Chapter 3: Professional Ethics

1. THE FUNDAMENTAL PRINCIPLES

A. Introduction to Professional Ethics:
● Professional bodies set high standards for their members.
● Codes of practice apply to all members, regardless of their area of work.
● Codes ensure professional services are performed by individuals of integrity and
competence.
● ICAP adopted the IESBA’s Code of Ethics as the ICAP Code.

B. Fundamental Principles:
● Integrity: Accountants should be honest in all professional and business
relationships.
● Objectivity: They should not allow bias or conflicts of interest to override professional
judgments.
● Professional competence and due care: Accountants must maintain knowledge
and skill to provide competent services based on current standards.
● Confidentiality: They should respect the confidentiality of information and not
disclose it without proper authority.
● Professional behavior: Compliance with laws and regulations, avoiding actions that
discredit the profession.

C. Conceptual Framework:
● ICAP Code provides a framework for applying fundamental principles.
● Accountants must identify threats, evaluate them, and address them to an acceptable
level.
● Professional judgment is exercised based on relevant training, knowledge, and
experience.
● Factors considered in exercising professional judgment include missing information,
inconsistency, expertise, and preconceptions.

D. Threats to Compliance:
● Self-interest: Financial interests, incentive-based compensation, personal
relationships with clients.
● Self-review: Reviewing one's own work, involvement in significant decisions affecting
financial reports.
● Advocacy: Defending a client's position in legal matters, promoting shares in a
client's company.
● Intimidation: Threats from clients affecting objectivity, pressure to agree with client
judgments.
● Familiarity: Close relationships with clients leading to compromised objectivity.

E. Responsibility and Safeguards:

● Accountants must identify, evaluate, and respond to threats.
● They can eliminate threats, apply safeguards, or decline/terminate activities.
 ● Safeguards include proper disclosures, consultations, and policies to mitigate risks.

Practice Question:
Mr. Omar is in charge of the quality control department of an audit firm. While reviewing the
working papers relating to some audit engagements of the firm, he came across the following
situations:

i. Situation 1: The spouse of a partner in the firm is a legal consultant and is assisting an
audit client of that firm in filing its tax return.

ii. Situation 2: The audit manager engaged on the audit of a company has been offered a job
by that company. He was asked to join on March 1, 2010, when the current CFO would retire.
The audit is expected to be completed on December 15, 2009.

iii. Situation 3: A meeting of the CEO of ABC & Company Limited and the audit engagement
partner was held to discuss the draft financial statements of the company for the year ended
September 30, 2009. Serious differences emerged between the two sides on the accounting
treatment and the disclosures of certain items, and consequently, the CEO informed the
engagement partner that unless the auditors agree to the company’s point of view, they
would not be reappointed for the next year.

iv. Situation 4: The engagement partner on the audit of XYZ Limited has been its
engagement partner for the past six years.

Solution:
i. Situation 1: This situation doesn't contain any apparent threat.

ii. Situation 2: Self-Interest Threat: The subsequent employment opportunity with the
assurance client is of personal interest to the audit manager, which could impair his
objectivity and independence. Additionally, if the company is listed, it should not appoint any
member of the audit engagement team or his close relative as its CEO/CFO/Internal
auditor/director within the next two years of their involvement in the audit. The manager
should immediately inform the engagement partner about his intentions, and the firm should
arrange proper replacements.

iii. Situation 3: Intimidation Threat: The CEO of the client has threatened replacement if the
auditors disagree with the company's point of view. In this case, the engagement partner
should discuss the issue with other partners in the firm, disclose it to the audit committee or
others charged with governance, and consider withdrawing from the current year
engagement.

iv. Situation 4: Familiarity Threat: The prolonged period during which the partner has been
the engagement partner could lead to a close relationship with the company, potentially
compromising his objectivity. If the company is listed, the firm is required by Code of
Corporate Governance (CCG) to rotate the partner in charge after five years. Even if it's a
non-listed company, rotation may be followed as best practice to avoid familiarity threat.
2. INTEGRITY, OBJECTIVITY, AND INDEPENDENCE

Introduction:
The revised ICAP code contains “International Independence Standards” (parts 4A and 4B).
This section focuses on part 4A, which relates to independence for audit and review
engagements.

A. The Requirement for Independence:

Independence is crucial for CAs in public practice and their firms when performing audit,
review, and other assurance engagements. It comprises:
● Independence of Mind: The auditor is free from bias, influence, or pressure when
making decisions, thus acting with integrity, objectivity, and professional skepticism.
● Independence in Appearance: It concerns how others view the auditor, ensuring
that their integrity, objectivity, or professional skepticism has not been compromised.
For an audit report to be valuable, the auditor must be both independent and seen to be
independent. This principle is central to the role of independence in auditing.

Illustration: Independence of Mind and Independence in Appearance:

● Independence of Mind: It allows the auditor to express a conclusion without being
influenced by biases or prejudices, thus ensuring integrity and objectivity.
● Independence in Appearance: It avoids circumstances where a reasonable third party
might conclude that the auditor's integrity, objectivity, or professional skepticism has
been compromised.
Independence of the auditor is vital for public confidence in the audit process.

Professional Skepticism:
Exercising professional skepticism is essential in auditing, requiring CAs to apply it when
planning and performing audits, reviews, and other assurance engagements.

B. Threats to Independence – Key Areas:

Threats to independence largely threaten the independence and objectivity of CAs or audit
firms. Although the ICAP Code provides a conceptual framework, specific guidance is given
in key areas where independence may be under threat.

a. Fees (s410):
The nature and level of fees can create self-interest or intimidation threats. The relative size
of fees, overdue fees, and ICAP directive 4.23 are important considerations. For public
interest entities, specific disclosures and quality control reviews are required if fees exceed a
certain percentage of total fees.

Practice Question 02:

In this scenario, the audit firm should address outstanding fees and a potential reduction in
fees. Self-interest threats may arise if fees remain unpaid for a long time, and a reduction in
fee may pose a threat to professional competence and due care. Safeguards should be
implemented, and discussions with the audit committee or those charged with governance
are necessary.
Practice Question 03:
To improve the relationship with the client, strategies include addressing the reasons for
changes in audit managers, arranging meetings with the CEO and finance department,
timely communication of audit plans to the Board/Audit Committee, and ensuring completion
of fieldwork and timely review. Discussions regarding fee enhancements should be initiated
once audit issues are addressed.

These strategies aim to maintain independence, integrity, and professionalism while ensuring
effective audit processes and client relationships.

b. Pricing:
When an assurance firm obtains an assurance engagement at a significantly lower level than
that charged by the previous firm, or quoted by other firms (known as “low-balling”), a
self-interest threat arises. This threat will not be reduced to an acceptable level unless:

● The firm can demonstrate that appropriate time and qualified staff are available.
● All applicable assurance standards and quality control procedures are being complied
with.

Practice Question 04:

Identify and evaluate the threats involved and explain how these threats can be reduced to
an acceptable level, in each of the following situations: A limited assurance engagement has
been accepted at a fee which is lower than the fee charged by the predecessor auditor.

Solution:
By agreeing to perform the engagement at a lower fee than that charged by the predecessor
firm, or quoted by other firms, a self-interest threat has been created.

Safeguards:
The self-interest threat created may be reduced to an acceptable level if the firm is able to
demonstrate that:
● Appropriate time and qualified staff are assigned to the task.
● All applicable assurance standards, guidelines, and quality control procedures are
being complied with.

c. Contingent Fees:
Contingent fees (direct or indirect) are fees that are calculated on a predetermined basis,
relating to the outcome or result of a transaction or the work performed. The ICAP Code
does not allow contingent fee arrangements because they create a self-interest threat. For
example, a fee based on the successful outcome of a loan application would create a
contingent fee and should be refused.

Fees should be charged based on the experience of the person doing the assurance work
and the time spent on the work.
Practice Question 05:
In this scenario, the audit firm faces a self-interest threat due to the close business
relationship between a member of the audit team's family and the audit client. The
relationship between the audit senior and the clearing agent could create a self-interest
threat, even though they are not immediate family members. The firm should consider the
significance of threats to the independence of the audit senior and take appropriate action,
such as removing the audit senior from the engagement team or having a chartered
accountant review their work.

Practice Question 06:

a) Since Olive Limited is not an audit client, the requested services may be provided.
However, fee arrangements based on the amount of eventual subscription received should
not be agreed upon, as they are considered contingent fee arrangements, which are
prohibited.

b) An appropriate engagement letter should disassociate the firm from management's

decisions and reconsider the fee arrangement to align with permissible modes, such as a
fixed fee or hourly basis.

Practice Question 07:

a) Revenue earned from specific clients, such as Pervez Limited (PL), Amin (Pvt) Ltd (APL),
Salman Limited (SL), and Tania Limited (TL), may create self-interest or intimidation threats
due to their significance to the firm's revenue or specific partners. Safeguards include
rotating clients among partners, increasing client bases, and conducting independent reviews
of engagements.

b) For clients with outstanding fees, the firm should consider the appropriateness of
continuing the engagement and discuss with the audit committee or those charged with
governance to ensure timely payment. Safeguards include discussing with the committee to
pay the fee at the earliest and appointing appropriate reviewers who did not participate in the
engagement.

d. Compensation and Evaluation Policies (s411)

A firm’s evaluation or compensation policies may introduce a self-interest threat, particularly
in the context of selling non-assurance services to audit clients. When an audit team
member's compensation or performance evaluation is tied to selling non-assurance services,
several factors determine the level of self-interest threat:

● Materiality of the compensation: If the compensation is significant, it increases the

self-interest threat.
● Seniority of the audit team member: More senior members may have greater
influence, amplifying the threat.
● Influence on promotion decisions: If selling non-assurance services affects promotion,
it intensifies the threat.
Safeguards to mitigate this threat include:
● Removing the person from the audit team: This reduces their direct involvement in the
audit process.
● Appropriate review of the work: Ensuring that work performed by the audit team
member is scrutinized.
● Prohibition for key audit partner: The key audit partner is barred from being evaluated
or compensated based on selling non-assurance services to the audit client.

e. Gifts and Hospitality (s420)

Accepting gifts or hospitality from an audit client can create self-interest, familiarity, or
intimidation threats. The Code specifies that such offerings should only be accepted if their
value is clearly trivial and inconsequential.

Specific considerations include:

● Influence on audit conduct: Gifts or hospitality should not influence professional
behavior, regardless of value.
● Frequency, nature, and cost: Hospitality should be reasonable in terms of these
factors.
Even if the value is trivial, improper intent to influence behavior is not allowed. Professional
judgment is often required to assess the consequences and impacts on stakeholders.

f. Actual and Threatened Litigation (s430)

Litigation involving an audit client or threats of litigation can create self-interest and
intimidation threats. The significance of these threats depends on various factors, including
the materiality of the litigation and its relation to prior audit engagements.

Safeguards to reduce these threats include:

● Removing involved individuals from the audit team: Especially if a member of the
team is directly implicated.
● Professional review of the work and assessment of the threat: Independent
assessment can provide clarity.
● Withdrawal from the engagement: If threats cannot be reduced to an acceptable
level.

g. Financial Interests (s510)

Financial interests in an audit client, whether direct or indirect, can create self-interest
threats. The Code outlines specific restrictions on holding financial interests, including:
● Immediate family members: Partners, audit team members, and their immediate
families are prohibited from holding significant financial interests.
● Controlled entities: Entities controlling the audit client or being controlled by them
pose threats.
Safeguards include disposing of financial interests, reducing them to immaterial levels,
removing individuals from the audit team, or resigning from the audit engagement if threats
cannot be mitigated adequately.

These safeguards also apply to retirement benefit plans holding financial interests in audit
clients.
 h. Loans and guarantees (s511)
A loan or a guarantee of a loan with an audit client may create a self-interest threat. If the
audit client is a bank or similar institution, no threat to independence is created where the
loan is made on normal terms to the audit firm or a member of the audit team. If the audit
client is not a bank or similar institution, the self-interest threat would be so great that no
safeguard could reduce the threat to an acceptable level, unless the loan is immaterial to
both the firm/member and the client.

i. Business Relationships (s520)

A commercial or common financial interest between an audit firm or a member of the audit
team and a client or its management may create a self-interest and intimidation threat. The
Code gives the following examples of such relationships:
● A material financial interest in a joint venture with the audit client or its senior
management.
● Arrangements to combine services or products, marketed with reference to both
parties.
● The firm acts as a distributor or marketer of the client’s products or services or vice
versa.

If the relationship relates to the audit firm, unless the financial interest is immaterial and the
relationship clearly insignificant to the firm, the Code states that there are no safeguards
which could reduce the threat to an acceptable level. Therefore, the only possible courses of
action are to:
● terminate the Business Relationship,
● reduce the level of the relationship so that the financial interest becomes immaterial
and the relationship insignificant, or
● refuse the assurance engagement.

If the relationship relates to a member of the audit team, as opposed to the firm, unless the
financial interest is immaterial and the relationship clearly insignificant to the individual, the
only appropriate safeguard would be to remove the individual from the assurance team.

The purchase of goods and services from an audit client by the firm or a member of the audit
team would not generally create a threat to independence provided:
● the transaction is in the normal course of business, and
● on an arm’s length.

However, the nature or number of such transactions could create a self-interest threat and
safeguards would need to be applied such as:
● eliminating or reducing the transactions
● removing the individual from the assurance team

For example, a new member of an audit team may have bought goods or services from the
audit client in the past, on normal commercial terms and at normal prices. This does not
create any problem. However, if the audit team member intends to continue using the goods
or services of the client to a significant extent, there may be some threat of a loss of
independence. If so, the individual should be asked not to buy from the client entity in the
future; if the individual does not wish to do this, he or she should probably be taken off the
audit team.

Example: commercial transaction with an audit team member

An audit firm has a client company, Zoomco, which operates a motor racing circuit. The audit
firm has discovered that the audit manager for the Zoomco audit keeps a racing car at
Zoomco’s circuit and uses the race track regularly. Because they are the audit manager,
Zoomco allows them 50% off normal charges for garaging the car and for use of the race
track.

Ethical position and measures:

The transaction between Zoomco and the audit manager is a normal commercial transaction
for Zoomco, but it is not at arm’s length because the audit manager gets 50% off normal
prices. The transaction may not be material for Zoomco, but it is likely to be material for the
audit manager. Consequently, there has been a breach of the ethical code by the audit
manager. The audit manager has created a self-interest threat (and possibly a familiarity
threat) by entering into the transaction with Zoomco.
● The ethics partner of the audit firm should be consulted and asked to assess the
materiality of the transaction between Zoomco and the audit manager and to consider
whether disciplinary action is appropriate.
● The audit manager should be removed immediately from the Zoomco audit team and
replaced by someone else.
● In view of the threat to the objectivity and independence of the former audit manager,
the audit plan for the Zoomco audit should be reviewed and amended if this is
considered necessary.

j. Recent Service with an Audit Client

When a former director, officer, or employee of an audit client becomes a member of the
audit team, several threats may arise, including self-interest, self-review, or familiarity threats.
These threats become particularly significant if the individual has to report on work they
carried out while employed by the client or if they are reluctant to criticize the work of former
colleagues.

The Code specifies that individuals who exerted significant influence over the preparation of
the client's accounting records or financial statements during their employment with the client
shall not be assigned to the audit team.

Threats also arise if the services were provided prior to the period covered by the audit
report. For example, if decisions or work from a prior period, while the individual was
employed by the client, are evaluated in the current audit engagement.

The existence and significance of these threats depend on factors such as the elapsed time,
the individual’s position with the client, and their role on the audit team.

Safeguards may include conducting a review of the work done by the individual as a member
of the audit team.
Example: Recent Service with an Audit Client
Sadeeq served as the finance director of Ramble, an audit client, for three years before
joining Ramble’s auditors, Tahir & Co., in March 2015 as a partner. Sadeeq is prohibited from
being a member of the audit team for Ramble’s 2015 statutory audit due to his prior
employment at the audit client in a position with significant influence over the subject matter.

k. Serving as a Director or Officer of an Audit Client

Serving as a director or officer of an audit client creates self-review and self-interest threats.
It is prohibited for a partner or employee of the audit firm to serve as a director or employee
of an audit client. The threats created would be so significant that no safeguards could
reduce them to an acceptable level.

An exception is made for serving as a company secretary if allowed under legislation, where
management makes all decisions, and the function is routine and administrative.

l. Employment with an Audit Client

Employment relationships with an audit client may create self-interest, familiarity, or
intimidation threats. Individuals who previously worked on the audit team might leave the
audit firm to work for the audit client, potentially creating familiarity or intimidation threats.

