Skip to content

Settlement: Investigation Committee 1/2019 (Published 4 Sept 2020)

To print the Settlement, click here

***************

PUBLIC NOTICE

Enforcement Action

Irish Auditing and Accounting Supervisory Authority

(IAASA)

-and-

EisnerAmper Audit Limited                             

First Respondent

Ronan Murphy

Second Respondent

Engagement Quality Control Reviewer (EQCR)

Third Respondent

Following an investigation by the Irish Auditing and Accounting Supervisory Authority (‘the Authority’) a Settlement Agreement has been agreed and the Authority imposed the following sanctions:

EisnerAmper Audit Limited was fined €40,500 (the early settlement discount having been applied) in respect of contraventions of an Auditing Standard.

Ronan Murphy’s affiliate status at ICAI be suspended for a period of one year and he was further fined €22,500 (the early settlement discount having been applied) in respect of contraventions of Auditing Standards.

The EQCR be Severely Reprimanded and fined €9,000 (the early settlement discount having been applied) in respect of contraventions of Auditing Standards.

The contraventions were admitted by EisnerAmper Audit Limited, the EQCR and Ronan Murphy the Audit Partner. Costs in the sum of €50,000 were agreed.

Background

  1. EisnerAmper Audit Limited (herein the Firm) at the relevant time was an Irish statutory audit firm. The Firm is registered with Chartered Accountants Ireland (“ICAI”).
  2. The EQCR is an employee of the Firm with the title “Audit Director”. He is not registered as a statutory auditor.
  3. Ronan Murphy is an audit partner at the Firm since 2014 and has worked with the Firm since 2009. He is a member of CPA Ireland (“CPA”) and he is registered as a Responsible Individual to sign audit reports as an affiliate member of ICAI. He was the statutory auditor for the audit files of TCS Finance DAC and Strawinsky 1 PLC.
  4. On 10 January 2018, the Authority issued a notification of inspection to the Firm, confirming the Authority’s intention to commence an inspection on 5 February 2018. This letter notes that the audits selected for inspection would be advised two weeks before the commencement of the inspection and that the audit files may not be edited after the notification. On 2 February 2018, the Firm was advised of the two audit files selected namely TCS Finance DAC and Strawinsky1 PLC.
  5. The Authority inspected the audit files of TCS Finance DAC and Strawinsky 1 PLC commenced on 8 October 2018.
  6. On 3 December 2018, the Authority inspected the audit file of Taurus CMBS (Pan-Europe) 2007-1 DAC. Concerns were raised regarding the quality of the audit work.
  7. In respect of the audit files for TCS Finance DAC and Strawinsky 1 PLC, the Authority found that individuals in the Firm had created, added or edited audit evidence in February 2018 after the formal notification of the inspection was issued and contrary to International Auditing Standards. 
  8. Further, in respect of the audit file relating to Strawinsky 1 PLC the quality of the work performed, gave rise to concerns as to whether sufficient audit evidence was obtained by the Firm to support its audit opinion.

The Relevant Standards of Conduct

  1. The standards of conduct reasonably to be expected of the Respondents included those set out in the Fundamental Principles contained in the Code of Ethics (“the Code”) applicable at the material time, issued by ICAI (or CPA where relevant in the case of Ronan Murphy). The Fundamental Principles contained in the Code are made in the public interest and are designed to maintain a high standard of professional conduct by all members and member firms of the ICAI. In addition, the ICAI required its members to comply with the Financial Reporting Council’s (“FRC’s”) Ethical Standards. Ethical Standard 1 dealt with “integrity, objectivity and independence”. The relevant auditing standards, issued by the Auditing Practices Board, were the International Standards on Auditing (UK and Ireland) (“ISAs”). The purpose of ISAs is to establish standards and general principles with which auditors are required to comply. Together they form a body of standards that should be applied before an auditor can express an opinion that financial statements give a ‘true and fair view’ within the meaning of the Companies Act 2014.

