 The representation letterordinarily should be tailored toinclude additional appropriaterepresentations from managementrelating to matters specific to theentity's business or industry. fn 14

Examples of additionalrepresentations that may beappropriate are provided inappendix B, "Additional IllustrativeRepresentations" [paragraph .17].

.17 1. As discussed in paragraph

.07 of this section, representationletters ordinarily should be tailoredto include additional appropriate

ISA 570 Final explicitly requires theauditor to request frommanagement, or those charged withgovernance, written representationsregarding their plans for futureaction and the feasibility of theseplans. This is not so explicit in thePCAOB standards, see AU 333, para..07 and .17.

121

representations from managementrelating to matters specific to theentity's business or industry. ... Thefollowing is a list of additionalrepresentations that may beappropriate in certain situations. ...

… Financial circumstances arestrained, with disclosure ofmanagement's intentions and theentity's ability to continue as a goingconcern. … Note [X] to the financialstatements discloses all of thematters of which we are aware thatare relevant to the company's abilityto continue as a going concern,including significant conditions andevents, and management's plans.

73 24. When there is significant delay inthe approval of the financialstatements by management or thosecharged with governance after thedate of the financial statements, theauditor shall inquire as to thereasons for the delay. When theauditor believes that the delay couldbe related to events or conditionsrelating to the going concernassessment, the auditor shallperform those additional auditprocedures necessary, as describedin paragraph 16, as well as considerthe effect on the auditor’sconclusion regarding the existenceof a material uncertainty, asdescribed in paragraph 17.

Although one could argue that, ifthere are significant delays, thiswould be noted and consideredduring the course of the audit,unlike ISA 570 Final, AU 341 doesnot include specific requirementsfor the auditor as to what should bedone in the event of delay in theapproval of the financial statements.

122

OTHER AUDITORSISA 600 HB 2008 Revised and Redrafted “Special Considerations- Audits of Group Financial Statements” HB 2008

AU 543 “Part of Audit Performed by Other Independent Auditors”AS 5, Appendix C, C8-C11 “Special Reporting Situations”





74 1. The International Standards onAuditing (ISAs) apply to groupaudits. This ISA deals with specialconsiderations that apply to groupaudits, in particular those thatinvolve component auditors.

.01 This section provides guidanceon the professional judgments theindependent auditor makes indeciding (a) whether he may serveas principal auditor and use thework and reports of otherindependent auditors who haveaudited the financial statements ofone or more subsidiaries, divisions,branches, components, orinvestments included in the financialstatements presented and (b) theform and content of the principalauditor's report in thesecircumstances. ...

The scope of ISA 600 and AU 543 aredifferent. ISA 600 deals with specialconsiderations that apply to groupaudits. Unlike AU 543, ISA 600 HB2008 is not limited to those relatingto the work of component auditors.

75 Introduction

11. … the auditor’s report on thegroup financial statements shall notrefer to a component auditor, unlessrequired by law or regulation toinclude such reference

Introduction

03. If the auditor decides that it isappropriate for him to serve as theprincipal auditor, he must thendecide whether to make referencein his report to the audit performedby another auditor. …

ISA 600 HB 2008 states that theauditor shall not refer to acomponent (other) auditor unlessrequired by law or regulation, i.e.the group auditor is required to takefull responsibility for the opinion inthe auditor’s report. AU 543, bycontrast, leaves it to the auditor todecide whether to make referenceto the component (other) auditor,hereby dividing his responsibilitywith the component (other) auditor,after he decides that he will serve as

123

the principal auditor.Because the two standards take adifferent approach on whether theprincipal auditor is able to refer tothe work of the other auditor, theydiffer in the focus of their directionas explained below.

76 Decision to make reference

06. On the other hand, the principalauditor may decide to makereference to the audit of the otherauditor when he expresses hisopinion on the financial statements.In some situations, it may beimpracticable for the principalauditor to review the other auditor'swork… Also, if the financialstatements of a component auditedby another auditor are material inrelation to the total, the principalauditor may decide, regardless ofany other considerations, to makereference in his report to the auditof the other auditor.

07. When the principal auditordecides that he will make referenceto the audit of the other auditor, hisreport should indicate clearly, inboth the introductory, scope andopinion paragraphs, the division ofresponsibility as between thatportion of the financial statementscovered by his own audit and thatcovered by the audit of the otherauditor. The report should disclosethe magnitude of the portion of thefinancial statements audited by the

AU 543, para. 06 is more flexiblethan ISA 600 HB 2008 in that itrecognizes that sometimes it isimpractical for the auditor to reviewthe other auditor’s work or theother auditor’s work is too material,in which cases the auditor maydecide to refer to the work of theother auditor.

Unlike ISA 600 HB 2008, AU 543,para. 07 provides direction on theformat of the auditor’s report if hedecides to refer to other auditor’swork. Paragraph 8 gives an exampleof such a report.

ISA 600 HB 2008 does not havecomparable direction since it doesnot allow the auditor to refer to thework of the other auditor (unlessrequired by law or regulation).

124

11. … If such reference is required bylaw or regulation, the auditor’sreport shall indicatethat the reference does not diminishthe group engagement partner’s orthe group engagement partner’sfirm’s responsibility for the groupaudit opinion. (Ref: Para. A8-A9)

A8. Although component auditorsmay perform work on the financialinformation of the components forthe group audit and as such areresponsible for their overall findings,conclusions or opinions, the groupengagement partner or thegroup engagement partner’s firm isresponsible for the group auditopinion.

