icaew.com/aaf

The newsleTTer for faculTy members June 2011 | Issue 160

Audit & beyond

some firms conduct cold file reviews on a rolling basis throughout the year and this can be beneficial where there have been changes in audit procedures and personnel.

when there are changes in audit procedures and personnel it is important that the firm identifies any audit quality issues early so that these can be addressed quickly.

who should conduct the reviews?It is essential that whoever conducts the reviews:

• is objective;• is technically up to date;• has sufficient experience and

knowledge of specialist audits where these types of reviews are involved eg, listed audits, charities; and

• has sufficient standing and authority to conduct challenging reviews and provide effective feedback.

suitable reviewers could be from:

• within the firm; • Icaew; • a training organisation; or• another registered auditor.

If you use a third party to conduct your reviews, you should check that they have the appropriate recent technical knowledge and experience. This may include specialist industry knowledge or experience of dealing with listed clients. any third party conducting an acr should also complete a confidentiality declaration.

In ThIs Issue…

is your audit compliance review process effective?

the wrong type of red tape? An opinion piece

the new bribery Act – what do you, and your clients, need to know?

it’s all change for the spring 2011 roadshow

Assurance reporting on investor stewardship

do audit committees really engage with auditors on audit planning and performance?

use of internal audit

technical Q&A

bulletin board

is your audit compliance review process effective?The audit compliance review (acr) is an important process for ensuring that audit work stays on track. our experience is that firms that carry out an effective acr find that it is time and resource well spent, but firms do not always get the benefit they should from the process.

we hope that this article will help you to understand the acr requirements better and avoid potential pitfalls.

what is involved in an acr?The acr is a two-part exercise:

• a whole-firm review looking at the procedures the firm has in place to comply with audit regulations and IsQc (uK and Ireland) 1; and

• cold file reviews looking at a sample of completed audits. The reviews are ‘cold’ because they take place after the whole audit process has been completed and after the audit opinion has been given.

some firms carry out hot file reviews (engagement Quality control reviews) as part of their quality control procedures and/or to safeguard against ethical threats. firms conduct these reviews before the audit report is signed. These reviews are not part of the acr process, although the acr will check that hot reviews have taken place where appropriate.

how do you approach the acr?There are a number of commercial acr programmes and checklists available to use. Icaew publishes a whole-firm audit review checklist and cold file review checklist; these can be found in the helpsheets tab at icaew.com/practice.

audit regulation 3.20 requires a registered auditor to monitor compliance with the regulations at least once a year. This means conducting both a whole-firm review and cold file reviews.

The cold file reviews should cover the audit work of all responsible Individuals (rIs) over a period of not more than three years, although most firms review the work of each rI every year. The sample of audits should include specialist and high-risk engagements. many firms also plan to cover the work of senior audit staff on a regular basis.

Linda barnes manager, Quality assurance Department.

01 is your audit compliance review process effective?

linda barnes highlights the benefits of a effective audit compliance review process.

03 the wrong type of red tape? An opinion piece

neil harris provides a viewpoint on the proposals to increase the audit exemption threshold.

04 the new bribery Act – what do you, and your clients, need to know?

andrew Güntert and emma hardacre summarise some of the key aspects of the act.

05 it’s all change for the spring 2011 roadshow

sandra higgins highlights the benefits of attending the spring roadshow.

06 Assurance reporting on investor stewardship

Jo Iwasaki discusses the publication of new faculty guidance on adherence to the new stewardship code.

06 do audit committees really engage with auditors on audit planning and performance?

Zoe Jeakins provides information about an event on interaction between audit partners, audit committees, audit committee chairs and finance directors.

07 use of internal audit myles Thompson discusses

external auditors’ reliance on the work of internal audit.

07 technical Q&A nicky swaisland answers

a question in relation to payments by clients via electronic bank transfers.