Identified Contraventions on the Audit Files

  1. The Authority identified the following contraventions of the International Standard on Quality Control (ISQC (Ireland) 1) and ISAs (UK and Ireland) (effective for the relevant periods):

TCS Finance DAC and Strawinsky 1 PLC

ISQC 1        Quality control for firms that perform audits and reviews of financial statements and other assurance and related services Engagements

ISA 200       Overall objectives of the independent auditor and the conduct of an audit in accordance with International Standards on Auditing (UK and Ireland)

ISA 220       Quality control for an audit of financial statements

ISA 230       Audit Documentation

ISA 500       Audit evidence

ISA 540       Auditing accounting estimates, including fair value accounting estimates and related disclosures

Taurus CMBS (Pan- Europe) 2007-1 DAC

ISA 265       Communicating deficiencies in internal control to those charged with governance and management

ISA 300       Planning an audit of financial statements

ISA 315       Identifying and assessing the risks of material misstatement through understanding the entity and its environment

ISA 330       The auditor’s response to assessed risk

ISA 520       Analytical procedures

ISA 540       Auditing accounting estimates, including fair value accounting estimates and related disclosures

Relevant Disciplinary Bye Laws

  1. The Firm and the EQCR are members of ICAI. Ronan Murphy is a member of CPA and an affiliate member of ICAI.

ICAI’s Fundamental Principles (in force at the relevant time) stated:

100.5 A professional accountant shall comply with the following fundamental principles:

(c) Professional Competence and Due Care – to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional services based on current developments in practice, legislation and techniques and act diligently and in accordance with applicable technical and professional standards.

CPA’s Code of Ethics states:

Professional Competence and Due Care

130.1 The principle of professional competence and due care imposes the following obligations on members: (a) To maintain professional knowledge and skill at the level required to ensure that clients or employers receive competent professional service; and (b) To act diligently in accordance with applicable technical and professional standards when providing professional services

  1. The following contraventions in respect of each Respondent are set out here:

(i) The Firm

In relation to the editing of workpapers on the audit files of TCS Finance DAC and Strawinsky 1 PLC – ISQC (Ireland) 1 paragraph 45

In relation to the quality of audit work on Strawinsky 1 PLC – ISQC (Ireland) paragraph 29

(ii) Ronan Murphy

In relation to the editing of workpapers on the audit files of TCS Finance DAC and Strawinsky 1 PLC – ISA 230 paragraph 16.

In relation to the quality of audit work on Strawinsky 1 PLC:-

ISA 200 paragraphs 15 and 17

ISA 500 paragraph 7

ISA 540 paragraph 15

In relation to the quality of audit work on Taurus CMBS (Pan-Europe) 2007-1 DAC:-

ISA 265 paragraphs 7 to 9

ISA 300 paragraphs 7 to 11

ISA 315 paragraphs 25 to 31

ISA 330 paragraphs 6 to 20

ISA 520 paragraph 5

ISA 540 paragraphs 8 and 15

(iii)EQCR

In relation to the editing of workpapers on the audit file of Strawinsky 1 PLC – ISA 230 paragraph 16.

In relation to the quality of audit work on Strawinsky 1 PLC – ISA 220 paragraph 20.  

Audit Files

TCS Finance DAC

  1. ISQC (Ireland) 1 requires that all audit firms establish policies and procedures for engagement teams to complete the assembly of the final engagement files on a timely basis after the engagement reports have been finalised, not ordinarily more than 60 days. The audit opinion was dated 29 May 2017 and therefore the final file should have been assembled no later than 29 July 2017. There were documents on the audit file that were modified after this date, and subsequent to the Authority’s inspection notification being sent to the Firm.  Edits to the file were made by the engagement partner, Ronan Murphy. The Firm was unable to provide a back-up copy of the file from a date prior to the edits being created in February 2018, it was therefore, not possible to ascertain the level of alterations made to the audit file and the impact this may have had on any review of the file.