The Code specifies that such individuals must not receive benefits or payments from the firm
unless they are fixed, predetermined arrangements. Other safeguards include modifying the
audit plan, assigning an audit team of sufficient expertise, or arranging for additional reviews
of the work done.

For public interest entities, restrictions are stricter, and independence may be compromised if
former partners or employees join the client.

m. Temporary Personnel Assignments

Loaning personnel to an audit client may create self-review, advocacy, or familiarity threats.
Safeguards include limiting the assistance to a short period, avoiding prohibited
non-assurance services, and ensuring the audit client directs and supervises the personnel's
activities.

n. Long Association of Senior Personnel with an Audit Client

Using the same individual on an audit engagement over a long period may create familiarity
and self-interest threats. Safeguards might include rotating senior staff, involving additional
reviewers, or conducting regular independent quality reviews.

These sections highlight the importance of managing various threats to independence and
objectivity in the context of audit engagements.

For audit clients that are public interest entities, accounting or book-keeping services of a
routine or mechanical nature may only be provided to the divisions or related entities of the
public interest entity where the divisions or related entities for which the service is provided
are collectively immaterial to the financial statements.
 o. Administrative Services
Providing administrative services to an audit client, such as word processing, preparing
forms, or monitoring filing dates, typically doesn't create a threat to independence. Examples
include:
● Word processing services
● Preparing administrative or statutory forms
● Submitting forms as instructed
● Monitoring statutory filing dates

p. Valuation Services:
Valuation services can pose self-review or advocacy threats, especially when the valuation is
material to the financial statements and involves subjectivity. Here are some considerations:
● Self-Review Threat: Arises if the audit firm performs a valuation that will be included
in the financial statements it audits.
● Advocacy Threat: When the firm provides valuation services that may unduly
influence the client's financial reporting.

Practice Question 08:

Mr. Mahmood, engagement partner for Khyber Limited (KL) audit, disclosed that Better Life
Trust (BLT), where he's a trustee, intends to buy shares of KL.

a) Firm can allow this if Mr. Mahmood or family isn't a beneficiary, shares aren't significant to
BLT, BLT won't influence KL, and firm has no influence over KL investments. Otherwise,
shares must be sold or the engagement partner changed.

b) If Mr. Mahmood fails to disclose and shares are bought, he must sell them or be removed
if disclosed immediately. If not disclosed, an additional accountant should review his work.

Practice Question 09:

An audit trainee helped a client's managing director in a land purchase and received
commission. Evaluate threats and suggest actions to reduce risks. Self-interest threat arises
due to the trainee's financial interest. If immaterial, trainees can work, otherwise, they
shouldn't. If conduct violates firm policies, appropriate action should be taken.

Practice Question 10:

Nadir Limited (NL), a client, acquired 51% of Hamid Limited (HL), where a partner holds
shares. Evaluate the situation according to the Code of Ethics. As HL is now related to NL,
partner's holding creates a self-interest threat. As 85% of work is done, continuing
engagement is possible with proper disclosures and safeguards.

Practice Question 11:

A partner's spouse holds shares in a company the firm is advising. Evaluate threats and
suggest safeguards. Conflict of interest creates a threat to objectivity. Safeguards include
closely monitoring policies, review by senior staff, involving an unbiased accountant, and
consulting third parties.
Practice Question 12:
Evaluate threats in each case where firm NKC is considering accepting a client. Rashid's
wife's investment creates a self-interest threat. Zahid's investment creates a significant threat
if material. Ali's and Ovais's son's investments also create threats. Employees holding shares
pose threats depending on their relationship with the audit team. Safeguards include disposal
of investments or review by unbiased accountants.

Practice Question 13:

Sherbano Limited (SL) requested Farhad and Company to provide a consent letter for
auditing. A partner's wife is the Director Marketing in SL.
● Threats:
○ Independence Threat: Family and personal relationships can threaten
independence.
○ Self-Interest Threat: Partner's personal interest in spouse's career.
○ Familiarity Threat: Partner's familiarity with the Director Marketing.
○ Intimidation Threat: Fear of upsetting the partner due to the relationship.

● Safeguards:
○ Remove the partner from the assurance team.
○ Restructure responsibilities so the partner doesn't handle matters related to
the spouse.
○ Implement policies to encourage staff to report any independence issues.

Practice Question 14:

ABC and Company is requested to replace the retiring auditor for Sindh Limited (SL).
i. New Auditor's Responsibilities:
● Assess threats to compliance with fundamental principles.
● Evaluate significance of threats. Apply safeguards if threats are not insignificant.
● Communicate with the retiring auditor with client's permission.

ii. Retiring Auditor's Responsibilities:

● Respond to incoming auditor's queries with client's permission.
● Transfer books and papers promptly to the new auditor.

Safeguards:
● Retiring auditor should promptly transfer all relevant documents.
● If unable to communicate with the retiring auditor, alternative procedures should be
used.
● Consider declining engagement if significant threats persist.

Practice Question 15:

The engagement partner's brother-in-law became CFO of an audit client.
● Threats:
○ Perceived Independence Threat: Close personal relationship with CFO.
○ Self-Interest Threat: Partner's interest in brother-in-law's success.
○ Familiarity Threat: Partner's familiarity with the CFO.
 ● Safeguard:
○ Rotate the partner to prevent involvement in matters concerning the client.
○ If no other partner is available, consider withdrawing from the engagement.

Practice Question 16:

A partner in the firm is a close friend of the financial controller of Tahir Limited (TL).
● Threats:
○ Self-Interest Threat: Partner's personal interest in the friend's company.
○ Familiarity Threat: Partner's close relationship with the financial controller.
● Safeguard:
○ Restructure partner's responsibilities to minimize influence over the audit.
○ Have an independent chartered accountant review relevant work.

Practice Question 17:

Sameer, a manager in the firm, has a close personal relationship with the CFO of an audit
client, although he hasn't been assigned to that client.
● Threats:
○ Self-Interest Threat: Sameer's personal interest in maintaining the
relationship.
○ Familiarity Threat: Sameer's close relationship with the CFO.
● Safeguard:
○ Structure Sameer's responsibilities to minimize influence over the audit.
○ Have an independent chartered accountant review relevant work.

Practice Question 27:

Romeo Supermarket Limited (RSL) - Juliet Limited (JL):
Providing due diligence services to RSL, which intends to acquire a significant stake in JL,
may create conflicts of interest and self-review threats. Safeguards should include:
● Separate engagement teams for RSL and JL
● Clear guidelines on confidentiality and security
● Obtaining consent and acknowledgment from both parties regarding potential
conflicts.

Practice Question 28:

Watto Limited:
If the valuation services provided to Watto Limited are material or involve subjectivity, a
self-review threat is created. Safeguards may include:
● Having an independent professional review the valuation work
● Obtaining client approval for underlying assumptions and methodologies
● Ensuring personnel involved in valuation are not part of the audit engagement team.

Practice Question 29:

Iqbal Limited:
Potential threats include conflicts of interest and breaches of confidentiality. Safeguards
could include:
● Notifying both parties of the firm's dual role and obtaining consent
● Using separate engagement teams
● Strict procedures to prevent access to sensitive information
Practice Question 30:
a) Advice on Financing Arrangement:
Potential threats include advocacy and self-review. Safeguards:
● Policies preventing involvement in client management decisions
● Using professionals not on the assurance team
● Obtaining client consent and acknowledgment of risks.

b) Conflict of Interest:
There's no apparent conflict if the firm is not involved with the financial institutions.
Confidentiality requirements should be observed.

Practice Question 31:

Beta (Private) Limited (BPL):
A self-review threat exists due to the previous valuation service provided to BPL.
Safeguards:
● Review of work by an independent professional
● Non-involvement of valuation personnel in the audit
● Engagement of another firm to evaluate the valuation results.

Practice Question 32:

Award Competition Verification:
If the award competition materially affects financial information, a self-review threat exists.
Consideration should be given to declining the assignment.

Tax Services:
Taxation services include tax return preparation, tax planning, and assistance in resolving tax
disputes. These services may create threats to independence, particularly self-review and
advocacy threats.

Tax Return Preparation:

Generally, preparing tax returns for audit clients doesn't create a threat if management takes
responsibility for any significant judgments made.

Tax Calculations for Accounting Entries:

For non-public interest entities, preparing tax calculations for accounting entries may create a
self-review threat. Safeguards include using professionals not on the audit team or having a
partner/senior staff member review the calculations.

Public Interest Entities:

For public interest entities, firms should not prepare tax calculations for accounting entries
that are material to the financial statements unless in emergency situations.

Tax Planning and Advisory:

Tax planning and advisory services can create self-review threats if the advice affects
financial statements. Safeguards may include having an independent tax professional review
the advice.
Assistance in Tax Disputes:
Assisting in tax disputes may create advocacy or self-review threats, particularly if the firm
has provided the advice in question. Safeguards include using professionals not on the audit
team and obtaining external tax advice.

Practice Question 33:

Investigation by Tax Authorities:
● A review of the financial statements and tax returns should be conducted to
investigate the allegations.
● If financial statements are misstated, appropriate actions should be taken, such as
revising them.
● If the misstatement was intentional, the firm may need to reconsider its relationship
with the client.

Practice Question 34:

Outsourcing of Internal Audit Department:
● Safeguards include clear separation between client management and internal audit
activities, with the client responsible for internal audit decisions and findings.

Recruitment of CIA:
● Firms should not make management decisions for clients. Advising on candidate
suitability or producing short-lists can be acceptable.
● Contingent fees create self-interest and advocacy threats and should be avoided.

Providing Audit Staff on Secondment:

● Similar to outsourcing, safeguards include separation between internal audit activities
and client management.

Practice Question 35:

Internal Audit Services for a Public Interest Entity:
● Providing internal audit services creates self-review threats.
● Firms should avoid providing services related to significant internal controls over
financial reporting or financial accounting systems.

Practice Question 36:

Outsourcing Internal Audit:
● Safeguards include separation of management and internal audit activities, with the
client responsible for internal controls and decision-making.

Recruitment of CIA:
● Firms should not make management decisions but can provide advisory services on
candidate suitability.

Secondment of Audit Staff:

● Similar to outsourcing, safeguards include separation between internal audit activities
and client management.
IT Systems Services:
IT systems services involve the design and implementation of Financial Information
Technology Systems (FITS) and may create self-review threats. Safeguards are necessary to
mitigate these threats.

Safeguards:
● Client Responsibility: The client should acknowledge its responsibility for the system
of internal controls.
● Designated Employee: The client should designate a competent employee, preferably
senior management, to be responsible for management decisions in the design and
implementation process.
● Client Decision-making: All management decisions regarding the system should be
made by the client.
● Client Evaluation: The client should evaluate the adequacy and results of the design
and implementation of the system.
● Operation Responsibility: The client should be responsible for the operation of the
system and the data generated by it.

Public Interest Entities:

For public interest entities, firms should not provide services involving the design or
implementation of IT systems that form a significant part of internal control over financial
reporting or generate information significant to the financial statements.

Practice Question 37:

Engagement with Crimson Limited:
● While the engagement is not restricted for an unlisted company, self-review threats
should be considered.
● Safeguards include ensuring client responsibility for internal controls, management
decision-making, and evaluation of the system.

Practice Question 38:

Systems Auditor Accusation:
● If the accusation is true, immediate action should be taken to remove the Systems
Auditor from all jobs and potentially dismiss them.
● Review of recruitment and training policies may be necessary.

Practice Question 3P9:

Implementation of New IT System:
● Prohibited services under listing regulations include financial IT system design and
implementation.
● If the engagement is not significant to overall financial statements, safeguards similar
to those for FITS should be applied.

Practice Question 40:

Litigation Support Services for JKL Limited:
● Self-review threats may arise from estimating damages that affect financial
statements.
 ● Safeguards include advising the client on decision-making, ensuring employees don't
participate in management decisions, and considering involvement of independent
experts.

In each case, careful consideration of threats and appropriate safeguards is necessary to

ensure compliance with ethical standards and regulations.

Legal Services:
● Legal services provided by audit firms can create various threats, depending on the
nature of the service, the provider's relationship with the assurance team, and the
materiality of the matter.

Threats and Safeguards:

● Nature of Service: Legal services may create self-review or advocacy threats.
● Provider Relationship: If the provider is also a member of the assurance team, threats
to independence may arise.
● Materiality: The materiality of the matter involved also affects the significance of the
threats.

Acting for Audit Client in Dispute Resolution:

● Resolution of a dispute or litigation involving material amounts to the financial
statements creates significant advocacy or self-review threats.
● Such work should not be accepted.

General Counsel Role:

● A partner or employee of the firm serving as General Counsel for legal affairs of an
audit client creates threats to independence and objectivity.

Practice Question 41:

Recruitment of CFO for Pentagon Limited:
● Recruitment of senior management creates self-interest, familiarity, and intimidation
threats.
● Applications from CFOs of existing assurance clients create a conflict of interest.
● Safeguards include restricting management decisions to advising, using separate
engagement teams, and ensuring confidentiality.

Practice Question 42:

Recruitment of Finance Director for Josh Limited:
● Recruitment may result in self-interest, familiarity, and intimidation threats.
● Safeguards include not making management decisions, using separate teams, and
clear guidelines for objectivity and confidentiality.

Practice Question 43:

Deputation for Training at Brokerage House:
● Supervising employees of an assurance client may create self-review or self-interest
threats.
● Safeguards include ensuring personnel providing services do not participate in the
assurance engagement.
Practice Question 44:
Handling Funds for MNC Establishment:
● Assuming custody of a client's funds creates self-interest threats to professional
behavior and objectivity.
● Safeguards include keeping funds separate from firm assets, using funds only for
intended purposes, and compliance with relevant laws and regulations.

Practice Question 45:

Intermediary Role for Jupiter Limited:
● Provision of advisory services and custody of assets create self-review, self-interest,
and threat to independence.
● Safeguards include policies to prohibit staff from making management decisions,
involvement of additional chartered accountants, and compliance with relevant laws
and regulations.

In each case, evaluation of threats and application of appropriate safeguards are necessary
to maintain compliance with ethical standards and regulations.

Safeguarding Independence:
The responsibility for safeguarding independence is shared between the individual auditor (or
audit practice) and the profession as a whole.

Responsibilities of Individual Auditors and Audit Practices:

● Culture of Independence: All partners and employees in an audit firm should share a
belief in auditors' independence.
● Rotation of Engagement Partner: To prevent too close a relationship with the client,
there should be rotation of the engagement partner and senior staff.
● Procedures:
○ Training: Provide appropriate training on maintaining an independent opinion
during audit work.
○ Quality Control: Implement procedures for quality control to ensure
independence is considered in all work.
○ Consultation: Establish internal procedures for consultation to discuss
independence-related questions.
● Addressing Independence Threats:
○ Take appropriate action if a situation threatens independence, such as
rejecting an appointment or resigning from the audit.

Responsibilities of the Profession:

● Professional bodies expect compliance with codes of conduct related to
independence and Suggestions for improving independence include regular rotation
of auditors and the use of audit committees.

Period During which Independence is Required:

● Independence must be maintained during both the engagement period and the period
covered by the financial statements.
● For recurring audits, independence is required until notification of the end of the
professional relationship or issuance of the final audit report.
Mergers and Acquisitions:
● Independence is threatened when an entity becomes related to an audit client due to
a merger or acquisition.
● Safeguards include review by an independent chartered accountant or engagement
quality control review.

Practice Question 46:

● Threats: Self-review and advocacy threats.
● Safeguards: Avoid including staff who participated in due diligence in the audit team,
involve additional review, or consult an independent third party.

Practice Question 47:

● Threats: Self-interest threats to objectivity and professional competence.
● Safeguards: Disclose the conflict of interest to clients, obtain consent, and review
work by an independent chartered accountant.

Practice Question 48:

● Threats:Self-interest threats to objectivity and professional competence.
● Advice: Disclose the referral fee arrangement to the client before making the referral.

Practice Question 49:

● Threats: Self-interest threat to objectivity, professional competence, and due care.
● Action: Ensure full disclosure of the referral fee arrangement to clients and assess
whether it poses a threat to independence.

Case Study 1: Tahir and Shafique

Situation 1:
● Threats: The invitation for Mr. Tahir and his wife to a celebratory weekend in Dubai
from Entity X's managing director poses a threat to independence, as it may create a
perception of being too close to the client.
● Action: The offer should be refused as it does not meet the criteria of insignificant
value. Additionally, considering Mr. Tahir's 20-year tenure as the engagement partner,
there is a risk of over-familiarity, and rotation should be strongly considered to
maintain independence.

