1. icaew.com/aaf
The newsletter for faculty members JUNE 2011 | Issue 160
Audit
& beyond
Some firms conduct cold
file reviews on a rolling basis
throughout the year and this can
be beneficial where there have
been changes in audit procedures
and personnel.
When there are changes in audit
procedures and personnel it is
important that the firm identifies
any audit quality issues early
so that these can be addressed
quickly.
Who should conduct the
reviews?
It is essential that whoever
conducts the reviews:
• is objective;
• is technically up to date;
• has sufficient experience and
knowledge of specialist audits
where these types of reviews
are involved eg, listed audits,
charities; and
• has sufficient standing
and authority to conduct
challenging reviews and
provide effective feedback.
Suitable reviewers could be from:
• within the firm;
• ICAEW;
• a training organisation; or
• another registered auditor.
If you use a third party to conduct
your reviews, you should check
that they have the appropriate
recent technical knowledge and
experience. This may include
specialist industry knowledge
or experience of dealing with
listed clients. Any third party
conducting an ACR should
also complete a confidentiality
declaration.
In this issue…
Is your audit compliance
review process effective?
The wrong type of red
tape? An opinion piece
The new Bribery Act –
what do you, and your
clients, need to know?
It’s all change for the
spring 2011 roadshow
Assurance reporting on
investor stewardship
Do audit committees
really engage with
auditors on audit
planning and
performance?
Use of internal audit
Technical Q&A
Bulletin board
Is your audit compliance review process
effective?
The audit compliance review (ACR) is an important
process for ensuring that audit work stays on track.
Our experience is that firms that carry out an
effective ACR find that it is time and resource well
spent, but firms do not always get the benefit they
should from the process.
We hope that this article will help you to understand
the ACR requirements better and avoid potential
pitfalls.
What is involved in an ACR?
The ACR is a two-part exercise:
• a whole-firm review looking at the procedures the
firm has in place to comply with audit regulations
and ISQC (UK and Ireland) 1; and
• cold file reviews looking at a sample of completed
audits. The reviews are ‘cold’ because they
take place after the whole audit process has
been completed and after the audit opinion has
been given.
Some firms carry out hot file reviews (Engagement
Quality Control Reviews) as part of their quality
control procedures and/or to safeguard against
ethical threats. Firms conduct these reviews before
the audit report is signed. These reviews are not part
of the ACR process, although the ACR will check that
hot reviews have taken place where appropriate.
How do you approach the ACR?
There are a number of commercial ACR programmes
and checklists available to use. ICAEW publishes
a whole-firm audit review checklist and cold
file review checklist; these can be found in the
helpsheets tab at icaew.com/practice.
Audit regulation 3.20 requires a registered auditor
to monitor compliance with the regulations at least
once a year. This means conducting both a whole-
firm review and cold file reviews.
The cold file reviews should cover the audit work
of all Responsible Individuals (RIs) over a period of
not more than three years, although most firms
review the work of each RI every year. The sample
of audits should include specialist and high-risk
engagements. Many firms also plan to cover the
work of senior audit staff on a regular basis.
2. Linda Barnes
Manager, Quality
Assurance
Department.
01 Is your audit compliance
review process effective?
Linda Barnes highlights the
benefits of a effective audit
compliance review process.
03 The wrong type of red
tape? An opinion piece
Neil Harris provides a
viewpoint on the proposals
to increase the audit
exemption threshold.
04 The new Bribery Act
– what do you, and your
clients, need to know?
Andrew Güntert and
Emma Hardacre summarise
some of the key aspects
of the Act.
05 It’s all change for the
spring 2011 roadshow
Sandra Higgins highlights
the benefits of attending
the spring roadshow.
06 Assurance reporting on
investor stewardship
Jo Iwasaki discusses the
publication of new faculty
guidance on adherence to
the new stewardship code.
06 Do audit committees
really engage with
auditors on audit planning
and performance?
Zoe Jeakins provides
information about an event
on interaction between
audit partners, audit
committees, audit
committee chairs and
finance directors.