Strawinsky 1 PLC

  1. The Authority sent notification to the Firm on 2 February 2018 that the audit of Strawinsky 1 PLC’s financial statements for the year ended 31 December 2016 had been selected for review. The audit opinion was dated 29 September 2017 therefore the final file should have been assembled no later than 28 November 2017. However, there were documents on the audit file that were modified after this date, and subsequent to the Authority’s inspection notification being sent to the Firm. In some instances, documents within the electronic file were edited and in some instances, documents were added to the file in February 2018. Further, the Engagement Quality Control Reviewer (EQCR) review sign off step was created in the file in February 2018, with the electronic time stamp modified to appear as though the edits were made at an earlier date. The edits and additions were made by Ronan Murphy and the EQCR. The Firm was unable to provide a back-up copy of the file from a date prior to the edits created in February 2018. It was therefore, not possible to ascertain the level of alteration made to the audit file and the impact this may have had on any review of the file.
  2. Auditors are required to design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. Auditors are required to obtain an understanding of the following in order to provide a basis for the identification and assessment of the risks of material misstatement for accounting estimates:
  • The requirements of the applicable financial reporting framework relevant to accounting estimates, including related disclosures;
  • The method, including where applicable the model, used in making the accounting estimate;
  • Relevant controls;
  • Whether management has used an expert;
  • The assumptions underlying the accounting estimates;
  • Whether there has been or ought to have been a change from the prior period in the methods for making the accounting estimates, and if so, why; and
  • Whether and, if so, how management has assessed the effect of estimation uncertainty.
  1. For accounting estimates that give rise to significant risks, auditors are required to obtain sufficient appropriate audit evidence about whether the selected measurement basis for the accounting estimates is in accordance with the requirements of the applicable financial reporting framework. Financial assets are categorised into buckets (according to the “three bucket approach”), depending on how complex it is to value the asset. Level 1 assets are considered to be the easiest assets to value, level 2 are more difficult and level 3 are the most complex. The assets are assigned to one of these levels based on market depth, which refers to the frequency of trading of an asset. Level 1 assets are frequently traded and therefore valued using those trade values. Level 2 are traded less frequently and level 3 have no or limited trading value.
  2. In this case the audit team raised a significant risk for the valuation of the financial assets designated at fair value through profit or loss, a number of which have had their fair value estimated by Strawinsky’s 1 PLC’s investment manager. Procedures identified to address the significant risk included selecting a sample of 20 investment positions held at the year-end and obtaining independent pricing support. The engagement team discussed the valuation process with the investment manager, reviewed Level 2 and Level 3 prices for reasonableness and reviewed post year-end payment reports for post year-end sales to assess whether prices included at the year-end were reasonable.
  3. There was insufficient evidence of how the engagement team satisfied itself that the procedures performed were sufficient to address the significant risk regarding the valuation of financial assets designated at fair value through profit and loss.
  4. The pricing support included in the audit testing was provided by the company’s administrator. There was insufficient and/or inadequate evidence of the audit team obtaining audit evidence about the accuracy and completeness of the information provided within this spreadsheet.
  5. The investment manager valued certain financial assets, in the absence of readily observable inputs or measures as at 31 December 2016. There was insufficient and/or inadequate evidence on the audit file of how the engagement team tested these valuations, determined the model the investment manager used to determine their values or displayed professional scepticism and challenged management on the suitability of the valuations.
  6. Auditors are required to evaluate management’s rationale and obtain support for the inputs used to estimate fair value and its hierarchy classification. They are also required to evaluate the rationale for any changes in valuation approaches or methods used for subsequent measurement dates as compared to the initial transaction. There was insufficient and/or inadequate evidence on the audit file of how the engagement team verified the depth levels provided by the Administrator. There was insufficient and/or inadequate evidence on the audit file of unobservable inputs being used to value these financial assets or of the engagement team performing audit procedures on any unobservable inputs.
  7. Finally, the audit opinion includes an “emphasis of matter” paragraph which states that “The Company has financial assets designated at fair value through profit or loss valued at €9,739,028 as at 31 December 2016, whose fair values have been estimated by management in the absence of readily determinable market prices.” The figure of €9,739,028 matched the total amount of Level 3 assets disclosed in Note 22 of the financial assets. The amount of €9,739,028 referred to in the “emphasis of matter” paragraph, excluded two financial assets that were valued by management in the absence of broker quotes as at 31 December 2016. This figure included in the audit report was therefore, inaccurate.