Situation 2:
● Threats: Mr. Kashif's role as an audit manager and his parents being the directors
and shareholders of Entity Y may compromise his objectivity.
● Action: Mr. Kashif should not be part of the audit team or in a position to influence it. If
this cannot be assured, the firm should not accept the audit engagement.

Situation 3:
● Threats: Dawood's long-term involvement with Entity Z's audit may lead to undue
familiarity and intimidation if the finance director dictates the audit team composition.
● Action: The firm should not allow clients to dictate staffing issues. If compliance with
the finance director's request is not appropriate, the firm should assure them of
adherence to professional standards and staff the team appropriately.
Case Study 2: Happy Day
● Free Tickets Proposal: Not acceptable as it may create a self-interest threat and does
not align with the requirement for gifts or hospitality to be of insignificant value.
● Secondment Proposal: Acceptable with safeguards.

Safeguards:
● The second should not be involved in future audits to avoid self-review and familiarity
threats.
● The composition of the current year's audit team should be reviewed to prevent
significant influence by the second through personal relationships.
● The second should not be in a position to influence management decisions, and
management must take full responsibility for such decisions.

3. CONFIDENTIALITY AND CONFLICTS OF INTEREST

3.1 The basic principle:
● Both ICAP's Code of Conduct and IFAC’s Code of Ethics emphasize confidentiality as
a fundamental principle. Information obtained during professional work should not be
disclosed or used unless permitted by law, with consent, required by law, or when
there's a professional duty or right to disclose.

3.2 Recognized exceptions to the duty of confidentiality:

Disclosure permitted by law and authorized by the client or employer:
● Situations like reporting to a bank or listing authority may require disclosure, but
authorization from the client is necessary.

Disclosure required by law:

● ICAP members may need to disclose information to legal authorities in circumstances
such as legal proceedings or when suspicions of money laundering arise.

Professional duty or right to disclose, when not prohibited by law:

● Examples include compliance with quality review, responding to inquiries by
regulatory bodies, or protecting professional interests in legal proceedings.

Other considerations:
● Members should consider the harm to all parties if information is disclosed, ensure all
relevant information is known, and consider the appropriate recipients of
communication. Seeking legal advice or consulting ICAP may be necessary if
uncertain.

3.3 Improper use of information:

● Members should not use confidential information for personal advantage or the
advantage of a third party. For example, insider dealing or providing an opinion on a
client based on confidential information from another source.
3.4 Confidentiality of working papers:
● Working papers containing confidential client information belong to the accountant
and should not normally be shared. However, in certain situations, such as requests
from government agencies, disclosure may be necessary in the best interest of the
client.

Practice Question 50:

a) Close Relative's Inquiry:
● Information Disclosure: Remuneration of the chief executive is public information and
can be disclosed.

b) Manager's Inquiry:
● Information Disclosure: Detailed internal control information is not public and should
not be disclosed.

c) Sister's Inquiry:
● Information Disclosure: Cannot provide details about the product's ingredients due to
confidentiality rules.

d) Friend's Inquiry:
● Information Disclosure: If required by law, disclosure may be necessary, but the client
should be informed beforehand.

e) Younger Brother's Inquiry:

● Information Disclosure: Limited information may be provided if it's public and within
the company's practices.

f) Father's Inquiry:
● Information Disclosure: Past earnings per share information may be disclosed as it's
public, but future projections should not be disclosed.

g) Ministry of Health Inquiry:

● Information Disclosure: Disclosure should be considered only if required by law, and
the client should be informed beforehand.

h) Insider Trading Inquiry:

● Information Disclosure: No information should be provided as it could potentially
involve insider trading.

3.5 Conflicts of interest

Conflicts between members and clients:
● ICAP members or firms should not accept or continue engagements where there's a
conflict of interest. The test is whether a "reasonable and informed third party" would
consider the conflict likely to affect judgment.
● Examples include acting for two clients with conflicting interests in the same matter,
competing with the client, or advising on transactions where the accountant's
personal interests are involved.
Safeguards:
● Procedures should be in place to identify and evaluate possible conflicts and take
necessary action to manage or avoid them.
● This may involve reviewing client relationships regularly, considering potential
conflicts when taking on new clients, and notifying affected clients.
● Safeguards can include setting up 'Chinese walls' to manage conflicts, resigning from
one of the competing clients, or declining new engagements that pose conflicts.

Conflicts between competing clients:

● A firm may act for two clients in direct competition. Confidential information about one
client should not be disclosed to the other.
● Safeguards include careful consideration before accepting engagements from
competing clients, using different staff on each engagement, and full disclosure to
both clients with steps to manage the conflict.

Disclosure and consent:

● Accountants must exercise professional judgment to determine if disclosure and
consent are necessary to mitigate conflicts.
● Disclosures can be general or specific, and it's encouraged to make them in writing. If
not in writing, the nature of circumstances, safeguards, and consents obtained should
be documented.
● If a client refuses to provide explicit consent, professional services should be ended.

Practice Question 51:

● Threats involve objectivity or confidentiality when a firm serves clients in dispute.
● Safeguards include separate engagement teams, procedures to prevent access to
information, confidentiality agreements, and regular reviews of safeguards.
● In extreme cases, resignation from the engagement may be necessary.

Practice Question 52:

● If a senior member of the assurance team is involved in litigation with a client, threats
to objectivity or confidentiality arise.
● Safeguards include disclosing the extent and nature of litigation, involving an
additional accountant to review the work, and taking appropriate action against the
member if necessary.
● When two listed companies are in dispute and the firm audits both, safeguards
include notifying clients of potential conflicts, using separate engagement teams, and
obtaining consent from all relevant parties.
● Resignation from the engagement may be necessary if conflicts cannot be
adequately managed.

4. CORPORATE FINANCIAL ADVICE

4.1 Advising clients involved in take-over bids or share issues
Auditors often provide corporate finance advice, but certain services may create significant
threats such as advocacy and self-review, making them unsuitable for auditors to undertake:
● Examples include promoting, dealing in, or underwriting an assurance client's shares,
or committing a client to transaction terms.
 ● In contested take-over bids, auditors may find themselves potentially acting for both
parties, creating risks of lack of independence and breach of confidentiality.

Guidelines:
● Firms should not be the sole or main advisor to both parties in contested take-over
bids.
● If auditors possess material confidential information and feel their position is
questionable, they should seek advice from the appropriate financial regulatory
authority.

Similar conflicts of interest may arise:

● Contested Takeover Bids: Auditors should avoid being the sole or main advisor to
both parties. They should seek advice from the relevant financial regulatory authority
if they have material confidential information.
● Share Issues to the Public: Auditors may advise both the company issuing shares
and potential investors, creating conflicts of interest. They should manage these
conflicts carefully and ensure they do not compromise independence or
confidentiality.

5. RESPONDING TO NON-COMPLIANCE WITH LAWS AND REGULATIONS

5.1 Actual or suspected non-compliance
Non-compliance with laws and regulations (NOCLAR) can comprise acts contrary to
prevailing laws or regulations committed by an entity's management, directors, or those
charged with governance. When a chartered accountant (CA) becomes aware of actual or
suspected non-compliance while providing professional services to a client, it creates threats
to integrity and professional behavior.

Laws and regulations to consider:

● Those directly affecting material amounts and disclosures in the client’s financial
statements.
● Other laws and regulations fundamental to the client’s business operations or its
ability to continue business.

Steps to follow:
● Consult confidentially with others within the firm, ICAP, or legal counsel.
● Discuss the matter with appropriate management levels and those charged with
governance.
● Engage with internal auditors or risk managers, if applicable.

5.2 Management’s action

Management and those charged with governance are responsible for responding
appropriately and timely to non-compliance. A CA should assess the adequacy of
management's response. If there is a lack of confidence in management's integrity or action:
● Disclose the matter to an appropriate authority, even without a legal or regulatory
requirement.
● Withdraw from the engagement and professional relationship where permitted by law
or regulation.
5.3 Disclosure of non-compliance
A CA should determine whether to disclose the matter to an appropriate authority based on
the actual or potential harm caused to stakeholders such as investors, creditors, employees,
or the public. Disclosure may be necessary in situations involving bribery, regulatory threats,
trading consequences, harmful products, or tax evasion.

Confidentiality requirements:
● The fundamental principle of confidentiality prohibits disclosure of confidential
information without proper authority, unless there is a legal or professional duty to
disclose.
● However, when disclosure to an appropriate authority is deemed appropriate, it is
permitted under the confidentiality requirements of the Code, with the CA acting in
good faith and considering whether to inform the client before disclosing the matter.

Linking ethical code with ISAs:

● Consideration of ISA 250 and ISA 260 is vital to understand the auditor's duties
regarding laws and regulations and communication requirements with those charged
with governance, including instances of non-compliance.

6. PAIB REQUIREMENTS FOR CHARTERED ACCOUNTANTS IN PRACTICE

The Code provides ethical requirements for Professional Accountants in Business (PAIB),
particularly for chartered accountants working in public practice or audit firms as employees.
Here are examples of situations where PAIB provisions in the Code apply:

1. Conflict of Interest in Vendor Selection:

● Example: Facing a conflict of interest when responsible for selecting a vendor for the
firm, where an immediate family member might benefit financially.
● Relevant requirements: Conflict of interest provisions (s210) apply in these
circumstances.

2. Preparing or Presenting Financial Information:

● Example: Preparing or presenting financial information for the accountant’s client or
firm.
● Relevant requirements: Requirements and application material related to preparing
and presenting financial statements (s220) apply.

3. Inducements and Gifts:

● Example: Being offered inducements, such as complimentary tickets to sporting
events, by a supplier of the firm.
● Relevant requirements: Inducements, including gifts and hospitality provisions (s250)
apply.

4. Pressure to Misreport Chargeable Hours:

● Example: Facing pressure from an engagement partner to report chargeable hours
inaccurately for a client engagement.
● Relevant requirements: Pressure to breach the fundamental principles provisions
(s270) apply.
In each of these situations, chartered accountants in practice must adhere to the relevant
ethical requirements outlined in the Code. These requirements guide their behavior and
decision-making to ensure compliance with professional standards and uphold the
fundamental principles of integrity, objectivity, professional competence and due care,
confidentiality, and professional behavior.
 Chapter 7: Understanding the entity and the risk assessment

1. IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT

THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT (ISA 315(REVISED
2019))

Introduction
ISA 315 (Revised 2019) focuses on several key areas:
● Risk Assessment Procedures and Related Activities
● Obtaining an Understanding of the Entity and Its Environment, the Applicable
Financial Reporting Framework, and the Entity’s System of Internal Control
● Identifying and Assessing the Risks of Material Misstatement
● Documentation
The standard is supported by six appendices providing detailed guidance on inherent risks,
IT controls, and internal audit, with a greater focus on IT environment and controls.

1.1 Risk Assessment Procedures and Related Activities

The auditor must perform risk assessment procedures to identify and assess risks of material
misstatement at both financial statement and assertion levels. However, these procedures
alone do not provide sufficient audit evidence for forming an opinion.

Risk assessment procedures include:

● Inquiries from management and others within the entity.
● Analytical procedures, which may help identify unusual transactions, events,
amounts, ratios, and trends.
● Observation and inspection.
These procedures are scalable based on the complexity, nature, and size of entities.
Automated tools and techniques may be used for risk assessment procedures on large
volumes of data.

Related activities include:

● Client acceptance or continuance process
● Information from previous audits, including past misstatements and significant
changes in the entity's operations
● Discussion among the engagement team, providing insights into business risks and
understanding the potential for material misstatement.

1.2 Professional Skepticism

Professional skepticism is crucial for auditors in making professional judgments and guiding
their actions. The standard emphasizes its application for critically assessing audit evidence
gathered during risk assessment procedures.

Ways to apply professional skepticism include:

● Questioning contradictory information and the reliability of documents.
● Considering responses to inquiries and information from management and those
charged with governance.
● Being alert to conditions indicating possible misstatement due to fraud or error.
 ● Evaluating whether audit evidence obtained supports the auditor’s identification and
assessment of risks of material misstatement in light of the entity’s nature and
circumstances.

2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT, THE APPLICABLE

FINANCIAL REPORTING FRAMEWORK (ISA 315(REVISED 2019))

Introduction
ISA 315 (Revised 2019) encompasses three main areas for the auditor's understanding:
● The entity and its environment
● The applicable financial reporting framework
● The entity’s system of internal control

2.1 The Entity and Its Environment

Nature of the Entity:
This includes the entity’s organizational structure, ownership, governance structures,
business model, and relevant industry, regulatory, and external factors.
● Industry Factors: Market and competition, cyclical or seasonal activity, product
technology, energy supply and cost.
● Regulatory Factors: Accounting principles, regulatory framework, legislation, taxation,
environmental requirements.
● Other External Factors: General economic conditions, interest rates, availability of
financing, inflation/currency revaluation.
● Measures Used to Assess Financial Performance: Key performance indicators,
period-on-period financial performance analyses, budgets, forecasts, employee
performance measures, comparisons with competitors.

2.2 Applicable Financial Reporting Framework

This involves understanding accounting principles, industry-specific practices, and the
framework's application to significant classes of transactions, account balances, and
disclosures. Key areas include revenue recognition, financial instruments, foreign currency,
and complex transactions.

Understanding how inherent risk factors affect assertions helps in:

● Preliminary assessment of the likelihood or magnitude of misstatements.
● Designing and performing further audit procedures.

2.3 Components of Internal Control

● Control Environment: Evaluating the entity's culture, governance oversight,
assignment of authority, and competence.
● Risk Assessment Process: Understanding how the entity identifies and assesses
business risks relevant to financial reporting objectives, including fraud risks.
● Monitoring of Internal Control: Assessing ongoing or periodic monitoring activities,
evaluation of results, addressing deficiencies, and considering IT-related controls.
Information System and Communication:
Understanding the entity’s information system and communication involves:
● Understanding information processing activities.
● Reviewing how the entity communicates significant matters related to financial
reporting.
● Evaluating if the information system and communication effectively support financial
statement preparation.

Control Activities
● Identifying controls addressing risks of material misstatement at assertion level.
● Evaluating whether controls are effectively designed and implemented.
● Examples of Control Activities: Document approval, accuracy checks, reconciliations,
limiting physical access.

Practice Question 01
In response to a cyber-attack on Beta Bank Limited, the course of action includes
discussions with management and governance, consulting legal advisors, assessing claims,
inspecting correspondence with the Central Bank, involving IT experts, and revising initial
risk assessments.

Understanding these aspects enables auditors to evaluate the effectiveness of internal

controls, identify risks of material misstatement, and tailor audit procedures accordingly.

1. Discussion with Management and Governance:

● Discuss how the incident occurred, the extent and nature of data lost, and BBL’s
plans to mitigate and rectify the situation.
● Assess if a going concern assessment has been performed to evaluate the incident's
impact on financial statements.

2. Consultation with Legal Advisor:

● Seek advice on relevant laws and regulations and the potential impact of
non-compliance on the client.

3. Consultation with Auditor’s Expert:

● Consider consulting with an expert to understand the possible legal consequences of
the incident.

4. Details of Customer Claims:

● Obtain details about claims filed by customers against BBL and inquire whether BBL
intends to honor those claims. Make provisions in financial statements accordingly.

5. Assessment of Central Bank Correspondence:

● Inspect correspondence with the Central Bank to assess BBL’s exposure towards
penalties and fines.

6. Inspection of Subsequent Payments:

● Inspect subsequent payments and post-year-end accounts to ascertain the amount of
penalties and fines incurred.
7. Involvement of IT Expert:
● Engage the firm’s IT expert to determine the cause of the data breach and its impact
on other controls of the entity.

8. Evaluation of IT Automated Controls:

● Determine whether continued reliance can be placed on IT automated controls or if
adjustments are needed.

9. Risk Assessment by Management:

● Inquire whether management has conducted a risk assessment for the possible loss
of business and its impact on financial statements.

10. Key Audit Matter in Auditor Report:

● Include the cyber-attack incident as a key audit matter in the auditor's report, detailing
how it was addressed.

11. Management's Disclosure:

● Consider whether management disclosed the cyber-attack incidence to the audit
team. If not, evaluate the implications for the audit.

12. Revision of Risk Assessment:

● Revise the initial risk assessment, considering the impact on the nature, timing, and
extent of other planned audit procedures.

