by John McCarthy Consulting Ltd. | Mar 20, 2023 | News
This week we continue our series looking at some lessons that auditors can learn from past Decision Notices (DN) published by the Financial Reporting Council. To read last week’s post click here.
Today we focus on the journal entry testing audit failings in the case of Haysmacintyre LLP and its audit partner David Cox (Hays) and the audit of the consolidated financial statements for ‘Associated British Engineering plc’ (‘ABE’) for the FY 2018. The FRC did not make a finding that the FY2018 financial statements of ABE were misstated.
Hays communicated to ABE’s audit committee that “significant, unusual or unexpected journal postings [had] been investigated and verified”.
- However, in fact Hays’ work on journal entry testing failed to meet the Relevant Requirements of ISA 240 Auditor’s Responsibilities Relating to Fraud;
- ISA 500 Audit Evidence; and
- 230 Audit Documentation.
This arose from journal entry testing that did not comply with the requirements of paragraph 32 of ISA 240, and thereby failed to respond appropriately to the risk, present in all entities, that arises from the fact that management is in a unique position to perpetrate fraud by overriding controls.
The rationale of the Relevant Requirements of ISA 240 is that management has the ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively.
The work on journal entries that Hays carried out did not meet the requirements in that:
- it did not constitute testing across all journal entries made in the year for the purpose of complying with ISA 240 paragraph 32 and
- was not designed or executed as testing of that kind;
- the work was confined to entries in discrete parts of the accounts and
- was directed to objectives other than those of ISA 240 paragraph 32, such as testing year-end journals as part of balance-sheet testing.
Hays did not document on the audit file the work done to ensure that significant, unusual or unexpected journal postings had been investigated and verified.
Although the relevant workpaper states that journal entries were “reviewed as part of testing, with no evidence of fraud or bias noted”, the workpaper does not:
- set out the audit procedures performed, either by explaining the procedures or attaching documents to substantiate the outcome of the procedures and
- the conclusion reached as to evidence of fraud or bias.
In this area of audit work, Hays therefore breached the requirement of ISA 240 paragraph 32(a),
- by failing to design and perform audit procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements and,
- in doing so, to make inquiries about inappropriate or unusual activity relating to the processing of the entries, to select entries made at the end of a reporting period and to consider the need to test them throughout the period.
Hays also breached the requirements of:
- ISA 500 (Audit Evidence), paragraph 6, by failing to design and perform appropriate procedures to obtain sufficient appropriate audit evidence; and
- ISA 230 (Audit Documentation), paragraphs 8 and 9, in respect of preparing audit documentation that:
- shows the results of audit procedures performed and
- the audit evidence obtained and documenting the identifying characteristics of the specific items or matters tested.
Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.
Publications and AML webinars:
- The ISQM TOOLKIT 2022 is available to purchase here.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Mar 20, 2023 | News
It can be a very informative learning experience for auditors to focus on the Decision Notices (DN) published by the Financial Reporting Council. This week we focus on the audit failings in a case involving inventory.
One decision that we will examine over the coming weeks is the 2021 DN involving Haysmacintyre LLP and its audit partner David Cox (Hays) and the audit of the consolidated financial statements for ‘Associated British Engineering plc’ (‘ABE’) for the FY 2018. ABE was an engineering company based in the UK whose core operating activity was manufacturing/supplying spare parts for diesel engines and associated repair services.
The FRC clarifies that it did not make a finding that the FY2018 financial statements of ABE were misstated.
The carrying value of ABE’s inventory (i.e. the lower of cost and Net Realisable Value) stated in the FY2018 financial statements, at £1.037 million, represented 55% of current assets and 35% of total assets. There were multiple, serious failures in Hays’ audit work on inventory/stock valuation.
The inventory testing procedures in question were:
- poorly designed and
- were inadequate to test the key elements of the provisioning assessments so as to provide sufficient evidence for the relevant assertions in the FY2018 financial statements.
Sample selection failings
The selected sample size of 30 items was not appropriate, given that inventory was deemed an area of significant risk, and the audit file does not provide a justification for the sample size.
The whole population of the items that could have been selected was many times greater than 30; the audit file itself refers to an alternative, balance-sheet measure which might have been adopted and would have involved a sample more than ten times larger than the selected sample.
Execution of the tests by the audit team was deficient.
Hays communicated to ABE’s audit committee that, for each item within the sample of stock lines they had selected, they had traced:
- the cost price both to a purchase invoice, to ensure that costs had been correctly recorded, and
- to a sales list, to ensure that stock was subsequently recorded at the lower of cost and net realisable value.
In fact, Hays had not carried out those procedures.
Of the 30 items in the sample:
- only 17 were traced to a purchase invoice and
- only 10 were traced to a post year-end sales invoice.
Hays carried out testing work on the stock ageing data of [Subsidiary A], on which management based their provisioning.
The test of [Subsidiary A]’s stock ageing data that Hays designed and executed was inadequate in that it did not seek to verify the ageing data by checking the allocation of purchases to their respective financial periods.
Hays’ work on the carrying value of inventory within the Audit was therefore wholly inadequate. There were extensive and significant failings in this area of the Audit which constitute breaches of the following requirements of the ISAs:
ISA 200 (Overall objectives):
- Paragraph 15, by failing to plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated;
- Paragraph 16, by failing to exercise professional judgment in planning and performing an audit of financial statements; and
- Paragraph 17, by failing to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.
ISA 500 (Audit Evidence):
- Paragraph 6, by failing to design and perform appropriate procedures to obtain sufficient appropriate audit evidence; and
- Paragraph 9, by failing to carry out an appropriate evaluation as to whether information produced by the audited entity was sufficiently reliable for the auditor’s purposes.