Taurus CMBS (Pan-Europe) 2007-1

  1. The engagement team raised a significant risk for the valuation of the financial assets designated at fair value through profit or loss. The engagement team noted that the area of the audit with the most significant estimation uncertainty and judgement is the determining of the fair values of the financial assets. The financial assets balance at the year-end in the Statement of Financial Position was €144,130,502.  Materiality for the audit was set by the engagement team at €2,702,300.
  2. At the year-end, the Fishman JEC Portfolio balance within financial assets was €121,984,450. This related to a loan which was due to mature on 30 July 2014. The borrower initiated insolvency proceedings and the maturity date was amended to 31 December 2020.  There was insufficient and/or inadequate evidence on the audit file of how the engagement team assessed the impact of the insolvency proceedings initiated by the borrower on the valuation of the Fishman JEC Portfolio. There was insufficient and/or inadequate evidence on the audit file of the engagement team assessing certain known events on the fair value of the Fishman JEC Portfolio.
  3. The deal summary reports that were on the audit file, which contained the Loan-to-Value ratios of the Fishman JEC Portfolio, were based on a valuation dated 31 December 2014. There was insufficient and/or inadequate evidence on the audit file of the engagement team having considered whether the asset valuation date of 31 December 2014 was appropriate for the purposes of the 31 May 2017 audit or of the engagement team having performed any further testing regarding the valuation of the underlying collateral to the Fishman JEC Portfolio.
  4. There was insufficient and/or inadequate evidence on the audit file of the engagement team testing the following areas relating to the accounting estimates involved in determining the fair value of the Entity’s financial assets:
  • Relevant controls;
  • Whether management has used an expert;
  • The assumptions underlying the accounting estimates; 
  • Whether there has been or ought to have been a change from the prior period in the methods for making the accounting estimates, and if so, why; and
  • Whether and, if so, how management has assessed the effect of estimation uncertainty.
  1. There was insufficient and/or inadequate evidence on the audit file of the engagement team reviewing the judgments and decisions made by management in the making of accounting estimates to identify whether there are indicators of possible management bias.
  2. There was insufficient and/or inadequate evidence on the audit file of the engagement team having performed the following regarding the substantive analytical procedure:
  • Determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions;
  • Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation;
  • Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and
  • Determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation.

Identification of Sanction

  1. The sanction imposed must be proportionate balancing the need to protect the public with the Respondents’ own interests.
  2. The purpose of sanction is to declare and uphold proper standards of conduct amongst statutory auditors and statutory audit firms and to maintain public and market confidence in statutory auditors and statutory Audit firms and their regulators’. In addition, the purpose of sanction is to protect the public from statutory auditors and statutory audit firms whose standard of work falls short of the high-quality audit expected of statutory auditors and statutory audit firms.
  3. In coming to the appropriate and proportionate sanction the Authority took into account:
  1. The gravity and duration of the relevant contravention;
  2. The degree of responsibility of the specified person;
  3. The financial strength of the specified person;
  4. The amount of profits gained or losses avoided by the specified person in consequence of the contravention;
  5. The level of cooperation of the specified person with the Supervisory Authority;
  6. Previous relevant contraventions committed by the specified person.