07 Use of internal audit
Myles Thompson discusses
external auditors’ reliance
on the work of internal
audit.
07 Technical Q&A
Nicky Swaisland answers
a question in relation to
payments by clients via
electronic bank transfers.
08 Bulletin board
In this
issue…
Is your audit compliance review process
effective? (cont’d)
The correct choice of reviewer will ensure that the ACR is
of sufficient depth and will be of greatest value to the firm.
You can find details of the ICAEW service at icaew.com/
en/members/practice-resources/practice-management/
practice-support-services.
What if I am a sole RI?
Sole RIs might not have staff with appropriate experience
to conduct cold file reviews. In these circumstances, many
practitioners choose to have annual reviews from external
organisations. Some sole RIs conduct their own external
cold file reviews; these can be effective but it is difficult to
be objective when reviewing your own work.
Clarified ISQC (UK and Ireland) 1 is clear that cold file
reviewers must be independent from the audit concerned.
This means that a sole RI is very likely to need cold file
reviews from an external organisation at least once every
three years, although internal cold file reviews may be
adequate in intervening years.
We believe that many firms will benefit from external cold
file reviews during 2011/2012 as they get to grips with the
new clarified ISA requirements.
What should you do with the results of the
reviews?
Summarise and conclude on the results of your cold
file reviews. Don’t just put the documents in your
compliance file!
Use results from both cold file reviews and the whole-
firm review to identify the follow-up actions required and
disseminate the results of the reviews and actions within
the firm. Your actions may include some training courses
and possibly changes in procedures.
Monitor progress carefully over the months following
your ACR to ensure that the actions that you planned
are implemented.
It probably goes without saying that all of this should,
of course, be documented.
Where do firms sometimes go wrong?
Review of a firm’s ACR is an important part of QAD’s
monitoring visits.
Sometimes there is no evidence that the firm has carried
out an ACR. This potentially raises two issues – the firm
hasn’t complied with audit regulation 3.20 and may
have given an incorrect statement on its annual return.
The Audit Registration Committee takes a dim view of
firms that have provided misleading
information.
We may conclude that cold file
reviews have not been carried out in
sufficient depth to identify areas of
weakness. This could be because the
reviewer is not technically up to date,
lacks experience, or perhaps has used
out of date checklists.
In some cases, the ACR identifies
weaknesses that have not been
followed up. Sometimes weaknesses
seem to recur year on year. The ACR
is not an isolated activity but should
be viewed as an important tool in
driving continuous improvement in
audit quality.
Further information
The faculty’s guidance, Quality Control
in the Audit Environment icaew.com/
technical/audit-and-assurance/
faculty/audit-and-assurance-faculty-
publications explains the firm’s
monitoring requirements under ISQC
(UK and Ireland) 1.
Guidance on all aspects of audit
regulations can be found on the
ICAEW website icaew.com/en/
technical/audit-and-assurance/
working-in-the-regulated-area-of-
audit.
02 AudIT & BEYOND June 2011
3. The wrong type of red
tape? An opinion piece
Reducing excessive regulation of business is clearly
desirable; the difficulty lies in determining what
is ‘excessive’ as all regulation had a purpose when
implemented.
The Department of Business Innovation and Skills (BIS)
has at least two initiatives to reduce the burden on small
business of interest to accountants:
• proposals in Europe to increase the audit threshold to
remove medium-sized companies from the statutory
audit requirement; and
• a new single person corporate entity for sole director/
shareholder companies with simplified annual returns
and accounts.
In any case BIS proposes to increase the small company
thresholds in line with EU minima to take account of the
devaluation of sterling against the euro. This demonstrates
a problem with such regulation being EU sourced – after
all, it seems unlikely there would be a reduction in the
thresholds if sterling subsequently appreciated against
the euro.
The first initiative has generated much interest judging by
more than 15,000 viewings of Michael Izza’s blogs on the
subject at www.ion.icaew.com/MoorgatePlace/21707 and
www.ion.icaew.com/MoorgatePlace/22029. The second
initiative is more recent and originally arose because
Companies House wanted to remove such entities from
its register.