2.4 Tutorial Notes: How to Deal with Risk Assessment (Mix) Questions in Exam**
Assertion by Assertion Responses (Account Balances):

i) Existence:
● Physical verification
● Third-party confirmations

ii) Accuracy, Valuation, and Allocation:

● Matching amounts to invoices
● Recalculations
● Review of post-year-end payments and invoices
● Expert valuation

iii) Completeness:
● Cut-off testing
● Analytical review
● Confirmations
● Reconciliations to control accounts

iv) Rights and Obligation:

● Reviewing invoices for proof of ownership
● Confirmation with third parties
v) Classification and Presentation:
● Confirming compliance with laws and financial reporting framework
● Check the recording in the proper account
● Reviewing notes for understandability
● Confirming accounting policy consistency and reasonableness

vi) Occurrence:
● Inspection of supporting documentation
● External confirmations

vii) Cut-off:
● Cut-off testing
● Analytical review
These steps ensure a comprehensive response to the cyber-attack incident and adherence
to auditing standards in risk assessment.

3. IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENTS

3.1 Financial Statement Level

At this level, risks relate pervasively to the financial statements as a whole and can affect
many assertions. The auditor's identification and assessment of risk of material
misstatements are influenced by factors such as the understanding of the entity’s system of
internal control, control environment, risk assessment process, process to monitor the
system of internal control, and control deficiencies.

3.2 Assertion Level

Assertions are representations made by management about recognition, measurement,
presentation, and disclosure. Various assertions impact classes of transactions or account
balances. For each identified risk of material misstatement at the assertion level, the auditor
is required to assess the likelihood and magnitude of material misstatement, determine if
identified risks are significant, and assess whether substantive procedures alone are
sufficient.

3.3 Inherent Risks

Inherent risk is influenced by factors such as complexity, subjectivity, change, uncertainty,
and susceptibility to misstatement. It is measured on a spectrum of inherent risk.

3.4 Assessing Control Risks

A separate assessment of inherent risk and control risk is required. If auditors plan to test
controls, they assess control risk. Otherwise, control risk assessment is aligned with inherent
risk assessment.

3.5 Material Classes of Transactions, Account Balances, and Disclosures

Materiality and audit risk are considered when identifying and assessing risks. Reevaluation
of materiality judgments may be necessary.
3.6 Revision of Risk Assessment
If new information conflicts with the original risk assessment, auditors revise the assessment.

3.7 Documentation
Discussions among the engagement team and significant decisions, key understanding
obtained, sources of information, evaluation of control design, identified and assessed risks,
and the rationale for significant judgments made are documented.

4. INFORMATION SYSTEM AND COMMUNICATION

i) Controls in a Manual System
Controls in a manual system may include approvals, transaction reviews, reconciliations, and
follow-up of reconciling items.

ii) Controls in IT Systems

Controls in IT systems consist of a combination of automated controls and manual controls.

ii) Benefits of IT in Entity's Internal Control:

● Consistently apply predefined business rules and perform complex calculations for
large volumes of data.
● Enhance timeliness, availability, and accuracy of information.
● Facilitate additional analysis of information.
● Enhance the ability to monitor entity performance.
● Reduce the risk of control circumvention.
● Enhance the ability to achieve effective segregation of duties.

iii) Risks of Using IT in Internal Control

● Reliance on faulty systems or programs.
● Unauthorized access to data.
● IT personnel gaining unauthorized access privileges.
● Unauthorized changes to data in master files or systems.
● Failure to make necessary changes to systems or programs.
● Inappropriate manual intervention.
● Potential loss of data or inability to access data as required.

iv) Manual Elements in Internal Control

Manual elements may be more suitable where judgment and discretion are required, such as
in large, unusual, or non-recurring transactions, or when errors are difficult to define or
predict, among others.

v) Scalability
Understanding the entity’s IT environment is easier for less complex entities compared to
complex ones, which may require dedicated IT departments and structured IT processes.

vi) General IT Controls

These controls relate to many applications and support the effective functioning of application
controls. They include controls over applications, databases, operating systems, and
networks. Examples include controls over access management, change management, and
IT operations management.

5. IT RISKS AND CONTROLS

5.1 What is ICT and the Related Security Issue
ICT (Information and Communications Technology) encompasses various technologies for
gathering, storing, retrieving, processing, analyzing, and transmitting information, including
hardware and software such as smartphones, computers, drones, and artificial intelligence.
As businesses increasingly rely on ICT for communication and operations, they face security
challenges such as cyber-attacks and breaches.

i) IT Security
Businesses face increasing vulnerability to security breaches due to trends like mobile
technology, cloud computing, and social networking. Key areas of ICT security include
identity and access management (IAM), secure content and threat management (SCTM),
and security and vulnerability management.
5.2 Improvements in ICT Processes
i) Risk Control and Internal Audit Function
Companies should assign responsibility for managing ICT and security risks to a dedicated
risk control function, ensuring its independence from ICT operations. This function should
report directly to management and oversee adherence to the ICT risk management
framework. The internal audit function should independently review and assure compliance
with policies and procedures.

ii) Classification and Risk Assessment

Companies should classify business functions, supporting processes, and information assets
based on their criticality. Risk assessments should consider confidentiality, integrity, and
availability requirements, updated annually or as needed. Continuous monitoring of threats
and vulnerabilities is essential.

5.3 Data Analytics

Data analytics involves collecting, organizing, and interpreting statistical information to
support decision-making. Big Data, generated from various sources including social media
and mobile phones, is increasingly important for businesses. Data analysts use advanced
computer models to extract, analyze, and present meaningful insights for decision-making.

5.4 Identification of Cyber Security Risks

i) Identifying and Assessing Cyber Risk
Cyberattacks are increasing, posing risks to organizations of all sizes. Identifying
vulnerabilities and assessing risks are crucial steps. Cyber risks can come from external
threats like phishing and ransomware, as well as internal events such as human error or
misconduct.

ii) Risk Assessment

Cyber security risk assessments help identify threats and vulnerabilities that attackers could
exploit. Risk evaluation considers the importance to the business, the level of control, and
potential losses. Risk analysis determines the resources needed for mitigation and the
potential consequences of incidents.

5.5 Common Cyber-Security Risks and Use of Controls to Mitigate Them

i) Cyber-security Risk Description Prevention

● Malware
Malware installs itself on a system, causing unusual behavior such as denying
access, deleting files, or stealing information. Prevention includes having the latest
anti-malware programs installed and recognizing suspicious links, files, or websites.

● Password Theft
Unauthorized access through stolen or guessed passwords can lead to data
breaches. Two-factor authentication and using complex passwords can mitigate this
risk.
 ● Traffic Interception
Third parties intercept information sent between users and hosts. To prevent this,
avoid compromised websites and encrypt network traffic, such as through a VPN.

● Phishing Attacks
Phishing emails or messages request sensitive data. Prevention involves educating
users to recognize suspicious requests and avoid providing personal information.

● Distributed Denial of Service (DDoS)

Malicious parties overload servers with traffic, causing websites to slow down or shut
down. Mitigation includes identifying and blocking malicious traffic, sometimes
requiring server maintenance.

● Cross Site Attack

Vulnerable websites are targeted to deliver malicious code to users. Encryption on
the host's side and allowing users to turn off page scripts can help prevent attacks.

● SQL Injection
Malicious parties manipulate SQL queries to retrieve sensitive information. Smart
firewalls and developing code to identify illegal user inputs are effective preventive
measures.

● Ransomware
Ransomware prevents access to functionalities until a ransom is paid. Prevention
involves keeping anti-virus software updated, avoiding malicious links, and
maintaining current backups.

● Cryptojacking
Malware forces systems to perform crypto-mining. Prevention includes keeping
security software updated and ensuring firmware on smart devices is current.

● Trojan Virus
Disguised as legitimate software, Trojan viruses deliver malicious payloads.
Prevention involves avoiding downloads from unrecognized vendors and suspicious
alerts.

5.6 Improving Cyber Security

Developing an overall risk mitigation strategy is crucial. Common mitigation strategies
include keeping software updated, restricting access, disaster recovery planning, removing
unwanted hardware, enforcing signed software policies, hunting for intrusions, and
implementing multi-factor authentication.

5.7 Cybersecurity Framework

The framework consists of three components: the Framework Core, Implementation Tiers,
and Framework Profile. Implementation involves senior management familiarizing
themselves with the framework, discussing it with management, and educating staff.
5.8 Using ICT Processes by Auditor to Identify Risks and Mitigating Controls
Auditors can use ICT to optimize audit effectiveness and efficiency, ensuring the integrity of
the audit process. Benefits include improved audit effectiveness, reduced travel costs, and
increased auditor resiliency. Limitations include the scope of ICT use, auditor familiarity with
ICT tools, and difficulty in auditing hands-on processes.

5.9 Use of Data Analytics by the Auditor

Data analytics enables auditors to improve audit quality by analyzing large amounts of client
data efficiently. Examples include testing NRV, analyzing revenue trends, matching purchase
orders, and testing segregation of duties. Data analytics tools turn data into structured forms,
allowing auditors to better understand client information and identify risks.

5.10 Cyber-Security Audit

A cyber security audit is a systematic and independent examination of an organization’s
cyber security to ensure that proper security controls, policies, and procedures are in place
and working effectively. Its purpose is to provide a checklist to validate that security controls
are functioning as expected and to identify weaknesses or vulnerabilities.

i) Elements of a Cyber-Security Audit:

A cyber security audit focuses on standards, guidelines, and policies to ensure that security
controls are optimized and compliance requirements are met. Key elements include:
● Operational Security: Review of policies, procedures, and security controls.
● Data Security: Review of encryption use, network access control, and data security in
transmission and storage.
● System Security: Review of patching processes, role-based access, and
management of privileged accounts.
● Network Security: Review of network and security controls, antivirus configurations,
and security monitoring capabilities.
● Physical Security: Review of role-based access controls, disk encryption, and
multifactor authentication.

ii) Benefits of a Cyber-Security Audit:

A cyber security audit provides the highest level of assurance by offering benefits such as:
● Identifying gaps in security
● Highlighting weaknesses
● Ensuring compliance
● Enhancing reputational value
● Testing control effectiveness
● Improving security posture
● Providing assurance to vendors, employees, and clients
● Increasing confidence in security controls
● Enhancing performance of technology and security

iii) Cyber-Security Audit Checklist:

Though specific to industry, size, and compliance framework, a basic audit checklist should
include:
● Inventory and control of hardware assets
● Inventory and control of software assets
 ● Continuous vulnerability management
● Controlled use of administrative privileges
● Secure configuration for hardware and software
● Maintenance, monitoring, and analysis of audit logs
● Email and web browser protection
● Malware defenses
● Limitation and control of network ports, protocols, and servers

iv) IT Security Controls Auditors Can Implement:

● Formal IT security policy
● Incident response plan
● Security awareness training
● Password lengths of eight or more characters
● Two-factor authentication
● Network firewall
● Intrusion prevention system
● Website filtering solution
● Hard disk encryption for laptops
● Anti-virus software for all PCs and servers
● Quarterly OS patching for servers
● Automatic OS patching for PCs
● Daily data back-up
● Cyber insurance

6. MATERIALITY IN PLANNING AND PERFORMING AN AUDIT (ISA 320)

6.1 Materiality in the Context of an Audit
Misstatements, including omissions, are considered material if they could reasonably
influence the economic decisions of users based on the financial statements. Determining
materiality is a matter of professional judgment, assuming users have a reasonable
knowledge of business, understand financial statements' preparation, recognize inherent
uncertainties, and make reasonable economic decisions. Materiality is applied in both
planning and performing the audit.

6.2 Determining Materiality and Performance Materiality When Planning the Audit
For the financial statements as a whole, materiality involves exercising professional
judgment. A percentage is often applied to a chosen benchmark to determine materiality,
considering factors such as elements of financial statements, users' focus, entity's nature,
and industry environment. Performance materiality is set at less than materiality for the
financial statements as a whole to reduce the probability of uncorrected misstatements
exceeding materiality.

For particular classes of transactions, account balances, or disclosures, materiality may be

lower if misstatements could reasonably influence economic decisions. Factors indicating
such materiality include legal requirements, key disclosures, and specific areas of focus.
6.3 Revision as the Audit Progresses
Auditors should revise materiality as new information arises during the audit, such as major
business decisions or changes in understanding the entity and its operations.

6.4 Documentation
Documentation should include materiality for the financial statements as a whole, materiality
for particular classes, and performance materiality. Any revisions to materiality as the audit
progresses should also be documented.

Practice Question 02:

The materiality for the financial statements as a whole can be determined based on profit
before tax, excluding exceptional items. A normalized profit before tax from continuing
operations can be used as a benchmark, excluding items like sales to the government, loss
due to destroyed raw material, and gain on the sale of a building. A percentage, often around
5% of profit before tax, can be applied to this benchmark to determine materiality.

Solution Discussion:
The benchmark adopted is profit before tax, excluding exceptional items, and applying a
percentage, usually around 5%, as suggested by ISA 320. Exclusions include sales to the
government, loss due to destroyed raw material, and gain on the sale of a building, while
new agreements' sales are considered part of normal operations.

7. EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT (ISA 450)**

i) Misstatement
A misstatement is a difference between the reported financial statement item and what is
required by the applicable financial reporting framework. Misstatements can arise from error
or fraud. When expressing an opinion on the financial statements, misstatements also
include adjustments necessary for the financial statements to be presented fairly or to give a
true and fair view.

ii) Uncorrected Misstatements

These are misstatements identified during the audit that have not been corrected.

7.1 Accumulation of Identified Misstatements

The auditor accumulates misstatements identified during the audit, excluding those that are
trivial. Trivial misstatements may be designated below a certain amount. Types of
misstatements include factual, judgmental, and projected misstatements.

7.2 Consideration of Identified Misstatements as the Audit Progresses

The auditor determines if the overall audit strategy and plan need to be revised if similar
misstatements are likely to exist or if the aggregate of identified misstatements approaches
materiality. If management corrects misstatements, the auditor performs additional
procedures to ensure they are corrected.
7.3 Communication and Correction of Misstatements
The auditor communicates all accumulated misstatements to the appropriate management
level and requests correction. If management refuses to correct misstatements, the auditor
seeks to understand the reasons and considers them when evaluating the financial
statements' accuracy.

7.4 Evaluating the Effect of Uncorrected Misstatements*

Before evaluating uncorrected misstatements, the auditor assesses materiality. The auditor
then determines if uncorrected misstatements are material individually or in aggregate,
considering their size, nature, and effect on financial statements.

7.5 Communication with those charged with governance

The auditor communicates uncorrected misstatements and their effects to those charged with
governance. For a large number of immaterial misstatements, the auditor may communicate
the total effect. Material misstatements are communicated individually.

7.6 Written Representations

The auditor requests written representations from management and, if applicable, those
charged with governance regarding the immateriality of uncorrected misstatements. The
representations do not absolve the auditor of responsibilities.

7.7 Documentation
The auditor documents the threshold for trivial misstatements, all accumulated
misstatements, their correction status, conclusion on materiality of uncorrected
misstatements, and the basis for that conclusion.

8. RELATED PARTIES (ISA 550)

Important Definitions:
● Arm's length transaction: A transaction conducted between unrelated parties, each
acting in their own best interests, without influence from the other party.
● Related party: Defined by the applicable financial reporting framework, or if minimal
requirements exist, it includes entities with control or significant influence over the
reporting entity, entities controlled or significantly influenced by the reporting entity, or
entities under common control.

8.1 Responsibilities of the Auditor

The auditor is responsible for identifying, assessing, and responding to risks of material
misstatement arising from related party relationships and transactions. Even if minimal
requirements exist, the auditor must ensure that the financial statements present a fair view
or are not misleading.

8.2 Risk Assessment Procedures and Related Activities

The auditor performs procedures to identify risks associated with related parties, including
discussions among the engagement team about the entity's related party relationships and
transactions. This includes understanding the nature and extent of these relationships,
assessing susceptibility to fraud or error, and obtaining data from management regarding
related parties and their transactions.
i) Understanding the Entity
The auditor inquires about the entity's related parties, their relationships, and transactions
during the period. This includes obtaining information on associated companies, subsidiaries,
and key personnel involved in related party transactions.

ii) Understanding of the Controls over Related Party Relationships and Transactions
The auditor investigates the controls established by management to identify, account for, and
disclose related party relationships and transactions. This includes authorization procedures
for significant transactions and arrangements with related parties and for transactions outside
the normal course of business. The auditor evaluates the effectiveness of these controls in
mitigating the risk of material misstatement.

Practice Question 03:

For significant related party transactions, the auditor performs risk assessment procedures to
understand the controls, if any, established by management. This includes inquiring about
related party transactions, inspecting records for indications of undisclosed related party
relationships, and reviewing significant transactions outside the normal course of business. If
controls are ineffective or nonexistent, and sufficient audit evidence cannot be obtained, the
auditor may issue a qualified or disclaimer of opinion.