EisnerAmper Audit Limited

  1. At the time of the Authority’s file inspection of Strawinsky 1 PLC and TCS Finance DAC, the Firms “File assembly policy and procedures” were inadequate to prevent inappropriate modification of the audit files by staff members. At the outset the Firm denied that the audit files had been modified. The Firm subsequently corrected the position following their internal enquiries.
  2. Subsequent to the audit reports of Strawinsky 1 PLC and TCS Finance DAC being signed the Firm implemented in October 2017 additional procedures requiring all staff to complete a file close down checklist and requiring staff to place a copy of this checklist on the Firm’s electronic audit file management software. Further the Firm conducted a significant review of its procedures.
  3. Following the issues identified in this case the Firm implemented policies and procedures for engagement teams to complete the assembly of final engagement files on a timely basis after the engagement reports were finalised. The Firm has implemented a “lockdown” function which prevents the type of modifications that occurred on these two Audit files.
  4. At the time of the Authority’s file inspection of Strawinsky 1 PLC and TCS Finance DAC, the Firms “Ethical, HR and training policies and procedures” were not to the required standard. The Firm has now implemented a number of Standard Operating Procedures to provide it with reasonable assurance that it has sufficient personnel with competence, capabilities and commitment to ethical principles necessary to perform engagements in accordance with professional standards and applicable legal and regulatory requirements and enable the firm or engagement partner to issue reports that are appropriate in the circumstances. The Firm has also introduced a Risk and Quality Department which includes a Partner and Director. In 2019 the Firm made the decision to exit the PIE audit market.

Mitigating factors:

  1. The Firm has put in place mechanisms to ensure that files cannot be inappropriately manipulated by staff after the audit opinion has been signed off.
  2. The Firm has updated its policies and procedures to ensure compliance with the relevant auditing standard.
  3. No previous Regulatory findings against the Firm.
  4. The Firm no longer undertakes statutory audit of PIEs.

Aggravating factors:

  1. The Authority considered that the contraventions revealed serious and systemic weaknesses of the management systems and internal controls.

Appropriate Sanction

  1. In determining the appropriate sanction, the Authority took into account the timing of the admissions of the Firm and it considered that it was appropriate to apply an early settlement discount of 10% to the level of the fine imposed.
  2. Having assessed the seriousness of the contraventions identified the Authority considered that the appropriate and proportionate sanction is a fine of €40,500. In coming to this figure, the Authority took account the Firms level of cooperation with the Authority. The Authority also had regard to the fact that there were no previous Regulatory findings against the Firm.

EQCR

  1. The EQCR accepts that he edited the audit file of Strawinsky 1 PLC by marking the document “prepared by” and “reviewed by” on audit file document- “Engagement Quality Control Review Checklist”. The action involved modifying the electronic time stamp to make the document appear as if it had been “marked/ prepared by and reviewed in October 2017 when it had not.
  2. On the 2 February 2018, the EQCR was asked by the Head of Audit to carry out a review on the Strawinsky 1 PLC audit file. This was carried out on the 14 February 2018, where he added the electronic stamp which inputs the words “prepared by and reviewed by” along with a date and signature, bearing the 18 October 2017, which was the date the audit opinion was signed.
  3. The EQCR asserted that he was unaware of the Authority’s letter to the Firm dated 10 January 2018, warning that the audits files were not to be edited after the notification. However, as a competent professional he would have been aware of ISA (UK and Ireland) 230 (cited above) which requires that any modification made, must be documented with specific reasons.
  4. The Authority considered following review of the file that there was limited evidence that the EQCR had performed the duties he said he had carried out as EQCR. The Authority found that there was insufficient and/or inadequate evidence of the ECQR’s review of the audit report.  What was present on the file was not in the opinion of the Authority sufficiently detailed to ensure that all significant judgments were properly evidenced on the audit file.
  5. Further, the ECQR did not include an objective evaluation of the decisions made during the audit.

Mitigating factors:

  1. The EQCR has a previously unblemished compliance history and disciplinary record. There was no intention to deliberately mislead and he expresses remorse. This was the only EQC review that he had performed and he has not performed any other EQC review. He had not received EQC training prior to the review. At the time of the events he was suffering from significant personal strain.