A9. When the group audit opinion ismodified because the groupengagement team was unable toobtain sufficient appropriate auditevidence in relation to the financialinformation of one or morecomponents, the Basis forModification paragraph in theauditor’s report on the groupfinancial statements describes thereasons for that inability withoutreferring to the component auditor,unless such a reference is necessaryfor an adequate explanation of the

other auditor. This may be done bystating the dollar amounts orpercentages of one or more of thefollowing: total assets, totalrevenues, or other appropriatecriteria, whichever most clearlyreveals the portion of the financialstatements audited by the otherauditor. The other auditor may benamed but only with his expresspermission and provided his reportis presented together with that ofthe principal auditor.

In the rare case where law orregulation requires that the groupauditor makes reference to thecomponent auditor, ISA 600 HBpara. 11 states that the auditor’sreport shall indicate that thereference does not diminish thegroup engagement partner’s or thegroup engagement partner’s firm’sresponsibility for the group auditopinion.

125

circumstances.77 Decision to not make reference

04. … he may be able to express anopinion on the financial statementstaken as a whole without makingreference in his report to the auditof the other auditor. If the principalauditor decides to take this position,he should not state in his report thatpart of the audit was made byanother auditor because to do somay cause a reader to misinterpretthe degree of responsibility beingassumed.

05. Ordinarily, the principal auditorwould be able to adopt this positionwhen: a. Part of the audit isperformed by another independentauditor which is an associated orcorrespondent firm and whose workis acceptable to the principal auditorbased on his knowledge of theprofessional standards andcompetence of that firm; or b. Theother auditor was retained by theprincipal auditor and the work wasperformed under the principalauditor's guidance and control; orc. The principal auditor, whetheror not he selected the other auditor,nevertheless takes steps heconsiders necessary to satisfyhimself as to the audit performed bythe other auditor and accordingly issatisfied as to the reasonableness ofthe accounts for the purpose ofinclusion in the financial statements

Unlike ISA 600 HB 2008, AU 543provides direction on what factorsthe auditor should consider when hedecides not to refer to the otherauditor.This is irrelevant under ISA 600 HB2008 which mandates the auditornot to refer to the work of the otherauditor, unless required by law orregulation.

126

on which he is expressing hisopinion; or d. The portion of thefinancial statements audited by theother auditor is not material to thefinancial statements covered by theprincipal auditor's opinion.

78 Consolidation process

17. The auditor is required toidentify and assess the risks ofmaterial misstatement throughobtaining an understanding of theentity and its environment.7 Thegroup engagement team shall:(a) Enhance its understanding of thegroup, its components, and theirenvironments, including group-widecontrols, obtained during theacceptance or continuance stage;and(b) Obtain an understanding of theconsolidation process, including theinstructions issued by groupmanagement to components. (Ref:Para. A23-A29)

32. In accordance with paragraph17, the group engagement teamobtains an understanding of group-wide controls and the consolidationprocess, including the instructionsissued by group management tocomponents. …

Although AU 31912 discusses theauditor’s understanding of theentity’s controls and environment, itdoes not explicitly refer tocomponents or group-wide controlsas does ISA 600 HB 2008 para. 32.Also, although AS 5.26-.27 discussesthe auditor’s evaluation of theperiod-end financial reportingprocess, it does not explicitly referto consolidation as does ISA 600 HB2008 para. 17 and para. 32.

12 AU 319 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10).

127

33. The group engagement teamshall design and perform furtheraudit procedures on theconsolidation process to respond tothe assessed risks of materialmisstatement of the group financialstatements arising from theconsolidation process. …

35. If the financial information of acomponent has not been preparedin accordance with the sameaccounting policies applied to thegroup financial statements, thegroup engagement team shallevaluate whether the financialinformation of that component hasbeen appropriately adjusted forpurposes of preparing andpresenting the group financialstatements.

37. If the group financial statementsinclude the financial statements of acomponent with a financialreporting period-end that differsfrom that of the group, the groupengagement team shall evaluatewhether appropriate adjustmentshave been made to those financialstatements in accordance with theapplicable financial reportingframework.

Although AU 326.1113 discussestesting for the risk of materialmisstatement of the financialstatements, it does not explicitlypertain to consolidation as does ISA600 HB 2008, para. 33.

Unlike the PCAOB standards, ISA 600HB 2008, para. .35 and .37 explicitlyrequires that the auditor evaluateswhether appropriate adjustmentshave been made in case accountingpolicies applied to a component’sfinancial statements are differentfrom the accounting policies appliedto the group financial statements,and in case the financial reportingperiod end of a component differsfrom that of the group.

13 AU 326 will be superseded by the proposed risk assessment standards of the PCAOB, if adopted (see PCAOB Release 2008-006 of October 21, 2008, p. 10).

128

79 Communication with Other Auditor

40. The group engagement teamshall communicate its requirementsto the component auditor on atimely basis. This communicationshall set out the work to beperformed, the use to be made ofthat work, and the form and contentof the component auditor’scommunication with the groupengagement team. It shall alsoinclude the following: …

41. The group engagement teamshall request the component auditorto communicate matters relevant tothe group engagement team’sconclusion with regard the groupaudit including. Such communicationshall include: (Ref: Para. A60)…

Communication with ComponentAuditor

12. When the principal auditordecides not to make reference tothe audit of the other auditor, theprincipal auditor must obtain, andreview and retain, the followinginformation from the other auditor:…

.10 Whether or not the principalauditor decides to make referenceto the audit of the other auditor, heshould make inquiries concerningthe professional reputation andindependence of the other auditor.He also should adopt appropriatemeasures to assure the coordinationof his activities with those of theother auditor in order to achieve aproper review of matters affectingthe consolidating or combining ofaccount s in the financialstatements. These inquiries andother measures may includeprocedures such as the following:…

Unlike AU 543, ISA 600 HB 2008(para. 40) requires that the principalauditor communicates clearly andinstructs the component auditor onthe work that the componentauditor will perform, the use of thatwork and the form and content ofthe component auditor’scommunication with the principalauditor.

