PRACTICE REVIEW ROAD SHOW JUNE 2008

Presentation by: Jillian Bailey IRBA Director of Practice Review 1

PRACTICE REVIEW ROAD SHOW JUNE 2008

2 PROGRAMME • Practice review process (1.25 hours) • Questions (15 minutes) • Tea break (30 minutes) • Auditing standards requirements for engagement reviews (1.25 hours) • Questions (15 minutes)

PRACTICE REVIEW

• Performed in terms of Section 47 of the Auditing Profession Act.

• IRBA functions include promoting the integrity of the auditing profession through conducting practice reviews.

• 2 types of reviews performed as separate processes, carried out by full time qualified professional staff of the IRBA, on a cyclical basis: Engagement reviews and Firm reviews.

3

PRACTICE REVIEW

• Engagement reviews applicable to all attest registered auditors (RAs). Commenced in 1995, performed 8077 reviews to date. Currently in 3 rd review cycle.

• Firm reviews in present cycle performed on audit firms involved in audits of listed companies, including subsidiaries, associates, joint ventures. Commenced in 2006, performed 23 reviews to date. • In future, firm reviews will be performed on all audit firms involved in audits of public interest entities.

4

PRACTICE REVIEW

Objectives: • Engagement reviews: monitor RAs compliance with relevant professional standards in performance of attest function. Review sufficiency and appropriateness of audit evidence obtained and appropriateness of key audit judgements made. Accounting and disclosure issues raised in an audit context. • Firm reviews: inspect the design and implementation of an audit firms system of quality control. Use IFAC definition of a network firm. 5

PRACTICE REVIEW

Scope: • Engagement reviews: audits of financial statements, attorneys trust audits, and estate agents trust audits.

• Firm reviews: control system elements being leadership responsibilities, ethical requirements, client acceptance and continuance, human resources, engagement performance, and monitoring.

6

PRACTICE REVIEW

Review cycles: RA/Firm must be found satisfactory in a review cycle before proceeding to next cycle.

Engagement reviews: depends on classification of RAs attest portfolio. 3 year cycle if category A and/or B and C clients. 6 year cycle if exclusively category C clients. 6 year cycle = desk top reviews. Firm reviews: 3 year cycle.

7

PRACTICE REVIEW

Population: Engagement reviews: • Higher risk attest portfolios = 1429 RAs. Allocate 1 reviewer (CA) to each RA for 2-4 days. Bill R17k R31k plus VAT per review.

• Lower risk attest portfolios = 1464 RAs. Allocate 1 reviewer (CA) to each RA for 1 day. Bill R8k plus VAT per review.

8

PRACTICE REVIEW

Population (cont.): Firm reviews: • 4 big audit firms. Allocate 4 reviewers (2 CAs, 1 lawyer, 1 HR consultant) for 45 days to each firm. Bill R1.3m per firm.

• 4 mid tier audit firms. Allocate 4 reviewers (2 CAs, 1 lawyer, 1 HR consultant) for 25 days to each firm. Bill R700k per firm.

• 22 smaller audit firms. Allocate 4 reviewers ( 2 CAs, 1 lawyer, 1 HR consultant) for 12 days to each firm. Bill R336k per firm.

9

PRACTICE REVIEW

Proposed future funding model: • Implementation not finalised.

• Re-reviews to continue to be billed at hourly rate for time spent.

• Initial reviews in cycle to now be included in overall IRBA costs, which it is proposed be fund as follows:  1/3 from government  1/3 from audit profession  1/3 from levies on public interest entities.

10

PRACTICE REVIEW

Review decision either: • Satisfactory = full scope review in next review cycle or • Re-review = review in one years time or • Investigation committee referral = disciplinary action by IRBA.

Engagement re-reviews = full scope review.

Firm re-reviews = limited scope review on items which caused the re-review.

11

PRACTICE REVIEW

Re-review criteria for review cycle: • Sufficient and appropriate documentation required.

• Verbal representations not accepted.

• Engagement reviews: non compliance with any one of the criteria results in re-review.

• Firm reviews: non-compliance which may result in inappropriate audit opinions being expressed results in re-review.

12

PRACTICE REVIEW

Referral to Investigating committee if: • Public is at risk or • Flagrant disregard of professional standards or • Re-review indicates failure to implement corrective action or • Refusal to co-operate in the review process.

Since inception to date there have been 300 (3.7%) referrals to investigating committee.

13

PRACTICE REVIEW

Inspection committee: Comprises 4 RAs from big audit firms, 3 RAs from smaller audit firms, 3 non-RAs and 1 IRBA Board member. Responsibilities include: • Determining re-review criteria for each review cycle • Assessing appropriateness of standard documentation used in review process • Determining outcome of reviews on anonymous basis.

14

PRACTICE REVIEW

Review process: • Schedule review date 8 weeks in advance • Request pre-review information from RA/Firm • Perform review of RA/Firm • Discuss review findings with RA/Firm (no third party attendance allowed) • Issue draft findings • Obtain written comments from RA/Firm on review findings within specified time frame.