Aggravating factors:

  1. The EQCR edited the audit file after assembly without documenting the reasons for doing so. The action involved modifying the electronic time stamp to make the document appear as if it had been “marked/ prepared by and reviewed” in October 2017 when it had not.

Appropriate Sanction

  1. The Authority considered that the contraventions identified were a serious departure from accepted standards of practice. The editing of documents after the audit opinion was signed, did not present an accurate record of what was done and when.
  2. By modifying the Audit files in the manner that he did, he departed from acceptable professional standards.
  3. The Authority took into account the timing of the admissions of the EQCR and it considered that it was appropriate to apply an early settlement discount of 10% to the level of the fine that it would otherwise have imposed.
  4. Having assessed the seriousness of the contraventions identified the Authority considered that the EQCR be Severely Reprimanded and fined €9,000 (the early settlement discount having been applied).

Ronan Murphy

  1. Ronan Murphy accepts that in contravention of ISA 230 and contrary to the instruction given by the Authority he modified audit documentation after the completion and finalisation of the audit opinion. Further, he did not document the specific reasons for the modifications. Ronan Murphy accepts the specific criticisms that were made by the Authority concerning the quality of the Audit work identified earlier. He stated that his intention was “to clarify certain referencing within documents on the audit file and to assist with accessibility and retrievability”.

Mitigating factors:

  1. Ronan Murphy has a previously unblemished compliance history and disciplinary record. He did not intend to mislead. He expresses an intention to discontinue audit practice. He apologised for his actions.

Aggravating factors:

  1. These were numerous, repeated and serious departures from acceptable auditing standards on three different audit files.
  2. Ronan Murphy edited the audit files after assembly without documenting reasons for doing so. As the audit partner he was in a position of responsibility.  By modifying the audit files in the manner that he did, he departed from acceptable professional standards.
  3. As an audit partner Ronan Murphy is required to act competently, maintain professional knowledge and skill at the level required to ensure that a client or employer received competent professional service.

Appropriate Sanction

  1. The Authority took into account the timing of the admissions of Ronan Murphy and it considered that it was appropriate to apply an early settlement discount of 10% to the level of the fine imposed.
  2. The Authority considered that Ronan Murphy’s affiliate status at ICAI be suspended for a period of one year (from the date of this agreement) and that he is further fined €22,500 (the early settlement discount having been applied).

Costs

  1. The Parties have agreed that following terms of settlement for costs:
  1. The sum of €50,000 be paid by EisnerAmper Audit Limited as an appropriate contribution to the costs of and incidental to, the investigation in respect of EisnerAmper Audit Limited, the EQCR and Ronan Murphy.
  2. The costs shall be paid not later than 28 days after the date when this agreement takes effect.
  3. This Agreement shall take effect from the next working day after the date on which the notice of the decision is sent to EisnerAmper Audit Limited, the EQCR and Ronan Murphy.

APPENDIX 1

ISQC (Ireland) 1 Quality Control for Firms that perform Audits and Reviews of Financial Statements, and other Assurance and related Services Engagements

Paragraph 45 – The firm shall establish policies and procedures for engagement teams to complete the assembly of final engagement files on a timely basis after the engagement reports have been finalised.

In relation to the quality of audit work on Strawinsky 1 PLC:-

ISQC (Ireland) 1 paragraph 29 – The firm shall establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the competence, capabilities and commitment to ethical principles necessary to (a)Perform engagements in accordance with professional standards and applicable legal and regulatory requirements and (b)Enable the firm or engagement partners to issue reports that are appropriate in the circumstances.

ISA (UK and Ireland) 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in accordance with International Standards on Auditing (UK and Ireland)

 paragraph 15 – The auditor shall plan and perform an audit with professional scepticism recognising that circumstances may exist that cause the financial statements to be materially misstated.

paragraph 17 – To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.

  • ISA (UK and Ireland) 500 Audit evidence

 paragraph 7 – When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence. The application guidance goes on to note that the reliability of audit evidence is increased when it is obtained from independence sources outside the entity and that audit evidence obtained directly is more reliable than audit evidence obtained indirectly or by inference.