Communication under ISA 600 HB2008 is to be done on a timely basiswhereas under AU 543communication is to be done priorto the report release date.

129

WORK OF INTERNAL AUDITORSISA 610 Final “Using the Work of Internal Auditors”

AU 322 “The Auditor’s Consideration of the Internal Audit Function in an Audit of Financial Statements”AS 5, paragraphs 16-19 “Using the Work of Others”



AU322 Comparative analysis:Analysis excluding ISA applicationand other explanatory material


80 10. In determining the plannedeffect of the work of the internalauditors on the nature, timing orextent of the external auditor’sprocedures, the external auditorshall consider:(a) The nature and scope of specificwork performed, or to beperformed, by the internal auditors;(b) The assessed risks of materialmisstatement at the assertion levelfor particular classes of transactions,account balances, and disclosures;and(c) The degree of subjectivityinvolved in the evaluation of theaudit evidence gathered by theinternal auditors in support of therelevant assertions. (Ref: Para. A5)

.20 In making judgments about theextent of the effect of the internalauditors' work on the auditor'sprocedures, the auditor considers—a. The materiality of financialstatement amounts— that is,account balances or classes oftransactions.b. The risk (consisting of inherentrisk and control risk) of materialmisstatement of the assertionsrelated to these financial statementamounts.c. The degree of subjectivityinvolved in the evaluation of theaudit evidence gathered in supportof the assertions. fn 7

As the materiality of the financialstatement amounts increases andeither the risk of materialmisstatement or the degree ofsubjectivity increases, the need forthe auditor to perform his or herown tests of the assertionsincreases. As these factors decrease,the need for the auditor to performhis or her own tests of the assertionsdecreases.

As concerns the factors the auditorhas to consider when makingjudgments about the extent of theeffect of the internal audit functionon audit procedures AU 322, para.20 and ISA 610 Final, para. 10 differfrom each other in that AU 322,para. 20 explicitly specifies the effectof the degree of subjectivity on theneed to perform own tests, and inthat ISA 610 Final, para. 10 doesrequire to consider the nature andscope of specific work performed, orto be performed by the internalauditor, and does not require toconsider the materiality of financialstatement amounts.

130

12. To determine the adequacy ofspecific work performed by theinternal auditors for the externalauditor’s purposes, the externalauditor shall evaluate whether:…(e) Any exceptions or unusualmatters disclosed by the internalauditors are properly resolved.

.21 For assertions related to materialfinancial statement amounts wherethe risk of material misstatement orthe degree of subjectivity involved inthe evaluation of the audit evidenceis high, the auditor should performsufficient procedures to fulfill theresponsibilities described inparagraphs .18 and .19. Indetermining these procedures, theauditor gives consideration to theresults of work (either tests ofcontrols or substantive tests)performed by internal auditors onthose particular assertions.However, for such assertions, theconsideration of internal auditors'work cannot alone reduce audit riskto an acceptable level to eliminatethe necessity to perform tests ofthose assertions directly by theauditor. ...

While implicit in ISA 610 Final, AU322, para. 21 explicitly states that,under certain circumstances (highrisk of material misstatement or highdegree of subjectivity), the auditorcannot solely rely on the work of theinternal auditor to reduce audit riskto an acceptable level.

In determining the adequacy ofwork performed by the internalauditors for the external auditor’spurposes, unlike AU 322, ISA 610,para. 12 requires the auditor toevaluate whether any exceptions orunusual matters disclosed by theinternal auditors are properlyresolved.

81 Using Internal Auditors to ProvideDirect Assistance to the Auditor

.27 In performing the audit, theauditor may request directassistance from the internalauditors. This direct assistance

Unlike ISA 610 Final, AU 322provides specific direction aboutdirect assistance of the internalauditor to the external auditor. In

131

relates to work the auditorspecifically requests the internalauditors to perform to completesome aspect of the auditor's work.For example, internal auditors mayassist the auditor in obtaining anunderstanding of internal control orin performing tests of controls orsubstantive tests. When directassistance is provided, the auditorshould assess the internal auditors'competence and objectivity andsupervise, review, evaluate, and testthe work performed by internalauditors to the extent appropriate inthe circumstances. The auditorshould inform the internal auditorsof their responsibilities, theobjectives of the procedures theyare to perform, and matters thatmay affect the nature, timing, andextent of audit procedures, such aspossible accounting and auditingissues. The auditor should alsoinform the internal auditors that allsignificant accounting and auditingissues identified during the auditshould be brought to the auditor'sattention.

particular, if direct assistance fromthe internal auditors is provided tothe external auditor, the externalauditor is required to assess theinternal auditors’ competence andobjectivity and supervise, review,evaluate, and test the workperformed by the internal auditors.The external auditor should alsoinform the internal auditor onspecific issues.