Practice Question 04:

Controls expected for related party transactions include the ability of the entity's information
systems to record and summarize transactions, internal ethical codes governing related party
transactions, policies for open and timely disclosure, periodic reviews by internal audit, and
proactive actions by management to resolve related party disclosure issues. Additionally,
clear guidelines for approval of related party transactions and processes for assessing
transactions at arm's length are necessary.

8.3 Maintaining Alertness for Related Party Information When Reviewing Records or
Documents
i) Examples of Records or Documents the Auditor May Inspect:
● Third-party confirmations obtained by the auditor.
● Entity income tax returns.
● Information supplied by the entity to regulatory authorities.
● Shareholder registers.
● Statements of conflicts of interest.
● Records of investments and pension plans.
● Contracts and agreements.
● Significant contracts not in the ordinary course of business.
● Specific invoices and correspondence.
● Internal auditors' reports.
● Documents associated with filings with securities regulators.

ii) Examples of Arrangements Indicating Related Party Relationships:

● Participation in unincorporated partnerships.
● Service agreements outside the entity's normal course of business.
● Guarantees and guarantor relationships.
The auditor inspects various records and documents for indications of related party
relationships or transactions, including bank and legal confirmations, minutes of meetings,
and other relevant documents.

Identification of Significant Transactions outside the Normal Course of Business

If significant transactions outside the entity's normal course of business are identified, the
auditor should inquire about the nature of these transactions and whether related parties are
involved.

8.4 Identification and Assessment of Risks of Material Misstatement Associated with Related
Party Relationships and Transactions
The auditor identifies and assesses risks associated with related party relationships and
transactions, treating significant transactions outside the normal course of business as giving
rise to significant risks.

8.5 Responses to Risks of Material Misstatement Associated with Related Party

Relationships and Transactions
The auditor designs and performs further audit procedures to obtain sufficient appropriate
audit evidence about the assessed risks. If management has not appropriately accounted for
or disclosed specific related party relationships or transactions, the auditor takes appropriate
steps, which may include additional substantive audit procedures.

Practice Question 05:

For Diversified Businesses Limited, where a significant amount was advanced to a related
party for construction, the auditor evaluates whether the transactions were appropriately
accounted for and disclosed. This involves inspecting underlying contracts, determining the
business rationale, and assessing the terms of the transactions. Additionally, the auditor
evaluates management's support for the assertion of arm's length transactions and seeks
representations regarding disclosure.

Practice Question 06:

For Modern Equipment (Pvt) Limited, where a donation was made to a charitable
organization where one of the directors is a trustee, the auditor may qualify the report if
unable to verify the business purpose of the transaction. This could be due to intentional
misstatement, unintentional error, or deliberate attempt at fraud.

Practice Question 07:

For Mubashar Limited, where related party transactions were not disclosed, the auditor
investigates the reasons behind the omission, discusses with management, and takes
appropriate action, including revising financial statements if necessary. If non-disclosure
appears intentional, the auditor may reassess the risk of material misstatement and perform
additional audit procedures.
8.6 Identify Related Party Transactions Outside Normal Course of Business
a) Inspection and Evaluation of Related Party Transactions:

i. Inspecting Contracts or Agreements:

● The auditor inspects underlying contracts or agreements to evaluate whether the
business rationale suggests potential fraudulent financial reporting or
misappropriation of assets.
● The auditor considers the following factors in evaluating the business rationale:
○ Complexity of the transaction.
○ Unusual trade terms such as prices, interest rates, guarantees, and repayment
terms.
○ Lack of apparent logical business reason.
○ Involvement of previously unidentified related parties.
○ Unusual processing manner.
● Additionally, the auditor assesses whether management discussed the nature and
accounting treatment of the transaction with those charged with governance.
● The auditor evaluates whether management is emphasizing a particular accounting
treatment over the underlying economics of the transaction.

ii. Consistency with Management's Explanations:

● The auditor ensures that the terms of the transactions are consistent with
management's explanations.

iii. Appropriately Accounted for and Disclosed:

● The auditor verifies whether the transactions have been appropriately accounted for
and disclosed in accordance with the applicable financial reporting framework.

b) Authorization and Approval:

● The auditor obtains audit evidence that the transactions have been appropriately
authorized and approved.

Assertions Regarding Arm's Length Transactions:

● If management asserts that a related party transaction was conducted on terms
equivalent to an arm's length transaction, the auditor obtains sufficient appropriate
audit evidence about the assertion.

Practice Question 08:

For Moon Limited, where a significant portion of sales is made to an associated company, the
audit team evaluates whether the prices charged are in accordance with prevailing market
rates. If credit terms differ from market norms, the transaction may be considered a financing
arrangement, requiring shareholder approval.

Practice Question 09:

For Mechanic Engineering Limited (MEL), where a building was sold to Natasha (Private)
Limited (NPL) at a loss, the auditor evaluates the reasons for the sale, communicates
relevant information to the audit team, requests identification of all transactions with NPL,
and performs additional audit procedures. The auditor also reviews the depreciation policy,
investigates the influence of the director, and evaluates the implications of non-disclosure by
management. Finally, the auditor ensures proper disclosure of the related party transaction in
the financial statements.
 Chapter 10: Understanding the entity and the risk assessment

1. SUBSEQUENT EVENTS (ISA 560)

1.1 Events Occurring between Date of Financial Statements and Date of Auditor's Report
i) Additional Audit Procedures:
● The auditor performs additional audit procedures to identify all subsequent events
occurring between the date of financial statements and the date of the auditor's
report.
● Determination of whether each subsequent event is appropriately reflected in the
financial statements according to the applicable financial reporting framework.
● Taking into account risk assessment, the nature, and extent of audit procedures
include:
○ Understanding management's procedures to identify events.
○ Inquiring about subsequent events that might affect financial statements.
○ Checking the current status of items accounted for based on preliminary or
incomplete data.
○ Reading minutes of meetings held after the date of financial statements.
○ Reviewing subsequent interim financial statements if available.

ii) Additional Procedures:

● Reading the entity's latest available budgets, cash flow forecasts, etc., for periods
after the date of financial statements.
● Inquiring from legal counsel about litigations and claims.
● Considering the need for written representations to support other audit evidence.

iii) Written Representations:

● Requesting management (or those charged with governance) to provide a written
representation that all subsequent events requiring adjustment or disclosure have
been appropriately addressed.

1.2 Facts Become Known after Date of Auditor Report and before Date of Issuance of
Financial Statements
i) Management Amends Financial Statements:
If management amends financial statements due to events occurring after the date of the
auditor's report but before issuance:
● The auditor carries out necessary audit procedures on the amendment.
● Extends audit procedures to the date of the new auditor's report (unless restricted).
● Provides a new auditor's report on amended financial statements (not dated earlier
than the date of approval).
● Includes an Emphasis of Matter or Other Matter paragraph in the report.

ii) No Amendment by Management:

If management does not amend financial statements:
● The auditor modifies the opinion before providing the report if the report has not been
provided.
 ● Notifies management and those charged with governance not to issue financial
statements without necessary amendments.
● Takes appropriate action to prevent reliance on the auditor's report if financial
statements are issued without necessary amendments.

1.3 Facts Which Become Known to the Auditor after the Financial Statements Have Been
Issued
If the auditor becomes aware of a fact requiring amendment of the auditor's report after
issuance:
● Discusses the matter with management and those charged with governance.
● Determines whether financial statements need amendment.
● Carries out necessary audit procedures on the amendment.
● Provides a new auditor's report on amended financial statements.
● Includes an Emphasis of Matter or Other Matter paragraph in the report.

Practice Question 01:

● Factors the auditor should consider:
○ Assessment of Salim Limited's ability to repay the amount.
○ Agreement on the provision to be made.
○ Review of steps taken by management.
○ Compliance with legal requirements
● Steps under each circumstance:
○ If prohibited by law, extend audit procedures and include an Emphasis of
Matter paragraph
○ If not prohibited, restrict procedures to the court's decision and include an
Emphasis of Matter or Other Matter paragraph.

Practice Question 02:

a) Auditor’s Responsibility if the Amount Involved is Material:
● Communicate with the client about the omission.
● Advise the client to inform the Securities and Exchange Commission of Pakistan,
relevant stock exchanges, and other regulatory bodies.
● Ensure that management sends a corrigendum to all shareholders before the AGM. If
not possible due to time constraints, management should inform shareholders about
the omission at the AGM.
● Auditors are entitled to attend the AGM under the Companies Ordinance, 1984. If
management fails to inform shareholders, auditors should do so themselves.

b) Auditor’s Responsibility if the Amount is Immaterial:

● The auditor should ensure the same actions as mentioned above even if the amount
involved is not material.

Practice Question 03
Course of Action for the Firm:
● Immediately contact the client to inform them that unless the auditors have signed the
audit report on the financial statements, such financial statements will remain
unaudited.
 ● Inform the Securities and Exchange Commission of Pakistan (SECP) about the
situation.
● Seek legal opinion on the matter.
● Take necessary steps to inform shareholders either immediately or during the AGM
about the possible impact on the financial statements.

2. WRITTEN REPRESENTATIONS (ISA 580)

2.1 Management from whom Written Representations Requested:
● Management with appropriate responsibilities for the preparation of financial
statements and having knowledge of the matters concerned.
● Management is expected to have sufficient knowledge of the process followed in
preparing financial statements and the assertions therein.
● Management may make inquiries of others who participate in preparing and
presenting financial statements, including individuals with specialized knowledge.
● The auditor may accept qualifying wording in representations if satisfied they are
made by relevant management personnel.
● Management may include confirmation in the written representations that it has made
appropriate inquiries before making the requested written representations.

2.2 Written Representations about Management's Responsibilities:

● Management should provide a written representation that it has fulfilled its
responsibility for the preparation of financial statements in accordance with the
applicable financial reporting framework.
● It should confirm that it has provided the auditor with all relevant information and
access as agreed, and that all transactions have been recorded and reflected in the
financial statements.
● The auditor may also request management to reconfirm its acknowledgment and
understanding, especially in certain circumstances.

Communication with Those Charged with Governance:

● The auditor shall communicate with those charged with governance regarding the
written representations requested from management.

2.3 Additional / Other Written Representations:

● Auditors may request representations about the appropriateness of accounting
policies, recognition of specific matters, and compliance with laws, regulations, and
agreements.
● Management may also provide representations about deficiencies in internal control.

Practice Question 04:

a) Relevance of Oral Representations:
● Oral representations should be documented and made part of audit working papers
but are generally less reliable than written representations.
b) Situations Requiring Written Representation:
● Written representations are mandatory for matters material to the financial
statements, management’s responsibilities for internal controls, and acknowledgment
of immaterial uncorrected errors.

c) Course of Action:
● Accept the oral representations but document them in the working papers.
● Reassess whether additional procedures are needed.
● Consider appropriate modification of the auditor’s report if written representations are
refused.

2.4 Date of and Period Covered by Written Representations:

● The date should be as near as practicable to, but not after, the date of the auditor’s
report.
● The period should cover all financial statements and periods referred to in the
auditor's report.

2.5 Form of Written Representations:

● Representations should be in the form of a letter addressed to the auditor.
● In some jurisdictions, management may be required by law or regulation to make a
written public statement about responsibilities.

2.6 Doubt as to the Reliability and Requested Written Representations Not Provided:
● If doubt arises about the reliability of representations, the auditor should investigate
and perform additional procedures if necessary.
● If requested written representations are not provided, the auditor should discuss the
matter with management, re-evaluate management's integrity, and take appropriate
actions, including determining the possible effect on the audit opinion.

3. FORMING AN OPINION AND REPORTING ON FINANCIAL STATEMENTS (ISA 700

(REVISED))

3.1 Forming an Opinion on the Financial Statements:

● The auditor concludes whether reasonable assurance has been obtained by
considering:
○ Sufficiency of appropriate audit evidence.
○ Materiality of uncorrected misstatements, individually or in aggregate.
○ Other evaluations required by the ISA.
● The auditor forms an opinion that the financial statements are prepared in
accordance with the applicable financial reporting framework.
● Evaluation includes consideration of qualitative aspects of accounting practices,
indicators of possible bias, and the adequacy of disclosures.

3.2 Description of the Applicable Financial Reporting Framework:

● The auditor evaluates whether the financial statements adequately refer to or
describe the applicable financial reporting framework.
 ● Such description is appropriate only if the financial statements comply with all
requirements of that framework during the period covered.

3.3 Form of Opinion:

An unmodified opinion is expressed when the auditor concludes that the financial statements
are prepared, in all material respects, in accordance with the applicable financial reporting
framework.
● Modification of the opinion may occur if the auditor concludes that the financial
statements are not free from material misstatement or if sufficient appropriate
evidence cannot be obtained.
● For a fair presentation framework, if financial statements do not achieve fair
presentation, the auditor discusses the matter with management and may modify the
opinion according to ISA 705.
● For compliance framework, the auditor is not required to evaluate whether financial
statements achieve fair presentation. However, if misleading, the matter is discussed
with management.

3.4 Auditor's Report:

1. Title: "Independent Auditor's Report"
2. Addressee: As required by the circumstances of the engagement, usually shareholders or
those charged with governance.
3. Auditor's Opinion:
● Identifies the audited entity and financial statements.
● Refers to accounting policies and other explanatory information.
● Specifies the date or period covered by the financial statements.
● Expresses an opinion using appropriate language based on the financial reporting
framework.
4. Basis for Opinion:
● States that the audit was conducted in accordance with International Standards on
Auditing (ISAs).
● Refers to the section describing the auditor’s responsibilities under the ISAs.
● States the auditor's independence and fulfillment of ethical responsibilities.
● States whether the auditor believes the evidence obtained is sufficient and
appropriate.
5. Going Concern: Reported in accordance with ISA 570 (Revised) if applicable.
6. Key Audit Matters (KAM): Communicated for audits of listed entities and other prescribed
entities according to ISA 701.
7. Other Information: Reported as per ISA 720 (Revised).
8. Management's Responsibility: Describes management's responsibilities for preparation of
financial statements and internal controls.
9. Auditor's Responsibility: Describes the auditor’s objectives, exercise of professional
judgment, communication with governance, and the audit process.
10. Other Reporting Responsibilities: Addressed in a separate section, if applicable.
11. Name of the Engagement Partner: For listed companies only, unless there's a significant
personal security threat.
12. Signature of the Auditor: Signed by the audit firm, auditor’s personal name, or both.
13. Auditor's Address: Indicates the location where the auditor practices.
14. Date: Not earlier than when sufficient appropriate audit evidence has been obtained.
Practice Question 05:
Differences between Auditor’s Reports for Listed and Unlisted Companies**

Listed Company:
1. Key Audit Matters:
● Includes key audit matters that were of most significance in the audit of the financial
statements of the current period.

2. Statement on Ethical Requirements:

● Statement from the auditor regarding compliance with relevant ethical requirements
regarding independence and communication with those charged with governance
about relationships that may affect independence.

3. Identification of Key Audit Matters:

● Statement that identifies key audit matters determined from communication with those
charged with governance.

4. Name of Engagement Partner:

● Engagement partner's name is disclosed.

5. Other Information Section:

● Includes a separate section for "other information" if the auditor has obtained or
expects to obtain other information not part of the financial statements.

Unlisted Company:
1. Key Audit Matters:
● Key audit matters may or may not be included based on the auditor's judgment and
the specific requirements.

2. Statement on Ethical Requirements:

● Statement regarding compliance with ethical requirements regarding independence
and communication with governance may still be included but is not explicitly
required.

3. Identification of Key Audit Matters:

● Identification of key audit matters may not be required.

4. Name of Engagement Partner:

● Disclosure of the engagement partner's name may or may not be included.

5. Other Information Section:

● The inclusion of a separate section for "other information" depends on whether the
auditor has obtained such information.

Additional Considerations:
● Auditor's Report Prescribed by Law or Regulation:
 The auditor's report should refer to ISA if it includes the elements required by the
standard.

● Report in Accordance with Auditing Standards of Specific Jurisdiction and ISA:

If the auditor refers to both national auditing standards and ISA, there should be no
conflict between the requirements.

● Supplementary Information Presented with the Financial Statements:

The auditor evaluates whether unaudited supplementary information is presented in a
manner that could be considered as being covered by the auditor's opinion.

4. COMMUNICATING KEY AUDIT MATTERS IN THE INDEPENDENT AUDITOR’S

REPORT (ISA 701)
4.1 Scope of the ISA 701:
● ISA 701 deals with the auditor's responsibility to communicate Key Audit Matters
(KAM) in the auditor’s report to enhance transparency about the audit performed.
● Definition of Key Audit Matters (KAM): Matters of most significance in the audit of the
financial statements, selected from those communicated with those charged with
governance.
● KAM are communicated for audits of listed entities, entities other than listed entities (if
required by law), and other entities decided by the auditor based on professional
judgment.

