External and internal audit - prevention of error and fraud
Audit function
To most executives the word 'audit' most likely means an external audit carried out by an independent, duly authorized, 'senior statutory auditor', or audit may mean an internal auditor whose remit is often much wider than that of the external auditor.
External audit
An external audit is required by law in the United Kingdom (with the exception of 'small' companies as defined in the UK Companies Act) and in most other countries where there are limited liability company structures.
The duty of the external auditor is to report to the members of the company
- the shareholders - as to whether or not the accounts give a true and fair view and comply with the Companies Acts. The question as to whether the auditors have a duty to a wider audience is one which has been debated over the years, and the legal cases have extended and then retracted the extent of the duty to others. To the author, as an auditor, who would, naturally, in self-interest wish any liability to be very limited, it does appear odd that if accounts are true and fair for the shareholders who are to rely on them, why should not others be able to rely on the accounts as well?
What does 'true and fair' mean? Firstly, this is a very British term. An auditor would quite rightly never 'certify' accounts in the United Kingdom. This is because, to us, the word certify has the meaning of confirm absolutely, and that would be quite impossible to do for every figure in a set of even the simplest accounts.
Some leading professionals have said that true and fair cannot be defined
- very helpful! In simple terms it means that the accounts are 'true' - ie correct, ideally to the pence level. In practical terms this means within the bounds of materiality (the concept of materiality is explored in detail in Chapter 5). The figures are as exact as practicable in preparation and in substantiation. 'Fair' means that the presentation of individual figures is conventional, and not in any way aimed to mislead - a simple example would be that if a company has short-term bank deposits of 4m with one bank and an overdraft of 2.5m with another, it would be quite unfair to show its bank position as 1.5m net cash.
For companies large and small the external auditor will tend to carry out a 'risk-based' audit. The auditor should thoroughly know the client, the business, the personnel and the economic conditions as well as the accounting systems and procedures. The auditor will carry out a detailed analytical review and risk assessment during the planning stage to ensure that all risk areas are adequately checked and also that effort is not wasted on low-risk areas. While it is necessary to confirm that stated procedures and controls exist and function properly, the days of focusing on checking or vouching large samples of invoices, cheques and so forth are long gone.
Here is the wording of the latest version of a UK audit report as required by the FRC (Financial Reporting Council), with explanatory comments.
Publicly traded premium listed group - auditor's report on group financial statements prepared under IFRSs as adopted by the European Union
INDEPENDENT AUDITOR'S REPORT TO THE MEMBERS OF XYZ PLC
We have audited the group financial statements of (name of company) for the year ended... which comprise [specify the titles of the primary statements such as the Group Statement of Financial Position, the Group Statement of Comprehensive Income, the Group Statement of Cash Flows, the Group Statement of Changes in Equity] and the related notes.
The financial reporting framework that has been applied in their preparation is applicable law and International Financial Reporting Standards (IFRSs) as adopted by the European Union.
Respective responsibilities of directors and auditor
As explained more fully in the Directors' Responsibilities Statement [set out [on page...]], the directors are responsible for the preparation of the group financial statements and for being satisfied that they give a true and fair view. Our responsibility is to audit and express an opinion on the group financial statements in accordance with applicable law and International Standards on Auditing (UK and Ireland). Those standards require us to comply with the Auditing Practices Board's [(APB's)] Ethical Standards for Auditors.
A Directors' Responsibilities Statement follows this audit report example - this is what executives are signing up to.
Scope of the audit of the financial statements
Either:
A description of the scope of an audit of financial statements is [provided on the FRC's website atfrc.uk/apb/scope/private.cfm]/ [set out [on page...] of the Annual Report]. Or:
Below is an outline of what we auditors understand by an external audit. The bold wording is new for audit reports for 2014 onwards.