132

USE OF SPECIALISTSISA 620 Final “Using the Work of an Auditor’s Expert”

ISA 500 Final “Audit Evidence”AU 336 “Using the Work of a Specialist”





82 Understanding of expertise &auditor-expert agreement

ISA 620 Final11. The auditor shall agree, inwriting when appropriate, on thefollowing matters with the auditor’sexpert: (Ref: Para. A23-A26)(a) The nature, scope and objectivesof that expert’s work; (Ref: Para.A27)(b) The respective roles andresponsibilities of the auditor andthat expert, (Ref: Para. A28-A29)(c) The nature, timing and extent ofcommunication between the auditorand that expert, including the formof any report to be provided by thatexpert; an. (Ref: Para. A30)(d) The need for the auditor’s expertto observe confidentialityrequirements. (Ref: Para. A31)

Understanding of work performedby specialist

Although AS 3 provides direction onaudit documentation, there is noPCAOB standard that explicitlyrequires that the auditor shall agree(in writing) with the expert oncertain issues, as does ISA 620 Final,para. 11.

83 ISA 620 Final8. The nature, timing and extent ofthe auditor’s procedures withrespect to the requirements inparagraphs 9-13 of this ISA will varydepending on the circumstances. Indetermining the nature, timing andextent of those procedures, the

Unlike AU 336, ISA 620, para. 8explicitly states that the nature,timing and extent of the auditor’sprocedures with respect to therequirements set forth in thestandard (para. 9-13) will depend onthe circumstances and sets forth

133

auditor shall consider mattersincluding: (Ref: Para. A10)(a) The nature of the matter towhich that expert’s work relates;(b) The risks of materialmisstatement in the matter to whichthat expert’s work relates;(c) The significance of that expert’swork in the context of the audit;(d) The auditor’s knowledge of andexperience with previous workperformed by that expert; and(e) Whether that expert is subject tothe auditor’s firm’s quality controlpolicies and procedures. (Ref:Para.A11-A13)

matters that the auditor shallconsider.

84 Reference to the expert/ specialist

ISA 620 Final14. The auditor shall not refer to thework of an auditor’s expert in anauditor’s report containing anunmodified opinion unless requiredby law or regulation to do so. If suchreference is required by law orregulation, the auditor shall indicatein the auditor’s report that thereference does not reduce theauditor’s responsibility for the auditopinion. (Ref: Para. A41)

15. If the auditor makes reference tothe work of an auditor’s expert inthe auditor’s report because suchreference is relevant to anunderstanding of a modification tothe auditor’s opinion, the auditorshall indicate in the auditor’s reportthat such reference does not reduce

Reference to the expert/ specialist

.15 Except as discussed in paragraph

.16, the auditor should not refer tothe work or findings of the specialist.Such a reference might bemisunderstood to be a qualificationof the auditor's opinion or a divisionof responsibility, neither of which isintended. Further, there may be aninference that the auditor makingsuch reference performed a morethorough audit than an auditor notmaking such reference.

.16 The auditor may, as a result ofthe report or findings of thespecialist, decide to add explanatorylanguage to his or her standardreport or depart from an unqualifiedopinion. Reference to andidentification of the specialist may

Unlike AU 336, ISA 620 Finalrecognizes that reference to theexpert may be required by law orregulation.

134

the auditor’s responsibility for thatopinion. (Ref: Para. A42)

be made in the auditor's report ifthe auditor believes such referencewill facilitate an understanding ofthe reason for the explanatoryparagraph or the departure from theunqualified opinion.

135

INQUIRY OF CLIENT’S LAWYERISA 501 Final “Audit Evidence – Specific Considerations for Selected Items”

AU 337 “Inquiry of a Client’s Lawyer Concerning Litigation, Claims, and Assessments”





85 .02 Management is responsible foradopting policies and procedures toidentify, evaluate, and account forlitigation, claims, and assessments asa basis for the preparation offinancial statements in conformitywith generally accepted accountingprinciples.

Unlike ISA 501 Final, AU 337, para.02 stresses that it is theresponsibility of management toidentify, evaluate, and account forlitigation, claims, and assessments.

86 10. When the auditor assesses a riskof material misstatement regardinglitigation or claims that have beenidentified, or when the auditorbelieves that other litigation orclaims may exist, the auditor shall, inaddition to the procedures requiredby other ISAs:(a) Seek direct communication withthe entity’s external legal counselthrough a letter of general inquiry orspecific inquiry, prepared bymanagement and sent by theauditor, requesting the entity’sexternal legal counsel tocommunicate directly with theauditor; and (Ref: Para. A19-A21) …

.06 An auditor ordinarily does notpossess legal skills and, therefore,cannot make legal judgmentsconcerning information coming tohis attention. Accordingly, theauditor should request the client'smanagement to send a letter ofinquiry to those lawyers with whommanagement consulted concerninglitigation, claims, and assessments.

AU 337, para. 06 requires theauditor to request the client’smanagement to send a letter ofinquiry whereas ISA 501 Final, para.10(a) requires the auditor to send amanagement-prepared letter to theentity’s external legal counsel whenthe auditor assesses a risk ofmaterial misstatement.

87 A22. In some cases, the auditor mayseek direct communication with theentity’s external legal counselthrough a letter of general inquiry.For this purpose, a letter of generalinquiry requests the entity’s external

.09 The matters that should becovered in a letter of audit inquiryinclude, but are not limited to, thefollowing:a. Identification of the company,including subsidiaries, and the date

Unlike ISA 501 Final, AU 337 para..09 is very specific about whatshould be included in a letter ofaudit inquiry to the client’s lawyer.

The application and otherexplanatory material of ISA 501 Finalgives direction on what to include ina letter of inquiry.