ISA 330 (Response to Risks)
Paragraph 21, by failing to perform substantive procedures that were specifically responsive to the assessed significant risk of material misstatement in relation to inventory.
ISA 530 (Audit Sampling):
- Paragraph 6, by failing to design an audit sample giving consideration to the purpose of the audit procedure in question and the characteristics of the population from which the sample was to be drawn;
- Paragraph 7, by failing to determine a sample size sufficient to reduce sampling risk to an acceptably low level; and
- Paragraph 10, by failing to perform on a replacement item an audit procedure which was not applicable to the item first selected.
Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.
Publications and AML webinars:
- The ISQM TOOLKIT 2022 is available to purchase here.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Mar 10, 2023 | News
As part of the new ISQM 1 audit quality management standard, there has been much commentary about a new procedure called Root Cause Analysis or RCA.
Root cause analysis is now a compulsory requirement of audit quality control under paragraph 41 of the ISQM. It focuses on understanding the underlying cause behind the deficiencies identified on audit files and in audit quality processes to help provide valuable insights to the firm and help with remedial action.
It’s not practical to apply RCA to every deficiency. Firms will need to design a way of appropriately targeting RCA at the most appropriate reviews and findings.
The selection of deficiencies on which to focus RCA will involve taking the following factors into account:
- The quantum/frequency of the audit risk and/or whether the audit is high profile;
- The reviews it could be applied to, cold file reviews, engagement quality reviews and/or external monitoring reviews;
- The possible selection of all low scoring/graded files, in cold file reviews; and
- Whether the findings in question are recurring themes.
Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.
We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.
Publications and AML webinars:
- The ISQM TOOLKIT 2022 is available to purchase here.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Mar 2, 2023 | News
The Financial Times reported in late February 2023 on a classic example of CDD (Client Due Diligence) gone wrong, or more likely ‘Careless Due Diligence’.
As part of the required anti-money laundering (AML) checks, before taking their new client in 2021, the London Law firm, Discreet Law, requested identification documents from Yevgeny Prigozhin, who is the founder of the Wagner mercenary group. His name is on the sanctions lists of individuals accused of human rights abuses since 2018.
In response, Mr Prigozhin’s Russian lawyers forwarded a copy of his passport and a gas bill in the name of his then 81 year old mother, Violetta, for an address in St Petersburg, Russia.
Apparently the law firm were happy with the explanation that the bill was issued in the name of the claimant’s mother (Violetta Prigozhin) who actually lives at the client’s residential address and pays the bills. Her name has been added to the list of sanctioned individuals for her support of her mercenary son.
In March 2022, one month after Russia’s full-scale invasion of Ukraine, the firm applied to stop representing him.
The moral of the story is that each firm when carrying out CDD must ‘take reasonable steps’ as set out in Section 33 (5) of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021which includes verifying that the utility bill is correctly in the name of the individual concerned and that the address is their normal residential address.
PS – the above image is a stock photo and not known to resemble Mrs. Prigozhina.
Have you sourced all the Supplier Quality Statements you need? In case you ask, here is the one from John McCarthy Consulting Ltd.
ISQM Toolkit training
The ISQM TOOLKIT 2022 is self-explanatory and is available to purchase here.
This is the first time for adoption of this new standard and the various professional bodies have already commenced carrying out spot checks on firms and their implementation of this standard.
We are running a series of one to one private Zoom sessions to explain how it all works in a structured 1hour CPD session on Zoom with a free recording.
In addition, there is a half-day follow-up where we go through the actual Toolkit itself in a 4-hour session to document your risks and responses. We can also proof your final toolkit with suggestions for improvements. Contact john@jmcc.ie for more details.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
by John McCarthy Consulting Ltd. | Feb 25, 2023 | News
As of 4 June 2022, (under EU sanctions) it is prohibited to provide, directly or indirectly, accounting, auditing, including statutory audit, bookkeeping and tax consulting services, as well as business and management consulting or public relations services (Article 5n of Council Regulation 833/2014) to the Russian government, as well as to legal persons such as companies and other entities or bodies established in Russia.
Trying to assess the implications of the increasingly complex and varied sanctions regimes imposed on Russia (and on certain other countries/individuals and entities around the world) is already a huge headache. Some would say it’s not worth the effort. The compliance cost alone, plus the potential for getting the risk assessment wrong, versus the benefit of taking on a ‘risky’ client is too high.
It’s highly recommended that each firm carry out a complete sweep of all existing clients including those clients’ suppliers/customers (not just with the firm’s new clients) to verify whether there are any connections with Russia or with individuals/entities resident there.
Commencing in March 2022 the Big 4 accounting firms announced their withdrawal from Russia and with the war with Ukraine passing its first anniversary, it doesn’t look like this conflict will be resolved any time soon.
For quick access to the main Sanctions lists, please click on the following links:
Have you sourced all the Supplier Quality Statements you need? In case you ask, here is the one from John McCarthy Consulting Ltd
ISQM Toolkit training
The ISQM TOOLKIT 2022 is self-explanatory and is available to purchase here.
This is the first time for adoption of this new standard and the various professional bodies have already commenced carrying out spot checks on firms and their implementation of this standard.
We are running a series of one to one private Zoom sessions to explain how it all works in a structured 1hour CPD session on Zoom with a free recording.
In addition, there is a half-day follow-up where we go through the actual Toolkit itself in a 4-hour session to document your risks and responses. We can also proof your final toolkit with suggestions for improvements. Contact john@jmcc.ie for more details.
- See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
- Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
- To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
