Poor Audit Work on Journal Entry Testing

Poor Audit Work on Journal Entry Testing

This week we continue our series looking at some lessons that auditors can learn from past Decision Notices (DN) published by the Financial Reporting Council. To read last week’s post click here.

Today we focus on the journal entry testing audit failings in the case of Haysmacintyre LLP and its audit partner David Cox (Hays) and the audit of the consolidated financial statements for ‘Associated British Engineering plc’ (‘ABE’) for the FY 2018. The FRC did not make a finding that the FY2018 financial statements of ABE were misstated.

Hays communicated to ABE’s audit committee that “significant, unusual or unexpected journal postings [had] been investigated and verified”.

  • However, in fact Hays’ work on journal entry testing failed to meet the Relevant Requirements of ISA 240 Auditor’s Responsibilities Relating to Fraud;
  • ISA 500 Audit Evidence; and
  • 230 Audit Documentation.

This arose from journal entry testing that did not comply with the requirements of paragraph 32 of ISA 240, and thereby failed to respond appropriately to the risk, present in all entities, that arises from the fact that management is in a unique position to perpetrate fraud by overriding controls.

The rationale of the Relevant Requirements of ISA 240 is that management has the ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively.

The work on journal entries that Hays carried out did not meet the requirements in that:

  • it did not constitute testing across all journal entries made in the year for the purpose of complying with ISA 240 paragraph 32 and
  • was not designed or executed as testing of that kind;
  • the work was confined to entries in discrete parts of the accounts and
  • was directed to objectives other than those of ISA 240 paragraph 32, such as testing year-end journals as part of balance-sheet testing.

Hays did not document on the audit file the work done to ensure that significant, unusual or unexpected journal postings had been investigated and verified.

Although the relevant workpaper states that journal entries were “reviewed as part of testing, with no evidence of fraud or bias noted”, the workpaper does not:

  • set out the audit procedures performed, either by explaining the procedures or attaching documents to substantiate the outcome of the procedures and
  • the conclusion reached as to evidence of fraud or bias.

In this area of audit work, Hays therefore breached the requirement of ISA 240 paragraph 32(a),

  • by failing to design and perform audit procedures to test the appropriateness of journal entries recorded in the general ledger and other adjustments made in the preparation of the financial statements and,
  • in doing so, to make inquiries about inappropriate or unusual activity relating to the processing of the entries, to select entries made at the end of a reporting period and to consider the need to test them throughout the period.

Hays also breached the requirements of:

  • ISA 500 (Audit Evidence), paragraph 6, by failing to design and perform appropriate procedures to obtain sufficient appropriate audit evidence; and
  • ISA 230 (Audit Documentation), paragraphs 8 and 9, in respect of preparing audit documentation that:
    • shows the results of audit procedures performed and
    • the audit evidence obtained and documenting the identifying characteristics of the specific items or matters tested.

Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinars:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
A Salutary Lesson on Inventory Audit Work

A Salutary Lesson on Inventory Audit Work

It can be a very informative learning experience for auditors to focus on the Decision Notices (DN) published by the Financial Reporting Council. This week we focus on the audit failings in a case involving inventory.

One decision that we will examine over the coming weeks is the 2021 DN involving Haysmacintyre LLP and its audit partner David Cox (Hays) and the audit of the consolidated financial statements for ‘Associated British Engineering plc’ (‘ABE’) for the FY 2018. ABE was an engineering company based in the UK whose core operating activity was manufacturing/supplying spare parts for diesel engines and associated repair services.

The FRC clarifies that it did not make a finding that the FY2018 financial statements of ABE were misstated.

The carrying value of ABE’s inventory (i.e. the lower of cost and Net Realisable Value) stated in the FY2018 financial statements, at £1.037 million, represented 55% of current assets and 35% of total assets. There were multiple, serious failures in Hays’ audit work on inventory/stock valuation.

The inventory testing procedures in question were:

  • poorly designed and
  • were inadequate to test the key elements of the provisioning assessments so as to provide sufficient evidence for the relevant assertions in the FY2018 financial statements.

Sample selection failings

The selected sample size of 30 items was not appropriate, given that inventory was deemed an area of significant risk, and the audit file does not provide a justification for the sample size.

The whole population of the items that could have been selected was many times greater than 30; the audit file itself refers to an alternative, balance-sheet measure which might have been adopted and would have involved a sample more than ten times larger than the selected sample.

Execution of the tests by the audit team was deficient.

Hays communicated to ABE’s audit committee that, for each item within the sample of stock lines they had selected, they had traced:

  • the cost price both to a purchase invoice, to ensure that costs had been correctly recorded, and
  • to a sales list, to ensure that stock was subsequently recorded at the lower of cost and net realisable value.

In fact, Hays had not carried out those procedures.

Of the 30 items in the sample:

  • only 17 were traced to a purchase invoice and
  • only 10 were traced to a post year-end sales invoice.

Hays carried out testing work on the stock ageing data of [Subsidiary A], on which management based their provisioning.

The test of [Subsidiary A]’s stock ageing data that Hays designed and executed was inadequate in that it did not seek to verify the ageing data by checking the allocation of purchases to their respective financial periods.

Hays’ work on the carrying value of inventory within the Audit was therefore wholly inadequate. There were extensive and significant failings in this area of the Audit which constitute breaches of the following requirements of the ISAs:

ISA 200 (Overall objectives):

  • Paragraph 15, by failing to plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated;
  • Paragraph 16, by failing to exercise professional judgment in planning and performing an audit of financial statements; and
  • Paragraph 17, by failing to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.