08 bulletin board

In ThIs Issue…

is your audit compliance review process effective? (cont’d)

The correct choice of reviewer will ensure that the acr is of sufficient depth and will be of greatest value to the firm.

you can find details of the Icaew service at icaew.com/en/members/practice-resources/practice-management/practice-support-services.

what if I am a sole rI?sole rIs might not have staff with appropriate experience to conduct cold file reviews. In these circumstances, many practitioners choose to have annual reviews from external organisations. some sole rIs conduct their own external cold file reviews; these can be effective but it is difficult to be objective when reviewing your own work.

clarified IsQc (uK and Ireland) 1 is clear that cold file reviewers must be independent from the audit concerned. This means that a sole rI is very likely to need cold file reviews from an external organisation at least once every three years, although internal cold file reviews may be adequate in intervening years.

we believe that many firms will benefit from external cold file reviews during 2011/2012 as they get to grips with the new clarified Isa requirements.

what should you do with the results of the reviews?summarise and conclude on the results of your cold file reviews. Don’t just put the documents in your compliance file!

use results from both cold file reviews and the whole-firm review to identify the follow-up actions required and disseminate the results of the reviews and actions within the firm. your actions may include some training courses and possibly changes in procedures.

monitor progress carefully over the months following your acr to ensure that the actions that you planned are implemented.

It probably goes without saying that all of this should, of course, be documented.

where do firms sometimes go wrong?review of a firm’s acr is an important part of QaD’s monitoring visits.

sometimes there is no evidence that the firm has carried out an acr. This potentially raises two issues – the firm hasn’t complied with audit regulation 3.20 and may have given an incorrect statement on its annual return. The audit registration committee takes a dim view of

firms that have provided misleading information.

we may conclude that cold file reviews have not been carried out in sufficient depth to identify areas of weakness. This could be because the reviewer is not technically up to date, lacks experience, or perhaps has used out of date checklists.

In some cases, the acr identifies weaknesses that have not been followed up. sometimes weaknesses seem to recur year on year. The acr is not an isolated activity but should be viewed as an important tool in driving continuous improvement in audit quality.

further informationThe faculty’s guidance, Quality Control in the Audit Environment icaew.com/technical/audit-and-assurance/faculty/audit-and-assurance-faculty-publications explains the firm’s monitoring requirements under IsQc (uK and Ireland) 1.

Guidance on all aspects of audit regulations can be found on the Icaew website icaew.com/en/technical/audit-and-assurance/working-in-the-regulated-area-of-audit.

02 auDIT & beyonD June 2011

the wrong type of red tape? An opinion piece

reducing excessive regulation of business is clearly desirable; the difficulty lies in determining what is ‘excessive’ as all regulation had a purpose when implemented.

The Department of business Innovation and skills (bIs) has at least two initiatives to reduce the burden on small business of interest to accountants:

• proposals in europe to increase the audit threshold to remove medium-sized companies from the statutory audit requirement; and

• a new single person corporate entity for sole director/shareholder companies with simplified annual returns and accounts.

In any case bIs proposes to increase the small company thresholds in line with eu minima to take account of the devaluation of sterling against the euro. This demonstrates a problem with such regulation being eu sourced – after all, it seems unlikely there would be a reduction in the thresholds if sterling subsequently appreciated against the euro.

The first initiative has generated much interest judging by more than 15,000 viewings of michael Izza’s blogs on the subject at www.ion.icaew.com/moorgatePlace/21707 and www.ion.icaew.com/moorgatePlace/22029. The second initiative is more recent and originally arose because companies house wanted to remove such entities from its register.

The value of the statutory audit for smes to businesses, investors and other stakeholders is a subject of debate. audit professionals who believe that high-quality, trusted financial information is fundamental to business confidence will need to make their case persuasively and not be seen as acting out of self-interest. nevertheless, increasing audit thresholds by large margins and exempting medium-sized companies may indicate a lack of appreciation of the ’latent value’ of audits and the potential impact on creditors and tax revenues.

equity investors, debt finance providers, trade suppliers and customers have a legitimate interest in obtaining financial information about companies they are investing in or dealing with, and which they may not be able to obtain through contractual negotiation. uK company law as a whole was originally based on creditor protection and many risks to the economy could arise if bIs removes such protections or does not properly enforce them. for example:

• audit exempt companies can file clearly non-uK GaaP compliant accounts at companies house – of course assuming the relevant pages meet the companies house requirements ie, to display the registered number in the right place and being signed in black ink! neither bIs nor companies house appears to appreciate that the reason for public filing is for suppliers, other creditors, and customers etc to know about the financial status of companies they trade with. such users’ needs for reliable financial information are legitimate when trading with entities that have the benefit of limited liability. If smes object strongly to providing this information, or the cost of doing so, nothing prevents them trading as unincorporated businesses with unlimited liability.