136

legal counsel to inform the auditorof any litigation and claims that thecounsel is aware of, together withan assessment of the outcome ofthe litigation and claims, and anestimate of the financialimplications, including costsinvolved.

A23. If it is considered unlikely thatthe entity’s external legal counselwill respond appropriately to a letterof general inquiry, for example if theprofessional body to which theexternal legal counsel belongsprohibits response to such a letter,the auditor may seek directcommunication through a letter ofspecific inquiry. For this purpose, aletter of specific inquiry includes:(a) A list of litigation and claims;(b) Where available, management’sassessment of the outcome of eachof the identified litigation and claimsand its estimate of the financialimplications, including costsinvolved; and(c) A request that the entity’sexternal legal counsel confirm thereasonableness of management’sassessments and provide the auditorwith further information if the list isconsidered by the entity’s externallegal counsel to be incomplete orincorrect.

of the audit.b. A list prepared by management(or a request by management thatthe lawyer prepare a list) thatdescribes and evaluates pending orthreatened litigation, claims, andassessments with respect to whichthe lawyer has been engaged and towhich he has devoted substantiveattention on behalf of the companyin the form of legal consultation orrepresentation.c. A list prepared by managementthat describes and evaluatesunasserted claims and assessmentsthat management considers to beprobable of assertion, and that, ifasserted, would have at least areasonable possibility of anunfavorable outcome, with respectto which the lawyer has beenengaged and to which he hasdevoted substantive attention onbehalf of the company in the form oflegal consultation or representation.d. As to each matter listed in itemb, a request that the lawyer eitherfurnish the following information orcomment on those matters as towhich his views may differ fromthose stated by management, asappropriate: …e. As to each matter listed in itemc, a request that the lawyercomment on those matters as towhich his views concerning thedescription or evaluation of thematter may differ from those statedby management.

We note that in an internationalcontext, jurisdictional treatiesestablish communication protocolsbetween lawyers and auditors.

Unlike ISA 501 Final, AU 337specifically considers unassertedclaims where a lawyer has beenretained to act but no claim has yetbeen received.

137

f. A statement by the client thatthe client understands thatwhenever, in the course ofperforming legal services for theclient with respect to a matterrecognized to involve an unassertedpossible claim or assessment thatmay call for financial statementdisclosure, the lawyer has formed aprofessional conclusion that theclient should disclose or considerdisclosure concerning such possibleclaim or assessment, the lawyer, as amatter of professional responsibilityto the client, will so advise the clientand will consult with the clientconcerning the question of suchdisclosure and the applicablerequirements of Statement ofFinancial Accounting Standards No.5 [AC section C59].g. A request that the lawyerconfirm whether the understandingdescribed in item f is correct.h. A request that the lawyerspecifically identify the nature ofand reasons for any limitation on hisresponse.Inquiry need not be madeconcerning matters that are notconsidered material, provided theclient and the auditor have reachedan understanding on the limits ofmateriality for this purpose.

88 12. The auditor shall requestmanagement and, whereappropriate, those charged withgovernance to provide writtenrepresentations that all known

.05 … Accordingly, the independentauditor's procedures with respect tolitigation, claims, and assessmentsshould include the following:…

Unlike ISA 501 Final, AU 337, para..05 requires the auditor to informthe lawyer that the client has giventhe auditor assurance that it hasdiscussed all unasserted claims.

138

actual or possible litigation andclaims whose effects should beconsidered when preparing thefinancial statements have beendisclosed to the auditor andappropriately accounted for anddisclosed in accordance with theapplicable financial reportingframework.

d. Obtain assurance frommanagement, ordinarily in writing,that it has disclosed all unassertedclaims that the lawyer has advisedthem are probable of assertion andmust be disclosed in accordancewith Statement of FinancialAccounting Standards No. 5 [ACsection C59]. Also the auditor, withthe client's permission, shouldinform the lawyer that the client hasgiven the auditor this assurance.This client representation may becommunicated by the client in theinquiry letter or by the auditor in aseparate letter. fn 3

89 .11 In some circumstances, a lawyermay be required by his Code ofProfessional Responsibility to resignhis engagement if his adviceconcerning financial accounting andreporting for litigation, claims, andassessments is disregarded by theclient. When the auditor is awarethat a client has changed lawyers orthat a lawyer engaged by the clienthas resigned, the auditor shouldconsider the need for inquiriesconcerning the reasons the lawyer isno longer associated with the client.

Unlike ISA 501 Final, if the auditor isaware that the client has changedlawyers, AU 337, para. .11 requiresthe auditor to consider the reasonfor the change.

139

Topic 9: Audit communications (including audit reports and audit committees)

Subject ISANumber

ISATitle


PCAOB standardTitle

COMMUNICATION WITH THOSECHARGED WITH GOVERNANCE

ISA 260 HB 2008 “Communication with Those Charged withGovernance”

AU 380 “Communication with Audit Committees”

AUDITOR’S REPORT ISA 700 Final “Forming an Opinion and Reporting on FinancialStatements”


ISA 510 Final “Initial Audit Engagements – Opening Balances” AU 410 “Adherence to Generally Accepted AccountingPrinciples”

ISA 705 Final “Modifications to the Opinion in the IndependentAuditor’s Report”

AU 431 “Adequacy of Disclosure in Financial Statements”

ISA 706 Final “Emphasis of Matter Paragraphs and OtherMatter Paragraphs in the Independent Auditor’sReport”

140

COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCEISA 260 HB 2008 “Communication With Those Charged with Governance”

AU 380 “Communication With Audit Committees”





90 18. The auditor shall evaluatewhether the two-waycommunication between the auditorand those charged with governancehas been adequate for the purposeof the audit. If it has not, the auditorshall evaluate the effect, if any, onthe auditor’s assessment of the risksof material misstatement and abilityto obtain sufficient appropriateaudit evidence, and shall takeappropriate action. (Ref: Para. A46-A48)

Unlike AU 380, ISA 260 HB 2008,para. 18 requires the auditor (1) toevaluate the adequacy of the two-way communication between theauditor and those charged withgovernance, and if found notadequate, (2) to evaluate the effecton the assessment of the risk ofmaterial misstatement and theability to obtain sufficientappropriate audit evidence, and takeappropriate action.