The value of the statutory audit for SMEs to businesses,
investors and other stakeholders is a subject of debate.
Audit professionals who believe that high-quality,
trusted financial information is fundamental to business
confidence will need to make their case persuasively and
not be seen as acting out of self-interest. Nevertheless,
increasing audit thresholds by large margins and
exempting medium-sized companies may indicate a lack
of appreciation of the ’latent value’ of audits and the
potential impact on creditors and tax revenues.
Equity investors, debt finance providers, trade suppliers
and customers have a legitimate interest in obtaining
financial information about companies they are investing
in or dealing with, and which they may not be able to
obtain through contractual negotiation. UK company law
as a whole was originally based on creditor protection
and many risks to the economy could arise if BIS removes
such protections or does not properly enforce them.
For example:
• Audit exempt companies can file clearly non-UK GAAP
compliant accounts at Companies House – of course
assuming the relevant pages meet the Companies House
requirements ie, to display the registered number in the
right place and being signed in black ink! Neither BIS
nor Companies House appears to appreciate that the
reason for public filing is for suppliers, other creditors,
and customers etc to know about the financial status of
companies they trade with. Such users’ needs for reliable
financial information are legitimate when trading with
entities that have the benefit of limited liability. If SMEs
object strongly to providing this information, or the
cost of doing so, nothing prevents them trading as
unincorporated businesses with unlimited liability.
• Companies House operates what almost amounts
to a fraudsters’ charter by striking off companies
that fail to file accounts – ignoring the fact that such
companies may owe money to
creditors who struggle to get the
company reinstated to recover
their debt. Rather than incorrectly
assuming creditors will be aware
of notices in the London Gazette
stating the intention to strike
the company from the register
so that creditors can object, BIS
should take effective action to
ensure that directors take their
responsibilities seriously. Instead
of sending fines to directors who
probably never pay them, why
not change company law so that
every director of a company that
fails to file accounts or annual
returns is personally liable for the
company’s debts until the omission
is rectified, thus driving home that
limited liability is a privilege with
commensurate obligations?
Audit in accordance with ISAs is not
a prerequisite for ensuring that
publicly filed accounts are reliable,
but if the statutory audit threshold
is increased other protections and
sanctions warrant consideration,
including:
• Differentiating between the scope
and nature of audits between
publicly accountable companies
and other companies. The current
‘one-size fits all’ nature (even
with PN 26 guidance for small
companies) inhibits practitioners’
ability to deliver value via the audit
process, eg, do restrictions in
the ethical standards for auditors
contribute to independence
sufficiently to outweigh reductions
in value-added services provided to
non-listed clients?
• Mandating the use of assurance
reports for medium-sized entities.
• Restricting the use of the term
accountant to members of
professional regulatory bodies so
users know whether accounts filed
with accountants’ compilation
reports are prepared by competent
professionals. Although the
government has rejected this
previously, given increased
regulation of personal financial
advisers and bankers in the public
interest, ICAEW should again
emphasise the need to protect the
public and public finances through
properly regulated corporate
reporting.
A number of responses to Michael
Izza’s blog were in favour of
exempting all non-listed and non-
public interest entities from statutory
audit because they felt it was an
unnecessary cost for businesses
without external shareholders, that
professional standards of accountants
preparing accounts were an adequate
safeguard (if the term accountant
were properly regulated), and
because there was nothing to prevent
shareholders or other stakeholders
seeking a voluntary audit. Given the
wide spectrum of views, it would be
useful if BIS consulted widely with
entrepreneurs, shareholders, insolvency
practitioners, employee representatives
and SME equity and debt finance
providers. With public finances under
pressure, BIS could also liaise with
HM Treasury and HMRC to consider
whether there is, as some practitioners
believe, evidence that audit exempt
companies report lower taxable profits
than audited companies. This would
provide evidence that the benefits
of increasing the number of exempt
companies (presumably in terms
of savings in professional fees and
management time), outweigh the
potential additional costs of reduced
reliability of accounts for users.