• companies house operates what almost amounts to a fraudsters’ charter by striking off companies that fail to file accounts – ignoring the fact that such

companies may owe money to creditors who struggle to get the company reinstated to recover their debt. rather than incorrectly assuming creditors will be aware of notices in the London Gazette stating the intention to strike the company from the register so that creditors can object, bIs should take effective action to ensure that directors take their responsibilities seriously. Instead of sending fines to directors who probably never pay them, why not change company law so that every director of a company that fails to file accounts or annual returns is personally liable for the company’s debts until the omission is rectified, thus driving home that limited liability is a privilege with commensurate obligations?

audit in accordance with Isas is not a prerequisite for ensuring that publicly filed accounts are reliable, but if the statutory audit threshold is increased other protections and sanctions warrant consideration, including:

• Differentiating between the scope and nature of audits between publicly accountable companies and other companies. The current ‘one-size fits all’ nature (even with Pn 26 guidance for small companies) inhibits practitioners’ ability to deliver value via the audit process, eg, do restrictions in the ethical standards for auditors contribute to independence sufficiently to outweigh reductions in value-added services provided to non-listed clients?

• mandating the use of assurance reports for medium-sized entities.

• restricting the use of the term accountant to members of professional regulatory bodies so users know whether accounts filed with accountants’ compilation reports are prepared by competent professionals. although the government has rejected this previously, given increased regulation of personal financial advisers and bankers in the public interest, Icaew should again emphasise the need to protect the public and public finances through properly regulated corporate reporting.

a number of responses to michael Izza’s blog were in favour of exempting all non-listed and non-public interest entities from statutory audit because they felt it was an unnecessary cost for businesses without external shareholders, that professional standards of accountants preparing accounts were an adequate safeguard (if the term accountant

were properly regulated), and because there was nothing to prevent shareholders or other stakeholders seeking a voluntary audit. Given the wide spectrum of views, it would be useful if bIs consulted widely with entrepreneurs, shareholders, insolvency practitioners, employee representatives and sme equity and debt finance providers. with public finances under pressure, bIs could also liaise with hm Treasury and hmrc to consider whether there is, as some practitioners believe, evidence that audit exempt companies report lower taxable profits than audited companies. This would provide evidence that the benefits of increasing the number of exempt companies (presumably in terms of savings in professional fees and management time), outweigh the potential additional costs of reduced reliability of accounts for users.

In the meantime, it remains incumbent on audit practitioners to continue to maintain the highest standards of competence in order to demonstrate the value of audit (and other assurance services) to clients, regulators and legislators, and perhaps together with the audit and assurance faculty identify those areas where audit can add additional value to smes.

bIs’s suggestion of a new corporate form for sole shareholder/director companies also ignores the interests of creditors. The frsse appears entirely appropriate for such companies and is not complex. In particular, the need to disclose various matters regarding shareholders’ and directors’ interests and related party transactions, assists creditors in assessing whether the company’s assets are used appropriately. moreover, specific exemptions for micro entities would make companies act 2006 legislation more complex as the underlying principle of ‘small first’ is overturned. The administrative burden of filing a standard annual return for sole-owner businesses is not excessive – I question whether a director who found it is so, is a suitable person to run a business – certainly compared to the costs of health and safety, equality, environmental, employment, tax, anti-money laundering and other legislation, and perhaps bIs should focus more on reducing the regulatory burden on smes in those areas.

neil Harris is a Partner at reeves & co llP and a member of the faculty’s Practitioner services committee. The views expressed in this article are his own.

auDIT & beyonD June 2011 03

the new bribery Act – what do you, and your clients, need to know?