91 9. In some cases, all of thosecharged with governance areinvolved in managing the entity, forexample, a small business where asingle owner manages the entity andno one else has a governance role.In these cases, if matters required bythis ISA are communicated withperson(s) with managementresponsibilities, and those person(s)also have governanceresponsibilities, the matters neednot be communicated again withthose same person(s) in theirgovernance role. These matters arenoted in paragraph 12(c). Theauditor shall nonetheless besatisfied that communication with

A2. Although the auditor isresponsible for communicatingmatters required by this ISA,management also has aresponsibility to communicatematters of governance interest tothose charged with governance.Communication by the auditor doesnot relieve management of thisresponsibility. Similarly,communication by managementwith those charged with governanceof mattersthat the auditor is required tocommunicate does not relieve theauditor of the responsibility to alsocommunicate them. Communicationof these matters by management

.05 It may be appropriate formanagement to communicate to theaudit committee certain of thematters specified in this section. Insuch circumstances, the auditorshould be satisfied that suchcommunications have, in fact,occurred. Generally, it is notnecessary to repeat thecommunication of recurring matterseach year. Periodically, however, theauditor should consider whether,because of changes in the auditcommittee or simply because of thepassage of time, it is appropriateand timely to report such matters.Finally, this section is not intendedto restrict the communication of

AU 380, para. .05 states that somematters may be communicated tothe audit committee bymanagement. If so, AU 380, para..05 requires the auditor to besatisfied that the communicationshave occurred. In addition, AU 380,para. .05 states that it is notrequired to repeat thecommunication of recurring matterseach year.

Unlike AU 380, ISA 260 HB 2008para. 9 explicitly requires that if allthose charged with governance areinvolved in managing the entity, andif ISA 260 HB 2008 requires thatmatters be communicated with

Unlike AU 380, the application andother explanatory material of ISA260 HB 2008 makes explicit thatcommunication by management tothose charged with governance ofmatters that the auditor is requiredto communicate does not relieve theauditor of the responsibility to alsocommunicate those matters tothose charged with governance.

141

person(s) with managementresponsibilities adequately informsall of those with whom the auditorwould otherwise communicate intheir governance capacity. (Ref:Para. A12)

may, however, affect the form ortiming of the auditor’scommunication with those chargedwith governance.

other matters. persons with managementresponsibilities, than these mattershave not to be communicated againwith those same persons in theirgovernance role.

142

AUDITOR’S REPORTISA 700 Final “Forming an Opinion and Reporting on Financial Statements”

ISA 510 Final “Initial Audit Engagements – Opening Balances“ISA 705 Final “Modifications to the Opinion in the Independent Auditor’s Report”

ISA 706 Final “Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report”AU 508 “Reports on Audited Financial Statements”

AU 410 “Adherence to Generally Accepted Accounting Principles”AU 431 “Adequacy of Disclosure in Financial Statements”

No. ISA 700 Final/ ISA 510 Final/ ISA 705Final/ ISA 706 FinalRequirements

ISA 700 Final/ ISA 510 Final/ ISA 705Final/ ISA 706 FinalApplication and other explanatorymaterial



92 ISA 705 Final

15. When the auditor considers itnecessary to express an adverseopinion or disclaim an opinion onthe financial statements as a whole,the auditor’s report shall not alsoinclude an unmodified opinion withrespect to the same financialreporting framework on a singlefinancial statement or one or morespecific elements, accounts or itemsof a financial statement. To includesuch an unmodified opinion in thesame report2 in these circumstanceswould contradict the auditor’sadverse opinion or disclaimer ofopinion on the financial statementsas a whole. (Ref: Para. A16)

ISA 705 Final

A16. The following are examples ofreporting circumstances that wouldnot contradict the auditor’s adverseopinion or disclaimer of opinion:The expression of an unmodifiedopinion on financial statementsprepared under a given financialreporting framework and, within thesame report, the expression of anadverse opinion on the samefinancial statements under adifferent financial reportingframework.6The expression of a disclaimer ofopinion regarding the results ofoperations, and cash flows, whererelevant, and an unmodified opinionregarding the financial position (seeISA 510 (Redrafted).7). In this case,the auditor has not expressed adisclaimer of opinion on thefinancial statements as a whole.

AU 508

.05 … The auditor may express anunqualified opinion on one of thefinancial statements and express aqualified or adverse opinion ordisclaim an opinion on another if thecircumstances warrant

Unlike ISA 700 Final, AU 508, para..05 explicitly states that the auditormay express an unqualified opinionon one of the financial statements,and express a qualified or adverseopinion, or disclaim an opinion onanother.

While ISA 705 Final, para. 15explicitly prohibits an unmodifiedopinion when the auditor hasexpressed an adverse or disclaimerof opinion on the financialstatements as a whole, theapplication and other explanatorymaterial of ISA 705 Final, para. A16,and ISA 510 Final, para. A8, list somecircumstances in which differentopinions on different financialstatements are permitted.