In the meantime, it remains incumbent
on audit practitioners to continue
to maintain the highest standards of
competence in order to demonstrate
the value of audit (and other assurance
services) to clients, regulators and
legislators, and perhaps together
with the Audit and Assurance Faculty
identify those areas where audit can
add additional value to SMEs.
BIS’s suggestion of a new corporate
form for sole shareholder/director
companies also ignores the interests of
creditors. The FRSSE appears entirely
appropriate for such companies and
is not complex. In particular, the need
to disclose various matters regarding
shareholders’ and directors’ interests
and related party transactions,
assists creditors in assessing whether
the company’s assets are used
appropriately. Moreover, specific
exemptions for micro entities would
make Companies Act 2006 legislation
more complex as the underlying
principle of ‘small first’ is overturned.
The administrative burden of filing
a standard annual return for sole-
owner businesses is not excessive –
I question whether a director who
found it is so, is a suitable person to
run a business – certainly compared
to the costs of health and safety,
equality, environmental, employment,
tax, anti-money laundering and other
legislation, and perhaps BIS should
focus more on reducing the regulatory
burden on SMEs in those areas.
Neil Harris
is a Partner at
Reeves & Co LLP
and a member
of the faculty’s
Practitioner Services
Committee. The
views expressed in
this article are
his own.
AudIT & BEYOND June 2011 03
4. The new Bribery Act –
what do you, and your
clients, need to know?
The Bribery Act 2010
The Act is a consolidation of the piecemeal existing anti-
bribery legislation plus some enhancements, bringing
the UK’s law in this area up to the required international
standard. It was originally intended to come into force on
1 April 2011 but after a government review the Ministry
of Justice announced on 30 March that it would come
into force on 1 July 2011. On the same day it published
The Bribery Act 2010 Quick Start Guide and Guidance about
procedures which relevant commercial organisations can
put in place to prevent persons associated with them
from bribing www.justice.gov.uk/guidance/making-and-
reviewing-the-law/bribery.htm.
In this article, we look at the Act, the offences it creates
and highlight some particular points of note for both
practitioners and their clients, with the aim of giving a
useful factual guide to what the Act requires.
The offences
There are four types of offence in the Act:
1 ‘giving‘ offences ie, promising, offering or giving bribes
whether directly or indirectly;
2 ‘receiving‘ offences ie, requesting, receiving or agreeing
to receive a bribe;
3 bribery of a foreign public official, which includes
foreign government officials and also individuals
working for international organisations; and
4 a corporate offence of failing to prevent bribery where
a commercial organisation may be guilty if someone
who is acting on its behalf commits an offence (under
1 or 3 above).
What is a bribe?
There is no specific definition of ‘bribe‘ in the Act.
However, it outlines cases that would constitute bribery.
The key elements of those cases are:
• a financial or other advantage; and
• intention to induce improper performance of a function
or, in the case of bribery of a foreign public official,
intention to influence the recipient in their capacity as
such an official (so no impropriety is required).
The function must be of a public
nature, in connection with a business
or in the course of employment or on
behalf of a body of persons. In other
words, the function does not relate
to the private life of the recipient of
the bribe. It must be a function that
the recipient is expected to perform
in good faith, or impartially, or from
a position of trust. What constitutes
improper performance is breach
of a relevant expectation that the
function will be performed in that
way. And the test of what is expected
is an objective one – what would a
reasonable person in the UK expect?
Local custom is not relevant.
Territoriality
Section 12 gives a detailed
description of the territoriality of
bribery offences. It is a lengthy
provision but in effect, it states
that acts carried out by anyone
with a close connection to the UK
which would be classed as offences
here, remain offences under UK
law regardless of where they were
committed. ‘Close connection‘
means:
• any British person (in whatever way
they obtained that status); or
• anyone who ordinarily lives here; or
• any body incorporated under
UK law.
This is a broad application but not
completely without parallel – the
Proceeds of Crime Act 2002 contains
a similar concept as regards acts that
would be criminal in the UK and the
existing anti-bribery legislation has a
wide territorial application following
amendments in the Anti-Terrorism,
Crime and Security Act 2001.