The bribery act 2010The act is a consolidation of the piecemeal existing anti-bribery legislation plus some enhancements, bringing the uK’s law in this area up to the required international standard. It was originally intended to come into force on 1 april 2011 but after a government review the ministry of Justice announced on 30 march that it would come into force on 1 July 2011. on the same day it published The Bribery Act 2010 Quick Start Guide and Guidance about procedures which relevant commercial organisations can put in place to prevent persons associated with them from bribing www.justice.gov.uk/guidance/making-and-reviewing-the-law/bribery.htm.

In this article, we look at the act, the offences it creates and highlight some particular points of note for both practitioners and their clients, with the aim of giving a useful factual guide to what the act requires.

The offencesThere are four types of offence in the act:

1 ‘giving‘ offences ie, promising, offering or giving bribes whether directly or indirectly;

2 ‘receiving‘ offences ie, requesting, receiving or agreeing to receive a bribe;

3 bribery of a foreign public official, which includes foreign government officials and also individuals working for international organisations; and

4 a corporate offence of failing to prevent bribery where a commercial organisation may be guilty if someone who is acting on its behalf commits an offence (under 1 or 3 above).

what is a bribe?There is no specific definition of ‘bribe‘ in the act. however, it outlines cases that would constitute bribery. The key elements of those cases are:

• a financial or other advantage; and• intention to induce improper performance of a function

or, in the case of bribery of a foreign public official, intention to influence the recipient in their capacity as such an official (so no impropriety is required).

The function must be of a public nature, in connection with a business or in the course of employment or on behalf of a body of persons. In other words, the function does not relate to the private life of the recipient of the bribe. It must be a function that the recipient is expected to perform in good faith, or impartially, or from a position of trust. what constitutes improper performance is breach of a relevant expectation that the function will be performed in that way. and the test of what is expected is an objective one – what would a reasonable person in the uK expect? local custom is not relevant.

Territorialitysection 12 gives a detailed description of the territoriality of bribery offences. It is a lengthy provision but in effect, it states that acts carried out by anyone with a close connection to the uK which would be classed as offences here, remain offences under uK law regardless of where they were committed. ‘close connection‘ means:

• any british person (in whatever way they obtained that status); or

• anyone who ordinarily lives here; or • any body incorporated under

uK law.

This is a broad application but not completely without parallel – the Proceeds of crime act 2002 contains a similar concept as regards acts that would be criminal in the uK and the existing anti-bribery legislation has a wide territorial application following amendments in the anti-Terrorism, crime and security act 2001.

elements of the new corporate offencea corporate offence will be committed if the bribery is committed by someone associated

with a commercial organisation, with an intention of securing a business advantage for the organisation and the corporate offence can be applied even if the individual concerned is not prosecuted. a person is ‘associated‘ if they perform services on behalf of an organisation. This may include employees, agents and subsidiaries, depending on the circumstances. The guidance addresses the point on subsidiaries and looks at whether or not they are operating independently from their parent, so the bare fact that they are subsidiaries does not mean they are associated for the purposes of the act.

as mentioned below, there is a defence set out in the act. This includes the need to have proof that adequate procedures were in place. The Government’s final guidance sets out six principles on which those procedures should be based:

1 proportionate procedures;2 top-level commitment;3 risk assessment;4 due diligence;5 communication (including

training); and6 monitoring and review.

as a minimum, organisations large or small should do the following:

• carry out a risk assessment of their activities and of appropriate due diligence into third parties such as agents and suppliers;

• compile anti-bribery policies and procedures based on the first step considered and approved by senior officers of the company; and

• publicise their policies and procedures and amend employment contracts as necessary in a proportionate manner.

The breadth and depth of what is required will vary from organisation to organisation; every business may need something written as their proof that the procedures exist.

04 auDIT & beyonD march 2011

The final guidance does, however, say ‘there is a full defence if you can show you had adequate procedures in place to prevent bribery. but you do not need to put bribery prevention procedures in place if there is no risk of bribery on your behalf’.

corporate hospitalityThere has been press speculation about the impact of the act and the extent of its effect on uK business, particularly in its impact on corporate hospitality. The guidance makes it clear that ‘The Government does not intend for the act to prohibit reasonable and proportionate hospitality and promotional or other similar business expenditure... it is, however, clear that hospitality and promotional or other similar business expenditure can be employed as bribes.’