143

ISA 510 Final10. If the auditor is unable to obtainsufficient appropriate audit evidenceregarding the opening balances, theauditor shall express a qualifiedopinion or a disclaimer of opinion, asappropriate, in accordance with ISA705 (Revised and Redrafted).5 (Ref:Para. A8)

ISA 510 FinalA8. ISA 705 (Revised and Redrafted)establishes requirements andprovides guidance on circumstancesthat may result in a modification tothe auditor’s opinion on the financialstatements, the type of opinionappropriate in the circumstances,and the content of the auditor’sreport when the auditor’s opinion ismodified. The inability of the auditorto obtain sufficient appropriateaudit evidence regarding openingbalances may result in one of thefollowing modifications to theopinion in the auditor’s report:(a) A qualified opinion or adisclaimer of opinion, as isappropriate in the circumstances; or(b) Unless prohibited by law orregulation, an opinion which isqualified or disclaimed, asappropriate, regarding the results ofoperations, and cash flows, whererelevant, and unmodified regardingfinancial position.

93 AU 508.12 When the auditor decides tomake reference to the report ofanother auditor as a basis, in part,for his or her opinion, he or sheshould disclose this fact in theintroductory paragraph of his or herreport and should refer to the reportof the other auditor in expressing hisor her opinion. These referencesindicate division of responsibility forperformance of the audit. (Seesection 543, Part of Audit Performed

Unlike ISA 700 Final, AU 508, para.12 lists reporting requirements incase the auditor decides to refer tothe work of another auditor, andpara. 13 gives an example of areport indicating a division ofresponsibility. ISA 700 Final does notinclude direction with respect to thistopic, because division ofresponsibility is not allowed.

144

by Other Independent Auditors.)

.13 An example of a reportindicating a division of responsibilityfollows: …

94 ISA 700 Final44. An auditor may be required toconduct an audit in accordance withthe auditing standards of a specificjurisdiction (the “national auditingstandards”), but may additionallyhave complied with the ISAs in theconduct of the audit. If this is thecase, the auditor’s report may referto International Standards onAuditing in addition to the nationalauditing standards, but the auditorshall do so only if: (Ref: Para. A42-A43)...

45. When the auditor’s report refersto both the national auditingstandards and InternationalStandards on Auditing, the auditor’sreport shall identify the jurisdictionof origin of the national auditingstandards.

43. If the auditor is required by lawor regulation of a specific jurisdictionto use a specific layout or wording ofthe auditor’s report, the auditor’sreport shall refer to InternationalStandards on Auditing only if theauditor’s report includes, at aminimum, each of the followingelements: (Ref: Para. A41)...

If the auditor complies with ISAs andnational auditing standards, ISA 700Final, para. 44 lists the conditionsunder which the report shall refer toISAs in addition to national auditingstandards.

If the report refers to both ISAs andnational auditing standards, ISA 700Final, para. 45 requires that thereport identifies the jurisdiction orcountry of origin of the nationalauditing standards.

ISA 700 Final, para. 43 imposessimilar requirements as para. 40-41when the audit is conducted inaccordance with ISAs and theauditor is required by law orregulation to use a specific layout orwording of the auditor’s report.

AU 508 does not consider the casewhere an auditor complies with twodifferent sets of auditing standards.

145

95 ISA 705 Final11. If, after accepting theengagement, the auditor becomesaware that management hasimposed a limitation on the scope ofthe audit that the auditor considerslikely to result in the need to expressa qualified opinion or to disclaim anopinion on the financial statements,the auditor shall request thatmanagement remove the limitation.

12. If management refuses toremove the limitation referred to inparagraph 11, the auditor shallcommunicate the matter to thosecharged with governance anddetermine whether it is possible toperform alternative procedures toobtain sufficient appropriate auditevidence.

13. If the auditor is unable to obtainsufficient appropriate auditevidence, the auditor shalldetermine the implications asfollows:...

14. If the auditor resigns ascontemplated by paragraph 13(b)(i),before resigning, the auditor shallcommunicate to those charged withgovernance any matters regardingmisstatements identified during theaudit that would have given rise to amodification of the opinion. (Ref:Para. A15)

AU 508.24 … When restrictions thatsignificantly limit the scope of theaudit are imposed by the client,ordinarily the auditor shoulddisclaim an opinion on the financialstatements. [Paragraph renumberedby the issuance of Statement onAuditing Standards No. 79,December 1995.]

ISA 705 Final, para. 11-14 includesdetailed requirements with respectto management-imposed scopelimitations, while AU 508, para. 24only states that “… Whenrestrictions that significantly limitthe scope of the audit are imposedby the client, ordinarily the auditorshould disclaim an opinion on thefinancial statements”.

146

96 ISA 706 Final6. If the auditor considers itnecessary to draw users’ attentionto a matter presented or disclosed inthe financial statements that, in theauditor’s judgment, is of suchimportance that it is fundamental tousers’ understanding of the financialstatements, the auditor shall includean Emphasis of Matter paragraph inthe auditor’s report provided theauditor has obtained sufficientappropriate audit evidence that thematter is not materially misstated inthe financial statements. Such aparagraph shall refer only toinformation presented or disclosedin the financial statements. (Ref:Para. A1-A2)

7. When the auditor includes anEmphasis of Matter paragraph in theauditor’s report, the auditor shall:(a) Include it immediately after theOpinion paragraph in the auditor’sreport;(b) Use the heading “Emphasis ofMatter,” or other appropriateheading;(c) Include in the paragraph a clearreference to the matter beingemphasized and to where relevantdisclosures that fully describe thematter can be found in the financialstatements; and(d) Indicate that the auditor’sopinion is not modified in respect ofthe matter emphasized. (Ref: Para.