Elements of the new corporate
offence
A corporate offence will be
committed if the bribery is
committed by someone associated
with a commercial organisation, with
an intention of securing a business
advantage for the organisation and
the corporate offence can be applied
even if the individual concerned is not
prosecuted. A person is ‘associated‘
if they perform services on behalf of
an organisation. This may include
employees, agents and subsidiaries,
depending on the circumstances.
The guidance addresses the point on
subsidiaries and looks at whether or
not they are operating independently
from their parent, so the bare fact
that they are subsidiaries does not
mean they are associated for the
purposes of the Act.
As mentioned below, there is a
defence set out in the Act. This
includes the need to have proof that
adequate procedures were in place.
The Government’s final guidance
sets out six principles on which those
procedures should be based:
1 proportionate procedures;
2 top-level commitment;
3 risk assessment;
4 due diligence;
5 communication (including
training); and
6 monitoring and review.
As a minimum, organisations large or
small should do the following:
• carry out a risk assessment of their
activities and of appropriate due
diligence into third parties such as
agents and suppliers;
• compile anti-bribery policies and
procedures based on the first step
considered and approved by senior
officers of the company; and
• publicise their policies and
procedures and amend
employment contracts as necessary
in a proportionate manner.
The breadth and depth of what is
required will vary from organisation
to organisation; every business may
need something written as their proof
that the procedures exist.
04 AudIT & BEYOND March 2011
5. The final guidance does, however, say ‘there is a full
defence if you can show you had adequate procedures
in place to prevent bribery. But you do not need to put
bribery prevention procedures in place if there is no risk
of bribery on your behalf’.
Corporate hospitality
There has been press speculation about the impact of the
Act and the extent of its effect on UK business, particularly
in its impact on corporate hospitality. The guidance makes
it clear that ‘The Government does not intend for the Act
to prohibit reasonable and proportionate hospitality and
promotional or other similar business expenditure... it is,
however, clear that hospitality and promotional or other
similar business expenditure can be employed as bribes.’
Intention would seem to be the key here. What does one
intend with the hospitality being offered? The guidance
states ‘... there must be an intention for a financial or other
advantage to influence the official in his or her official
role...‘ [for the section 6 offence]. What should be avoided,
is hospitality that is disproportionate to the situation.
For example, extending an invitation to a client’s finance
director for a match at Twickenham may be reasonable,
but an all expenses paid trip to the World Cup final in
Auckland in October could be deemed to be excessive.
In several places the guidance uses the terms ‘reasonable
and proportionate’ and refers to taking account of the
circumstances, including the relevant industry sector, in
deciding what is reasonable and proportionate.
Facilitation payments
Some countries, including the US, have anti-bribery laws
that do not extend to facilitation payments. Facilitation
payments are amounts paid to expedite processes that
would otherwise happen, just more slowly. The concept
is not recognised in UK law and
facilitation payments are not allowed
under the Bribery Act. The guidance
reinforces that position explicitly as
well as making the point that these
are not legal under the existing law.
Threatening situations
What is the position if you are under
threat and a payment is required? For
example, where you are stopped by
armed police in a foreign country and
a bribe demanded?
Again, the guidance addresses this
specific point. Where ‘life, limb or
liberty’ is threatened, the guidance
suggests that the common law
defence of duress is very likely to be
available. Should this happen it might
be advisable to make a report to the
relevant person in your organisation
as soon as practicable.
Money laundering reports
Bribery is, and will continue to be,
a criminal offence. Those within the
accounting profession are required
to report suspicions of money
laundering ie, where they or anyone
else are doing anything with the
proceeds of crime. The proceeds of
bribery will therefore be reportable;
given the maximum sentence of
10 years, the overseas reporting
exemption will not apply.
Action to be taken?
Apart from becoming familiar
with the legislation and being
aware of the Ministry of Justice
guidance, practitioners need to
ensure that clients are advised of
the development and that they take
appropriate action. For auditors, this
may mean including the Bribery Act
in the review of applicable legislation.