15

PRACTICE REVIEW

Review process (cont.): • Prepare formal review report containing findings, comments received and extracts from standards and make recommendation on review result in terms of re-review criteria • Perform review department consistency/quality control checks • Issue formal review report to RA/Firm.

16

PRACTICE REVIEW

Review process (cont.): • Bill RA/Firm for time spent on review and report • Present formal review report to Inspection Committee on anonymous basis at quarterly meeting for decision on findings of review • Director Practice Review relays committee decision to RA/Firm • Receive undertaking from RA/Firm to implement corrective action.

17

PRACTICE REVIEW

Review process (cont.): • If RA/Firm believes that re-review decision should be reconsidered due to committee having insufficient information available at time initial decision was made, they have 45 calendar days from decision date to submit detailed written request which will be considered on anonymous basis at next quarterly committee meeting for final decision. Only 1 request per RA/Firm allowed.

18

AUDITING STANDARDS ISA 200

19 • Objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared in all material respects in accordance with the applicable financial reporting framework.

• Comply with ethical requirements and conduct audit in accordance with ISA. • Maintain attitude of professional skepticism.

AUDITING STANDARDS ISA 220

20 Client acceptance/continuance: • Client integrity • Engagement team competency/time/resources • Significant changes • Previous auditor • Opening balances on initial engagements (ISA 510).

AUDITING STANDARDS ISA 220

21 Ethical requirements: • Independence • Integrity • Objectivity • Professional competence and due care • Confidentiality • Professional behaviour.

AUDITING STANDARDS ISA 210

22 Terms of engagement: • Agreed terms recorded in letter or other suitable form, specifying contractual obligations of both parties.

• Confirms auditors acceptance of appointment, objective and scope of audit, extent of auditors responsibilities to client, form of reports.

• Assess acceptability of financial reporting framework adopted.

23

AUDITING STANDARDS ISA 240

Fraud considerations: • Partner and key members of engagement team discuss the risk of misstatement due to fraud.

• Risk assessment procedures include management inquiries, fraud risk factors, unusual analytical review relationships, other info.

• Risk of material misstatements due to fraud = significant risk.

• Presumption of fraud risk in revenue recognition and management override of controls.

AUDITING STANDARDS ISA 315

24 Understanding entity and its environment: • Industry, regulatory, external factors • Financial reporting framework • Nature of entity • Related parties (ISA 550) • Accounting policies • Objectives, strategies and related business risks • Financial performance.

AUDITING STANDARDS ISA 315

25 Understanding entity and its environment (cont.): • Laws and regulations (ISA 250) • Environmental matters (IAPS 1010) • Internal control  The control environment  The entity’s risk assessment process  The information system  Control activities  Monitoring of controls.

AUDITING STANDARDS ISA 200

26 Risk assessment: •Audit risk is a function of the risk of material misstatement and detection risk.

• Risk of material misstatement = inherent risk and control risk.

• Consider risk of material misstatement at two levels:  Overall financial statement level.

 Assertion level for classes of transactions, account balances and disclosures.

AUDITING STANDARDS ISA 315 and 330

27 Significant risks: • Include: fraud risk, judgemental matters, non-routine transactions, complex transactions, significant transactions with related parties.

• For significant risks if planning to rely on operating effectiveness of controls must test controls in the current period, and perform substantive procedures responsive to risk.

AUDITING STANDARDS ISA 320

28 Materiality: • The auditor should consider materiality and its relationship with audit risk when conducting an audit.

• Materiality should be considered when:  Determining the nature, timing and extent of audit procedures and  Evaluating the effect of misstatements.

AUDITING STANDARDS ISA 300

29 Audit strategy: • Scope – financial reporting framework, industry specific reporting requirements, location of components.

• Timing – reporting deadlines, key dates.

• Direction – materiality levels, areas with higher risk of misstatement, material components and account balances, if testing operating effectiveness of controls, recent developments, resources required.

AUDITING STANDARDS ISA 300

30 Audit plan: • Nature, timing, and extent of planned risk assessment procedures.

• Nature, timing and extent of planned further audit procedures at assertion level for material classes of transactions, account balances and disclosures, in response to assessed risks.

• Other required audit procedures.

• Nature, timing and extent of direction and supervision of engagement team and review of their work.

AUDITING STANDARDS ISA 330

31 Audit procedures: • Nature – purpose (controls or substantive) and type of procedure • Timing – when performed and period/date to which audit evidence applies • Extent – the quantity of specific procedure to be performed

AUDITING STANDARDS ISA 330

32 Audit procedures (cont.): • Tests of controls when risk assessment includes expectation of operating effectiveness of controls or when substantive procedures alone do not provide sufficient appropriate evidence at the assertion level.

• Irrespective of assessed risk of material misstatement substantive procedures always required for material classes of transactions, account balances, and disclosures.

AUDITING STANDARDS ISA 330

33 Audit procedures (cont.): • If auditor plans to rely on controls that have not changed since last tested, the auditor should test operating effectiveness of such controls at least once in every third audit.