  • ISA (UK and Ireland) 540 Auditing accounting estimates, including fair value accounting estimates, and related disclosures

 paragraph 15 – For accounting estimates giving rise to significant risks, in addition to other substantive procedures performed to meet the requirements of ISA (UK and Ireland) 330, the auditor shall evaluate the following:

a) How management has considered alternative assumptions or outcomes, and why it has rejected them, or how management has otherwise addressed estimation uncertainty in making the accounting estimate.

b) Whether the significant assumptions used by management are reasonable.

c) Where relevant to the reasonableness of the significant assumptions used by management or the appropriate application of the applicable financial reporting framework, management’s intent to carry out specific courses of action and its ability to do so.

ISA (UK & Ireland) 220 Quality Control for an Audit of Financial Statements

paragraph 20 – The engagement quality control reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. This evaluation shall involve: –

a) Discussion of significant matters with the engagement partner;

b) Review of the financial statements and the proposed auditor’s report;

c) Review of selected audit documentation relating to the significant judgments the engagement team made and the conclusions it reached; and

d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of whether the proposed auditor’s report is appropriate.

ISA (UK and Ireland) 300- Planning an audit of financial statements paragraphs 7-11

7. The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan.

8. In establishing the overall audit strategy, the auditor shall:

(a) Identify the characteristics of the engagement that define its scope;

(b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required;

(c) Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts;

(d) Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and

(e) Ascertain the nature, timing and extent of resources necessary to perform the engagement.

9. The auditor shall develop an audit plan that shall include a description of:

(a) The nature, timing and extent of planned risk assessment procedures, as determined under ISA (UK and Ireland) 315.

(b) The nature, timing and extent of planned further audit procedures at the assertion level, as determined under ISA (UK and Ireland) 330.

(c) Other planned audit procedures that are required to be carried out so that the engagement complies with ISAs (UK and Ireland).

10. The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit.

11. The auditor shall plan the nature, timing and extent of direction and supervision of engagement team members and the review of their work.

ISA (UK and Ireland)330 – The auditor’s responses to assessed risk paragraphs 6-20

6. The auditor shall design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level.

7. In designing the further audit procedures to be performed, the auditor shall: (a) Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including:

(i) The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and (ii) Whether the risk assessment takes account of relevant controls that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); and (b) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk.

8. The auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if:  (a) The auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); or  (b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

9. In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control. 

10. In designing and performing tests of controls, the auditor shall: (a) Perform other audit procedures in combination with inquiry to obtain audit evidence about the operating effectiveness of the controls, including: (i) How the controls were applied at relevant times during the period under audit; (ii) The consistency with which they were applied; and (iii) By whom or by what means they were applied.  (b) Determine whether the controls to be tested depend upon other controls (indirect controls) and, if so, whether it is necessary to obtain audit evidence supporting the effective operation of those indirect controls. 

11. The auditor shall test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls, subject to paragraphs 12 and 15 below, in order to provide an appropriate basis for the auditor’s intended reliance. 

12. If the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor shall:

(a) Obtain audit evidence about significant changes to those controls subsequent to the interim period; and (b) Determine the additional audit evidence to be obtained for the remaining period. 

13. In determining whether it is appropriate to use audit evidence about the operating effectiveness of controls obtained in previous audits, and, if so, the length of the time period that may elapse before retesting a control, the auditor shall consider the following: (a) The effectiveness of other elements of internal control, including the control environment, the entity’s monitoring of controls, and the entity’s risk assessment process; (b) The risks arising from the characteristics of the control, including whether it is manual or automated;  (c) The effectiveness of general IT-controls; (d) The effectiveness of the control and its application by the entity, including the nature and extent of deviations in the application of the control noted in previous audits, and whether there have been personnel changes that significantly affect the application of the control;  (e) Whether the lack of a change in a particular control poses a risk due to changing circumstances; and  (f) The risks of material misstatement and the extent of reliance on the control. 