All clients need to carry out some
risk assessment and document
their findings (which for many
small businesses may be a short
and simple exercise). They should
also produce some documentation
confirming what their policies and
procedures are. The higher the risk,
the more likely it is that they will feel
it necessary to amend employment
contracts and publish their policy.
AudIT & BEYOND June 2011 05
Andrew Guntert
is a Lecturer
with the
Mercia Group
Ltd and a
member of
the faculty’s
Technical and
Practical Auditing Committee.
Emma Hardacre is the Money
Laundering Reporting Officer at
Deloitte LLP.
Sandra Higgins
is Chair of
the faculty’s
Practitioner
Services
Committee.
It’s all change for the
spring 2011 roadshow
It’s all change for the spring 2011 roadshow Topical
Issues for Today’s SME Practitioner. Clarity ISAs hardly
get a mention and we have a change of speaker. Many of
you will already be familiar with Mike Ulrich’s extensive
knowledge of current issues. For those of you who
haven’t come across him before, Mike is a well-respected
presenter with 20 years’ experience on the circuit. He also
runs his own audit-registered practice so he has personal
experience about what it’s like to be on our side of
the fence.
This half-day session is aimed at addressing some of the
other challenges we are currently experiencing when
acting for SMEs. With a lot of focus over the last year or
so on preparing for and implementing clarity ISAs, this
time we get to hear about some of the other issues facing
us today.
One of the most problematic areas is service charge
accounts and reporting. Do you understand the guidance
and reporting framework? This could be described as a bit
of a mess, but Mike makes a valiant effort at unravelling
it all and provides us with an insight into how we are
supposed to be handling these assignments.
Most SMPs probably have an increasing proportion of
specialised audit clients, such as charities and pension
schemes. These are covered in the
roadshow, making it an excellent
opportunity to get to grips with the
new auditing standards and their
specific application to these specialist
audits. There is also a section on
reporting on grant claims, another
area for which new guidance was
issued last year.
I am sure I am not the only one
who has had difficulty in getting
through to technical support from
my accounting software provider
recently. iXBRL seems to have caused
major meltdown, even to the point
where I heard on the grapevine
that one well-known supplier of
accounting software has given up
and agreed with HMRC that their
tagging would be accepted even
though it wasn’t quite right. The
roadshow clarifies some of the
relevant XBRL tagging issues that
we are having problems with.
On a final note, for those of you who
were worried that you had heard the
last of John Selwood and clarity ISAs,
rumour has it he’ll be back in the
autumn with ideas to make auditing
so efficient we’ll be wondering what
to do with all our over-recoveries!
Go to icaew.com/aaf to book onto
the remaining dates for the spring
roadshow and to find out more about
the forthcoming autumn roadshow.
6. 06 AudIT & BEYOND June 2011
Assurance reporting on
investor stewardship
parties which can be found at icaew.
com/technical-release-aaf-01-06.
In developing the Stewardship
Supplement, the faculty consulted
widely with the investor community.
The guidance focuses on principles
1, 2, 6 and 7 of the Code which are
considered ‘objectively verifiable’
and the scope of assurance reporting
is limited to the fair description of
investors’ commitment to the Code
at present.
The use of AAF 01/06 has increased
since the initial launch in 2006, when
the guidance was primarily addressed
to financial service organisations
such as custodians and investment
managers who report on their
internal controls over third-party
assets. In 2009, the scope of AAF
01/06 was extended to cover other
types of financial service organisations
such as private equity and hedge
fund management. In 2010, a new
appendix was added to enable AAF
01/06 assurance reporting compatible
with the IAASB’s assurance standard
ISAE 3402, Assurance Reports on
Controls at a Service Organization.
AAF 01/06 is based on the IAASB’s
ISAE 3000, Assurance engagements
other than audits or reviews of
Shareholder engagement is a key driver of corporate
accountability. The FRC issued a framework for this
engagement, the UK Stewardship Code www.frc.org.uk/
corporate/investorgovernance.cfm in July 2010.