• If there are a number of controls which the auditor determines appropriate to use audit evidence obtained in prior audits, the auditor should test operating effectiveness of some controls each audit.

AUDITING STANDARDS ISA 500

34 Audit evidence: • Use assertions to assess risk of material misstatement.

• Design audit procedures to respond to assessed risks.

• Types of audit procedures for obtaining sufficient appropriate audit evidence: inspection, observation, inquiry, confirmation, recalculation, reperformance, analytical procedures.

AUDITING STANDARDS ISA 500

35 Audit evidence: • Assertions about classes of transactions:  Occurrence  Completeness  Accuracy  Cut-off  Classification.

AUDITING STANDARDS ISA 500

36 Audit evidence: • Assertions about account balances:  Existence  Rights and obligations  Completeness  Valuation and allocation.

AUDITING STANDARDS ISA 500

37 Audit evidence: • Assertions about presentation and disclosure:  Occurrence and rights and obligations  Completeness  Classification and understandability  Accuracy and valuation.

AUDITING STANDARDS ISA 230

38 Working papers: • Describe the nature, timing, and extent of the audit procedures performed to comply with ISAs /legal /regulatory requirements.

• Describe the results of the audit procedures and the audit evidence obtained.

• Describe significant matters arising during the audit and the conclusions reached thereon.

AUDITING STANDARDS ISA 230

39 Working papers (cont.): • Describe the identifying characteristics of the specific items or matters being tested.

• Describe who performed the work, the date completed, who reviewed the work and the date and extent of review.

AUDITING STANDARDS

40 • Journal adjustments (ISA 240) • Evidence of review (ISA 220) • Consultations (ISA 220) • Differences of opinion (ISA 220) • Pre-issuance review (ISA 220) • Enquiries regarding litigation and claims (ISA 501 and SAAPS 4) • Attendance at physical inventory count, valuation and disclosure of long-term investments, segment info (ISA 501)

AUDITING STANDARDS

41 • Analytical procedures (ISA 520) • Audit sampling (ISA 530) • External confirmations (ISA 505) • Bank confirmations (SAAPS 1100) • Estimates (ISA 540) • Fair value (ISA 545) • Electronic commerce (IAPS 1013) • IFRS compliance (IAPS 1014)

AUDITING STANDARDS

42 • Using the Work of an Expert (ISA 620) • Using the Work of Another Auditor (ISA 600) • Considering the Work of Internal Audit (ISA 610) • Audit Considerations Relating to Entities Using Service Organisations (ISA 402) • Reportable Irregularities (APA)

AUDITING STANDARDS ISA 320

Unadjusted differences: • Consider materiality when evaluating effect • Consider effect both individually and in aggregate (ISA200).

43

AUDITING STANDARDS ISA 560

Subsequent events review: • Period - to date of audit opinion • Purpose - to identify events that may require either adjustment of, or disclosure in, financial statements . 44

AUDITING STANDARDS ISA 570

Going concern considerations: • Consider going concern when obtaining an understanding of the entity and throughout the audit.

• Auditor evaluates management’s assessment.

• Numerous indicators/factors.

• Going concern appropriate but material uncertainty:  adequate disclosure - emphasis of matter paragraph  inadequate disclosure - qualified or adverse opinion • Going concern inappropriate:  adverse opinion.

45

AUDITING STANDARDS ISA 580

Management representations: • Seek corroborative evidence • Evaluate reasonableness and consistency with other audit evidence • Made by well-informed individual.

• Management confirms unadjusted differences are immaterial.

• Management acknowledges responsibility for design and implementation of internal control.

46

AUDITING STANDARDS ISA 260

47 Communicating audit matters with those charged with governance: • Reporting unadjusted differences determined by management to be immaterial. • Reporting material weaknesses in design or implementation of internal control (ISA 315).

• Reporting non-compliance with laws and regulations (ISA 250).

• Reporting fraud (ISA 240).

• Reporting significant assumptions used in fair value measurements (ISA 545).

AUDITING STANDARDS ISA 700

Audit reports: • Audit conducted in accordance with ISA • Complied with ethical requirements • Dated at completion date of audit after approval of financial statements by management.

48

AUDITING STANDARDS ISA 701

49 Audit report modifications: •Matters that do not affect opinion emphasis of matter • Matters that do affect opinion opinion either qualified, disclaimer of opinion or adverse opinion •Scope limitation - either qualified or disclaimer of opinion •Disagree with accounting policies/application/disclosure - either qualified or adverse opinion.

AUDITING STANDARDS ISA 710

50 Corresponding figures: • Determine whether corresponding figures comply with financial reporting framework:  Accounting policies are consistent or appropriate adjustments/disclosures made  Figures agree with amounts and disclosures presented in prior period or appropriate adjustments/disclosures made.

AUDITING STANDARDS ISA 720

51 Other info in documents containing audited financial statements: • Read other info to identify material inconsistencies with audited financial statements.

• If amendments necessary and entity refuses to make amendments consider either emphasis of matter or legal advice.