14. If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor shall establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to the previous audit. The auditor shall obtain this evidence by performing inquiry combined with observation or inspection, to confirm the understanding of those specific controls, and: (a) If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor shall test the controls in the current audit. (b) If there have not been such changes, the auditor shall test the controls at least once in every third audit, and shall test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods. 

15. If the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor shall test those controls in the current period. 

16. When evaluating the operating effectiveness of relevant controls, the auditor shall evaluate whether misstatements that have been detected by substantive procedures indicate that controls are not operating effectively. The absence of misstatements detected by substantive procedures, however, does not provide audit evidence that controls related to the assertion being tested are effective.

17. If deviations from controls upon which the auditor intends to rely are detected, the auditor shall make specific inquiries to understand these matters and their potential consequences, and shall determine whether:) (a) The tests of controls that have been performed provide an appropriate basis for reliance on the controls; (b) Additional tests of controls are necessary; or (c) The potential risks of misstatement need to be addressed using substantive procedures. 

18. Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive procedures for each material class of transactions, account balance, and disclosure.

19. The auditor shall consider whether external confirmation procedures are to be performed as substantive audit procedures.

20. The auditor’s substantive procedures shall include the following audit procedures related to the financial statement closing process: (a) Agreeing or reconciling the financial statements with the underlying accounting records; and (b) Examining material journal entries and other adjustments made during the course of preparing the financial statements.

ISA (UK and Ireland) 540- Auditing accounting estimates, including fair value accounting estimates, and related disclosures paragraphs 8 and 15

8. When performing risk assessment procedures and related activities to obtain an understanding of the entity and its environment, including the entity’s internal control, as required by ISA (UK and Ireland) 315,4 the auditor shall obtain an understanding of the following in order to provide a basis for the identification and assessment of the risks of material misstatement for accounting estimates

   a) The requirements of the applicable financial reporting framework relevant to accounting estimates, including related disclosures.

(b) How management identifies those transactions, events and conditions that may give rise to the need for accounting estimates to be recognized or disclosed in the financial statements. In obtaining this understanding, the auditor shall make inquiries of management about changes in circumstances that may give rise to new, or the need to revise existing, accounting estimates.

(c) How management makes the accounting estimates, and an understanding of the data on which they are based, including:

(i) The method, including where applicable the model, used in making the accounting estimate;

(ii) Relevant controls;

(iii) Whether management has used an expert;

(iv) The assumptions underlying the accounting estimates;

(v) Whether there has been or ought to have been a change from the prior period in the methods for making the accounting estimates, and if so, why; and

(vi) Whether and, if so, how management has assessed the effect of estimation uncertainty.

15. For accounting estimates that give rise to significant risks, in addition to other substantive procedures performed to meet the requirements of ISA (UK and Ireland) 330, the auditor shall evaluate the following:

(a) How management has considered alternative assumptions or outcomes, and why it has rejected them, or how management has otherwise addressed estimation uncertainty in making the accounting estimate.  (b) Whether the significant assumptions used by management are reasonable. (c) Where relevant to the reasonableness of the significant assumptions used by management or the appropriate application of the applicable financial reporting framework, management’s intent to carry out specific courses of action and its ability to do so.

ISA (UK and Ireland)315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment paragraph 29

If the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk.

ISA (UK and Ireland)520 Analytical Procedure paragraph 5

When designing and performing substantive analytical procedures, either alone or in combination with tests of details, as substantive procedures in accordance with ISA (UK and Ireland) 330, the auditor shall:

(a) Determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions

(b) Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation;

(c) Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and

(d) Determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation as required by paragraph 7

ISA (UK and Ireland)265- Communicating deficiencies in internal control to those charged with governance and management paragraph 7-9

7.The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. (Ref: Para. A1-A4)

8. If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies. (Ref: Para. A5-A11)

9. The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. (Ref: Para A12-A18, A27)

******************

Click the link below to download the Settlement in ‘pdf’ format

View document