ISA 500 (Audit Evidence):

  • Paragraph 6, by failing to design and perform appropriate procedures to obtain sufficient appropriate audit evidence; and
  • Paragraph 9, by failing to carry out an appropriate evaluation as to whether information produced by the audited entity was sufficiently reliable for the auditor’s purposes.

ISA 330 (Response to Risks)

Paragraph 21, by failing to perform substantive procedures that were specifically responsive to the assessed significant risk of material misstatement in relation to inventory.

ISA 530 (Audit Sampling):

  • Paragraph 6, by failing to design an audit sample giving consideration to the purpose of the audit procedure in question and the characteristics of the population from which the sample was to be drawn;
  • Paragraph 7, by failing to determine a sample size sufficient to reduce sampling risk to an acceptably low level; and
  • Paragraph 10, by failing to perform on a replacement item an audit procedure which was not applicable to the item first selected.

Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinars:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Root Cause Analysis – Best Practice

Root Cause Analysis – Best Practice

As part of the new ISQM 1 audit quality management standard, there has been much commentary about a new procedure called Root Cause Analysis or RCA.

Root cause analysis is now a compulsory requirement of audit quality control under paragraph 41 of the ISQM. It focuses on understanding the underlying cause behind the deficiencies identified on audit files and in audit quality processes to help provide valuable insights to the firm and help with remedial action.

It’s not practical to apply RCA to every deficiency. Firms will need to design a way of appropriately targeting RCA at the most appropriate reviews and findings.

The selection of deficiencies on which to focus RCA will involve taking the following factors into account:

  • The quantum/frequency of the audit risk and/or whether the audit is high profile;
  • The reviews it could be applied to, cold file reviews, engagement quality reviews and/or external monitoring reviews;
  • The possible selection of all low scoring/graded files, in cold file reviews; and
  • Whether the findings in question are recurring themes.

Please go to our website to see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please contact John McCarthy FCA by e-mail at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinars:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Tips For the Supplier Quality Statement

Tips For the Supplier Quality Statement

As many audit firms will already be aware the International Standard on Quality Management 1 (ISQM 1) became effective on 15 December 2022. This is the implementation date from when they must document their System of Quality Management (SoQM).

As part of such a system, audit firms must assess the quality of any system components which have been sourced from external third parties.

Part of the confirmation process will involve the collection of statements from these external parties known as Supplier Quality Statements (SQS).  We are only concerned here with those suppliers that may impact on audit quality such as (the list is not necessarily comprehensive) the following:

  • training organisations providing CPD;
  • providers of audit tools such as audit programmes and financial statements checklists;
  • professional bodies;
  • software and IT support suppliers;
  • providers of technical checklists;
  • technical advisers and
  • audit file reviewers.

The collection of these Supplier Quality Statements will form part of each firm’s System of Quality Management (SoQM) and will need to be updated subsequently at regular intervals.

Have you sourced all the Supplier Quality Statements you need?

In case you ask, here is the one from John McCarthy Consulting Ltd.

For those of you still in the process of ISQM 1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.
Four Steps to Assessing Audit Quality Risks

Four Steps to Assessing Audit Quality Risks

The implementation deadline for the International Standard on Quality Management 1 (ISQM 1) was 15 December 2022 the date from which audit firms have their System of Quality Management (SoQM) documented and prepared.

As part of the implementation process audit firms are expected to record risks to audit quality, put in place appropriate responses and document the overall firm approach.  This may best be done as a brainstorming session with senior audit personnel.

In certain cases it will be appropriate to involve non-audit Partners in the process, in so far as they provide non-audit services to audit clients, so that there is a complete understanding of the scope of the potential audit quality risks that may be present.

Essentially there are at least four steps involved:

  1. Work out the firm’s audit quality risks;
  2. Prioritise the risks depending on likelihood and impact;
  3. Agree the responses – take note that there are at least 18 pre-set responses in ISQM.34 that must be compulsorily dealt with or marked as ‘not applicable’ and then each firm may need to add their own specific risks.

Depending on the type and size of audit firm, there are likely to be a few risks that may be easily excluded e.g. if:

  1. Your firm is not part of an international network;
  2. It does not carry out groups audits as the Parent company auditor; and
  3. It does not act for Public Interest Entities).
  1. Devise tailored responses to the risks identified, ensuring these responses are effective and complete.

Spot check reviews by the professional bodies, on ISQM implementation, have already commenced, so the need to finalise these responses is urgent.

For those of you still in the process of ISQM1 implementation, please see our new ISQM TOOLKIT or if you prefer to chat through the different audit risks and potential appropriate responses presented by this new standard, please call or e-mail John McCarthy FCA or e-mail him at john@jmcc.ie.

We typically tailor training and brainstorming sessions to suit your firm’s unique requirements.

Publications and AML webinar:

  • The ISQM TOOLKIT 2022 is available to purchase here.
  • See our latest Anti-Money Laundering Policies Controls & Procedures Manual (March 2022) – View the Table of Contents click here.
  • Also we have an updated AML webinar (March 2022) available here, which accompanies the AML Manual. It explains the current legal AML reporting position for accountancy firms and includes a quiz. Upon completion, you receive a CPD Certificate of attendance in your inbox.
  • To ensure your letters of engagement and similar templates are up to date visit our site here where immediate downloads are available in Word format. A bulk discount is available for orders of five or more items if bought together.