ISA 706 FinalA1. Examples of circumstanceswhere the auditor may consider itnecessary to include an Emphasis ofMatter paragraph are:• An uncertainty relating to thefuture outcome of exceptionallitigation or regulatory action.• Early application (wherepermitted) of a new accountingstandard (for example, a newInternational FinancialReporting Standard) that has apervasive effect on the financialstatements in advance of itseffective date.• A major catastrophe that has had,or continues to have, a significanteffect on the entity’s financialposition.

Appendix 1List of ISAs containing requirementsfor Emphasis of Matter ParagraphsThis appendix identifies paragraphsin other ISAs as at [December 31,2008] that require the auditor toinclude an Emphasis of Matterparagraph in the auditor’s report incertain circumstances. The list is nota substitute for considering therequirements and relatedapplication and other explanatorymaterial in ISAs.[Proposed] ISA 210 (Redrafted),“Agreeing the Terms of AuditEngagements” – paragraph [19]ISA 560 (Redrafted), “Subsequent

AU 508.11 Certain circumstances, while notaffecting the auditor's unqualifiedopinion, may require that theauditor add an explanatory fn 9paragraph (or other explanatorylanguage) to the standard report.fn 10 These circumstances include:a. The auditor's opinion is based inpart on the report of anotherauditor (paragraphs .12 and .13).b. To prevent the financialstatements from being misleadingbecause of unusual circumstances,the financial statements contain adeparture from an accountingprinciple promulgated by a bodydesignated by the AICPA Council toestablish such principles (paragraphs.14 and .15).c. There is substantial doubt aboutthe entity's ability to continue as agoing concern. fn 11d. There has been a materialchange between periods inaccounting principles or in themethod of their application(paragraphs .16 through .18).e. Certain circumstances relatingto reports on comparative financialstatements exist (paragraphs .68,.69, and .72 through .74).f. Selected quarterly financial datarequired by SEC Regulation S-K hasbeen omitted or has not beenreviewed. (See section 722, InterimFinancial Information, paragraph.50.)

Under some circumstances, ISA 706Final requires the auditor to includean “Emphasis of Matter paragraph”(para. 6), or an “Other Matterparagraph” (para. 8), while AU 508,para. .11, lists circumstances inwhich the auditor may have to addan “explanatory paragraph” to thestandard report.

Unlike ISA 706 Final, AU 508, para..12-.19 describe in detail therequirements and provide guidancein case the opinion is based in parton the report of another auditor,there is a departure from apromulgated accounting principle,or when there is lack of consistency(i.e. there is a material change inaccounting principle).

Note also the language differencebetween ISA 706 Final, and AU 508.ISA 706 Final uses the terms“Emphasis of Matter paragraph” and“Other Matter paragraph”, while AU508 uses the terminology“explanatory paragraph” and “otherexplanatory language”. Unlike AU508, ISA 706 Final does not explicitlydiscriminate between two bigclasses of “explanatory” paragraphs.

ISA 706 Final, para. A1 lists examplesof circumstances in which theauditor may want to include anEmphasis of Matter paragraph(uncertainty with respect tolitigation or regulatory action;application of new accountingstandard; major catastrophe). Andappendix 1 of ISA 706 Final also listscircumstances in which the auditor isrequired (by other ISAs) to includean Emphasis of Matter paragraph(i.e. in case of subsequent events,and in case of going concern).

The circumstances that may lead toinclude an “explanatory paragraph”listed in ISA 706 Final and AU 508are different, except for the fact thatboth refer to “doubt about theentity’s ability to continue as a goingconcern” as example of acircumstance requiring explanation.

147

A3-A4)

8. If the auditor considers itnecessary to communicate a matterother than those that are presentedor disclosed in the financialstatements that, in the auditor’sjudgment, is relevant to users’understanding of the audit, theauditor’s responsibilities or theauditor’s report and this is notprohibited by law or regulation, theauditor shall do so in a paragraph inthe auditor’s report, with theheading “Other Matter,” or otherappropriate heading. The auditorshall include this paragraphimmediately after the Opinionparagraph and any Emphasis ofMatter paragraph, or elsewhere inthe auditor’s report if the content ofthe Other Matter paragraph isrelevant to the Other ReportingResponsibilities section. (Ref: Para.A5-A11)

Events” – paragraphs 12(b) and 16ISA 570 (Redrafted), “GoingConcern” – paragraph 19.

g. Supplementary informationrequired by the Financial AccountingStandards Board (FASB), theGovernmental Accounting StandardsBoard (GASB), or the FederalAccounting Standards AdvisoryBoard (FASAB) has been omitted,the presentation of such informationdeparts materially from FASB, GASB,or FASAB guidelines, the auditor isunable to complete prescribedprocedures with respect to suchinformation, or the auditor is unableto remove substantial doubts aboutwhether the supplementaryinformation conforms to FASB,GASB, or FASAB guidelines. (Seesection 558, RequiredSupplementary Information,paragraph .02.)h. Other information in adocument containing auditedfinancial statements is materiallyinconsistent with informationappearing in the financialstatements. (See section 550, OtherInformation in DocumentsContaining Audited FinancialStatements, paragraph .04.)

In addition, the auditor may add anexplanatory paragraph to emphasizea matter regarding the financialstatements (paragraph .19). …