4.2 Determining KAM:

● Auditor determines KAM from matters communicated with those charged with
governance, considering areas of higher assessed risk, significant auditor judgments,
and the effect of significant events or transactions.
● Other relevant considerations include importance to intended users, complexity,
materiality of misstatements, extent of audit effort, and severity of control deficiencies.

4.3 Communicating KAM:

● KAM are described in a separate section of the auditor’s report under the heading
“KAM,” unless law or regulation prohibits disclosure or adverse consequences
outweigh the public interest benefits.
● Introductory language states that KAM were of most significance in the audit and
were addressed in forming the auditor’s opinion.
● If there are no KAM to communicate, a statement to this effect is included in a
separate section of the report.

Illustration:
If no KAM to communicate: "[Except for the matter described in the Basis for Qualified
(Adverse) Opinion section or Material Uncertainty Related to Going Concern section,] We
have determined that there are no [other] KAM to communicate in our report."

Additional Considerations:
Practice Questions:
 ● Adverse reports and qualified opinions have specific considerations regarding KAM.
● Determination of KAM is limited to the current period even if comparative financial
statements are presented.
● Management's request to exclude sensitive information from KAM should comply with
legal requirements or be based on adverse consequences outweighing public interest
benefits.
This standard aims to provide greater transparency about the audit process and significant
matters to assist users of financial statements in understanding the audit's results.

A. Key Audit Matters: Tax Contingency

● Reference to the related disclosure(s): Refer note x to the financial statements.

● Why the matter was considered to be one of most significance in the audit: The
company has significant tax contingencies totaling Rs. 175 million, which can have a
significant impact if materialized. Due to the high level of judgment required to assess
the outcome of tax litigations, we consider it to be a key audit matter.

● How the matter was addressed in our audit:

A brief overview of procedures performed:
○ Reviewed the management’s contention against the demands made by the
taxation authorities.
○ Discussed with the tax advisor of the Company and evaluated their rationale
and justifications against the demands made by the taxation authorities.
○ Utilized our own tax specialist to consider the level of provision required in
light of the company’s exposure, applicable regulation, and correspondence
with the tax authorities.
○ Considered any legal precedent or case law by assessing relevant historical
and recent judgments passed by the courts and other authorities in similar
situations.
○ Evaluated the adequacy of the disclosure in the financial statements.

B. Key Audit Matters: Related Party Transactions

● Reference to the related disclosure(s): Refer note x to the financial statements.

● Why the matter was considered to be one of most significance in the audit: The
company has significant purchases from related parties and significant advertising
expenses paid to related parties. Due to the large number of transactions and the
associated risks, we consider this to be a key audit matter.

● How the matter was addressed in our audit:

A brief overview of procedures performed:
○ Assessed management controls over identification and recording of related
party transactions.
○ Reviewed the frequency of updates to the related party listing by management
and assessed for any time lags.
○ Reviewed filings with regulatory authorities for related party information.
○ Reviewed contracts with related parties for services provided.
 ○ Reviewed minutes of board meetings for discussion and authorization of
related party transactions.
○ Reviewed accounting records for large, unusual, and nonrecurring
transactions.
○ Circulated confirmation requests to related parties regarding transactions and
balances.
○ Evaluated the adequacy of related party disclosures in the financial
statements.

C. Key Audit Matters: Non-Current Assets Held for Sale

● Reference to the related disclosure(s): Refer note x to the financial statements.

● Why the matter was considered to be one of most significance in the audit: The
company has decided to sell a manufacturing facility, involving significant judgment in
estimating the fair value and the associated carrying amounts of assets and liabilities.
Therefore, we consider it to be a key audit matter.

● How the matter was addressed in our audit:

A brief overview of procedures performed:
○ Assessed the company’s commitment to the sale plan through understanding
the status of the sales process and reviewing correspondence from
purchasers and prospective purchasers.
○ Involved our own valuation specialist to evaluate the fair value of the plant.
○ Evaluated the adequacy of the financial statement disclosures, including key
assumptions, judgments, and sensitivities.

Communication with Those Charged with Governance

● We communicated the above key audit matters with those charged with governance
to ensure awareness and provide further clarification.
 Chapter 11: Modification In The Audit Report

1. MODIFICATIONS TO THE OPINION IN THE INDEPENDENT AUDITOR’S REPORT (ISA

705)
1.1 Types of Modified Opinions

Important Definitions:
● Modified Opinion: Qualified opinion, Adverse opinion, or Disclaimer of Opinion
● Pervasive: Describes effects on financial statements that are undetected due to an
inability to obtain sufficient appropriate audit evidence

1.2 Nature of Material Misstatements

● Appropriateness of Selected Accounting Policies: Inconsistent with applicable
financial reporting framework, not representing underlying transactions for fair
presentation
● Application of Selected Accounting Policies: Inconsistent application by management,
method of application
● Appropriateness or Adequacy of Disclosures: Missing disclosures, not presented in
accordance with applicable framework, hindering fair presentation

1.3 Nature of an Inability to Obtain Sufficient Appropriate Audit Evidence

● Circumstances beyond control: Destruction or seizure of accounting records
● Circumstances relating to the auditor's work: Unable to observe inventory counting,
ineffective controls
● Limitations imposed by management: Preventing observation of physical inventory
counting or requesting external confirmation

1.4 Consequence of an Inability to Obtain Sufficient Appropriate Audit Evidence

● Auditor requests management to remove limitation; if refused:
○ Communicate to governance
○ Determine whether to perform alternative procedures
● If unable to obtain sufficient evidence:
○ Qualify opinion if effects could be material
○ Withdraw or give disclaimer if effects could be both material and pervasive

1.5 Other Considerations Relating to an Adverse or Disclaimer of Opinion

● Report shall not include an unmodified opinion when expressing an adverse or
disclaimer, except in specific circumstances

1.6 Form and Content of Auditor's Report When Opinion Is Modified

● Opinion Paragraph: Qualified, Adverse, or Disclaimer of Opinion
 ● Basis for Opinion Paragraph: Description of matter(s) giving rise to modification,
including financial effects
● Auditor's Responsibility: Statement on sufficiency and appropriateness of audit
evidence for modified opinion

Effect of disclaimer of opinion on "Key Audit Matters":

● When disclaiming an opinion, the report shall not include a KAM section

1.7 Communication with those charged with governance

● Enables notice, agreement, further information, and explanations from those charged
with governance

2. EMPHASIS OF MATTER PARAGRAPHS AND OTHER MATTER PARAGRAPHS IN THE

INDEPENDENT AUDITOR’S REPORT (ISA 706)
2.1 Emphasis of Matter Paragraphs
● Definition: A paragraph in the auditor's report that refers to a matter in the financial
statements considered fundamental to users' understanding.
● Examples: Uncertainties, subsequent events, early adoption of accounting standards,
major disasters.
● Presentation: Separate section in the auditor’s report, clear reference to the
emphasized matter, indication that opinion is not modified due to this matter.

2.2 Other Matter Paragraphs

● Definition: A paragraph in the auditor's report referring to a matter outside the
financial statements relevant to users' understanding of audit, auditor's
responsibilities, or the report.
● Examples: Reasons for inability to withdraw from an engagement, reporting on other
audited financial statements, restrictions on distribution or use of the auditor's report.
● Presentation: Separate section in the auditor’s report, use of appropriate heading.

2.3 Placement of Emphasis of Matter or Other Matter Paragraph

● Depends on the nature and significance of the information to users.
● Emphasis of Matter Paragraph:
○ Following the Basis of Opinion section when it relates to the financial reporting
framework.
○ Before or after the Key Audit Matters section when present, with added
context to differentiate if necessary.
● Other Matter Paragraphs:
○ When the Key Audit Matters section is present, further context can be added
to the heading to differentiate it.

2.4 Communication with those charged with governance

● Auditor communicates with governance regarding the expectation and proposed
wording of Emphasis of Matter or Other Matter paragraphs.
Example of Auditor’s Report:
● Includes sections for Opinion, Basis for Opinion, Emphasis of Matter, Key Audit
Matters, Other Matter, and other necessary sections.

Tutorial note: How to cope with the scenario requiring modification of report in Exam
● Identification of materiality, discussion of the issue and auditor’s procedures,
management response, and implications on the audit report are key steps.

Example Scenario and Solution:

● Discusses scenarios involving warranty provision assessment and inventory count,
and outlines necessary steps and reporting implications.

3. GOING CONCERN (ISA 570)

3.1 Risk Assessment Procedures and Related Activities
● Auditors assess events or conditions that may cast significant doubt on an entity's
ability to continue as a going concern.
● Examples include financial, operating, and other factors such as net liabilities, loss of
key management, pending legal proceedings, etc.
● Auditor determines if management has conducted a preliminary assessment; if not,
the auditor discusses with management the basis for using the going concern basis of
accounting.

3.2 Evaluating Management’s Assessment

● Auditor evaluates management’s assessment covering the same period as
management's assessment or at least 12 months from the date of the financial
statements.
● If management's assessment covers less than 12 months, the auditor requests an
extension.
● Auditor ensures management's assessment includes all relevant information known
to the auditor.

Period beyond Management’s Assessment

● Auditor inquiries management about events or conditions beyond the assessment
period that may cast significant doubt on the entity’s ability to continue as a going
concern.

3.3 Additional Procedures When Events or Conditions are identified

● Auditor obtains sufficient appropriate audit evidence to determine if a material
uncertainty exists related to events or conditions that may cast significant doubt on
going concern.
● Procedures include analyzing forecasts, interim financial statements, loan
agreements, minutes of meetings, legal counsel inquiries, evaluation of entity’s plans,
subsequent events, confirmation of borrowing facilities, and reviewing regulatory
reports.
● If management hasn’t conducted a going concern assessment, the auditor requests
management to perform it.
Practice Question 01:
For the matter regarding uncertainties impacting Link Telecom Limited's ability to operate as
a going concern:

i) Financial Support from Parent Company:

● Copies of agreements or support letters from the parent company guaranteeing
continuous financial support.
● Review of the parent company's financial statements to assess its capability to
provide support.

ii) Negotiations with Foreign Customers:

● Documentation of ongoing negotiations with foreign customers.
● Explanation of discounts offered to local distributors above normal market rates.

iii) Reduction of Overheads and Administrative Expenses:

● Plans and strategies for reducing overheads and administrative expenses.
● Approval documents from the board of directors for cost reduction measures.

iv) Discontinuation of Non-Profitable Segment:

● Analysis of the marketability of the segment's assets and potential impact on
operations.
● Board approval documents for discontinuation of the segment.

v) Increasing Equity:
● Feasibility plan for increasing equity or issuing new capital.
● Documentation of regulatory approvals and shareholder resolutions.

vi) Expectation of Profitable Operations:

● Detailed business plans supporting the expectation of profitable operations.
● Financial forecasts and projections for the next year.

Main reason for acquiring such information/documents: To assess the validity and viability of
the assumptions and plans made by management to address uncertainties impacting the
company's going concern status.

Practice Question 02:

For the comprehensive plan to counter the difficult situation faced by Bolan Pharmaceuticals
Limited (BPL):

i) Probable Date of Commencement of Operations:

● Timeline for resuming operations and commencement date.

ii) Measures to Deal with Technical Issues:

● Correspondence with experts or board minutes regarding technical issues.

iii) Financial Effects of Breach of Key Covenants:

● Details of bank loan restructuring and related financial implications.
iv) Recapture of Lost Customer Ship:
● Plans to regain lost customers and recapture market share.

v) Equity Injection Plans:

● Documentation of plans for equity injection or rights issues.

vi) Employee Reactions and Redundancy Payments:

● Information on employee turnover and redundancy payment calculations.

vii) Implications of Loan Default:

● Consequences of loan default and actions taken to mitigate risks.

viii) Cash Flow Forecast:

● Detailed cash flow forecast supporting the going concern assumption.

Main reason for acquiring such information/documents: To assess the feasibility and
effectiveness of the management's plan to address the company's difficulties and ensure its
ability to continue as a going concern.

Practice Question 03:

For the CEO's claims and management's plan regarding going concern uncertainty:

i) Financial Support from Parent Company:

● Copies of agreements or letters guaranteeing continuous financial support.
● Financial statements of the parent company to assess its capability to provide
support.

ii) Rescheduling of Borrowing Facilities:

● Copies of agreements or communication from banks conforming loan rescheduling.

iii) Reduction of Overheads and Administrative Expenses:

● Details of plans and strategies for overhead reduction.

iv) Discontinuation of Non-Profitable Segment:

● Analysis of marketability of segment assets and board approval documents.

v) Increasing Equity:
● Documentation of plans for equity injection and regulatory approvals.

vi) Expectation of Profitable Operations:

● Detailed business plans supporting the expectation of profitability.
● Financial forecasts and projections for the next year.

Main reason for acquiring such information/documents: To evaluate the validity and feasibility
of the CEO's claims and management's plan to address the going concern uncertainty.
Practice Question 04:
For matters related to Akhtar Autos Limited's going concern issues:

i) Negotiations with Foreign Customers:

● Copies of agreements and terms with foreign customers.
● Explanation of discounts offered to local distributors.

ii) Legal Dispute with Major Customers:

● Copies of court notices and documentation of management's response.

iii) Bankruptcy of Supplier:

● Details of bankrupt supplier, amount owed, and liquidator's claim.
● Information on alternative suppliers and ability to fulfill orders.

Main reason for acquiring such information/documents: To assess the impact of these issues
on the company's going concern status and evaluate management's plans to address them.

3.4 Implications for the Auditor’s Report (Ref: 17-24, A21-A35)

Practice Question 05:

i) Advising the Client:
If it is concluded that Haroon Private Limited (HPL) is not a going concern, the financial
statements should be prepared on the following alternative authoritative basis:
● Assets should be valued at recoverable amounts.
● All assets and liabilities should be classified as current assets.
● A note in the financial statements disclosing that HPL is not a going concern should
be included.
● Recording of additional liabilities such as redundancy costs should be made.

ii) Procedures if Management Agrees:

● Ensure that the alternative approach as discussed above has been properly applied
and adequate disclosures are made.
● If satisfied with the alternative approach and disclosures, issue an unqualified opinion
with an emphasis of the matter paragraph referring to the note in the financial
statements describing the going concern situation.
iii) Drafting Appropriate Modifications:
If management does not agree, the following modifications could be included in the audit
report:

iv) Adverse Opinion:

"In our opinion, because of the effects of the matters discussed in the preceding
paragraph(s), the financial statements do not give a true and fair view of the financial position
of Haroon Private Limited as of [Date] and of its financial performance and its cash flows for
the year then ended, in accordance with International Financial Reporting Standards."

Practice Question 06:

Effect on Financial Statement:
1. Express Pakistan Limited (EPL) Liquidation:
● EPL's liquidation affects BL's financial statements in two significant ways:
○ The outstanding amount due from EPL (Rs. 5.89 million) represents 19.5% of
BL's profit before tax, making it material by size.
○ BL's revenue from EPL constitutes 35% of its total revenue, making EPL a
major customer. The liquidation casts significant doubt on BL's ability to
continue as a going concern.
● Possible actions:
○ Provision should be made for the outstanding amount if it is not recoverable.
○ Disclosure should be made regarding the uncertainty arising from EPL's
liquidation.

2. Litigation Uncertainty:
● The potential impact of an unfavorable decision in litigation (up to Rs. 10 million) is
material, constituting around 33% of profit before tax.
● Possible actions:
○ Disclosure of the uncertainty in the financial statements is required.
○ If management agrees to include a note explaining the issue, the report will be
unmodified, including a separate section on "Material Uncertainty Related to
Going Concern" (ISA 700).
○ If the directors refuse to include a note or if the note is inadequate, the opinion
should be qualified due to disagreement.

Effect on Audit Report:

1. EPL Liquidation:
● If provision is not made for the outstanding debt or if the facts are not disclosed, the
auditor's opinion would be qualified on grounds of disagreement, as the amount is
material.
● If disclosure is properly presented, an unmodified opinion with a separate section on
"Material Uncertainty Related to Going Concern" (ISA 700) will be issued.

2. Litigation Uncertainty:
● If the uncertainty is adequately disclosed, an unmodified opinion will be issued with a
separate section on "Material Uncertainty Related to Going Concern" (ISA 700).
● If the uncertainty is not adequately disclosed, the opinion should be qualified due to
disagreement.
Practice Question 07:
Audit Procedures:
1. Review Cash Flow Projections:
● Evaluate the reliability of underlying data and assumptions.
● Assess the viability of SAPL's agreements with motor car assemblers, including
Pannu Motors Limited (PML).