The UK Stewardship Code aims to enhance the quality
of engagement between institutional investors and
companies to help improve long-term returns to
shareholders and the efficient exercise of governance
responsibilities. The FRC believes institutional investors
should aspire to the good practice it sets out on
engagement with investee companies in the Code.
Initial investor take up is encouraging – to date over 160
organisations have published a statement of commitment
www.frc.org.uk/corporate/stewardshipstatements.cfm
to the Code as of April 2011.
In the light of this, the faculty has published the guidance
Stewardship Supplement on assurance reporting intended
to support the Code by providing independent evaluation
of how investment managers adhere to the Code. It should
also be useful to assist owners when they are deciding who
to appoint. At a time when the EC is consulting on a green
paper on corporate governance, it will also underscore
confidence in the comply or explain approach.
The guidance is published as a supplement to ICAEW’s
existing guidance AAF 01/06, Assurance reports on internal
controls of service organisations made available to third
Do audit committees
really engage with
auditors on audit
planning and
performance?
Following on from the award-winning 2001 book Behind
Closed Doors: what company audit is really about written
with Richard Brandt the authors Vivien Beattie, Stella
Fearnley and Tony Hines have updated their research
to include the major regulatory changes developed
as a result of the Enron crisis, and the introduction of
international standards for accounting and auditing.
There have already been a number of outputs from this
project including a book based on nine company case
studies entitled Reaching Key Financial
Reporting Decisions: How UK Directors
and Auditors Interact published by
Wiley in March 2011.
At a P D Leake lecture to be held on
21 June 2011 at 5:30pm at Chartered
Accountants’ Hall icaew.com/en/
events/2011/june/tsd-pd-leake-
lecture-110621, unpublished material
from the study will be presented.
This material will put the interactions
between audit partners, audit
committee chairs, audit committees
and finance directors on audit
planning and auditor performance
under the spotlight.
The lecture, chaired by ICAEW
Executive Director, Robert
Hodgkinson promises to provide an
interesting and thought-provoking
evening. Graham Roberts, finance
director of British Land plc will
provide a practitioner viewpoint after
which there will be an opportunity for
debate and discussion.
Delegates will have time to network
and discuss current issues with fellow
professionals after the event over
drinks and canapés. Attendance is
free of charge and funded by ICAEW’s
charitable trusts. Places are limited,
please email tsdevents@icaew.com
to register your interest.
What is the P D Leake Lecture?
This annual lecture attracts an
international audience, bringing
together academics, industry leaders
and commentators from the auditing
and financial reporting community.
Regulators, investors, standard-setters
and those from the business and
professional practice worlds are able
to share views on the development of
the role of audit committees and their
relationships with auditors.
Learn more about ICAEW
Thought Leadership
Auditing and financial reporting
thought leadership initiatives from
ICAEW include the Audit Quality
Forum, Re: Assurance and Information
for Better Markets programmes all
looking at the key issues in the external
audit industry, non-audit assurance
and financial reporting. If you are
interested in keeping in touch with
these programmes, or contributing to
them, email norma.pavitt@icaew.com.
historical financial information which
has provided a basis for application
across various markets. A revised
version of ISAE 3000 is currently out
for consultation. AAF 01/06 with the
Stewardship Supplement is available
from ‘Assurance engagements on
business relationships’ under
icaew.com/assurance.
Jo Iwasaki
Technical
Manager, Audit
and Assurance
Faculty.
Zoe Jeakins
Events Manager,
Technical
Strategy
Department.
7. AudIT & BEYOND June 2011 07
Myles
Thompson
is a Partner at
KPMG and Chair
of the faculty’s
Technical and
Practical Auditing
Committee.
Use of internal audit
The use of the work of a company’s internal audit function
by an external auditor has been around for many years.
However, many issues are often raised by audit teams
on what an external auditor is required to do to rely on
this work.
These issues were debated by the faculty’s Practical
Auditing Discussion Group (PADG) at its meeting in March
2011. The key areas covered were:
• What is internal audit?
• What work do we need to do to rely on the work
of internal audit?
• What is direct assistance and is it ok?