Intention would seem to be the key here. what does one intend with the hospitality being offered? The guidance states ‘... there must be an intention for a financial or other advantage to influence the official in his or her official role...‘ [for the section 6 offence]. what should be avoided, is hospitality that is disproportionate to the situation. for example, extending an invitation to a client’s finance director for a match at Twickenham may be reasonable, but an all expenses paid trip to the world cup final in auckland in october could be deemed to be excessive. In several places the guidance uses the terms ‘reasonable and proportionate’ and refers to taking account of the circumstances, including the relevant industry sector, in deciding what is reasonable and proportionate.

facilitation paymentssome countries, including the us, have anti-bribery laws that do not extend to facilitation payments. facilitation payments are amounts paid to expedite processes that would otherwise happen, just more slowly. The concept

is not recognised in uK law and facilitation payments are not allowed under the bribery act. The guidance reinforces that position explicitly as well as making the point that these are not legal under the existing law.

Threatening situationswhat is the position if you are under threat and a payment is required? for example, where you are stopped by armed police in a foreign country and a bribe demanded?

again, the guidance addresses this specific point. where ‘life, limb or liberty’ is threatened, the guidance suggests that the common law defence of duress is very likely to be available. should this happen it might be advisable to make a report to the relevant person in your organisation as soon as practicable.

money laundering reportsbribery is, and will continue to be, a criminal offence. Those within the accounting profession are required to report suspicions of money laundering ie, where they or anyone else are doing anything with the proceeds of crime. The proceeds of bribery will therefore be reportable; given the maximum sentence of 10 years, the overseas reporting exemption will not apply.

action to be taken?apart from becoming familiar with the legislation and being aware of the ministry of Justice guidance, practitioners need to ensure that clients are advised of the development and that they take appropriate action. for auditors, this may mean including the bribery act in the review of applicable legislation. all clients need to carry out some risk assessment and document their findings (which for many small businesses may be a short and simple exercise). They should also produce some documentation confirming what their policies and procedures are. The higher the risk, the more likely it is that they will feel it necessary to amend employment contracts and publish their policy.

auDIT & beyonD June 2011 05

Andrew Guntert is a lecturer with the mercia Group ltd and a member of the faculty’s Technical and

Practical auditing committee.

emma Hardacre is the money laundering reporting officer at Deloitte llP.

Sandra Higgins is chair of the faculty’s Practitioner services committee.

it’s all change for the spring 2011 roadshow

It’s all change for the spring 2011 roadshow topical issues for today’s SMe Practitioner. clarity Isas hardly get a mention and we have a change of speaker. many of you will already be familiar with mike ulrich’s extensive knowledge of current issues. for those of you who haven’t come across him before, mike is a well-respected presenter with 20 years’ experience on the circuit. he also runs his own audit-registered practice so he has personal experience about what it’s like to be on our side of the fence.

This half-day session is aimed at addressing some of the other challenges we are currently experiencing when acting for smes. with a lot of focus over the last year or so on preparing for and implementing clarity Isas, this time we get to hear about some of the other issues facing us today.

one of the most problematic areas is service charge accounts and reporting. Do you understand the guidance and reporting framework? This could be described as a bit of a mess, but mike makes a valiant effort at unravelling it all and provides us with an insight into how we are supposed to be handling these assignments.

most smPs probably have an increasing proportion of specialised audit clients, such as charities and pension

schemes. These are covered in the roadshow, making it an excellent opportunity to get to grips with the new auditing standards and their specific application to these specialist audits. There is also a section on reporting on grant claims, another area for which new guidance was issued last year.

I am sure I am not the only one who has had difficulty in getting through to technical support from my accounting software provider recently. iXbrl seems to have caused major meltdown, even to the point where I heard on the grapevine that one well-known supplier of accounting software has given up and agreed with hmrc that their tagging would be accepted even though it wasn’t quite right. The roadshow clarifies some of the relevant Xbrl tagging issues that we are having problems with.

on a final note, for those of you who were worried that you had heard the last of John selwood and clarity Isas, rumour has it he’ll be back in the autumn with ideas to make auditing so efficient we’ll be wondering what to do with all our over-recoveries!