2. Assess Significance of Revenue from PML:

● Ascertain the amount of sales to PML and assess its significance for SAPL's business
operations.

3. Review Viability of PML:

● Review PML's financial statements and corporate announcements to assess its future
viability.

4. Consider Subsequent Events:

● Assess any additional facts or information that have become available since the
assessment date.

5. Seek Written Representation:

● Obtain written representation from management regarding its plans for future actions.

Implications on Audit Report:

● If going concern assumption is appropriate and no material uncertainty exists, an
unmodified opinion will be issued.
● If a material uncertainty exists but is adequately disclosed, an unmodified opinion with
a separate section on "Material Uncertainty Related to Going Concern" (ISA 700) will
be issued.
● If a material uncertainty exists but is not adequately disclosed, a qualified or adverse
opinion will be issued.
● If the going concern assumption is not appropriate and the financial statements are
not revised accordingly, an adverse opinion will be expressed.

Practice Question 08:

Shortcomings in Draft Audit Report:

● Use of "Emphasis of Matter" Paragraph:

○ The scenario requires specific wording as per ISA 570 (revised) to address
material uncertainties.
○ Should not use the "Emphasis of Matter" paragraph.

● Lack of Specificity in Language:

○ The phrase "that the company may be unable to continue as a going concern"
should be replaced with "which may cast significant doubt on the company’s
ability to continue as a going concern" for clarity.
 ● Incomplete Reporting:
○ The audit report should refer to all relevant notes, including the note
describing the material uncertainty.
○ If there is no such note, the opinion should be qualified.

Practice Question 09:

a) Evaluation and Procedures:
Qasmi Steels Limited (QSL) faces several challenges, indicating potential going concern
issues. As an auditor, the following procedures should be performed:

i. Review Cash Flow Projections: Evaluate QSL's cash flow projections to assess their
reasonableness, especially considering the company's incurred losses and its ability to
generate cash to meet obligations.

ii. Management Discussion: Discuss with management the uncertainties related to the
company's plans for revival, including the feasibility of converting the plant to run on gas,
restructuring the loan, and leasing the plant temporarily.

iii. Consider Subsequent Events: Assess subsequent events to understand their impact on
QSL's financial position and going concern assumptions, particularly regarding loan
rescheduling and gas conversion plans.

iv. Written Representation: Obtain written representation from management regarding its
plans for future actions, including the feasibility and timelines of the proposed initiatives.

v. Additional Audit Procedures: If doubts persist regarding the appropriateness of the going
concern assumption, perform additional audit procedures, such as reviewing the company's
ability to secure a gas connection and assessing the impact of the temporary plant closure
on the company's financial position.

Additionally, consider the potential impairment of plant and machinery due to the
discontinuance of operations and reduced production of steel.

b) Implications on the Audit Report:

i. Unmodified Opinion: If the going concern assumption is appropriate without any material
uncertainty, express an unmodified opinion.

ii. Qualified Opinion with Material Uncertainty Disclosure: If there's a material uncertainty but
it's adequately disclosed, issue a qualified opinion and include a separate section in the
report highlighting the uncertainty.

iii. Adverse Opinion: If the going concern assumption is inappropriate and not adjusted, issue
an adverse opinion.

iv. Emphasis of Matter Paragraph: If the company revises its financial statements due to
going concern issues, include an emphasis of the matter paragraph referring to the note in
the financial statements explaining the reason for the revision.
v. Qualified or Disclaimer of Opinion: If management is unwilling to assess going concern or
provide necessary information, issue a qualified or disclaimer of opinion accordingly.

In conclusion, the auditor's report should reflect the outcome of the assessment of QSL's
going concern assumption and its implications on the financial statements.

Practice Question 10: Dealing with Non-recovery of Loan

Evaluation and Procedures:
1. Review QL's Financial Statements:
● Assess QL's financial statements to determine its ability to repay the loan and any
signs of default on other obligations.

2. Review Loan Agreement:

● Examine the agreement between KPL and QL to understand the remedies available
to KPL in case of non-payment by QL.

3. Inquire About QL's Financial Difficulties:

● Discuss with QL's management the steps taken to overcome financial difficulties and
their assessment of the loan's recoverability.

4. Assess Recoverability of the Loan:

● Evaluate whether there are indications of impairment in the value of the loan and
whether an allowance for doubtful debts is necessary.

5. Management Discussion:
● Engage in a discussion with KPL's management regarding the recoverability of the
loan and the reasonableness of their assessment.

Implications on the Audit Report:

● Qualified or Adverse Opinion:
○ Issue a qualified or adverse opinion if the recovery of the loan or the interest
accrued is doubtful and appropriate provisions are not made in the financial
statements.

● Scope Limitation:
○ If management fails to provide sufficient evidence or assesses the issue
subjectively, resulting in a scope limitation, issue a qualified or disclaimer of
opinion.

● Communication with Governance:

○ Communicate with those charged with governance about material
uncertainties related to the loan's recoverability and its implications for the
audit report.
Practice Question 11: Implications of an Earthquake
Evaluation and Procedures:

1. Assessment of Non-Adjusting Event:

● Determine that the earthquake, occurring after the year end, is a non-adjusting event
but has significant implications.

2. Impact Analysis:
● Assess the impact on GL's business, considering damage to the plant and supply
chain disruptions.

3. Review of Management's Actions:

● Review management's actions, including insurance claims and plans for raw material
supply.

4. Evaluation of Going Concern:

● Determine if the earthquake affects GL's going concern status, considering the impact
on production and supply chain.

Implications on the Audit Report:

● Disclosure Requirements:
○ Ensure management discloses the earthquake's impact in accordance with
IAS-10.

● Going Concern Assessment:

○ Evaluate whether the earthquake affects GL's ability to continue as a going
concern and reflect this in the audit report.

● Insurance Claim Assessment

○ Review the insurance policy and correspondence to determine the likelihood
and amount of the insurance claim.

● Communication with Governance:

○ Communicate significant events and their implications to those charged with
governance, including any material uncertainties related to going concern.

Conclusion:
Both scenarios require careful evaluation of the situation and its impact on financial
statements, along with appropriate communication with management and governance.
Depending on the findings, the auditor's report may need to include qualifications,
disclosures, or even disclaimers of opinion.

3.5 Communication with Those Charged with Governance

Events or Conditions Related to Going Concern:
● Material Uncertainty Assessment:
○ Communicate any events or conditions that may cast significant doubt on the
entity's ability to continue as a going concern, assessing whether they
constitute a material uncertainty.
 ● Appropriateness of Going Concern Basis:
○ Discuss with governance whether management's use of the going concern
basis in the financial statements is appropriate given the identified events or
conditions.

● Disclosures Adequacy:
○ Evaluate the adequacy of related disclosures in the financial statements
regarding the entity's ability to continue as a going concern and communicate
any deficiencies to governance.

● Implications for the Auditor's Report:

○ Communicate the implications of the identified events or conditions on the
auditor's report, considering whether qualifications or disclosures are
necessary.

3.6 Significant Delay in the Approval of Financial Statements

Assessment and Procedures:
● Reasons for Delay Inquiry:
○ Inquire about the reasons for significant delays in the approval of financial
statements by management or governance.

● Relation to Going Concern Assessment:

○ If the delay could be related to events or conditions impacting the entity's
going concern assessment, perform necessary additional audit procedures to
assess the situation.

● Effect on Material Uncertainty Existence:

○ Consider the effect of the delay on the auditor's conclusion regarding the
existence of a material uncertainty related to going concern.

Communication and Reporting:

● Reporting Delay Implications:
○ Communicate with governance about the delay and its potential implications
for the audit report, particularly regarding the assessment of going concern.

● Additional Procedures Explanation:

○ Explain to governance the additional audit procedures undertaken if the delay
is linked to going concern issues.

Conclusion:
Effective communication with those charged with governance is crucial for addressing events
or conditions that may affect the entity's ability to continue as a going concern. This includes
discussing material uncertainties, the appropriateness of management's going concern basis,
adequacy of disclosures, and the impact of significant delays in financial statement approval.
4. COMPARATIVE INFORMATION - CORRESPONDING FIGURES AND COMPARATIVE
FINANCIAL STATEMENTS (ISA 710)
Important Definitions:
● Comparative Information:
○ Amounts and disclosures from one or more prior periods included in the
financial statements according to the applicable financial reporting framework.

● Corresponding Figures:
○ Comparative information included as an integral part of current period financial
statements, intended to be read in relation to the current period figures.

● Comparative Financial Statements:

○ Comparative information presented for comparison with the current period
financial statements, potentially audited and referred to in the auditor’s
opinion.

4.1 Audit Procedures

● Inclusion and Classification:
○ Determine if the financial statements include required comparative information
and whether it's appropriately classified.

● Agreement and Consistency:

○ Evaluate if comparative information agrees with prior period amounts and
disclosures or has been appropriately restated. Also, ensure consistency in
accounting policies between comparative and current periods.

● Changes in Policies:
○ Assess if changes in accounting policies have been properly accounted for
and disclosed.

● Material Misstatements:
○ If a material misstatement in comparative information is suspected, perform
additional audit procedures to gather sufficient evidence.

● Prior Period Audits:

○ Follow the relevant requirements of ISA 560 if the auditor audited the prior
period's financial statements. Ensure comparative information agrees with any
amended financial statements.

● Written Representations:
○ Obtain written representations for all periods referred to in the auditor’s
opinion, including any restatements made.

4.2 Audit Reporting – Corresponding Figures

 ● Modification in Opinion:
○ If the prior period's auditor's report included a modified opinion and the matter
is unresolved, modify the opinion on the current period's financial statements.

● Basis for Modification:

○ In the basis for the modification paragraph, refer to both current period’s
figures and corresponding figures if the effects of the matter are material.

● Resolved Matters:
○ If the prior period's matter is resolved and properly accounted for, no
reference to the previous modification is needed in the current period's
opinion.

● Material Misstatements in Prior Periods:

○ If material misstatements exist in prior periods and corresponding figures have
not been properly restated or disclosed, express a qualified or adverse opinion
on the current period financial statements.

● Emphasis of Matter Paragraph:

○ If corresponding figures have been restated or disclosed properly, an
Emphasis of Matter paragraph may be included in the auditor’s report.

i) Prior Period Financial Statements Audited by a Predecessor Auditor

● If referring to the predecessor auditor’s report on corresponding figures, state in an
Other Matter paragraph details such as the type of opinion expressed by the
predecessor auditor and the date of that report.

ii) Prior Period Financial Statements Not Audited

● State in an Other Matter paragraph that the corresponding figures are unaudited, but
ensure to obtain sufficient appropriate audit evidence regarding opening balances.

Practice Question 12:

In this scenario, RP Limited's previous year's audit report was qualified by the predecessor
auditor due to the failure to record an impairment loss of Rs. 67 million on plant and
machinery. However, management has recognized this impairment in the current year's
financial statements, resulting in a loss. The profit before tax for the current and prior years is
Rs. 500 million and Rs. 300 million, respectively.

Auditor's Course of Action:

1. Evaluation of the Matter: The auditor needs to evaluate whether the impairment loss
should have been recorded in the previous year's financial statements and whether it
materially affects the comparability of the current period's figures.

2. Request for Restatement: The auditor should request management to restate the
comparative figures in the current financial statements to reflect the impairment loss.

3. Impact on Audit Report:

 ● If management agrees to restate the figures and make appropriate disclosures, the
auditor may include an Emphasis of Matter paragraph in the audit report to explain
the circumstances and refer to the note in the financial statements.
● If management refuses to restate the financial statements or make appropriate
disclosures, the auditor should express a qualified opinion or an adverse opinion on
the current period financial statements, modified with respect to the corresponding
figures included therein.

Practice Question 13:

The previous year's audit report was qualified due to the inability to obtain sufficient and
appropriate audit evidence regarding stores and spares, as the ledger contained many
negative balances.

Implications on Audit Report:

1. Unresolved Matter:
● If the matter related to the previous year's modification is still unresolved, the auditor
should modify the opinion on the current period financial statements. In the basis for
the modification paragraph, the auditor should refer to both the current period's
figures and the corresponding figures when the effects or possible effects of the
matter on the current period's figures are material.

2. Resolved Matter:
● If the previous year's matter is resolved and properly accounted for or disclosed, the
auditor's opinion on the current period need not refer to the previous modification.

3. Relevance to Current Period:

● If the previous year's matter is not relevant to the current period figures but may affect
comparability, the auditor may still consider it appropriate to qualify the opinion on
current period financial statements.

Practice Question 14:

In this case, the audit manager has informed the engagement partner that the audit report for
Mars Limited needs modification due to an outstanding amount of Rs. 70 million from Utopia
Limited (UL) that is not recoverable as UL is in the process of winding up.

Auditor's Actions:
1. Evaluation of Materiality:
● The auditor needs to evaluate the materiality of the outstanding amount from UL and
its impact on the financial statements.

2. Request for Restatement:

● The auditor should ask management to restate the prior period figures in the current
financial statements and make appropriate disclosures.

3. Impact on Audit Report:

 ● If management agrees to restate the figures and make appropriate disclosures, the
auditor may include an Emphasis of Matter paragraph in the audit report describing
the circumstances and referring to the note in the financial statements.
● If management does not agree to disclose a note, a qualified or adverse opinion
should be considered.
● The auditor should also consider the impact on the going concern status of Mars
Limited, as the loss of revenue from UL may cast significant doubt on its ability to
continue as a going concern. If necessary, an emphasis of the matter paragraph
should be included in the audit report, or a qualified or adverse opinion may be
appropriate.

Practice Question 15:

a) Implications of Prior Year's Audit by Another Auditor:

The auditor will include an Other Matter paragraph in the audit report stating:
● The financial statements of the prior period were audited by the predecessor auditor.
● The type of opinion expressed by the predecessor auditor.
● The date of that report.

b) Steps and Implications in the Current Situation:

1. Review and Verification:
● Review the amount capitalized in the previous year to verify if it was incorrectly
capitalized, as claimed by Wasim Limited's (WL) CEO.

2. Consultation with Previous Auditors:

● Consult the previous auditors, with WL's permission, to understand their point of view
on the issue and review their working papers if possible.

3. Discussion on CEO Change:

● Discuss the reasons for the resignation or removal of the previous CEO, as this may
shed light on the circumstances leading to the misstatement.

4. Assessment of Material Misstatement:

If the misstatement in the previous financial statements is confirmed, it may raise doubts
about:
● Competence and integrity of client’s staff.
● The effectiveness of internal control systems and the possibility of other material
misstatements.
● Re-assess the risk of material misstatement and revise audit procedures if necessary.

5. Communication and Request for Correction:

● Communicate the misstatement in the prior year financial statements to appropriate
levels of management and those charged with governance.
● Request management to revise the prior year financial statements to correct the
misstatement.

6. Management's Response:
If management agrees to correct the misstatement and amend the prior year financial
statements:
● Request that the predecessor auditor be informed, and a revised audit report be
obtained if possible.
● If the predecessor auditor agrees to issue a new auditor’s report on the amended
financial statements of the prior period, report only on the current period.

7. Management's Refusal to Amend:

If management refuses to amend the prior year financial statements:
● The auditor may issue a qualified or adverse opinion, depending on the materiality
and pervasiveness of the matter, with respect to the prior period.
● Disclose substantive reasons for the different opinion compared to the opinion
expressed by the predecessor auditor on prior period financial statements in the
Other Matter paragraph.

Practice Question 16:

In this scenario, the inventory of a subsidiary was overvalued by Rs. 5.7 million in the year
ended September 30, 2007. This overvaluation was adjusted over the years ended
September 30, 2008, and 2009, by Rs. 1.9 million each year. Consequently, the inventory as
appearing in the consolidated financial statements for the year ended September 30, 2009,
has been overstated by Rs. 1.9 million.

Modification Paragraph:
"In our opinion, the above adjustment is not in accordance with International Accounting
Standards, which requires that the overstatement should be rectified retrospectively.
Accordingly, the inventory should be reduced by Rs. 1.9 million in the year 2009 and by Rs.
3.8 million in the year 2008. Profit for the year should be increased by Rs. 1.9 million in the
year 2009 and by Rs. 0.475 million in 2008. Accumulated retained earnings should be
increased by Rs. 2.1375 million in the year 2009 and by Rs. 0.4275 million in 2008. Goodwill
should be increased by Rs. 3.8475 million in both the years (2009 and 2008), and minority
interest should be reduced by Rs. 0.19 million in the year 2009 and by Rs. 0.38 million in
2008.

In our opinion, except for the effect on the consolidated financial statements of the matter
referred to in the preceding paragraph, the consolidated financial statements present fairly
the financial position of Blue Sky Limited and its subsidiary as at September 30, 2009, and
the result of their operation for the year then ended."