ISA (UK and Ireland) 610, Using the work of internal auditors
currently governs this work. However, the IAASB is in the
process of revising this standard and many issues have
been raised on the proposed new standard. Therefore, is
the way we currently work with internal auditors going to
change in the future?
What is internal audit?
The traditional internal audit function (independent team
reporting to the audit committee) is well understood.
However, companies now have many other functions that
could also be classed as ‘internal audit’ functions such as
store stock counting teams used by many retailers and
finance function personnel checking financial controls
in an area that they are not involved in. PADG discussed
that the key is to ensure that external auditors carry out a
rigorous assessment of the independence and objectivity
of the ‘internal audit’ function and then use their
judgement on what work they can rely upon.
What work do external auditors need to do?
Paragraph 12 of ISA (UK and I) 610 sets out the areas that
external auditors need to evaluate. However, the question
is, should external auditors review internal audit’s working
papers and/or should they re-perform some of its work?
The views expressed at PADG were
that, for external auditors to rely
on the work of internal audit, they
must review internal audit’s working
papers so that they can meet the
requirements of paragraph 12. In
particular they need to assess whether
’conclusions reached are appropriate
in the circumstances and any reports
prepared by the internal auditors are
consistent with the results of the
work performed’.
On the point of re-performance there
were differing views. Some attendees
were of the view that external
auditors must re-perform some of
the work as they need to manage
the risk that there could be errors in
the work performed. Others were
more relaxed. PADG attendees were
of the view that it would be useful
to have further guidance (either in
the proposed new standard or from
the ICAEW) on what work external
auditors needed to do in this area. In
addition, those that attended agreed
that it would be useful for external
auditors to better understand the
professional standards that internal
auditors use.
What is direct assistance and
is it ok?
There appears to be confusion on
what direct assistance actually means.
PADG attendees were of the view
that it is where external auditors use
internal audit to perform audit work
planned and supervised by external
auditors. The current IAASB standard
does not cover direct assistance,
though the UK version does include
some specific safeguards that external
auditors should follow. However,
many of the PADG attendees were
concerned about using internal audit
in this way as the view was that
internal audit cannot be independent.
The new standard needs to provide
clear guidance in this area.
The proposed IAASB standard
The IAASB issued an exposure draft
of its proposed revised standard in
July 2010. It received considerable
feedback, especially from regulators
who are concerned that the
standard allows external auditors
to use the work of internal audit
extensively. They want it to be limited
to low risk areas and to include
clear requirements that detail the
procedures that external auditors
need to perform in order to rely on
the work of internal audit.
Conclusion
PADG’s view was that the revised
IAASB standard could change the way
that external auditors use the work
of internal audit. It is also important
that there are safeguards in place to
ensure that companies do not put
pressure on external auditors to use
internal audit. More guidance would
be useful and the faculty will consider
what is appropriate when the new
standard has been issued.
Technical Q&A
Electronic bank transfers
Q: I find that my clients increasingly pay their fees by
electronic transfer direct into my practice account.
One client recently included their tax payment (which
was to be passed onto HMRC) in the electronic
transfer without my knowledge. The money was in
the practice account for two weeks before I realised
what had happened and made the payment to HMRC.
I understand this is a breach of the client money
regulations. How do I address this issue?
A: With the increasing use of electronic transfers, it is
important to monitor the practice account regularly in
order to identify any such misplaced payments. You could
build this into the internal controls you already have in
place to administer the account.
Nicky Swaisland
Scheme Manager,
Ethics Advisory
Services.
As the payment was received in error and corrective action
taken as soon as it was identified no further action is
necessary. However, it would, be wise to keep a note on
your file to show what happened and the action you took
to correct the situation. You might also want to ask clients
to separate out payments to your firm and to others and
to notify you when a payment is made. Quite apart from
the client money issue, there is a risk of late payment
penalties if HMRC are involved. One way to do this might
be to include a suitable note in your engagement letter.
The above Q&A demonstrates a solution based on a
simple set of circumstances, if your situation is different
and/or you have concerns, please call the ethics helpline
on +44 (0) 1908 248 250 to discuss further.