Go to icaew.com/aaf to book onto the remaining dates for the spring roadshow and to find out more about the forthcoming autumn roadshow.

06 auDIT & beyonD June 2011

Assurance reporting on investor stewardship

parties which can be found at icaew.com/technical-release-aaf-01-06. In developing the Stewardship Supplement, the faculty consulted widely with the investor community. The guidance focuses on principles 1, 2, 6 and 7 of the code which are considered ‘objectively verifiable’ and the scope of assurance reporting is limited to the fair description of investors’ commitment to the code at present.

The use of aaf 01/06 has increased since the initial launch in 2006, when the guidance was primarily addressed to financial service organisations such as custodians and investment managers who report on their internal controls over third-party assets. In 2009, the scope of aaf 01/06 was extended to cover other types of financial service organisations such as private equity and hedge fund management. In 2010, a new appendix was added to enable aaf 01/06 assurance reporting compatible with the Iaasb’s assurance standard Isae 3402, Assurance Reports on Controls at a Service Organization.

aaf 01/06 is based on the Iaasb’s Isae 3000, Assurance engagements other than audits or reviews of

shareholder engagement is a key driver of corporate accountability. The frc issued a framework for this engagement, the UK Stewardship Code www.frc.org.uk/corporate/investorgovernance.cfm in July 2010.

The UK Stewardship Code aims to enhance the quality of engagement between institutional investors and companies to help improve long-term returns to shareholders and the efficient exercise of governance responsibilities. The frc believes institutional investors should aspire to the good practice it sets out on engagement with investee companies in the code. Initial investor take up is encouraging – to date over 160 organisations have published a statement of commitment www.frc.org.uk/corporate/stewardshipstatements.cfm to the code as of april 2011.

In the light of this, the faculty has published the guidance Stewardship Supplement on assurance reporting intended to support the code by providing independent evaluation of how investment managers adhere to the code. It should also be useful to assist owners when they are deciding who to appoint. at a time when the ec is consulting on a green paper on corporate governance, it will also underscore confidence in the comply or explain approach.

The guidance is published as a supplement to Icaew’s existing guidance aaf 01/06, Assurance reports on internal controls of service organisations made available to third

do audit committees really engage with auditors on audit planning and performance?

following on from the award-winning 2001 book Behind Closed Doors: what company audit is really about written with richard brandt the authors Vivien beattie, stella fearnley and Tony hines have updated their research to include the major regulatory changes developed as a result of the enron crisis, and the introduction of international standards for accounting and auditing. There have already been a number of outputs from this project including a book based on nine company case

studies entitled Reaching Key Financial Reporting Decisions: How UK Directors and Auditors Interact published by wiley in march 2011.

at a P D leake lecture to be held on 21 June 2011 at 5:30pm at chartered accountants’ hall icaew.com/en/events/2011/june/tsd-pd-leake-lecture-110621, unpublished material from the study will be presented. This material will put the interactions between audit partners, audit committee chairs, audit committees and finance directors on audit planning and auditor performance under the spotlight.

The lecture, chaired by Icaew executive Director, robert hodgkinson promises to provide an interesting and thought-provoking evening. Graham roberts, finance director of british land plc will provide a practitioner viewpoint after which there will be an opportunity for debate and discussion.

Delegates will have time to network and discuss current issues with fellow professionals after the event over drinks and canapés. attendance is free of charge and funded by Icaew’s charitable trusts. Places are limited, please email tsdevents@icaew.com to register your interest.

what is the P D leake lecture?This annual lecture attracts an international audience, bringing together academics, industry leaders and commentators from the auditing and financial reporting community. regulators, investors, standard-setters and those from the business and professional practice worlds are able to share views on the development of the role of audit committees and their relationships with auditors.

learn more about Icaew Thought leadershipauditing and financial reporting thought leadership initiatives from Icaew include the Audit Quality Forum, Re: Assurance and Information for Better Markets programmes all looking at the key issues in the external audit industry, non-audit assurance and financial reporting. If you are interested in keeping in touch with these programmes, or contributing to them, email norma.pavitt@icaew.com.

historical financial information which has provided a basis for application across various markets. a revised version of Isae 3000 is currently out for consultation. aaf 01/06 with the Stewardship Supplement is available from ‘assurance engagements on business relationships’ under icaew.com/assurance.