5. INITIAL AUDIT ENGAGEMENTS - OPENING BALANCES (ISA 510)

Important Definitions:
● Initial audit engagement: An engagement where financial statements for the prior
period were either not audited or audited by a predecessor auditor.

● Opening balances: Account balances existing at the beginning of the period,

reflecting the effects of transactions and events of prior periods and accounting
policies applied in the prior period. This includes matters requiring disclosure such as
contingencies and commitments.
 ● Predecessor auditor: The auditor from a different audit firm who audited the financial
statements of an entity in the prior period and has been replaced by the current
auditor.

5.1 Audit Procedures (Ref: 5-9, A1-A7)

Opening Balances:
● The auditor should read the most recent financial statements and predecessor
auditor's report.
● Obtain sufficient appropriate audit evidence about whether opening balances contain
misstatements that materially affect the current period’s financial statements by:
○ Determining whether prior period’s closing balances have been correctly
brought forward or restated to the current period.
○ Determining whether opening balances reflect the application of appropriate
accounting policies.
○ Performing one or more of the following:
■ Reviewing predecessor auditor’s working papers if the prior year
financial statements were audited.
■ Evaluating whether audit procedures performed in the current period
provide evidence relevant to opening balances.
■ Performing specific audit procedures to obtain evidence regarding
opening balances.
● The nature and extent of audit procedures depend on factors such as the entity’s
accounting policies, the nature of account balances, and the significance of opening
balances relative to current period’s financial statements.
● If prior period’s financial statements were audited by a predecessor auditor, the
current auditor may obtain sufficient appropriate audit evidence by reviewing the
predecessor auditor’s working papers.
● If the auditor finds misstatements in the opening balances that could materially affect
the current period’s financial statements, additional audit procedures should be
performed to determine the effect.
● If misstatements exist in the current financial statements, the auditor should
communicate with the appropriate level of management and those charged with
governance.

Practice Question 17:

Auditor’s Responsibility:
The auditor's responsibility regarding the verification of opening balances includes:

1. Verification of Accuracy and Consistency:

● Ensuring that opening balances do not contain misstatements that materially affect
the current period’s financial statements.
● Checking if prior period’s closing balances have been correctly brought forward to the
current period or restated when appropriate.
● Verifying that opening balances reflect the application of appropriate accounting
policies consistently.
Steps Needed:
1. Review of Predecessor Auditor’s Working Papers:
 ● If the prior period’s financial statements were audited by another auditor, review the
predecessor auditor’s working papers to obtain evidence regarding opening balances.

2. Evaluation of Current Period’s Audit Procedures:

● Evaluate whether the audit procedures performed in the current period provide
evidence relevant to the opening balances.

3. Specific Audit Procedures:

● Perform specific audit procedures to obtain evidence regarding the opening balances,
considering the nature of account balances, classes of transactions, disclosures, and
risks of material misstatement in the current period’s financial statements.

Additional Audit Procedures:

● For current assets and liabilities, perform procedures such as verifying the collection
or payment of opening accounts receivable or accounts payable during the current
period.
● For non-current assets and liabilities, examine the accounting records, obtain
confirmations from third parties, or perform other relevant procedures as necessary.

Communication:
● If misstatements are found in the opening balances that could affect the current
period’s financial statements, communicate with appropriate levels of management
and those charged with governance.

Practice Question 18:

Principal Audit Procedures:
1. Accuracy and Consistency Check:
● Determine whether the prior year’s closing balances have been correctly brought
forward to the current period or restated.

2. Review of Accounting Policies:

● Review the accounting policies applied in the previous year and the current year to
ensure consistency and appropriateness.

3. Predecessor Auditor’s Working Papers:

● If available, review the working papers of the previous auditors to obtain evidence
regarding the opening balances.

4. Current Year’s Audit Procedures:

● Evaluate whether the audit procedures performed in the current year provide
evidence relevant to the opening balances.

5. Additional Procedures:
● Perform additional audit procedures as appropriate if the initial procedures indicate
material misstatements in the opening balances.
● For example, verifying the collection or payment of opening accounts receivable or
accounts payable, observing a physical inventory, or reviewing the valuation of
opening inventory items.
Consistency of Accounting Policies:
1. Verification of Consistency:
● Obtain sufficient appropriate audit evidence regarding whether accounting policies
reflected in opening balances have been consistently applied in the current period’s
financial statements.

2. Changes in Accounting Policies:

● Ensure that changes in accounting policies have been appropriately accounted for
and adequately disclosed according to the applicable financial reporting framework.

Relevant Information from Predecessor Auditor’s Report:

1. Evaluation of Modification:
● If there was a modification in the predecessor auditor’s report, evaluate the effect of
the matter giving rise to modification in assessing the risks of material misstatement
in the current period’s financial statements.

5.2 Audit Conclusions and Reporting (Ref: 10-13, A8-A9)

Opening Balances:
● If the auditor is unable to obtain sufficient appropriate audit evidence regarding
opening balances, they shall express a qualified opinion or disclaim an opinion.
● If the auditor concludes that opening balances contain a misstatement materially
affecting the current period's financial statements, and the effect is not appropriately
accounted for or disclosed, they shall express a qualified opinion or an adverse
opinion.

Consistency of Accounting Policies:

● If the auditor finds that current period’s accounting policies are not consistently
applied in relation to opening balances or if changes in accounting policies are not
appropriately accounted for or disclosed, they shall express a qualified opinion or an
adverse opinion.

Modification to the Opinion in the Predecessor Auditor’s Report:

● If the modification in the predecessor auditor’s report remains relevant and material to
the current period’s financial statements, the auditor shall modify the opinion on the
current period’s financial statements in accordance with ISA 705 & ISA 710.
● In some cases where the modification is not relevant and material to the current
period’s financial statements (e.g., resolved scope limitation), modification may not be
necessary.

Practice Question 19:

● The auditor should assess whether sufficient appropriate audit evidence can be
obtained with respect to the quantities of inventory at the beginning of the year
through other operating procedures.
● If unable to obtain sufficient appropriate audit evidence, the auditor should modify the
audit opinion due to the unresolved matter affecting comparability.
● Even if the matter is resolved, the audit report should include an "other matter
paragraph" stating the qualification from the predecessor auditor's report.
Practice Question 20:
● If prior year’s working papers are not of the required standards, the auditor cannot
use them to verify opening balances.
● The auditor should design audit procedures for the current period to provide evidence
relevant to opening balances.
● Implications on the audit report include expressing a qualified opinion or disclaiming
an opinion if sufficient appropriate audit evidence cannot be obtained regarding
opening balances.

Practice Question 21:

● Discuss with the client's management to assess if the understatement was an error or
due to control weaknesses.
● Obtain the working for re-statement from the client and ensure proper accounting and
disclosure according to IAS-8 requirements.
● If the understatement appears intentional, consider the impact on management's
integrity and possibly withdraw from the engagement.
● Highlight the matter of restatements to those charged with governance.

6. THE AUDITOR’S RESPONSIBILITIES RELATING TO OTHER INFORMATION (ISA 720)

Important Definitions:
● Other information: Financial or non-financial information (other than financial
statements and auditor’s report) included in an entity’s annual report.
● Annual report: A document prepared typically on an annual basis by management or
those charged with governance to provide stakeholders with information on the
entity’s operations, financial results, financial position, developments, future outlook,
risks, and governance matters.

6.1 Obtaining the Other Information (Ref: 13, A11-A22):

● Discuss with management to determine which document(s) comprise the annual
report and the planned manner and timing of issuance.
● Arrange with management to obtain the final version of the document(s) timely and
preferably prior to the date of the auditor’s report.
● Request written representation from management that the final version of the
document(s) will be provided to the auditor prior to issuance by the entity.

6.2 Reading and Considering the Other Information (Ref: 14-15, A23-A38):
Read the other information and consider:
● Material inconsistency between the other information and the financial statements.
● Material inconsistency between the other information and the auditor’s knowledge
obtained during the audit.
● Indications of material misstatement in the other information not related to the
financial statements or the auditor’s knowledge obtained in the audit.
6.3 Responding When a Material Inconsistency Appears to Exist or Other Information
Appears to Be Materially Misstated (Ref: 16, A39-A4):
● Discuss the matter with management and perform additional procedures if necessary
to determine the cause of the inconsistency or misstatement.
 ● If unable to resolve, may request management to consult with qualified third parties or
consider withdrawing from the audit.

6.4 Responding When the Auditor Concludes That a Material Misstatement of the Other
Information Exists (Ref: 17-19, A44-A50):
● Request management to correct the other information; if refused, communicate the
matter with those charged with governance.
● If the other information is not corrected, take appropriate action including considering
implications for the auditor’s report, withdrawing from the engagement, or bringing the
matter to the attention of users of the auditor’s report through various means.

6.5 Responding When a Material Misstatement in Financial Statements Exists or Auditor’s

Understanding of Entity etc. Needs to Be Updated (Ref: 20, A51)
In such cases, the auditor shall respond appropriately in accordance with other ISAs:
● ISA 315 (Revised 2019) for understanding of the entity and risk assessment.
● ISA 450 for the effect of identified and uncorrected misstatements.
● ISA 560 for subsequent events.

Practice Question 22:

The auditor should consider the following steps for each situation:
● Communicate with the client and inform them about the omission.
● Assess the nature of the omission to determine if it represents a material
misstatement in the other information, financial statements, or requires an update to
the auditor's understanding of the entity.
● If revision of the other information is necessary and management agrees, review the
steps taken by management to inform recipients of the revision.
● If management refuses to revise the other information, and the auditor concludes that
revision is necessary, notify those charged with governance.
● If management does not take corrective action to the auditor's satisfaction, under the
Companies Act 2017, the auditors are entitled to attend the Annual General Meeting
and inform the shareholders themselves.
● Seek other means of communication to inform shareholders who could not attend the
Annual General Meeting.

6.6 Reporting (Ref: 21-24, 52-A58)

The auditor's report shall include a separate section with a heading “Other Information” or
other appropriate heading when:
● The auditor has obtained, or expects to obtain, other information (for audit of listed
entities).
● The auditor has obtained some or all of the other information (for audit of other than
listed entities).

This section shall include:

● A statement that management is responsible for the other information.
● Identification of other information obtained before and expected after the date of the
auditor’s report.
● A statement that the auditor's opinion does not cover other information and that the
auditor is not expressing an audit opinion or assurance.
 ● A description of the auditor’s responsibilities relating to reading, considering, and
reporting on other information.
● When other information has been obtained before the date of the auditor’s report,
either a statement that the auditor has nothing to report or a description of
uncorrected material misstatement of the other information.
When the auditor expresses a qualified or adverse opinion, consideration may be given to
modifying the statement to reflect the implications of the matter giving rise to the
modification. This includes assessing whether the other information is also materially
misstated for the same matter or a related matter.

Practice Question 23:

While reviewing the draft of the director’s report of NPL, you observed that projections of
future profitability in the director’s report for the Health Care Division are significantly higher
compared to the amounts shown in the work related to the impairment of patents. The CFO
explained that this discrepancy was due to prudence and to avoid any overstatement of
intangible assets, projections in the impairment working were kept on the lower side.

Here's how the auditor should deal with the situation:

1. Discussion with Management:
● Discuss the matter with management and inquire about the reason for keeping the
projections lower for computing the impairment on patents.
● Convince management that prudence does not allow deliberate understatement of
assets, and therefore, the argument to keep projections lower to avoid overstatement
of patents is not valid.

2. Verification of Projections:
● Since the different projections provided in the director’s report create doubt about the
reliability of projections provided earlier, the auditor should verify the correctness of
both sets of projections.

3. Determine Revision Requirement:

● Determine whether revision is required in the financial statements (impairment) or in
the director’s report.

4. Discussion on Materiality:
● If the impact on the financial statements is material, discuss the matter with
management to adjust the financial statements.
● If management refuses to amend the financial statements, the auditor shall modify
the opinion in the auditor’s report.
● If the impact on financial statements is not material, the matter may be reported in the
management letter.

5. Communication with Those Charged with Governance:

● If revision of the director’s report is necessary and management refuses to make the
revision, the auditor shall communicate this matter to those charged with governance.
 ● Include in the “Other Matter” paragraph as per ISA 720 (Revised) a statement
describing the uncorrected material misstatement of the other information.

Practice Question 24:

● If there are material inconsistencies in other information presented with financial
statements, the auditor should discuss the reasons with management and ask them
to revise the other information.
● In case of disagreement, the auditor shall communicate the matter to those charged
with governance.
● Include in the “Other Information” paragraph as per ISA 720 (Revised) a statement
describing the uncorrected material misstatement of the other information.

Practice Question 25:

The draft accounts of Kingfisher Pharmaceutical Limited (KPL) for the year ended September
30, 2010, show a profit before taxation of Rs. 115 million and total assets of Rs. 450 million.
The directors’ report attributes the current year's increase in profit before taxation by over
10% primarily to the improved operating performance of the company. However, the income
statement includes a gain on the sale of a factory amounting to Rs. 30 million, without which
the company would have reported a reduction in operating profit by 19%.

Action/Reasons:
● The inconsistency between the Directors’ Report and the financial statements is
material to the financial statements.
● The firm should ask the directors to amend the report in line with the financial
statements.

Report Implications/Modification:
● If directors refuse to amend their report, then an unqualified opinion on the financial
statements can be issued, but include in “Other Matter” Para as per ISA 720
(Revised) a statement describing the uncorrected material misstatement of the other
information. The firm may withhold its report in such a case after obtaining legal
advice.

Practice Question 26:

On reviewing the published financial statements of RRK Limited, the auditors noted several
discrepancies:

i. A material amount provided as a bad debt had been recovered after year-end, as stated in
the directors’ report.
ii. The directors' report attributes the decline in sales to general economic conditions, while
the auditors feel it was due to inappropriate management strategies.
iii. A graph in the published report depicts the value of last year’s inventory at Rs. 326 million,
which conflicts with the corresponding figures in the audited financial statements.
iv. The directors’ report states that negotiations for expansion of production facilities by
acquiring a sick unit had been finalized, but the auditors have definite information that the
deal could not be struck.

Resolution:
 ● Evidence of subsequent recovery of long outstanding debt will be evaluated. If
sufficient and appropriate, the financial statements will be revised and issued to the
shareholders along with a fresh auditors’ report. In case of disagreement with the
management, the auditor will issue a qualified opinion and take necessary actions to
prevent reliance on the previous report.
● Reason for the decline in sales is a matter of opinion and will have no impact on the
audit.
● The discrepancy in the graph may be due to a typographical mistake, which should
be communicated to the users. However, if the figure is correct, the error in the
previous period will have to be rectified retrospectively, and the opinion will be
appropriately qualified.
● The matter of acquisition of a sick unit will be discussed with the management, and in
case of disagreement, the auditor will seek legal opinion.

6.7 Reporting Prescribed by Law or Regulation (Ref: 24, A59)

When an auditor is mandated by law or regulation in a specific jurisdiction to refer to other
information in their report with a specific layout or wording:
● The report should reference ISA only if it includes:
○ Identification of other information obtained before the date of the auditor’s
report.
○ Description of auditor’s responsibilities for other information.
○ An explicit statement addressing the outcome of the auditor's work for this
purpose.

6.8 Documentation (Ref: 25)

In audit documentation, the auditor should include:
● Documentation of the procedures performed under this ISA.
● The final version of the other information on which the auditor has performed the work
required under this ISA.

Illustration 7 - Adverse Opinion Report

INDEPENDENT AUDITOR’S REPORT
To the Shareholders of ABC Company

Adverse Opinion
We audited the consolidated financial statements of ABC Company and its subsidiaries (the
Group) for the year ended December 31, 20X1. Due to the failure to consolidate subsidiary
XYZ Company, the financial statements do not present a fair view in accordance with
International Financial Reporting Standards (IFRSs).

Basis for Adverse Opinion

XYZ Company's non-consolidation affects the financial statements materially. Our audit was
conducted in accordance with ISAs, and we are independent of the Group. However, we
believe that the audit evidence is sufficient and appropriate to provide a basis for our adverse
opinion.

Other Information
Management is responsible for the other information. Our opinion does not cover this
information. If we find material misstatements, we are required to report them. The failure to
consolidate XYZ Company materially affects this information.

Key Audit Matters

Key audit matters are described in accordance with ISA 701.

Responsibilities of Management and Those Charged with Governance for Financial

Statements
Reporting in accordance with ISA 700 (Revised).

Auditor’s Responsibilities for the Audit of the Financial Statements

Reporting in accordance with ISA 700 (Revised).

[Signature/Name of the auditor or audit firm]

[Auditor Address]
[Date]