An audit involves obtaining evidence about the amounts and disclosures in the financial statements sufficient to give reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error. This includes an assessment of: whether the accounting policies are appropriate to the group's circumstances and have been consistently applied and adequately disclosed; the reasonableness of significant accounting estimates made by the directors; and the overall presentation of the financial statements. In addition, we read all the financial and non-financial information in the [describe the annual report] to identify material inconsistencies with the audited financial statements and to identify any information that is apparently materially incorrect based on, or materially inconsistent with, the knowledge acquired by us in the course of performing the audit. If we become aware of any apparent material misstatements or inconsistencies we consider the implications for our report.
Opinion on financial statements
This is the audit opinion for which you pay your modest fee!
In our opinion the group financial statements:
give a true and fair view of the state of the group's affairs as at... and of its profit [loss] for the year then ended;
have been properly prepared in accordance with IFRSs as adopted by the European Union; and
have been prepared in accordance with the requirements of the Companies Act 2006 and Article 4 of the IAS Regulation.
(Notes: The names used for the primary statements in the auditor's report should reflect the precise titles used by the company for them.
Auditor's reports of entities that do not publish their financial statements on a website or publish them using 'PDF' format may refer to the financial statements by reference to page numbers.)
The three paragraphs below are new for 2014 and are aimed at making it clearer as to what auditors have done.
Our assessment of risks of material misstatement
[Insert a description of those specific assessed risks of material misstatement that were identified by the auditor and which had the greatest effect on the audit strategy; the allocation of resources in the audit; and directing the efforts of the engagement team.]
Our application of materiality
[Insert an explanation of how the auditor applied the concept of materiality in planning and performing the audit. Such explanation shall specify the threshold used by the auditor as being materiality for the financial statements as a whole.]
An overview of the scope of our audit
[Insert an overview of the scope of the audit, including an explanation of how the scope addressed the assessed risks of material misstatement and was influenced by the auditor's application of materiality.]
[The disclosures about the above three matters are made in a manner that complements the description of significant issues relating to the financial statements required to be set out in the separate section of the annual report describing the work of the audit committee in discharging its responsibilities (see paragraphs [19B] and A13D]).]
Opinion on other matter prescribed by the Companies Act 2006
Legal requirements re the directors' report etc have to be complied with and the auditor has to check this is so.
In our opinion the information given in the Directors' Report for the financial year for which the group financial statements are prepared is consistent with the group financial statements.
Matters on which we are required to report by exception
We have nothing to report in respect of the following:
Under the ISAs (UK and Ireland), we are required to report to you if, in our opinion, information in the annual report is:
materially inconsistent with the information in the audited financial statements; or
apparently materially incorrect based on, or materially inconsistent with, our knowledge of the Group acquired in the course of performing our audit; or is otherwise misleading.
In particular, we are required to consider whether we have identified any inconsistencies between our knowledge acquired during the audit and the directors' statement that they consider the annual report is fair, balanced and understandable and whether the annual report appropriately discloses those matters that we communicated to the audit committee which we consider should have been disclosed.
Under the Companies Act 2006 we are required to report to you if, in our opinion:
certain disclosures of directors' remuneration specified by law are not made; or
we have not received all the information and explanations we require for our audit.
Under the Listing Rules we are required to review:
the directors' statement, [set out [on page...]], in relation to going concern; and
the part of the Corporate Governance Statement relating to the company's compliance with the nine provisions of the [June 2008 Combined Code] [UK Corporate Governance Code] specified for our review; and
certain elements of the report to shareholders by the Board on directors' remuneration.
Other matters
We have reported separately on the parent company financial statements of (name of company) for the year ended... and on the information in the Directors' Remuneration Report that is described as having been audited. [That report includes an emphasis of matter.] [The opinion in that report is (qualified)Aan adverse opinion)/(a disclaimer of opinion).]
[Signature] Address
John Smith (Senior statutory auditor) Date for and on behalf of ABC LLP, Statutory Auditor
(Companies Act 2006)