Jo iwasaki Technical manager, audit and assurance faculty.

Zoe Jeakins events manager, Technical strategy Department.

auDIT & beyonD June 2011 07

Myles thompson is a Partner at KPmG and chair of the faculty’s Technical and Practical auditing committee.

use of internal audit

The use of the work of a company’s internal audit function by an external auditor has been around for many years. however, many issues are often raised by audit teams on what an external auditor is required to do to rely on this work.

These issues were debated by the faculty’s Practical auditing Discussion Group (PaDG) at its meeting in march 2011. The key areas covered were:

• what is internal audit?• what work do we need to do to rely on the work

of internal audit?• what is direct assistance and is it ok?

Isa (uK and Ireland) 610, Using the work of internal auditors currently governs this work. however, the Iaasb is in the process of revising this standard and many issues have been raised on the proposed new standard. Therefore, is the way we currently work with internal auditors going to change in the future?

what is internal audit?The traditional internal audit function (independent team reporting to the audit committee) is well understood. however, companies now have many other functions that could also be classed as ‘internal audit’ functions such as store stock counting teams used by many retailers and finance function personnel checking financial controls in an area that they are not involved in. PaDG discussed that the key is to ensure that external auditors carry out a rigorous assessment of the independence and objectivity of the ‘internal audit’ function and then use their judgement on what work they can rely upon.

what work do external auditors need to do?Paragraph 12 of Isa (uK and I) 610 sets out the areas that external auditors need to evaluate. however, the question is, should external auditors review internal audit’s working papers and/or should they re-perform some of its work?

The views expressed at PaDG were that, for external auditors to rely on the work of internal audit, they must review internal audit’s working papers so that they can meet the requirements of paragraph 12. In particular they need to assess whether ’conclusions reached are appropriate in the circumstances and any reports prepared by the internal auditors are consistent with the results of the work performed’.

on the point of re-performance there were differing views. some attendees were of the view that external auditors must re-perform some of the work as they need to manage the risk that there could be errors in the work performed. others were more relaxed. PaDG attendees were of the view that it would be useful to have further guidance (either in the proposed new standard or from the Icaew) on what work external auditors needed to do in this area. In addition, those that attended agreed that it would be useful for external auditors to better understand the professional standards that internal auditors use.

what is direct assistance and is it ok?There appears to be confusion on what direct assistance actually means. PaDG attendees were of the view that it is where external auditors use internal audit to perform audit work planned and supervised by external auditors. The current Iaasb standard does not cover direct assistance, though the uK version does include some specific safeguards that external auditors should follow. however,

many of the PaDG attendees were concerned about using internal audit in this way as the view was that internal audit cannot be independent. The new standard needs to provide clear guidance in this area.

The proposed Iaasb standardThe Iaasb issued an exposure draft of its proposed revised standard in July 2010. It received considerable feedback, especially from regulators who are concerned that the standard allows external auditors to use the work of internal audit extensively. They want it to be limited to low risk areas and to include clear requirements that detail the procedures that external auditors need to perform in order to rely on the work of internal audit.

conclusionPaDG’s view was that the revised Iaasb standard could change the way that external auditors use the work of internal audit. It is also important that there are safeguards in place to ensure that companies do not put pressure on external auditors to use internal audit. more guidance would be useful and the faculty will consider what is appropriate when the new standard has been issued.

technical Q&A

electronic bank transfersQ: i find that my clients increasingly pay their fees by electronic transfer direct into my practice account. one client recently included their tax payment (which was to be passed onto HMRC) in the electronic transfer without my knowledge. the money was in the practice account for two weeks before i realised what had happened and made the payment to HMRC. i understand this is a breach of the client money regulations. How do i address this issue?

A: with the increasing use of electronic transfers, it is important to monitor the practice account regularly in order to identify any such misplaced payments. you could build this into the internal controls you already have in place to administer the account.

nicky Swaisland scheme manager, ethics advisory services.

as the payment was received in error and corrective action taken as soon as it was identified no further action is necessary. however, it would, be wise to keep a note on your file to show what happened and the action you took to correct the situation. you might also want to ask clients to separate out payments to your firm and to others and to notify you when a payment is made. Quite apart from the client money issue, there is a risk of late payment penalties if hmrc are involved. one way to do this might be to include a suitable note in your engagement letter.

The above Q&a demonstrates a solution based on a simple set of circumstances, if your situation is different and/or you have concerns, please call the ethics helpline on +44 (0) 1908 248 250 to discuss further.

Glossary of professional bodies and termsAiu audit Inspection unitAPb auditing Practices boardASb accounting standards boardbAS board for actuarial standardsCCAb consultative committee of accountancy bodieseC european commissioneQCR engagement Quality control review eS ethical standardeS-PASe ethical standards for auditors – including Provisions available for small entitieseu european unionFRC financial reporting councilFRSSe financial reporting standard for smaller entitiesFSA financial services authority

iASb International accounting standards boardiAASb International auditing and assurance standards boardieSbA International ethics standards board for accountantsiFAC International federation of accountantsiFRS International financial reporting standardiSA International standard on auditingiSA (uK and i) Isa (uK and Ireland)iSAe International standard on assurance engagementPCAob Public company accounting oversight boardPiob Public Interest oversight boardPob Professional oversight boardQAd Quality assurance DepartmentRi responsible IndividualSMe small and medium-sized entitiesSMP small and medium-sized Practices

bulletin board

Audit & Beyond is designed by mercer Design, london on behalf of the audit and assurance faculty.

If you have enjoyed reading Audit & Beyond, please pass this copy on to one of your colleagues or associates who may be interested in joining the audit and assurance faculty. all enquiries should be directed to the faculty address on the left.

Audit and Assurance Faculty

chartered accountants’ hall moorgate Place london ec2r 6ea uK

t +44 (0) 20 7920 8493F +44 (0) 20 7920 8754e tdaf@icaew.comDX 877 london/cityicaew.com/aaf

Audit & Beyond editorial information

comments should be addressed to: audit and assurance faculty Icaew chartered accountants’ hall moorgate Place london ec2r 6ea uK

t +44 (0)20 7920 8516e sumita.shah@icaew.comicaew.com/aaf

© Icaew 2011.

all rights reserved. no part of this publication may be reproduced or copied in any form or by any means (including graphic, electronic or mechanical, photocopying, recording, taping or information retrieval systems) without written permission of the copyright holder.

This publication is intended to provide a summary of, and opinion on, developments relating to auditing and financial reporting. This information should not form the basis of any decision; nor should it be relied upon as a legal or professional guidance regarded as a substitute for specific advice.

no responsibility for any person acting as a result of any material in this publication can be accepted by Icaew, the audit and assurance faculty, the publishers or authors.

Issn 7748-5789

June 2011 TecPlm9947

audit news – may 2011, issue 49The latest edition of Audit News is now available at icaew.com/auditnews. It includes articles on:

• QaD’s audit monitoring activities in 2010. • a new process for filing the accounts of Irish companies.• some reminders from the audit registration

committee.

an email about this has been sent to each audit compliance principal and each rI for whom Icaew has an email address.

audit and assurance facultytopical issues for today’s SMe Practitionermay to June 2011regional roadshow covering hot topics.icaew.com/topicalissuesroadshow

documenting with ConfidenceThursday 16 June 2011 The lecture will address the issue of how to carry out an sme audit in the most effective and efficient way.icaew.com/documentingwithconfidence

finance and management facultyWomen in Finance network – negotiating – a practical and personal approachThursday 16 June 2011reinvigorate your approach to negotiations.icaew.com/wifjuneevent

Performance measurement – the route to successwednesday 13 July 2011Practical tips on effective performance management. icaew.com/fmfjulyevent

financial reporting facultyFinancial Reporting Faculty Roadshow 2011from 28 september–28 november 2011icaew.com/frfroadshow2011

IT faculty business Analytics and Reporting Course15–17 June 2011icaew.com/bar

demystifying iSo/ie C 270018 and 22 June 2011icaew.com/itfac

Minimising Spreadsheet errorswednesday 29 June 2011icaew.com/itfac

excel 2007 & 2010wednesday 29 June 2011icaew.com/itfac